OpenVPN Having Trouble with VPN Gateway (Revised)
-
I am trying to set up an OpenVPN Client that is used only by a selected VLANs. Eventually I would like to have two gateways to two different geographic areas.
As can be seen from the screenshot below, the client is up and has both a private and public IP
but the gateway pinger is picking up the wrong address. Both 10.68.10.1 and 10.68.10.6 respond to a ping, but NOT 10.68.10.5 as the gateway pinger has picked up.Here are the client settings.
I can only access the gateway when Don't Pull Routes / Don't Add remove routes are unchecked. When I do this the VLANs that are supposed to access the VPN have connectivity, and all other VLANs loose connectivity. When I check the boxes, the VPN is not accessable and the VLANs that should be using the VPN go out the WAN.As can be seen below the Gateway/Monitor IP are incorrectly identified.
Traceroute shows that x.x.x.1 is the default gateway.
The assigned IP address also seems to work as well.Just in case it helps, the VPN service is Private Internet Access. I've done a lot of searching to get this far, but my setup is way more complicated than any of the examples shown. Most are everything out the VPN.
Any idea how I can get this working?
Thanks in advance for any input/comments/suggestions.
-
You have to select the VPN gateway in the firewall rule which allow the upstream traffic from the VLAN you want to go out the VPN, have you done this?
If you want the VPN gateway to be shown as Online change the monitoring IP to 10.68.10.1 in the gateway settings.
-
You have to select the VPN gateway in the firewall rule which allow the upstream traffic from the VLAN you want to go out the VPN, have you done this?
I put in a NAT rule forwarding the VLAN that I want to go out the VPN to the VPN interface. Is that what you mean? When it "pulled routes" the VPN took over everthing (which is not what was desired), and since there were not NAT rules to send these other interfaces out the VPN, traffic died (which is reasonable, since this traffic is only supposed to go out the WAN).
If you want the VPN gateway to be shown as Online change the monitoring IP to 10.68.10.1 in the gateway settings.
I can't do that because the IP address 10.68.10.6 in this example is very dynamic. It changes every time I reconnect and maybe even more frequently than that. If it pinged 10.68.10.6, that would be good as well. Is there some sort of "alias" that can be inserted? Any other ideas?
-
I put in a NAT rule forwarding the VLAN that I want to go out the VPN to the VPN interface.
Which NAT rule??
As mentioned, you have to set the gateway in the filter rule which allows the upstream traffic on the appropriate interface. That's called policy routing: https://doc.pfsense.org/index.php/What_is_policy_routingIf your client pulls routes it sets the default route to the VPN gateway. Since that isn't that what you want, you have to set the route manually per rule.
I can't do that because the IP address 10.68.10.6 in this example is very dynamic.
What is dynamic? The server? The tunnel subnet?
I presume that the tunnel subnet is the same on each connection. If so also the server IP will be the same. -
As mentioned, you have to set the gateway in the filter rule which allows the upstream traffic on the appropriate interface. That's called policy routing: https://doc.pfsense.org/index.php/What_is_policy_routing
If your client pulls routes it sets the default route to the VPN gateway. Since that isn't that what you want, you have to set the route manually per rule.
That helps… I'll do a bit more reading
What is dynamic? The server? The tunnel subnet?
I presume that the tunnel subnet is the same on each connection. If so also the server IP will be the same.You presume incorrectly… The IP address assigned to the client (including the subnet that address is in) changes every time a new connection is made.
I restarted OpenVPN 6 times and got the following virtual addresses: 10.5.10.6, 10.70.10.6, 10.28.10.10, 10.88.10.6, 10.37.10.6, 10.35.10.10 so there is no way that I can hard code a numeric value for the monitor IP. For some reason the status screen shows one less than the IP address and not the gateway.
