OpenVPN Having Trouble with VPN Gateway (Revised)



  • I am trying to set up an OpenVPN Client that is used only by a selected VLANs.  Eventually I would like to have two gateways to two different geographic areas.

    As can be seen from the screenshot below, the client is up and has both a private and public IP

    but the gateway pinger is picking up the wrong address. Both 10.68.10.1 and 10.68.10.6 respond to a ping, but NOT 10.68.10.5 as the gateway pinger has picked up.

    Here are the client settings.

    I can only access the gateway when Don’t Pull Routes / Don’t Add remove routes are unchecked. When I do this the VLANs that are supposed to access the VPN have connectivity, and all other VLANs loose connectivity.  When I check the boxes, the VPN is not accessable and the VLANs that should be using the VPN go out the WAN.

    As can be seen below the Gateway/Monitor IP are incorrectly identified.

    Traceroute shows that x.x.x.1 is the default gateway. 

    The assigned IP address also seems to work as well.

    Just in case it helps, the VPN service is Private Internet Access.  I’ve done a lot of searching to get this far, but my setup is way more complicated than any of the examples shown.  Most are everything out the VPN.

    Any idea how I can get this working?

    Thanks in advance for any input/comments/suggestions.










  • You have to select the VPN gateway in the firewall rule which allow the upstream traffic from the VLAN you want to go out the VPN, have you done this?

    If you want the VPN gateway to be shown as Online change the monitoring IP to 10.68.10.1 in the gateway settings.



  • @viragomann:

    You have to select the VPN gateway in the firewall rule which allow the upstream traffic from the VLAN you want to go out the VPN, have you done this?

    I put in a NAT rule forwarding the VLAN that I want to go out the VPN to the VPN interface.  Is that what you mean?  When it “pulled routes” the VPN took over everthing (which is not what was desired), and since there were not NAT rules to send these other interfaces out the VPN, traffic died (which is reasonable, since this traffic is only supposed to go out the WAN).

    @viragomann:

    If you want the VPN gateway to be shown as Online change the monitoring IP to 10.68.10.1 in the gateway settings.

    I can’t do that because the IP address 10.68.10.6 in this example is very dynamic.  It changes every time I reconnect and maybe even more frequently than that. If it pinged 10.68.10.6, that would be good as well.  Is there some sort of “alias” that can be inserted?  Any other ideas?



  • @guardian:

    I put in a NAT rule forwarding the VLAN that I want to go out the VPN to the VPN interface.

    Which NAT rule??
    As mentioned, you have to set the gateway in the filter rule which allows the upstream traffic on the appropriate interface. That’s called policy routing: https://doc.pfsense.org/index.php/What_is_policy_routing

    If your client pulls routes it sets the default route to the VPN gateway. Since that isn’t that what you want, you have to set the route manually per rule.

    @guardian:

    I can’t do that because the IP address 10.68.10.6 in this example is very dynamic.

    What is dynamic? The server? The tunnel subnet?
    I presume that the tunnel subnet is the same on each connection. If so also the server IP will be the same.



  • @viragomann:

    As mentioned, you have to set the gateway in the filter rule which allows the upstream traffic on the appropriate interface. That’s called policy routing: https://doc.pfsense.org/index.php/What_is_policy_routing

    If your client pulls routes it sets the default route to the VPN gateway. Since that isn’t that what you want, you have to set the route manually per rule.

    That helps… I’ll do a bit more reading

    @viragomann:

    What is dynamic? The server? The tunnel subnet?
    I presume that the tunnel subnet is the same on each connection. If so also the server IP will be the same.

    You presume incorrectly… The IP address assigned to the client (including the subnet that address is in) changes every time a new connection is made.

    I restarted OpenVPN 6 times and got the following virtual addresses: 10.5.10.6, 10.70.10.6, 10.28.10.10, 10.88.10.6, 10.37.10.6, 10.35.10.10 so there is no way that I can hard code a numeric value for the monitor IP.  For some reason the status screen shows one less than the IP address and not the gateway.

    Have I discovered a bug, or do I have a setting configured incorrectly?  The Virtual Address is 10.69.10.6, but for some reason the status screen is showning 10.69.10.5, and the gateway is 10.69.10.1 as can be seen from this traceroute:

    TraceRoute from Interface to 8.8.8.8
    1  10.69.10.1  25.608 ms  23.898 ms  25.944 ms
    2  172.98.67.1  24.059 ms  25.808 ms  28.480 ms
    3  206.108.34.6  39.419 ms  38.000 ms  39.693 ms
    4  108.170.250.241  42.550 ms  39.964 ms
        108.170.250.225  38.235 ms
    5  108.170.227.35  39.500 ms
        108.170.236.11  41.499 ms
        108.170.227.31  39.017 ms
    6  8.8.8.8  37.436 ms  43.433 ms  46.766 ms

    A ping of the Virtual IP works:
    PING 10.69.10.6 (10.69.10.6): 56 data bytes
    64 bytes from 10.69.10.6: icmp_seq=0 ttl=64 time=0.178 ms
    64 bytes from 10.69.10.6: icmp_seq=1 ttl=64 time=0.062 ms
    64 bytes from 10.69.10.6: icmp_seq=2 ttl=64 time=0.053 ms

    –- 10.69.10.6 ping statistics —
    3 packets transmitted, 3 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 0.053/0.098/0.178/0.057 ms

    but not to the address used by the system

    PING 10.69.10.5 (10.69.10.5): 56 data bytes

    –- 10.69.10.5 ping statistics —
    3 packets transmitted, 0 packets received, 100.0% packet loss

    I’ve included a detailed debug log of the initialization sequence right from the time I activated OpenVPN to the receipt of the Initialization Sequence Completed message in hope that it gives one of the gurus here some useful insight.