Have I discovered a bug, or do I have a setting configured incorrectly? The Virtual Address is 10.69.10.6, but for some reason the status screen is showning 10.69.10.5, and the gateway is 10.69.10.1 as can be seen from this traceroute:
TraceRoute from Interface to 8.8.8.8
1 10.69.10.1 25.608 ms 23.898 ms 25.944 ms
2 172.98.67.1 24.059 ms 25.808 ms 28.480 ms
3 206.108.34.6 39.419 ms 38.000 ms 39.693 ms
4 108.170.250.241 42.550 ms 39.964 ms
108.170.250.225 38.235 ms
5 108.170.227.35 39.500 ms
108.170.236.11 41.499 ms
108.170.227.31 39.017 ms
6 8.8.8.8 37.436 ms 43.433 ms 46.766 msA ping of the Virtual IP works:
PING 10.69.10.6 (10.69.10.6): 56 data bytes
64 bytes from 10.69.10.6: icmp_seq=0 ttl=64 time=0.178 ms
64 bytes from 10.69.10.6: icmp_seq=1 ttl=64 time=0.062 ms
64 bytes from 10.69.10.6: icmp_seq=2 ttl=64 time=0.053 ms–- 10.69.10.6 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.053/0.098/0.178/0.057 msbut not to the address used by the system
PING 10.69.10.5 (10.69.10.5): 56 data bytes
–- 10.69.10.5 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet lossI've included a detailed debug log of the initialization sequence right from the time I activated OpenVPN to the receipt of the Initialization Sequence Completed message in hope that it gives one of the gurus here some useful insight.
Oct 18 15:49:54 openvpn 38153 Initialization Sequence Completed Oct 18 15:49:54 openvpn 38153 /usr/local/sbin/ovpn-linkup ovpnc1 1500 1570 10.69.10.6 10.69.10.5 init Oct 18 15:49:54 openvpn 38153 /sbin/ifconfig ovpnc1 10.69.10.6 10.69.10.5 mtu 1500 netmask 255.255.255.255 up Oct 18 15:49:54 openvpn 38153 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Oct 18 15:49:54 openvpn 38153 TUN/TAP device /dev/tun1 opened Oct 18 15:49:54 openvpn 38153 TUN/TAP device ovpnc1 exists previously, keep at program end Oct 18 15:49:54 openvpn 38153 OPTIONS IMPORT: --ifconfig/up options modified Oct 18 15:49:54 openvpn 38153 OPTIONS IMPORT: LZO parms modified Oct 18 15:49:54 openvpn 38153 OPTIONS IMPORT: timers and/or timeouts modified Oct 18 15:49:54 openvpn 38153 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Oct 18 15:49:54 openvpn 38153 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Oct 18 15:49:54 openvpn 38153 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Oct 18 15:49:54 openvpn 38153 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) Oct 18 15:49:54 openvpn 38153 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,comp-lzo no,route 10.69.10.1,topology net30,ifconfig 10.69.10.6 10.69.10.5,auth-token cWH8XGbkmA2cWXnJyKr8NSALW56rxCiyjYXcyOLZ5ok=' Oct 18 15:49:54 openvpn 38153 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:54 openvpn 38153 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:54 openvpn 38153 TLS: tls_process: timeout set to 57 Oct 18 15:49:54 openvpn 38153 ACK reliable_send_timeout 604800 [5] Oct 18 15:49:54 openvpn 38153 Dedicated ACK -> TCP/UDP Oct 18 15:49:54 openvpn 38153 ACK write ID 7 (ack->len=1, n=1) Oct 18 15:49:54 openvpn 38153 ACK reliable_can_send active=0 current=0 : [5] Oct 18 15:49:54 openvpn 38153 TLS: tls_process: chg=1 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:54 openvpn 38153 TLS -> Incoming Plaintext Oct 18 15:49:54 openvpn 38153 BIO read tls_read_plaintext 234 bytes Oct 18 15:49:54 openvpn 38153 Incoming Ciphertext -> TLS Oct 18 15:49:54 openvpn 38153 BIO write tls_write_ciphertext 263 bytes Oct 18 15:49:54 openvpn 38153 ACK reliable_can_send active=0 current=0 : [5] Oct 18 15:49:54 openvpn 38153 TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:54 openvpn 38153 TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:54 openvpn 38153 ACK acknowledge ID 7 (ack->len=1) Oct 18 15:49:54 openvpn 38153 ACK mark active incoming ID 7 Oct 18 15:49:54 openvpn 38153 ACK RWBS rel->size=8 rel->packet_id=00000007 id=00000007 ret=1 Oct 18 15:49:54 openvpn 38153 ACK read ID 7 (buf->len=263) Oct 18 15:49:54 openvpn 38153 TLS: received control channel packet s#=0 sid=7d4069b3 5a57047b Oct 18 15:49:54 openvpn 38153 TLS: found match, session[0], sid=7d4069b3 5a57047b Oct 18 15:49:54 openvpn 38153 TLS: initial packet test, i=0 state=S_ACTIVE, mysid=c8eeca5d ed9e29ea, rec-sid=7d4069b3 5a57047b, rec-ip=[AF_INET]172.98.67.60:1197, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:54 openvpn 38153 TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]172.98.67.60:1197 Oct 18 15:49:54 openvpn 38153 UDPv4 READ [277] from [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=7d4069b3 5a57047b [ ] pid=7 DATA 17030301 024159f6 35ebe945 3ba9a856 aa2f7683 bc36e47f 3efdda06 a6378d5[more...] Oct 18 15:49:54 openvpn 38153 UDPv4 read returned 277 Oct 18 15:49:54 openvpn 38153 I/O WAIT status=0x0001 Oct 18 15:49:54 openvpn 38153 event_wait returned 1 Oct 18 15:49:54 openvpn 38153 PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x00694de0 Oct 18 15:49:54 openvpn 38153 I/O WAIT T?|T?|SR|Sw [5/250338] Oct 18 15:49:54 openvpn 38153 PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Oct 18 15:49:54 openvpn 38153 PO_CTL rwflags=0x0001 ev=6 arg=0x00694de0 Oct 18 15:49:54 openvpn 38153 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:54 openvpn 38153 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:54 openvpn 38153 TLS: tls_process: timeout set to 57 Oct 18 15:49:54 openvpn 38153 ACK reliable_send_timeout 604800 [5] Oct 18 15:49:54 openvpn 38153 ACK reliable_can_send active=0 current=0 : [5] Oct 18 15:49:54 openvpn 38153 TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:54 openvpn 38153 TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:54 openvpn 38153 ACK received for pid 4, deleting from send buffer Oct 18 15:49:54 openvpn 38153 TLS: received control channel packet s#=0 sid=7d4069b3 5a57047b Oct 18 15:49:54 openvpn 38153 TLS: found match, session[0], sid=7d4069b3 5a57047b Oct 18 15:49:54 openvpn 38153 TLS: initial packet test, i=0 state=S_ACTIVE, mysid=c8eeca5d ed9e29ea, rec-sid=7d4069b3 5a57047b, rec-ip=[AF_INET]172.98.67.60:1197, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:54 openvpn 38153 TLS: control channel, op=P_ACK_V1, IP=[AF_INET]172.98.67.60:1197 Oct 18 15:49:54 openvpn 38153 UDPv4 READ [22] from [AF_INET]172.98.67.60:1197: P_ACK_V1 kid=0 sid=7d4069b3 5a57047b [ 4 sid=c8eeca5d ed9e29ea ] Oct 18 15:49:54 openvpn 38153 UDPv4 read returned 22 Oct 18 15:49:54 openvpn 38153 I/O WAIT status=0x0001 Oct 18 15:49:54 openvpn 38153 event_wait returned 1 Oct 18 15:49:54 openvpn 38153 PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x00694de0 Oct 18 15:49:54 openvpn 38153 I/O WAIT T?|T?