    Oct 18 15:49:54 	openvpn 	38153 	Initialization Sequence Completed
    Oct 18 15:49:54 	openvpn 	38153 	/usr/local/sbin/ovpn-linkup ovpnc1 1500 1570 10.69.10.6 10.69.10.5 init
    Oct 18 15:49:54 	openvpn 	38153 	/sbin/ifconfig ovpnc1 10.69.10.6 10.69.10.5 mtu 1500 netmask 255.255.255.255 up
    Oct 18 15:49:54 	openvpn 	38153 	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Oct 18 15:49:54 	openvpn 	38153 	TUN/TAP device /dev/tun1 opened
    Oct 18 15:49:54 	openvpn 	38153 	TUN/TAP device ovpnc1 exists previously, keep at program end
    Oct 18 15:49:54 	openvpn 	38153 	OPTIONS IMPORT: --ifconfig/up options modified
    Oct 18 15:49:54 	openvpn 	38153 	OPTIONS IMPORT: LZO parms modified
    Oct 18 15:49:54 	openvpn 	38153 	OPTIONS IMPORT: timers and/or timeouts modified
    Oct 18 15:49:54 	openvpn 	38153 	Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
    Oct 18 15:49:54 	openvpn 	38153 	Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
    Oct 18 15:49:54 	openvpn 	38153 	Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
    Oct 18 15:49:54 	openvpn 	38153 	Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
    Oct 18 15:49:54 	openvpn 	38153 	PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,comp-lzo no,route 10.69.10.1,topology net30,ifconfig 10.69.10.6 10.69.10.5,auth-token cWH8XGbkmA2cWXnJyKr8NSALW56rxCiyjYXcyOLZ5ok='
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_process: timeout set to 57
    Oct 18 15:49:54 	openvpn 	38153 	ACK reliable_send_timeout 604800 [5]
    Oct 18 15:49:54 	openvpn 	38153 	Dedicated ACK -> TCP/UDP
    Oct 18 15:49:54 	openvpn 	38153 	ACK write ID 7 (ack->len=1, n=1)
    Oct 18 15:49:54 	openvpn 	38153 	ACK reliable_can_send active=0 current=0 : [5]
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_process: chg=1 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:54 	openvpn 	38153 	TLS -> Incoming Plaintext
    Oct 18 15:49:54 	openvpn 	38153 	BIO read tls_read_plaintext 234 bytes
    Oct 18 15:49:54 	openvpn 	38153 	Incoming Ciphertext -> TLS
    Oct 18 15:49:54 	openvpn 	38153 	BIO write tls_write_ciphertext 263 bytes
    Oct 18 15:49:54 	openvpn 	38153 	ACK reliable_can_send active=0 current=0 : [5]
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:54 	openvpn 	38153 	ACK acknowledge ID 7 (ack->len=1)
    Oct 18 15:49:54 	openvpn 	38153 	ACK mark active incoming ID 7
    Oct 18 15:49:54 	openvpn 	38153 	ACK RWBS rel->size=8 rel->packet_id=00000007 id=00000007 ret=1
    Oct 18 15:49:54 	openvpn 	38153 	ACK read ID 7 (buf->len=263)
    Oct 18 15:49:54 	openvpn 	38153 	TLS: received control channel packet s#=0 sid=7d4069b3 5a57047b
    Oct 18 15:49:54 	openvpn 	38153 	TLS: found match, session[0], sid=7d4069b3 5a57047b
    Oct 18 15:49:54 	openvpn 	38153 	TLS: initial packet test, i=0 state=S_ACTIVE, mysid=c8eeca5d ed9e29ea, rec-sid=7d4069b3 5a57047b, rec-ip=[AF_INET]172.98.67.60:1197, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:54 	openvpn 	38153 	TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:54 	openvpn 	38153 	UDPv4 READ [277] from [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=7d4069b3 5a57047b [ ] pid=7 DATA 17030301 024159f6 35ebe945 3ba9a856 aa2f7683 bc36e47f 3efdda06 a6378d5[more...]
    Oct 18 15:49:54 	openvpn 	38153 	UDPv4 read returned 277
    Oct 18 15:49:54 	openvpn 	38153 	I/O WAIT status=0x0001
    Oct 18 15:49:54 	openvpn 	38153 	event_wait returned 1
    Oct 18 15:49:54 	openvpn 	38153 	PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x00694de0
    Oct 18 15:49:54 	openvpn 	38153 	I/O WAIT T?|T?|SR|Sw [5/250338]
    Oct 18 15:49:54 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38
    Oct 18 15:49:54 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=6 arg=0x00694de0
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_process: timeout set to 57
    Oct 18 15:49:54 	openvpn 	38153 	ACK reliable_send_timeout 604800 [5]
    Oct 18 15:49:54 	openvpn 	38153 	ACK reliable_can_send active=0 current=0 : [5]
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:54 	openvpn 	38153 	ACK received for pid 4, deleting from send buffer
    Oct 18 15:49:54 	openvpn 	38153 	TLS: received control channel packet s#=0 sid=7d4069b3 5a57047b
    Oct 18 15:49:54 	openvpn 	38153 	TLS: found match, session[0], sid=7d4069b3 5a57047b
    Oct 18 15:49:54 	openvpn 	38153 	TLS: initial packet test, i=0 state=S_ACTIVE, mysid=c8eeca5d ed9e29ea, rec-sid=7d4069b3 5a57047b, rec-ip=[AF_INET]172.98.67.60:1197, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:54 	openvpn 	38153 	TLS: control channel, op=P_ACK_V1, IP=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:54 	openvpn 	38153 	UDPv4 READ [22] from [AF_INET]172.98.67.60:1197: P_ACK_V1 kid=0 sid=7d4069b3 5a57047b [ 4 sid=c8eeca5d ed9e29ea ]
    Oct 18 15:49:54 	openvpn 	38153 	UDPv4 read returned 22
    Oct 18 15:49:54 	openvpn 	38153 	I/O WAIT status=0x0001
    Oct 18 15:49:54 	openvpn 	38153 	event_wait returned 1
    Oct 18 15:49:54 	openvpn 	38153 	PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x00694de0
    Oct 18 15:49:54 	openvpn 	38153 	I/O WAIT T?|T?|SR|Sw [2/250338]
    Oct 18 15:49:54 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38
    Oct 18 15:49:54 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=6 arg=0x00694de0
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_process: timeout set to 2
    Oct 18 15:49:54 	openvpn 	38153 	ACK reliable_send_timeout 2 [5] 4
    Oct 18 15:49:54 	openvpn 	38153 	ACK reliable_can_send active=1 current=0 : [5] 4
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:54 	openvpn 	38153 	TIMER: coarse timer wakeup 5 seconds
    Oct 18 15:49:54 	openvpn 	38153 	UDPv4 write returned 56
    Oct 18 15:49:54 	openvpn 	38153 	UDPv4 WRITE [56] to [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=c8eeca5d ed9e29ea [ ] pid=4 DATA 17030300 258b0a3f a48f769f b7a4ab31 c05ae693 855f388f b1433f83 41d7ac8[more...]
    Oct 18 15:49:54 	openvpn 	38153 	I/O WAIT status=0x0002
    Oct 18 15:49:54 	openvpn 	38153 	event_wait returned 1
    Oct 18 15:49:54 	openvpn 	38153 	PO_WAIT[0,0] fd=6 rev=0x00000004 rwflags=0x0002 arg=0x00694de0
    Oct 18 15:49:54 	openvpn 	38153 	I/O WAIT T?|T?|SR|SW [0/0]
    Oct 18 15:49:54 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38
    Oct 18 15:49:54 	openvpn 	38153 	PO_CTL rwflags=0x0003 ev=6 arg=0x00694de0
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_process: timeout set to 2
    Oct 18 15:49:54 	openvpn 	38153 	ACK reliable_send_timeout 2 [5] 4
    Oct 18 15:49:54 	openvpn 	38153 	Reliable -> TCP/UDP
    Oct 18 15:49:54 	openvpn 	38153 	ACK reliable_send ID 4 (size=46 to=2)
    Oct 18 15:49:54 	openvpn 	38153 	ACK reliable_can_send active=1 current=1 : [5] 4
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_process: chg=1 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:54 	openvpn 	38153 	Outgoing Ciphertext -> Reliable
    Oct 18 15:49:54 	openvpn 	38153 	ACK mark active outgoing ID 4
    Oct 18 15:49:54 	openvpn 	38153 	BIO read tls_read_ciphertext 42 bytes
    Oct 18 15:49:54 	openvpn 	38153 	ACK reliable_can_send active=0 current=0 : [4]
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:54 	openvpn 	38153 	TIMER: coarse timer wakeup 0 seconds
    Oct 18 15:49:54 	openvpn 	38153 	SENT CONTROL [283a3b2f28a7261f7a8a7779f08355e6]: 'PUSH_REQUEST' (status=1)
    Oct 18 15:49:54 	openvpn 	38153 	BIO write tls_write_plaintext_const 13 bytes
    Oct 18 15:49:54 	openvpn 	38153 	I/O WAIT status=0x0020
    Oct 18 15:49:54 	openvpn 	38153 	event_wait returned 0
    Oct 18 15:49:52 	openvpn 	38153 	I/O WAIT T?|T?|SR|Sw [1/250338]
    Oct 18 15:49:52 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38
    Oct 18 15:49:52 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=6 arg=0x00694de0
    Oct 18 15:49:52 	openvpn 	38153 	TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:52 	openvpn 	38153 	TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:52 	openvpn 	38153 	TLS: tls_process: timeout set to 59
    Oct 18 15:49:52 	openvpn 	38153 	ACK reliable_send_timeout 604800 [4]
    Oct 18 15:49:52 	openvpn 	38153 	ACK reliable_can_send active=0 current=0 : [4]
    Oct 18 15:49:52 	openvpn 	38153 	TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:52 	openvpn 	38153 	TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:52 	openvpn 	38153 	TIMER: coarse timer wakeup 1 seconds
    Oct 18 15:49:52 	openvpn 	38153 	I/O WAIT status=0x0020
    Oct 18 15:49:52 	openvpn 	38153 	event_wait returned 0
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT T?|T?|SR|Sw [1/250338]
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=6 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: timeout set to 60
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_send_timeout 604800 [4]
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_can_send active=0 current=0 : [4]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: chg=1 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_can_send active=0 current=0 : [4]
    Oct 18 15:49:51 	openvpn 	38153 	[283a3b2f28a7261f7a8a7779f08355e6] Peer Connection Initiated with [AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
    Oct 18 15:49:51 	openvpn 	38153 	STATE S_ACTIVE
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: chg=0 ks=S_GOT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=0 state=S_GOT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 write returned 22
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 WRITE [22] to [AF_INET]172.98.67.60:1197: P_ACK_V1 kid=0 sid=c8eeca5d ed9e29ea [ 6 sid=7d4069b3 5a57047b ]
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT status=0x0002
    Oct 18 15:49:51 	openvpn 	38153 	event_wait returned 1
    Oct 18 15:49:51 	openvpn 	38153 	PO_WAIT[0,0] fd=6 rev=0x00000004 rwflags=0x0002 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT T?|T?|SR|SW [1/250338]
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0003 ev=6 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: timeout set to 60
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_send_timeout 604800 [4]
    Oct 18 15:49:51 	openvpn 	38153 	Dedicated ACK -> TCP/UDP
    Oct 18 15:49:51 	openvpn 	38153 	ACK write ID 6 (ack->len=1, n=1)
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_can_send active=0 current=0 : [4]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: chg=1 ks=S_GOT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:51 	openvpn 	38153 	STATE S_GOT_KEY
    Oct 18 15:49:51 	openvpn 	38153 	Data Channel Decrypt: HMAC size=32 block_size=32
    Oct 18 15:49:51 	openvpn 	38153 	Data Channel Decrypt: HMAC KEY: 339efa5c a8af76c5 34268e69 d9002d1a 28a8cf6e 123258eb f50c2058 a1796c62
    Oct 18 15:49:51 	openvpn 	38153 	Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Oct 18 15:49:51 	openvpn 	38153 	Data Channel Decrypt: CIPHER block_size=16 iv_size=16
    Oct 18 15:49:51 	openvpn 	38153 	Data Channel Decrypt: CIPHER KEY: 2af85feb 40b53e9e 3dc57b46 53b14aa3 a5270dc6 cbc1dda0 23e11116 6c2bc043
    Oct 18 15:49:51 	openvpn 	38153 	Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Oct 18 15:49:51 	openvpn 	38153 	Data Channel Encrypt: HMAC size=32 block_size=32
    Oct 18 15:49:51 	openvpn 	38153 	Data Channel Encrypt: HMAC KEY: 9b14f435 3bf4d1f8 7d97596b 959a0905 6667b78b cfd76136 808544bd 05a8d37b
    Oct 18 15:49:51 	openvpn 	38153 	Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Oct 18 15:49:51 	openvpn 	38153 	Data Channel Encrypt: CIPHER block_size=16 iv_size=16
    Oct 18 15:49:51 	openvpn 	38153 	Data Channel Encrypt: CIPHER KEY: c55505d6 63a085b5 a5440b35 b7383de8 663617f3 020b4e0e b6d94f9e 145954c2
    Oct 18 15:49:51 	openvpn 	38153 	Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Oct 18 15:49:51 	openvpn 	38153 	CRYPTO INFO: n_DES_cblocks=0
    Oct 18 15:49:51 	openvpn 	38153 	CRYPTO INFO: n_DES_cblocks=0
    Oct 18 15:49:51 	openvpn 	38153 	CRYPTO INFO: n_DES_cblocks=0
    Oct 18 15:49:51 	openvpn 	38153 	CRYPTO INFO: n_DES_cblocks=0
    Oct 18 15:49:51 	openvpn 	38153 	Master Decrypt (hmac): 339efa5c a8af76c5 34268e69 d9002d1a 28a8cf6e 123258eb f50c2058 a1796c62