|SR|Sw [2/250338] Oct 18 15:49:54 openvpn 38153 PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Oct 18 15:49:54 openvpn 38153 PO_CTL rwflags=0x0001 ev=6 arg=0x00694de0 Oct 18 15:49:54 openvpn 38153 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:54 openvpn 38153 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:54 openvpn 38153 TLS: tls_process: timeout set to 2 Oct 18 15:49:54 openvpn 38153 ACK reliable_send_timeout 2 [5] 4 Oct 18 15:49:54 openvpn 38153 ACK reliable_can_send active=1 current=0 : [5] 4 Oct 18 15:49:54 openvpn 38153 TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:54 openvpn 38153 TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:54 openvpn 38153 TIMER: coarse timer wakeup 5 seconds Oct 18 15:49:54 openvpn 38153 UDPv4 write returned 56 Oct 18 15:49:54 openvpn 38153 UDPv4 WRITE [56] to [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=c8eeca5d ed9e29ea [ ] pid=4 DATA 17030300 258b0a3f a48f769f b7a4ab31 c05ae693 855f388f b1433f83 41d7ac8[more...] Oct 18 15:49:54 openvpn 38153 I/O WAIT status=0x0002 Oct 18 15:49:54 openvpn 38153 event_wait returned 1 Oct 18 15:49:54 openvpn 38153 PO_WAIT[0,0] fd=6 rev=0x00000004 rwflags=0x0002 arg=0x00694de0 Oct 18 15:49:54 openvpn 38153 I/O WAIT T?|T?|SR|SW [0/0] Oct 18 15:49:54 openvpn 38153 PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Oct 18 15:49:54 openvpn 38153 PO_CTL rwflags=0x0003 ev=6 arg=0x00694de0 Oct 18 15:49:54 openvpn 38153 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:54 openvpn 38153 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:54 openvpn 38153 TLS: tls_process: timeout set to 2 Oct 18 15:49:54 openvpn 38153 ACK reliable_send_timeout 2 [5] 4 Oct 18 15:49:54 openvpn 38153 Reliable -> TCP/UDP Oct 18 15:49:54 openvpn 38153 ACK reliable_send ID 4 (size=46 to=2) Oct 18 15:49:54 openvpn 38153 ACK reliable_can_send active=1 current=1 : [5] 4 Oct 18 15:49:54 openvpn 38153 TLS: tls_process: chg=1 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:54 openvpn 38153 Outgoing Ciphertext -> Reliable Oct 18 15:49:54 openvpn 38153 ACK mark active outgoing ID 4 Oct 18 15:49:54 openvpn 38153 BIO read tls_read_ciphertext 42 bytes Oct 18 15:49:54 openvpn 38153 ACK reliable_can_send active=0 current=0 : [4] Oct 18 15:49:54 openvpn 38153 TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:54 openvpn 38153 TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:54 openvpn 38153 TIMER: coarse timer wakeup 0 seconds Oct 18 15:49:54 openvpn 38153 SENT CONTROL [283a3b2f28a7261f7a8a7779f08355e6]: 'PUSH_REQUEST' (status=1) Oct 18 15:49:54 openvpn 38153 BIO write tls_write_plaintext_const 13 bytes Oct 18 15:49:54 openvpn 38153 I/O WAIT status=0x0020 Oct 18 15:49:54 openvpn 38153 event_wait returned 0 Oct 18 15:49:52 openvpn 38153 I/O WAIT T?|T?|SR|Sw [1/250338] Oct 18 15:49:52 openvpn 38153 PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Oct 18 15:49:52 openvpn 38153 PO_CTL rwflags=0x0001 ev=6 arg=0x00694de0 Oct 18 15:49:52 openvpn 38153 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:52 openvpn 38153 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:52 openvpn 38153 TLS: tls_process: timeout set to 59 Oct 18 15:49:52 openvpn 38153 ACK reliable_send_timeout 604800 [4] Oct 18 15:49:52 openvpn 38153 ACK reliable_can_send active=0 current=0 : [4] Oct 18 15:49:52 openvpn 38153 TLS: tls_process: chg=0 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:52 openvpn 38153 TLS: tls_multi_process: i=0 state=S_ACTIVE, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:52 openvpn 38153 TIMER: coarse timer wakeup 1 seconds Oct 18 15:49:52 openvpn 38153 I/O WAIT status=0x0020 Oct 18 15:49:52 openvpn 38153 event_wait returned 0 Oct 18 15:49:51 openvpn 38153 I/O WAIT T?