    Oct 18 15:49:51 	openvpn 	38153 	Master Decrypt (cipher): 2af85feb 40b53e9e 3dc57b46 53b14aa3 a5270dc6 cbc1dda0 23e11116 6c2bc043
    Oct 18 15:49:51 	openvpn 	38153 	Master Encrypt (hmac): 9b14f435 3bf4d1f8 7d97596b 959a0905 6667b78b cfd76136 808544bd 05a8d37b
    Oct 18 15:49:51 	openvpn 	38153 	Master Encrypt (cipher): c55505d6 63a085b5 a5440b35 b7383de8 663617f3 020b4e0e b6d94f9e 145954c2
    Oct 18 15:49:51 	openvpn 	38153 	tls1_PRF out[256]: c55505d6 63a085b5 a5440b35 b7383de8 663617f3 020b4e0e b6d94f9e 145954c2 8bd678ea 562e4a31 2e5df375 ff4cb65e 99b17d48 83fe2edf d5104b57 c96235f8 9b14f435 3bf4d1f8 7d97596b 959a0905 6667b78b cfd76136 808544bd 05a8d37b 86ee372a 192a0077 5ccbf2a1 ac0dd52f 39236c3e 6e2611b7 c09ce403 88bf52cb 2af85feb 40b53e9e 3dc57b46 53b14aa3 a5270dc6 cbc1dda0 23e11116 6c2bc043 5139db64 0d58c92b c732c4e5 de2528dc bea70688 d425af0a e92a96ff 8ddeb3d9 339efa5c a8af76c5 34268e69 d9002d1a 28a8cf6e 123258eb f50c2058 a1796c62 e7ce660c 90dec80e 16192cfa 98e55545 b0279c27 9e8ac78c ae5767f9 4ea73d08
    Oct 18 15:49:51 	openvpn 	38153 	tls1_P_hash out: b2a716b0 56d0f2cd a316c415 73396a5e b11e58a0 b6c596e1 f8e0f425 3ed61e72 eb99544b 794aa471 af662862 a9c9bcb8 a99793d2 841ddb86 853f9a50 a58ccb05 b9221ee8 c1a1ab48 d3460710 4b7923e1 4e00fd07 891c61b8 cb776839 9ff1f8cc b37d9415 789312bc 924e7bed cfabfb79 23fdfbbb 1622e5c8 5bd98538 f7053751 6ae7cab4 748e86ed dcf52ba3 1b94a686 b07120fc 44b8be02 04ce55d4 b58c824d ce9e2bf0 56687ca9 34219646 11d36137 b1c8cdd0 432f5738 726ae7d0 43597529 491ad25d 359da111 5558a8a1 713487c3 fb6c5d71 1ed02538 258fc4c3 9bdf4bd5 4b5dfa18 b6ad7a07 43255c6e 65377589 8979c3d6 c29dc4a2 ebc6b934 35efdd81
    Oct 18 15:49:51 	openvpn 	38153 	tls1_P_hash seed: 4f70656e 56504e20 6b657920 65787061 6e73696f 6ed46e11 2025705c 0ffbdf64 29a6d714 31192043 b8b6c35e 12b1139e 6023319d f215a74a 12cdd246 e11fab89 040c9ae5 5152152a 66a919f0 7c331233 1eb82328 2ac8eeca 5ded9e29 ea7d4069 b35a5704 7b
    Oct 18 15:49:51 	openvpn 	38153 	tls1_P_hash sec: 8f7aa7fe dcb1f89b cf63fad8 12184d0c 8f467c56 a1849538
    Oct 18 15:49:51 	openvpn 	38153 	tls1_P_hash out: 77f21366 35707778 0652cf20 c40157b6 d7284f53 b4ced8ef 4e39bbbb 2a8f4ab0 604f2ca1 2f64ee40 813bdb17 56850ae6 3026ee9a 07e3f559 502fd107 6ceefefd 2236eadd fa557ab0 aed15e7b dee32ae4 28674a8c 46cb008e 4bf22c84 9a592bb7 3593a33f 61b912cb ce85894c 63a62e56 1ade9785 7804f47f 9b45613b 7fba659a 401f955f 343bb873 e13050e5 4825ec25 15562d3a 8f7963a2 272f44c2 d9a7420e 9fa7f094 5b30b582 f31352a3 cff649eb 0f6fcb58 970af832 9b40712f ce87c6f0 7a842801 9d32d7d4 617e26c8 a834aad9 d3c4921f 0ce27dd3 d083e49b 3aa627b7 ac939c14 2673b209 553c7094 fdd220cc 395e5ff1 5c17032e 4591decd 7b48e089
    Oct 18 15:49:51 	openvpn 	38153 	tls1_P_hash seed: 4f70656e 56504e20 6b657920 65787061 6e73696f 6ed46e11 2025705c 0ffbdf64 29a6d714 31192043 b8b6c35e 12b1139e 6023319d f215a74a 12cdd246 e11fab89 040c9ae5 5152152a 66a919f0 7c331233 1eb82328 2ac8eeca 5ded9e29 ea7d4069 b35a5704 7b
    Oct 18 15:49:51 	openvpn 	38153 	tls1_P_hash sec: 4cfbbd53 c232a031 3d91b9a1 7e64d68c 909d2682 8d5a2cd6
    Oct 18 15:49:51 	openvpn 	38153 	tls1_PRF out[48]: 4cfbbd53 c232a031 3d91b9a1 7e64d68c 909d2682 8d5a2cd6 8f7aa7fe dcb1f89b cf63fad8 12184d0c 8f467c56 a1849538
    Oct 18 15:49:51 	openvpn 	38153 	tls1_P_hash out: 2baff967 e40455bb a9c05673 6ae8f924 b25ae69d f255e00d 07f25a76 b926474b ec5ca79f 234870a9 23d0ded2 ceaba547
    Oct 18 15:49:51 	openvpn 	38153 	tls1_P_hash seed: 4f70656e 56504e20 6d617374 65722073 65637265 74c8c66a fcc5148a ab322440 93bda70c 2b49261f ac1b56d9 f6294026 0cee415a 00c71fe8 1ead6a34 73e6033f dabd10b5 fd0e170f 2d2af846 0c4d2327 354ecf8e 9d
    Oct 18 15:49:51 	openvpn 	38153 	tls1_P_hash sec: f461e6a0 19ec6cc2 41fa3c53 df469843 78c87aa9 b5d9fda0
    Oct 18 15:49:51 	openvpn 	38153 	tls1_P_hash out: 67544434 2636f58a 9451efd2 148c2fa8 22c7c01f 7f0fccdb 8888fd88 6597bfd0 233f5d47 31503da5 ac96a284 6f2f307f
    Oct 18 15:49:51 	openvpn 	38153 	tls1_P_hash seed: 4f70656e 56504e20 6d617374 65722073 65637265 74c8c66a fcc5148a ab322440 93bda70c 2b49261f ac1b56d9 f6294026 0cee415a 00c71fe8 1ead6a34 73e6033f dabd10b5 fd0e170f 2d2af846 0c4d2327 354ecf8e 9d
    Oct 18 15:49:51 	openvpn 	38153 	tls1_P_hash sec: 7a758abd b2685c21 b64f949f 9ddfdc75 05619d79 4b17aa31
    Oct 18 15:49:51 	openvpn 	38153 	Server random2: 15a74a12 cdd246e1 1fab8904 0c9ae551 52152a66 a919f07c 3312331e b823282a
    Oct 18 15:49:51 	openvpn 	38153 	Server random1: c71fe81e ad6a3473 e6033fda bd10b5fd 0e170f2d 2af8460c 4d232735 4ecf8e9d
    Oct 18 15:49:51 	openvpn 	38153 	Server pre_master: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
    Oct 18 15:49:51 	openvpn 	38153 	Client random2: d46e1120 25705c0f fbdf6429 a6d71431 192043b8 b6c35e12 b1139e60 23319df2
    Oct 18 15:49:51 	openvpn 	38153 	Client random1: c8c66afc c5148aab 32244093 bda70c2b 49261fac 1b56d9f6 2940260c ee415a00
    Oct 18 15:49:51 	openvpn 	38153 	Client pre_master: 7a758abd b2685c21 b64f949f 9ddfdc75 05619d79 4b17aa31 f461e6a0 19ec6cc2 41fa3c53 df469843 78c87aa9 b5d9fda0
    Oct 18 15:49:51 	openvpn 	38153 	WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
    Oct 18 15:49:51 	openvpn 	38153 	WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1'
    Oct 18 15:49:51 	openvpn 	38153 	WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'
    Oct 18 15:49:51 	openvpn 	38153 	WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1542'
    Oct 18 15:49:51 	openvpn 	38153 	TLS -> Incoming Plaintext
    Oct 18 15:49:51 	openvpn 	38153 	BIO read tls_read_plaintext 201 bytes
    Oct 18 15:49:51 	openvpn 	38153 	Incoming Ciphertext -> TLS
    Oct 18 15:49:51 	openvpn 	38153 	BIO write tls_write_ciphertext 230 bytes
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_can_send active=0 current=0 : [4]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	ACK acknowledge ID 6 (ack->len=1)
    Oct 18 15:49:51 	openvpn 	38153 	ACK mark active incoming ID 6
    Oct 18 15:49:51 	openvpn 	38153 	ACK RWBS rel->size=8 rel->packet_id=00000006 id=00000006 ret=1
    Oct 18 15:49:51 	openvpn 	38153 	ACK read ID 6 (buf->len=230)
    Oct 18 15:49:51 	openvpn 	38153 	ACK received for pid 3, deleting from send buffer
    Oct 18 15:49:51 	openvpn 	38153 	TLS: received control channel packet s#=0 sid=7d4069b3 5a57047b
    Oct 18 15:49:51 	openvpn 	38153 	TLS: found match, session[0], sid=7d4069b3 5a57047b
    Oct 18 15:49:51 	openvpn 	38153 	TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, rec-sid=7d4069b3 5a57047b, rec-ip=[AF_INET]172.98.67.60:1197, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 READ [256] from [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=7d4069b3 5a57047b [ 3 sid=c8eeca5d ed9e29ea ] pid=6 DATA 17030300 e14159f6 35ebe945 3a1b3a79 a0a42ae2 01f3e29b e9aac1b5 f305aee[more...]
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 read returned 256
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT status=0x0001
    Oct 18 15:49:51 	openvpn 	38153 	event_wait returned 1
    Oct 18 15:49:51 	openvpn 	38153 	PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT T?|T?|SR|Sw [1/250338]
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=6 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: timeout set to 2
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_send_timeout 2 [4] 3
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_can_send active=1 current=0 : [4] 3
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 write returned 373
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 WRITE [373] to [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=c8eeca5d ed9e29ea [ 5 sid=7d4069b3 5a57047b ] pid=3 DATA 17030301 568b0a3f a48f769f b6e1d86f e8f48496 1299677a 2d53e178 fdb89fc[more...]
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT status=0x0002
    Oct 18 15:49:51 	openvpn 	38153 	event_wait returned 1
    Oct 18 15:49:51 	openvpn 	38153 	PO_WAIT[0,0] fd=6 rev=0x00000004 rwflags=0x0002 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT T?|T?|SR|SW [1/250338]
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0003 ev=6 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: timeout set to 2
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_send_timeout 2 [4] 3
    Oct 18 15:49:51 	openvpn 	38153 	Reliable -> TCP/UDP
    Oct 18 15:49:51 	openvpn 	38153 	ACK write ID 5 (ack->len=1, n=1)
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_send ID 3 (size=351 to=2)
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_can_send active=1 current=1 : [4] 3
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:51 	openvpn 	38153 	Outgoing Ciphertext -> Reliable
    Oct 18 15:49:51 	openvpn 	38153 	ACK mark active outgoing ID 3
    Oct 18 15:49:51 	openvpn 	38153 	BIO read tls_read_ciphertext 347 bytes
    Oct 18 15:49:51 	openvpn 	38153 	Outgoing Plaintext -> TLS
    Oct 18 15:49:51 	openvpn 	38153 	BIO write tls_write_plaintext 318 bytes
    Oct 18 15:49:51 	openvpn 	38153 	SSL state (connect): SSLv3 read finished A
    Oct 18 15:49:51 	openvpn 	38153 	Incoming Ciphertext -> TLS
    Oct 18 15:49:51 	openvpn 	38153 	BIO write tls_write_ciphertext 51 bytes
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_can_send active=0 current=0 : [3]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	ACK acknowledge ID 5 (ack->len=1)
    Oct 18 15:49:51 	openvpn 	38153 	ACK mark active incoming ID 5
    Oct 18 15:49:51 	openvpn 	38153 	ACK RWBS rel->size=8 rel->packet_id=00000005 id=00000005 ret=1
    Oct 18 15:49:51 	openvpn 	38153 	ACK read ID 5 (buf->len=51)
    Oct 18 15:49:51 	openvpn 	38153 	ACK received for pid 2, deleting from send buffer
    Oct 18 15:49:51 	openvpn 	38153 	TLS: received control channel packet s#=0 sid=7d4069b3 5a57047b
    Oct 18 15:49:51 	openvpn 	38153 	TLS: found match, session[0], sid=7d4069b3 5a57047b
    Oct 18 15:49:51 	openvpn 	38153 	TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, rec-sid=7d4069b3 5a57047b, rec-ip=[AF_INET]172.98.67.60:1197, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 READ [77] from [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=7d4069b3 5a57047b [ 2 sid=c8eeca5d ed9e29ea ] pid=5 DATA 14030300 01011603 03002841 59f635eb e945394c 9e0c788d 6791a9fe 50c6704[more...]
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 read returned 77
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT status=0x0001
    Oct 18 15:49:51 	openvpn 	38153 	event_wait returned 1
    Oct 18 15:49:51 	openvpn 	38153 	PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT T?|T?|SR|Sw [1/250338]
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=6 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: timeout set to 2
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_send_timeout 2 [3] 2
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_can_send active=1 current=0 : [3] 2
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 write returned 600
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 WRITE [600] to [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=c8eeca5d ed9e29ea [ 4 sid=7d4069b3 5a57047b ] pid=2 DATA 16030302 06100002 02020085 b8a3d197 b3637e85 8f8d7cde 8a4bf8eb 07e03bb[more...]
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT status=0x0002
    Oct 18 15:49:51 	openvpn 	38153 	event_wait returned 1
    Oct 18 15:49:51 	openvpn 	38153 	PO_WAIT[0,0] fd=6 rev=0x00000004 rwflags=0x0002 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT T?|T?|SR|SW [1/250338]
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0003 ev=6 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: timeout set to 2
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_send_timeout 2 [3] 2
    Oct 18 15:49:51 	openvpn 	38153 	Reliable -> TCP/UDP
    Oct 18 15:49:51 	openvpn 	38153 	ACK write ID 4 (ack->len=1, n=1)
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_send ID 2 (size=578 to=2)
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_can_send active=1 current=1 : [3] 2
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:51 	openvpn 	38153 	Outgoing Ciphertext -> Reliable
    Oct 18 15:49:51 	openvpn 	38153 	ACK mark active outgoing ID 2
    Oct 18 15:49:51 	openvpn 	38153 	BIO read tls_read_ciphertext 574 bytes
    Oct 18 15:49:51 	openvpn 	38153 	SSL state (connect): SSLv3 flush data
    Oct 18 15:49:51 	openvpn 	38153 	SSL state (connect): SSLv3 write finished A
    Oct 18 15:49:51 	openvpn 	38153 	SSL state (connect): SSLv3 write change cipher spec A
    Oct 18 15:49:51 	openvpn 	38153 	SSL state (connect): SSLv3 write client key exchange A
    Oct 18 15:49:51 	openvpn 	38153 	SSL state (connect): SSLv3 read server done A
    Oct 18 15:49:51 	openvpn 	38153 	SSL state (connect): SSLv3 read server key exchange A
    Oct 18 15:49:51 	openvpn 	38153 	Incoming Ciphertext -> TLS
    Oct 18 15:49:51 	openvpn 	38153 	BIO write tls_write_ciphertext 110 bytes
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_can_send active=0 current=0 : [2]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	ACK acknowledge ID 4 (ack->len=1)
    Oct 18 15:49:51 	openvpn 	38153 	ACK mark active incoming ID 4
    Oct 18 15:49:51 	openvpn 	38153 	ACK RWBS rel->size=8 rel->packet_id=00000004 id=00000004 ret=1
    Oct 18 15:49:51 	openvpn 	38153 	ACK read ID 4 (buf->len=110)
    Oct 18 15:49:51 	openvpn 	38153 	TLS: received control channel packet s#=0 sid=7d4069b3 5a57047b
    Oct 18 15:49:51 	openvpn 	38153 	TLS: found match, session[0], sid=7d4069b3 5a57047b
    Oct 18 15:49:51 	openvpn 	38153 	TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, rec-sid=7d4069b3 5a57047b, rec-ip=[AF_INET]172.98.67.60:1197, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 READ [124] from [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=7d4069b3 5a57047b [ ] pid=4 DATA 18cdeb07 b9313e68 b43a99a7 bc25a577 40d214c3 475182fa 74e86788 b95dff2[more...]
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 read returned 124
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT status=0x0001
    Oct 18 15:49:51 	openvpn 	38153 	event_wait returned 1
    Oct 18 15:49:51 	openvpn 	38153 	PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT T?|T?|SR|Sw [1/250338]
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=6 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: timeout set to 60
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_send_timeout 604800 [2]
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_can_send active=0 current=0 : [2]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 write returned 22
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 WRITE [22] to [AF_INET]172.98.67.60:1197: P_ACK_V1 kid=0 sid=c8eeca5d ed9e29ea [ 3 sid=7d4069b3 5a57047b ]
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT status=0x0003
    Oct 18 15:49:51 	openvpn 	38153 	event_wait returned 1
    Oct 18 15:49:51 	openvpn 	38153 	PO_WAIT[0,0] fd=6 rev=0x00000005 rwflags=0x0003 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT T?|T?|SR|SW [1/250338]
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0003 ev=6 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: timeout set to 60
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_send_timeout 604800 [2]
    Oct 18 15:49:51 	openvpn 	38153 	Dedicated ACK -> TCP/UDP
    Oct 18 15:49:51 	openvpn 	38153 	ACK write ID 3 (ack->len=1, n=1)
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_can_send active=0 current=0 : [2]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:51 	openvpn 	38153 	Incoming Ciphertext -> TLS
    Oct 18 15:49:51 	openvpn 	38153 	BIO write tls_write_ciphertext 1174 bytes
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_can_send active=0 current=0 : [2]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	ACK acknowledge ID 3 (ack->len=1)
    Oct 18 15:49:51 	openvpn 	38153 	ACK mark active incoming ID 3
    Oct 18 15:49:51 	openvpn 	38153 	ACK RWBS rel->size=8 rel->packet_id=00000003 id=00000003 ret=1
    Oct 18 15:49:51 	openvpn 	38153 	ACK read ID 3 (buf->len=1174)
    Oct 18 15:49:51 	openvpn 	38153 	TLS: received control channel packet s#=0 sid=7d4069b3 5a57047b
    Oct 18 15:49:51 	openvpn 	38153 	TLS: found match, session[0], sid=7d4069b3 5a57047b
    Oct 18 15:49:51 	openvpn 	38153 	TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, rec-sid=7d4069b3 5a57047b, rec-ip=[AF_INET]172.98.67.60:1197, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 READ [1188] from [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=7d4069b3 5a57047b [ ] pid=3 DATA ec9a3dcb 3588bc65 960374de cdeab7e2 ca46f378 fd7a4ff4 eead5755 f53fa6f[more...]
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 read returned 1188
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT status=0x0001
    Oct 18 15:49:51 	openvpn 	38153 	event_wait returned 1
    Oct 18 15:49:51 	openvpn 	38153 	PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT T?|T?|SR|Sw [1/250338]
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=6 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: timeout set to 60
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_send_timeout 604800 [2]
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_can_send active=0 current=0 : [2]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 write returned 22
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 WRITE [22] to [AF_INET]172.98.67.60:1197: P_ACK_V1 kid=0 sid=c8eeca5d ed9e29ea [ 2 sid=7d4069b3 5a57047b ]
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT status=0x0003
    Oct 18 15:49:51 	openvpn 	38153 	event_wait returned 1
    Oct 18 15:49:51 	openvpn 	38153 	PO_WAIT[0,0] fd=6 rev=0x00000005 rwflags=0x0003 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT T?|T?|SR|SW [1/250338]
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0003 ev=6 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: timeout set to 60
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_send_timeout 604800 [2]
    Oct 18 15:49:51 	openvpn 	38153 	Dedicated ACK -> TCP/UDP
    Oct 18 15:49:51 	openvpn 	38153 	ACK write ID 2 (ack->len=1, n=1)
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_can_send active=0 current=0 : [2]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:51 	openvpn 	38153 	SSL state (connect): SSLv3 read server certificate A
    Oct 18 15:49:51 	openvpn 	38153 	VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=283a3b2f28a7261f7a8a7779f08355e6, name=283a3b2f28a7261f7a8a7779f08355e6
    Oct 18 15:49:51 	openvpn 	38153 	VERIFY EKU OK
    Oct 18 15:49:51 	openvpn 	38153 	++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
    Oct 18 15:49:51 	openvpn 	38153 	Validating certificate extended key usage
    Oct 18 15:49:51 	openvpn 	38153 	VERIFY KU OK
    Oct 18 15:49:51 	openvpn 	38153 	++ Certificate has key usage 00a0, expects 00a0
    Oct 18 15:49:51 	openvpn 	38153 	Validating certificate key usage
    Oct 18 15:49:51 	openvpn 	38153 	VERIFY OK: depth=1, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com
    Oct 18 15:49:51 	openvpn 	38153 	Incoming Ciphertext -> TLS
    Oct 18 15:49:51 	openvpn 	38153 	BIO write tls_write_ciphertext 1174 bytes
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_can_send active=0 current=0 : [2]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	ACK acknowledge ID 2 (ack->len=1)
    Oct 18 15:49:51 	openvpn 	38153 	ACK mark active incoming ID 2
    Oct 18 15:49:51 	openvpn 	38153 	ACK RWBS rel->size=8 rel->packet_id=00000002 id=00000002 ret=1
    Oct 18 15:49:51 	openvpn 	38153 	ACK read ID 2 (buf->len=1174)
    Oct 18 15:49:51 	openvpn 	38153 	TLS: received control channel packet s#=0 sid=7d4069b3 5a57047b
    Oct 18 15:49:51 	openvpn 	38153 	TLS: found match, session[0], sid=7d4069b3 5a57047b
    Oct 18 15:49:51 	openvpn 	38153 	TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, rec-sid=7d4069b3 5a57047b, rec-ip=[AF_INET]172.98.67.60:1197, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 READ [1188] from [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=7d4069b3 5a57047b [ ] pid=2 DATA 04030206 40301d06 03551d0e 04160414 3ce258a8 84075704 06a7c109 2944217[more...]
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 read returned 1188
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT status=0x0001
    Oct 18 15:49:51 	openvpn 	38153 	event_wait returned 1
    Oct 18 15:49:51 	openvpn 	38153 	PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT T?|T?|SR|Sw [1/250338]
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=6 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: timeout set to 60
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_send_timeout 604800 [2]
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_can_send active=0 current=0 : [2]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 write returned 22
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 WRITE [22] to [AF_INET]172.98.67.60:1197: P_ACK_V1 kid=0 sid=c8eeca5d ed9e29ea [ 1 sid=7d4069b3 5a57047b ]
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT status=0x0003
    Oct 18 15:49:51 	openvpn 	38153 	event_wait returned 1
    Oct 18 15:49:51 	openvpn 	38153 	PO_WAIT[0,0] fd=6 rev=0x00000005 rwflags=0x0003 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT T?|T?|SR|SW [1/250338]
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0003 ev=6 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: timeout set to 60
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_send_timeout 604800 [2]
    Oct 18 15:49:51 	openvpn 	38153 	Dedicated ACK -> TCP/UDP
    Oct 18 15:49:51 	openvpn 	38153 	ACK write ID 1 (ack->len=1, n=1)
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_can_send active=0 current=0 : [2]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:51 	openvpn 	38153 	SSL state (connect): SSLv3 read server hello A
    Oct 18 15:49:51 	openvpn 	38153 	Incoming Ciphertext -> TLS
    Oct 18 15:49:51 	openvpn 	38153 	BIO write tls_write_ciphertext 1174 bytes
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_can_send active=0 current=0 : [2]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	ACK acknowledge ID 1 (ack->len=1)
    Oct 18 15:49:51 	openvpn 	38153 	ACK mark active incoming ID 1
    Oct 18 15:49:51 	openvpn 	38153 	ACK RWBS rel->size=8 rel->packet_id=00000001 id=00000001 ret=1
    Oct 18 15:49:51 	openvpn 	38153 	ACK read ID 1 (buf->len=1174)
    Oct 18 15:49:51 	openvpn 	38153 	ACK received for pid 1, deleting from send buffer
    Oct 18 15:49:51 	openvpn 	38153 	TLS: received control channel packet s#=0 sid=7d4069b3 5a57047b
    Oct 18 15:49:51 	openvpn 	38153 	TLS: found match, session[0], sid=7d4069b3 5a57047b
    Oct 18 15:49:51 	openvpn 	38153 	TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, rec-sid=7d4069b3 5a57047b, rec-ip=[AF_INET]172.98.67.60:1197, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 READ [1200] from [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=7d4069b3 5a57047b [ 1 sid=c8eeca5d ed9e29ea ] pid=1 DATA 16030300 36020000 32030358 d82a436a ea90a9f5 c5f92ac5 5f59b1f9 730c1d2[more...]
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 read returned 1200
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT status=0x0001
    Oct 18 15:49:51 	openvpn 	38153 	event_wait returned 1
    Oct 18 15:49:51 	openvpn 	38153 	PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT T?|T?|SR|Sw [1/250338]
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38
    Oct 18 15:49:51 	openvpn 	38153 	PO_CTL rwflags=0x0001 ev=6 arg=0x00694de0
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: timeout set to 2
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_send_timeout 2 [2] 1
    Oct 18 15:49:51 	openvpn 	38153 	ACK reliable_can_send active=1 current=0 : [2] 1
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
    Oct 18 15:49:51 	openvpn 	38153 	TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 write returned 263
    Oct 18 15:49:51 	openvpn 	38153 	UDPv4 WRITE [263] to [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=c8eeca5d ed9e29ea [ ] pid=1 DATA 16030100 f4010000 f003031d bd66e2cb 7ce2b273 90d08a6f 4be8a234 c16274f[more...]
    Oct 18 15:49:51 	openvpn 	38153 	I/O WAIT status=0x0002
    Oct 18 15:49:51 	openvpn 	38153 	event_wait returned 1 
    