|T?|SR|Sw [1/250338] Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0001 ev=6 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: timeout set to 60 Oct 18 15:49:51 openvpn 38153 ACK reliable_send_timeout 604800 [4] Oct 18 15:49:51 openvpn 38153 ACK reliable_can_send active=0 current=0 : [4] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: chg=1 ks=S_ACTIVE lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:51 openvpn 38153 ACK reliable_can_send active=0 current=0 : [4] Oct 18 15:49:51 openvpn 38153 [283a3b2f28a7261f7a8a7779f08355e6] Peer Connection Initiated with [AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Oct 18 15:49:51 openvpn 38153 STATE S_ACTIVE Oct 18 15:49:51 openvpn 38153 TLS: tls_process: chg=0 ks=S_GOT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=0 state=S_GOT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 UDPv4 write returned 22 Oct 18 15:49:51 openvpn 38153 UDPv4 WRITE [22] to [AF_INET]172.98.67.60:1197: P_ACK_V1 kid=0 sid=c8eeca5d ed9e29ea [ 6 sid=7d4069b3 5a57047b ] Oct 18 15:49:51 openvpn 38153 I/O WAIT status=0x0002 Oct 18 15:49:51 openvpn 38153 event_wait returned 1 Oct 18 15:49:51 openvpn 38153 PO_WAIT[0,0] fd=6 rev=0x00000004 rwflags=0x0002 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 I/O WAIT T?|T?|SR|SW [1/250338] Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0003 ev=6 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: timeout set to 60 Oct 18 15:49:51 openvpn 38153 ACK reliable_send_timeout 604800 [4] Oct 18 15:49:51 openvpn 38153 Dedicated ACK -> TCP/UDP Oct 18 15:49:51 openvpn 38153 ACK write ID 6 (ack->len=1, n=1) Oct 18 15:49:51 openvpn 38153 ACK reliable_can_send active=0 current=0 : [4] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: chg=1 ks=S_GOT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:51 openvpn 38153 STATE S_GOT_KEY Oct 18 15:49:51 openvpn 38153 Data Channel Decrypt: HMAC size=32 block_size=32 Oct 18 15:49:51 openvpn 38153 Data Channel Decrypt: HMAC KEY: 339efa5c a8af76c5 34268e69 d9002d1a 28a8cf6e 123258eb f50c2058 a1796c62 Oct 18 15:49:51 openvpn 38153 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Oct 18 15:49:51 openvpn 38153 Data Channel Decrypt: CIPHER block_size=16 iv_size=16 Oct 18 15:49:51 openvpn 38153 Data Channel Decrypt: CIPHER KEY: 2af85feb 40b53e9e 3dc57b46 53b14aa3 a5270dc6 cbc1dda0 23e11116 6c2bc043 Oct 18 15:49:51 openvpn 38153 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Oct 18 15:49:51 openvpn 38153 Data Channel Encrypt: HMAC size=32 block_size=32 Oct 18 15:49:51 openvpn 38153 Data Channel Encrypt: HMAC KEY: 9b14f435 3bf4d1f8 7d97596b 959a0905 6667b78b cfd76136 808544bd 05a8d37b Oct 18 15:49:51 openvpn 38153 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Oct 18 15:49:51 openvpn 38153 Data Channel Encrypt: CIPHER block_size=16 iv_size=16 Oct 18 15:49:51 openvpn 38153 Data Channel Encrypt: CIPHER KEY: c55505d6 