  • @guardian:

    Have I discovered a bug, or do I have a setting configured incorrectly?  The Virtual Address is 10.69.10.6, but for some reason the status screen is showning 10.69.10.5, and the gateway is 10.69.10.1 as can be seen from this traceroute:

    Which status screen do you mean?

    10.69.10.6 is your virtual address in the VPN tunnel, 10.69.10.5 is the server side address, which is used as gateway by pfSense. The server uses a net30 topology, so there are only two devices in the tunnel subnet.
    10.69.10.1 is the next hop, the vpn servers IP.

    10.69.10.1 will response to pings and could be used for monitoring here instead of 10.69.10.5, but since the tunnel subnet changes on every connecting, that’s no option.

    So to get rid of the offline (shown) gateway, you can either disable gateway monitoring or monitor another IP which only can be reached via the vpn.



  • @viragomann:

    Which status screen do you mean?

    The gateways panel on the Home/Dashboard screen.

    @viragomann:

    10.69.10.6 is your virtual address in the VPN tunnel, 10.69.10.5 is the server side address, which is used as gateway by pfSense. The server uses a net30 topology, so there are only two devices in the tunnel subnet.

    According to the documentation provided by the VPN provider the Topology should be configured as “Subnet - One IP address per client in a common sub-net”, which is how I have the client configured. It seems that pfSense is treating the interface like it iis net30.

    That looks like a bug to me – if not, tell me what I’m missing.

    As an aside, I did change the configuration to use the net30 topology, and it refused to connect.

    @viragomann:

    10.69.10.1 will response to pings and could be used for monitoring here instead of 10.69.10.5, but since the tunnel subnet changes on every connecting, that’s no option.

    So to get rid of the offline (shown) gateway, you can either disable gateway monitoring or monitor another IP which only can be reached via the vpn.

    Just wondering if there is any way to script this part of the setup? (I would rather not disable the monitoring if possible.)



  • As mentioned, 10.69.10.5 is your gateway here when using VPN.

    The client side topology setting will not take effect, since the network topology is specified by the server.

    @guardian:

    That looks like a bug to me – if not, tell me what I’m missing.

    What? That the gateway doesn’t respond to pings?

    @guardian:

    @viragomann:

    10.69.10.1 will response to pings and could be used for monitoring here instead of 10.69.10.5, but since the tunnel subnet changes on every connecting, that’s no option.

    So to get rid of the offline (shown) gateway, you can either disable gateway monitoring or monitor another IP which only can be reached via the vpn.

    Just wondering if there is any way to script this part of the setup? (I would rather not disable the monitoring if possible.)

    Of course you can script that if you want. You can find the server IP in the vpn client log file behind the “PUSH” command - ‘route 10.69.10.1’.