63a085b5 a5440b35 b7383de8 663617f3 020b4e0e b6d94f9e 145954c2 Oct 18 15:49:51 openvpn 38153 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Oct 18 15:49:51 openvpn 38153 CRYPTO INFO: n_DES_cblocks=0 Oct 18 15:49:51 openvpn 38153 CRYPTO INFO: n_DES_cblocks=0 Oct 18 15:49:51 openvpn 38153 CRYPTO INFO: n_DES_cblocks=0 Oct 18 15:49:51 openvpn 38153 CRYPTO INFO: n_DES_cblocks=0 Oct 18 15:49:51 openvpn 38153 Master Decrypt (hmac): 339efa5c a8af76c5 34268e69 d9002d1a 28a8cf6e 123258eb f50c2058 a1796c62 Oct 18 15:49:51 openvpn 38153 Master Decrypt (cipher): 2af85feb 40b53e9e 3dc57b46 53b14aa3 a5270dc6 cbc1dda0 23e11116 6c2bc043 Oct 18 15:49:51 openvpn 38153 Master Encrypt (hmac): 9b14f435 3bf4d1f8 7d97596b 959a0905 6667b78b cfd76136 808544bd 05a8d37b Oct 18 15:49:51 openvpn 38153 Master Encrypt (cipher): c55505d6 63a085b5 a5440b35 b7383de8 663617f3 020b4e0e b6d94f9e 145954c2 Oct 18 15:49:51 openvpn 38153 tls1_PRF out[256]: c55505d6 63a085b5 a5440b35 b7383de8 663617f3 020b4e0e b6d94f9e 145954c2 8bd678ea 562e4a31 2e5df375 ff4cb65e 99b17d48 83fe2edf d5104b57 c96235f8 9b14f435 3bf4d1f8 7d97596b 959a0905 6667b78b cfd76136 808544bd 05a8d37b 86ee372a 192a0077 5ccbf2a1 ac0dd52f 39236c3e 6e2611b7 c09ce403 88bf52cb 2af85feb 40b53e9e 3dc57b46 53b14aa3 a5270dc6 cbc1dda0 23e11116 6c2bc043 5139db64 0d58c92b c732c4e5 de2528dc bea70688 d425af0a e92a96ff 8ddeb3d9 339efa5c a8af76c5 34268e69 d9002d1a 28a8cf6e 123258eb f50c2058 a1796c62 e7ce660c 90dec80e 16192cfa 98e55545 b0279c27 9e8ac78c ae5767f9 4ea73d08 Oct 18 15:49:51 openvpn 38153 tls1_P_hash out: b2a716b0 56d0f2cd a316c415 73396a5e b11e58a0 b6c596e1 f8e0f425 3ed61e72 eb99544b 794aa471 af662862 a9c9bcb8 a99793d2 841ddb86 853f9a50 a58ccb05 b9221ee8 c1a1ab48 d3460710 4b7923e1 4e00fd07 891c61b8 cb776839 9ff1f8cc b37d9415 789312bc 924e7bed cfabfb79 23fdfbbb 1622e5c8 5bd98538 f7053751 6ae7cab4 748e86ed dcf52ba3 1b94a686 b07120fc 44b8be02 04ce55d4 b58c824d ce9e2bf0 56687ca9 34219646 11d36137 b1c8cdd0 432f5738 726ae7d0 43597529 491ad25d 359da111 5558a8a1 713487c3 fb6c5d71 1ed02538 258fc4c3 9bdf4bd5 4b5dfa18 b6ad7a07 43255c6e 65377589 8979c3d6 c29dc4a2 ebc6b934 35efdd81 Oct 18 15:49:51 openvpn 38153 tls1_P_hash seed: 4f70656e 56504e20 6b657920 65787061 6e73696f 6ed46e11 2025705c 0ffbdf64 29a6d714 31192043 b8b6c35e 12b1139e 6023319d f215a74a 12cdd246 e11fab89 040c9ae5 5152152a 66a919f0 7c331233 1eb82328 2ac8eeca 5ded9e29 ea7d4069 b35a5704 7b Oct 18 15:49:51 openvpn 38153 tls1_P_hash sec: 8f7aa7fe dcb1f89b cf63fad8 12184d0c 8f467c56 a1849538 Oct 18 15:49:51 openvpn 38153 tls1_P_hash out: 77f21366 35707778 0652cf20 c40157b6 d7284f53 b4ced8ef 4e39bbbb 2a8f4ab0 604f2ca1 2f64ee40 813bdb17 56850ae6 3026ee9a 07e3f559 502fd107 6ceefefd 2236eadd fa557ab0 aed15e7b dee32ae4 28674a8c 46cb008e 4bf22c84 9a592bb7 3593a33f 61b912cb ce85894c 63a62e56 1ade9785 7804f47f 9b45613b 7fba659a 401f955f 343bb873 e13050e5 4825ec25 15562d3a 8f7963a2 272f44c2 d9a7420e 9fa7f094 5b30b582 f31352a3 cff649eb 0f6fcb58 970af832 9b40712f ce87c6f0 7a842801 9d32d7d4 617e26c8 a834aad9 d3c4921f 0ce27dd3 d083e49b 3aa627b7 ac939c14 2673b209 553c7094 fdd220cc 395e5ff1 5c17032e 4591decd 7b48e089 Oct 18 15:49:51 openvpn 38153 tls1_P_hash seed: 4f70656e 56504e20 6b657920 65787061 6e73696f 6ed46e11 2025705c 0ffbdf64 29a6d714 31192043 b8b6c35e 12b1139e 6023319d f215a74a 