    But I think, it will be much easier to change monitor-IP to e.g. 8.8.8.8 (Google) and set a static route for that IP to use the vpn gateway.



  • Please help me out a bit as to how you came to that conclusion.

    @viragomann:

    As mentioned, 10.69.10.5 is your gateway here when using VPN.

    The client side topology setting will not take effect, since the network topology is specified by the server.

    The information that I have from the provider is that I receive a single IP address in a common subnet.  (Likely a private VLAN)
    My probing of the connections seems to agree with the provider’s assertion.

    The gateway 10.69.10.1 is the gateway from the private subnet to the internet, but my gateway to that private subnet is 10.69.10.6 (the interface address). in order to reach 10.69.10.1.
    i.e. With the source address set to the interface on the ping tool on the Diagnostic menu, I can ping 10.69.10.6, 10.69.10.1 and internet addresses, but not 10.69.10.5!  (Hope I explaned that properly.)  I don’t understand where 10.69.10.5 is coming from as it doesn’t show up in a traceroute, and won’t respond to a ping.

    @viragomann:

    @guardian:

    That looks like a bug to me – if not, tell me what I’m missing.

    What? That the gateway doesn’t respond to pings?

    If 10.69.10.5 is actually the gateway, it does NOT respond to a ping!  I don’t believe that pfSense has identified the gateway correctly.  My gateway is 10.69.10.6 NOT 10.69.10.5.  Once I exit through 10.69.10.6, I’m on 10.69.10.1/24, the gateway from that network is 10.69.10.1.  In short the VPN works a lot like my cable internet (except modem/hardware) - I get a single IP which leads to a private network, and that network has a gateway to the internet.

    I suspect that this part of the log

    Oct 18 15:49:54 	openvpn 	38153 	Initialization Sequence Completed
    Oct 18 15:49:54 	openvpn 	38153 	/usr/local/sbin/ovpn-linkup ovpnc1 1500 1570 10.69.10.6 10.69.10.5 init
    Oct 18 15:49:54 	openvpn 	38153 	/sbin/ifconfig ovpnc1 10.69.10.6 10.69.10.5 mtu 1500 netmask 255.255.255.255 up
    Oct 18 15:49:54 	openvpn 	38153 	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Oct 18 15:49:54 	openvpn 	38153 	TUN/TAP device /dev/tun1 opened
    Oct 18 15:49:54 	openvpn 	38153 	TUN/TAP device ovpnc1 exists previously, keep at program end
    Oct 18 15:49:54 	openvpn 	38153 	OPTIONS IMPORT: --ifconfig/up options modified
    Oct 18 15:49:54 	openvpn 	38153 	OPTIONS IMPORT: LZO parms modified
    Oct 18 15:49:54 	openvpn 	38153 	OPTIONS IMPORT: timers and/or timeouts modified
    Oct 18 15:49:54 	openvpn 	38153 	Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
    Oct 18 15:49:54 	openvpn 	38153 	Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
    Oct 18 15:49:54 	openvpn 	38153 	Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
    Oct 18 15:49:54 	openvpn 	38153 	Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
    Oct 18 15:49:54 	openvpn 	38153 	PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,comp-lzo no,route 10.69.10.1,topology net30,ifconfig 10.69.10.6 10.69.10.5,auth-token cWH8XGbkmA2cWXnJyKr8NSALW56rxCiyjYXcyOLZ5ok='
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef]
    Oct 18 15:49:54 	openvpn 	38153 	TLS: tls_process: timeout set to 57
    Oct 18 15:49:54 	openvpn 	38153 	ACK reliable_send_timeout 604800 [5]
    

    might contain the reason, but I don’t know what messages are as a result of server and what messages are as a result of my client.

    If I understand things correctly, the ACK/TLS/TLS are just at the end of the key exchange process and acknowledge the presence of a secure tunnel.

    Thanks in advance for any comments/suggestions/solutions.



  • Dude, the behaviour was already described above: https://forum.pfsense.org/index.php?topic=138316.msg756666#msg756666

    Again, it looks like this:

    
    you           |       tunnel        |               server
    your virt. IP |                     |   servers virt. IP in subnet       server IP
    10.69.10.6 ---|---------------------|--- 10.69.10.5 -------------------- 10.69.10.1
    
    

    The vpn server provide a /30 subnet. It has 4 IP addresses:
    10.69.10.4 …… network address
    10.69.10.5 … servers virt. IP in the subnet
    10.69.10.6 … your virtual IP in the subnet
    10.69.10.7 … broadcast address

    10.69.10.6 is your virtual IP in the tunnel, of course you can ping it!
    The virt. tunnel address of the server doesn’t response to pings. That’s a normal behaviour in OpenVPN. But you can ping the servers address: 10.69.10.1

    10.69.10.1 is not in your subnet, but OpenVPN sets a route to it using the gateway 10.69.10.5 (Yes, the server virtual IP is your gateway).
    Check the routing table to review. Diagnostic > routes
    You can only use IP addresses as gateways which are directly connected to pfSense. 10.69.10.5 is (virtual), 10.69.10.1 is not.

    The line

    Oct 18 15:49:54 	openvpn 	38153 	PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,comp-lzo no,route 10.69.10.1,topology net30,ifconfig 10.69.10.6 10.69.10.5,auth-token cWH8XGbkmA2cWXnJyKr8NSALW56rxCiyjYXcyOLZ5ok='
    
    

    is what you get from the server. It contains the interface configuration, compression mode, DNS and routes.

    You might have set a high Verbosity level in the client config, there’s very much noise in the log.



  • Deleted & reposted below with Verbosity reduced and appropriate changes



  • Your Verbosity level is too high, set it to 4.



  • Thanks for taking the time to make that so clear, even though you described it, I didnt get it.

    It’s sometimes difficult to know what you don’t know and distinguish it from things that you think you know but just aren’t so.

    What was confusing me was these setup instructions https://www.privateinternetaccess.com/pages/client-support/pfsense, and that the Topologiy setting shows ‘Subnet - One IP address per client in a common sub-net’ in the provided example.  What’s the difference between this setting and ‘net30 -Isolated /30 network per client’?  The topology you described looks more like the /30 than One IP address per client to me.

    When I change the setting to ‘net30 -Isolated /30 network per client’, the log looks like this.

    Oct 20 15:39:59 	openvpn 	53417 	MANAGEMENT: Client disconnected
    Oct 20 15:39:59 	openvpn 	53417 	MANAGEMENT: CMD 'status 2'
    Oct 20 15:39:59 	openvpn 	53417 	MANAGEMENT: CMD 'state 1'
    Oct 20 15:39:59 	openvpn 	53417 	MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
    Oct 20 15:39:56 	openvpn 	53417 	Initialization Sequence Completed
    Oct 20 15:39:56 	openvpn 	53417 	/usr/local/sbin/ovpn-linkup ovpnc1 1500 1570 10.8.10.10 10.8.10.9 init
    Oct 20 15:39:56 	openvpn 	53417 	/sbin/ifconfig ovpnc1 10.8.10.10 10.8.10.9 mtu 1500 netmask 255.255.255.255 up
    Oct 20 15:39:56 	openvpn 	53417 	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Oct 20 15:39:56 	openvpn 	53417 	TUN/TAP device /dev/tun1 opened
    Oct 20 15:39:56 	openvpn 	53417 	TUN/TAP device ovpnc1 exists previously, keep at program end
    Oct 20 15:39:56 	openvpn 	53417 	OPTIONS IMPORT: --ifconfig/up options modified
    Oct 20 15:39:56 	openvpn 	53417 	OPTIONS IMPORT: LZO parms modified
    Oct 20 15:39:56 	openvpn 	53417 	OPTIONS IMPORT: timers and/or timeouts modified
    Oct 20 15:39:56 	openvpn 	53417 	Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
    Oct 20 15:39:56 	openvpn 	53417 	Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
    Oct 20 15:39:56 	openvpn 	53417 	Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
    Oct 20 15:39:56 	openvpn 	53417 	Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
    Oct 20 15:39:56 	openvpn 	53417 	PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,comp-lzo no,route 10.8.10.1,topology net30,ifconfig 10.8.10.10 10.8.10.9,auth-token /9q33gukKF57s9njKLNkDUHrt6LMQ+vRHjYh2Wr++MQ='
    Oct 20 15:39:56 	openvpn 	53417 	SENT CONTROL [c76d465f591f9ff1adf44a1f4d7c7d9b]: 'PUSH_REQUEST' (status=1)
    Oct 20 15:39:54 	openvpn 	53417 	[c76d465f591f9ff1adf44a1f4d7c7d9b] Peer Connection Initiated with [AF_INET]172.98.67.67:1197
    Oct 20 15:39:54 	openvpn 	53417 	Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
    Oct 20 15:39:54 	openvpn 	53417 	Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Oct 20 15:39:54 	openvpn 	53417 	Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Oct 20 15:39:54 	openvpn 	53417 	Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Oct 20 15:39:54 	openvpn 	53417 	Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Oct 20 15:39:54 	openvpn 	53417 	WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
    Oct 20 15:39:54 	openvpn 	53417 	WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1'
    Oct 20 15:39:54 	openvpn 	53417 	WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'
    Oct 20 15:39:54 	openvpn 	53417 	WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1542'
    Oct 20 15:39:54 	openvpn 	53417 	VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=c76d465f591f9ff1adf44a1f4d7c7d9b, name=c76d465f591f9ff1adf44a1f4d7c7d9b
    Oct 20 15:39:54 	openvpn 	53417 	VERIFY EKU OK
    Oct 20 15:39:54 	openvpn 	53417 	++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
    Oct 20 15:39:54 	openvpn 	53417 	Validating certificate extended key usage
    Oct 20 15:39:54 	openvpn 	53417 	VERIFY KU OK
    Oct 20 15:39:54 	openvpn 	53417 	++ Certificate has key usage 00a0, expects 00a0
    Oct 20 15:39:54 	openvpn 	53417 	Validating certificate key usage
    Oct 20 15:39:54 	openvpn 	53417 	VERIFY OK: depth=1, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com
    Oct 20 15:39:54 	openvpn 	53417 	WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Oct 20 15:39:54 	openvpn 	53417 	TLS: Initial packet from [AF_INET]172.98.67.67:1197, sid=e1e50acc 434d35d6
    Oct 20 15:39:54 	openvpn 	53417 	UDPv4 link remote: [AF_INET]172.98.67.67:1197
    Oct 20 15:39:54 	openvpn 	53417 	UDPv4 link local (bound): [AF_INET]192.168.0.15
    Oct 20 15:39:54 	openvpn 	53417 	Expected Remote Options hash (VER=V4): '79a26cd9'
    Oct 20 15:39:54 	openvpn 	53417 	Local Options hash (VER=V4): 'fc8ba345'
    Oct 20 15:39:54 	openvpn 	53417 	Expected Remote Options String: 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server'
    Oct 20 15:39:54 	openvpn 	53417 	Local Options String: 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client'
    Oct 20 15:39:54 	openvpn 	53417 	Data Channel MTU parms [ L:1570 D:1450 EF:70 EB:143 ET:0 EL:3 AF:3/1 ]
    Oct 20 15:39:53 	openvpn 	53417 	Socket Buffers: R=[42080->42080] S=[57344->57344]
    Oct 20 15:39:53 	openvpn 	53417 	Control Channel MTU parms [ L:1570 D:1212 EF:38 EB:0 ET:0 EL:3 ]
    Oct 20 15:39:53 	openvpn 	53417 	LZO compression initialized
    Oct 20 15:39:53 	openvpn 	53417 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Oct 20 15:39:53 	openvpn 	53417 	MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
    Oct 20 15:39:53 	openvpn 	52592 	WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible
    Oct 20 15:39:53 	openvpn 	52592 	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.10
    Oct 20 15:39:53 	openvpn 	52592 	OpenVPN 2.3.17 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jun 26 2017
    Oct 20 15:39:53 	openvpn 	52592 	auth_user_pass_file = '/var/etc/openvpn/client1.up'
    Oct 20 15:39:53 	openvpn 	52592 	pull = ENABLED
    Oct 20 15:39:53 	openvpn 	52592 	client = ENABLED
    Oct 20 15:39:53 	openvpn 	52592 	port_share_port = 0
    Oct 20 15:39:53 	openvpn 	52592 	port_share_host = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	auth_user_pass_verify_script_via_file = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	auth_user_pass_verify_script = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	max_routes_per_client = 256
    Oct 20 15:39:53 	openvpn 	52592 	max_clients = 1024
    Oct 20 15:39:53 	openvpn 	52592 	cf_per = 0
    Oct 20 15:39:53 	openvpn 	52592 	cf_max = 0
    Oct 20 15:39:53 	openvpn 	52592 	duplicate_cn = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	enable_c2c = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	push_ifconfig_ipv6_remote = ::
    Oct 20 15:39:53 	openvpn 	52592 	push_ifconfig_ipv6_local = ::/0
    Oct 20 15:39:53 	openvpn 	52592 	push_ifconfig_ipv6_defined = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	push_ifconfig_remote_netmask = 0.0.0.0
    Oct 20 15:39:53 	openvpn 	52592 	push_ifconfig_local = 0.0.0.0
    Oct 20 15:39:53 	openvpn 	52592 	push_ifconfig_defined = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	tmp_dir = '/tmp'
    Oct 20 15:39:53 	openvpn 	52592 	ccd_exclusive = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	client_config_dir = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	client_disconnect_script = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	learn_address_script = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	client_connect_script = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	virtual_hash_size = 256
    Oct 20 15:39:53 	openvpn 	52592 	real_hash_size = 256
    Oct 20 15:39:53 	openvpn 	52592 	tcp_queue_limit = 64
    Oct 20 15:39:53 	openvpn 	52592 	n_bcast_buf = 256
    Oct 20 15:39:53 	openvpn 	52592 	ifconfig_ipv6_pool_netbits = 0
    Oct 20 15:39:53 	openvpn 	52592 	ifconfig_ipv6_pool_base = ::
    Oct 20 15:39:53 	openvpn 	52592 	ifconfig_ipv6_pool_defined = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	ifconfig_pool_persist_refresh_freq = 600
    Oct 20 15:39:53 	openvpn 	52592 	ifconfig_pool_persist_filename = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	ifconfig_pool_netmask = 0.0.0.0
    Oct 20 15:39:53 	openvpn 	52592 	ifconfig_pool_end = 0.0.0.0
    Oct 20 15:39:53 	openvpn 	52592 	ifconfig_pool_start = 0.0.0.0
    Oct 20 15:39:53 	openvpn 	52592 	ifconfig_pool_defined = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	server_bridge_pool_end = 0.0.0.0
    Oct 20 15:39:53 	openvpn 	52592 	server_bridge_pool_start = 0.0.0.0
    Oct 20 15:39:53 	openvpn 	52592 	server_bridge_netmask = 0.0.0.0
    Oct 20 15:39:53 	openvpn 	52592 	server_bridge_ip = 0.0.0.0
    Oct 20 15:39:53 	openvpn 	52592 	server_netbits_ipv6 = 0
    Oct 20 15:39:53 	openvpn 	52592 	server_network_ipv6 = ::
    Oct 20 15:39:53 	openvpn 	52592 	server_netmask = 0.0.0.0
    Oct 20 15:39:53 	openvpn 	52592 	server_network = 0.0.0.0
    Oct 20 15:39:53 	openvpn 	52592 	tls_auth_file = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	tls_exit = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	push_peer_info = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	single_session = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	transition_window = 3600
    Oct 20 15:39:53 	openvpn 	52592 	handshake_window = 60
    Oct 20 15:39:53 	openvpn 	52592 	renegotiate_seconds = 0
    Oct 20 15:39:53 	openvpn 	52592 	renegotiate_packets = 0
    Oct 20 15:39:53 	openvpn 	52592 	renegotiate_bytes = -1
    Oct 20 15:39:53 	openvpn 	52592 	tls_timeout = 2
    Oct 20 15:39:53 	openvpn 	52592 	ssl_flags = 0
    Oct 20 15:39:53 	openvpn 	52592 	remote_cert_eku = 'TLS Web Server Authentication'
    Oct 20 15:39:53 	openvpn 	52592 	remote_cert_ku[i] = 0
    Oct 20 15:39:53 	openvpn 	52592 	remote_cert_ku[i] = 0
    Oct 20 15:39:53 	openvpn 	52592 	remote_cert_ku[i] = 0
    Oct 20 15:39:53 	openvpn 	52592 	remote_cert_ku[i] = 0
    Oct 20 15:39:53 	openvpn 	52592 	remote_cert_ku[i] = 0
    Oct 20 15:39:53 	openvpn 	52592 	remote_cert_ku[i] = 0
    Oct 20 15:39:53 	openvpn 	52592 	remote_cert_ku[i] = 0
    Oct 20 15:39:53 	openvpn 	52592 	remote_cert_ku[i] = 0
    Oct 20 15:39:53 	openvpn 	52592 	remote_cert_ku[i] = 0
    Oct 20 15:39:53 	openvpn 	52592 	remote_cert_ku[i] = 0
    Oct 20 15:39:53 	openvpn 	52592 	remote_cert_ku[i] = 0
    Oct 20 15:39:53 	openvpn 	52592 	remote_cert_ku[i] = 0
    Oct 20 15:39:53 	openvpn 	52592 	remote_cert_ku[i] = 0
    Oct 20 15:39:53 	openvpn 	52592 	remote_cert_ku[i] = 0
    Oct 20 15:39:53 	openvpn 	52592 	remote_cert_ku[i] = 136
    Oct 20 15:39:53 	openvpn 	52592 	remote_cert_ku[i] = 160
    Oct 20 15:39:53 	openvpn 	52592 	ns_cert_type = 0
    Oct 20 15:39:53 	openvpn 	52592 	crl_file = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	verify_x509_name = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	verify_x509_type = 0
    Oct 20 15:39:53 	openvpn 	52592 	tls_export_cert = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	tls_verify = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	cipher_list = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	pkcs12_file = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	priv_key_file = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	extra_certs_file = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	cert_file = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	dh_file = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	ca_path = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	ca_file = '/var/etc/openvpn/client1.ca'
    Oct 20 15:39:53 	openvpn 	52592 	key_method = 2
    Oct 20 15:39:53 	openvpn 	52592 	tls_client = ENABLED
    Oct 20 15:39:53 	openvpn 	52592 	tls_server = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	test_crypto = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	use_iv = ENABLED
    Oct 20 15:39:53 	openvpn 	52592 	packet_id_file = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	replay_time = 15
    Oct 20 15:39:53 	openvpn 	52592 	replay_window = 64
    Oct 20 15:39:53 	openvpn 	52592 	mute_replay_warnings = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	replay = ENABLED
    Oct 20 15:39:53 	openvpn 	52592 	engine = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	keysize = 0
    Oct 20 15:39:53 	openvpn 	52592 	prng_nonce_secret_len = 16
    Oct 20 15:39:53 	openvpn 	52592 	prng_hash = 'SHA1'
    Oct 20 15:39:53 	openvpn 	52592 	authname = 'SHA256'
    Oct 20 15:39:53 	openvpn 	52592 	authname_defined = ENABLED
    Oct 20 15:39:53 	openvpn 	52592 	ciphername = 'AES-256-CBC'
    Oct 20 15:39:53 	openvpn 	52592 	ciphername_defined = ENABLED
    Oct 20 15:39:53 	openvpn 	52592 	key_direction = 0
    Oct 20 15:39:53 	openvpn 	52592 	shared_secret_file = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	management_flags = 256
    Oct 20 15:39:53 	openvpn 	52592 	management_client_group = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	management_client_user = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	management_write_peer_info_file = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	management_echo_buffer_size = 100
    Oct 20 15:39:53 	openvpn 	52592 	management_log_history_cache = 250
    Oct 20 15:39:53 	openvpn 	52592 	management_user_pass = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	management_port = 0
    Oct 20 15:39:53 	openvpn 	52592 	management_addr = '/var/etc/openvpn/client1.sock'
    Oct 20 15:39:53 	openvpn 	52592 	allow_pull_fqdn = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	max_routes = 100
    Oct 20 15:39:53 	openvpn 	52592 	route_gateway_via_dhcp = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	route_nopull = ENABLED
    Oct 20 15:39:53 	openvpn 	52592 	route_delay_defined = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	route_delay_window = 30
    Oct 20 15:39:53 	openvpn 	52592 	route_delay = 0
    Oct 20 15:39:53 	openvpn 	52592 	route_noexec = ENABLED
    Oct 20 15:39:53 	openvpn 	52592 	route_default_metric = 0
    Oct 20 15:39:53 	openvpn 	52592 	route_default_gateway = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	route_script = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	lzo = 7
    Oct 20 15:39:53 	openvpn 	52592 	fast_io = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	sockflags = 0
    Oct 20 15:39:53 	openvpn 	52592 	sndbuf = 0
    Oct 20 15:39:53 	openvpn 	52592 	rcvbuf = 0
    Oct 20 15:39:53 	openvpn 	52592 	occ = ENABLED
    Oct 20 15:39:53 	openvpn 	52592 	status_file_update_freq = 60
    Oct 20 15:39:53 	openvpn 	52592 	status_file_version = 1
    Oct 20 15:39:53 	openvpn 	52592 	status_file = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	gremlin = 0
    Oct 20 15:39:53 	openvpn 	52592 	mute = 0
    Oct 20 15:39:53 	openvpn 	52592 	verbosity = 4
    Oct 20 15:39:53 	openvpn 	52592 	nice = 0
    Oct 20 15:39:53 	openvpn 	52592 	suppress_timestamps = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	log = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	inetd = 0
    Oct 20 15:39:53 	openvpn 	52592 	daemon = ENABLED
    Oct 20 15:39:53 	openvpn 	52592 	up_delay = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	up_restart = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	down_pre = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	down_script = '/usr/local/sbin/ovpn-linkdown'
    Oct 20 15:39:53 	openvpn 	52592 	up_script = '/usr/local/sbin/ovpn-linkup'
    Oct 20 15:39:53 	openvpn 	52592 	writepid = '/var/run/openvpn_client1.pid'
    Oct 20 15:39:53 	openvpn 	52592 	cd_dir = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	chroot_dir = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	groupname = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	username = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	resolve_retry_seconds = 1000000000
    Oct 20 15:39:53 	openvpn 	52592 	passtos = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	persist_key = ENABLED
    Oct 20 15:39:53 	openvpn 	52592 	persist_remote_ip = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	persist_local_ip = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	persist_tun = ENABLED
    Oct 20 15:39:53 	openvpn 	52592 	remap_sigusr1 = 0
    Oct 20 15:39:53 	openvpn 	52592 	ping_timer_remote = ENABLED
    Oct 20 15:39:53 	openvpn 	52592 	ping_rec_timeout_action = 2
    Oct 20 15:39:53 	openvpn 	52592 	ping_rec_timeout = 60
    Oct 20 15:39:53 	openvpn 	52592 	ping_send_timeout = 10
    Oct 20 15:39:53 	openvpn 	52592 	inactivity_timeout = 0
    Oct 20 15:39:53 	openvpn 	52592 	keepalive_timeout = 60
    Oct 20 15:39:53 	openvpn 	52592 	keepalive_ping = 10
    Oct 20 15:39:53 	openvpn 	52592 	mlock = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	mtu_test = 0
    Oct 20 15:39:53 	openvpn 	52592 	shaper = 0
    Oct 20 15:39:53 	openvpn 	52592 	ifconfig_ipv6_remote = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	ifconfig_ipv6_netbits = 0
    Oct 20 15:39:53 	openvpn 	52592 	ifconfig_ipv6_local = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	ifconfig_nowarn = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	ifconfig_noexec = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	ifconfig_remote_netmask = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	ifconfig_local = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	tun_ipv6 = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	topology = 1
    Oct 20 15:39:53 	openvpn 	52592 	lladdr = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	dev_node = '/dev/tun1'
    Oct 20 15:39:53 	openvpn 	52592 	dev_type = 'tun'
    Oct 20 15:39:53 	openvpn 	52592 	dev = 'ovpnc1'
    Oct 20 15:39:53 	openvpn 	52592 	ipchange = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	remote_random = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	Connection profiles END
    Oct 20 15:39:53 	openvpn 	52592 	explicit_exit_notification = 0
    Oct 20 15:39:53 	openvpn 	52592 	mssfix = 1450
    Oct 20 15:39:53 	openvpn 	52592 	fragment = 0
    Oct 20 15:39:53 	openvpn 	52592 	mtu_discover_type = -1
    Oct 20 15:39:53 	openvpn 	52592 	tun_mtu_extra_defined = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	tun_mtu_extra = 0
    Oct 20 15:39:53 	openvpn 	52592 	link_mtu_defined = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	link_mtu = 1500
    Oct 20 15:39:53 	openvpn 	52592 	tun_mtu_defined = ENABLED
    Oct 20 15:39:53 	openvpn 	52592 	tun_mtu = 1500
    Oct 20 15:39:53 	openvpn 	52592 	socks_proxy_retry = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	socks_proxy_port = 0
    Oct 20 15:39:53 	openvpn 	52592 	socks_proxy_server = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	connect_retry_max = 0
    Oct 20 15:39:53 	openvpn 	52592 	connect_timeout = 10
    Oct 20 15:39:53 	openvpn 	52592 	connect_retry_seconds = 5
    Oct 20 15:39:53 	openvpn 	52592 	bind_local = ENABLED
    Oct 20 15:39:53 	openvpn 	52592 	bind_defined = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	remote_float = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	remote_port = 1197
    Oct 20 15:39:53 	openvpn 	52592 	remote = 'xxx.privateinternetaccess.com'
    Oct 20 15:39:53 	openvpn 	52592 	local_port = 0
    Oct 20 15:39:53 	openvpn 	52592 	local = '192.168.0.15'
    Oct 20 15:39:53 	openvpn 	52592 	proto = udp
    Oct 20 15:39:53 	openvpn 	52592 	Connection profiles [default]:
    Oct 20 15:39:53 	openvpn 	52592 	show_tls_ciphers = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	key_pass_file = '[UNDEF]'
    Oct 20 15:39:53 	openvpn 	52592 	genkey = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	show_engines = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	show_digests = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	show_ciphers = DISABLED
    Oct 20 15:39:53 	openvpn 	52592 	mode = 0
    Oct 20 15:39:53 	openvpn 	52592 	config = '/var/etc/openvpn/client1.conf'
    Oct 20 15:39:53 	openvpn 	52592 	Current Parameter Settings: 
    