12cdd246 e11fab89 040c9ae5 5152152a 66a919f0 7c331233 1eb82328 2ac8eeca 5ded9e29 ea7d4069 b35a5704 7b Oct 18 15:49:51 openvpn 38153 tls1_P_hash sec: 4cfbbd53 c232a031 3d91b9a1 7e64d68c 909d2682 8d5a2cd6 Oct 18 15:49:51 openvpn 38153 tls1_PRF out[48]: 4cfbbd53 c232a031 3d91b9a1 7e64d68c 909d2682 8d5a2cd6 8f7aa7fe dcb1f89b cf63fad8 12184d0c 8f467c56 a1849538 Oct 18 15:49:51 openvpn 38153 tls1_P_hash out: 2baff967 e40455bb a9c05673 6ae8f924 b25ae69d f255e00d 07f25a76 b926474b ec5ca79f 234870a9 23d0ded2 ceaba547 Oct 18 15:49:51 openvpn 38153 tls1_P_hash seed: 4f70656e 56504e20 6d617374 65722073 65637265 74c8c66a fcc5148a ab322440 93bda70c 2b49261f ac1b56d9 f6294026 0cee415a 00c71fe8 1ead6a34 73e6033f dabd10b5 fd0e170f 2d2af846 0c4d2327 354ecf8e 9d Oct 18 15:49:51 openvpn 38153 tls1_P_hash sec: f461e6a0 19ec6cc2 41fa3c53 df469843 78c87aa9 b5d9fda0 Oct 18 15:49:51 openvpn 38153 tls1_P_hash out: 67544434 2636f58a 9451efd2 148c2fa8 22c7c01f 7f0fccdb 8888fd88 6597bfd0 233f5d47 31503da5 ac96a284 6f2f307f Oct 18 15:49:51 openvpn 38153 tls1_P_hash seed: 4f70656e 56504e20 6d617374 65722073 65637265 74c8c66a fcc5148a ab322440 93bda70c 2b49261f ac1b56d9 f6294026 0cee415a 00c71fe8 1ead6a34 73e6033f dabd10b5 fd0e170f 2d2af846 0c4d2327 354ecf8e 9d Oct 18 15:49:51 openvpn 38153 tls1_P_hash sec: 7a758abd b2685c21 b64f949f 9ddfdc75 05619d79 4b17aa31 Oct 18 15:49:51 openvpn 38153 Server random2: 15a74a12 cdd246e1 1fab8904 0c9ae551 52152a66 a919f07c 3312331e b823282a Oct 18 15:49:51 openvpn 38153 Server random1: c71fe81e ad6a3473 e6033fda bd10b5fd 0e170f2d 2af8460c 4d232735 4ecf8e9d Oct 18 15:49:51 openvpn 38153 Server pre_master: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 Oct 18 15:49:51 openvpn 38153 Client random2: d46e1120 25705c0f fbdf6429 a6d71431 192043b8 b6c35e12 b1139e60 23319df2 Oct 18 15:49:51 openvpn 38153 Client random1: c8c66afc c5148aab 32244093 bda70c2b 49261fac 1b56d9f6 2940260c ee415a00 Oct 18 15:49:51 openvpn 38153 Client pre_master: 7a758abd b2685c21 b64f949f 9ddfdc75 05619d79 4b17aa31 f461e6a0 19ec6cc2 41fa3c53 df469843 78c87aa9 b5d9fda0 Oct 18 15:49:51 openvpn 38153 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128' Oct 18 15:49:51 openvpn 38153 WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1' Oct 18 15:49:51 openvpn 38153 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC' Oct 18 15:49:51 openvpn 38153 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1542' Oct 18 15:49:51 openvpn 38153 TLS -> Incoming Plaintext Oct 18 15:49:51 openvpn 38153 BIO read tls_read_plaintext 201 bytes Oct 18 15:49:51 openvpn 38153 Incoming Ciphertext -> TLS Oct 18 15:49:51 openvpn 38153 BIO write tls_write_ciphertext 230 bytes Oct 18 15:49:51 openvpn 38153 ACK reliable_can_send active=0 current=0 : [4] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 ACK acknowledge ID 6 (ack->len=1) Oct 18 15:49:51 openvpn 38153 ACK mark active incoming ID 6 Oct 18 15:49:51 openvpn 38153 ACK RWBS rel->size=8 rel->packet_id=00000006 id=00000006 ret=1 Oct 18 15:49:51 openvpn 38153 ACK read ID 6 (buf->len=230) Oct 18 15:49:51 openvpn 38153 ACK received for pid 3, deleting from send buffer Oct 18 15:49:51 openvpn 38153 TLS: received control channel packet s#=0 sid=7d4069b3 5a57047b Oct 18 15:49:51 openvpn 38153 TLS: found match, session[0], sid=7d4069b3