    The way you describe this, it makes me think that this is a normal/expected behavior from OpenVPN.  
    If so, why doesn't the gateway monitor have a setting that can cope with it?  Something I'm missing?
    
    [/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i]
    

  • Netgate

    https://doc.pfsense.org/index.php/Why_can't_I_ping_some_OpenVPN_adapter_addresses

    Set something as the monitor IP address that will actually respond to pings.



  • Has anyone been able to get the Gateway Pinger working with Private Internet Access?

    My OpenVPN connection is working fine, the interface seems to be working but I’m having trouble getting the status on the home page to display properly




  • @guardian:

    What was confusing me was these setup instructions https://www.privateinternetaccess.com/pages/client-support/pfsense, and that the Topologiy setting shows ‘Subnet - One IP address per client in a common sub-net’ in the provided example.  What’s the difference between this setting and ‘net30 -Isolated /30 network per client’?  The topology you described looks more like the /30 than One IP address per client to me.

    A /30 subnet results in one IP per client. See her how I’ve explained the addresses of such a subnet. There is place for one client only.
    The server provides a /30 subnet for each client, already mentioned that.

    @guardian:

    When I change the setting to ‘net30 -Isolated /30 network per client’, the log looks like this.

    The setting will be ignored, since it is given by the server. Already mentioned that here: https://forum.pfsense.org/index.php?topic=138316.msg756795#msg756795

    Oct 20 15:39:56 openvpn 53417 PUSH: Received control message: ‘PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,comp-lzo no,route 10.8.10.1,topology net30,ifconfig 10.8.10.10 10.8.10.9,auth-token /9q33gukKF57s9njKLNkDUHrt6LMQ+vRHjYh2Wr++MQ=’


  • Netgate

    https://doc.pfsense.org/index.php/Why_can't_I_ping_some_OpenVPN_adapter_addresses

    Set something else as the monitor IP address.

    And we don’t need multiple threads about the same thing, please.



  • @Derelict:

    https://doc.pfsense.org/index.php/Why_can't_I_ping_some_OpenVPN_adapter_addresses

    Set something else as the monitor IP address.

    And we don’t need multiple threads about the same thing, please.

    I wanted to focus the discussion on the pinger, not OpenVPN.

    The place I’m trying to go with this is that based on what I’m learning in this thread it appears that the design of the pinger falls a bit short.

    There should be some way to have the option be able to automatically insert x.x.x.1 as the monitor address where x.x.x.y is the dynamic address assigned by the VPN.

    If I stick in some external address ( say 8.8.8.8 ) what is the likelihood of a false  (i.e reports up when down or down when up) status?


  • Netgate

    dpinger works fine. You are seeing an OpenVPN issue. You have to monitor something that will actually respond to pings.

    The gateway address is automatically inserted. There is no mechanism to “automatically” choose something else.

    You can place whatever monitor IP address in there you think is better than the gateway address.

    This has nothing to do with dpinger.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy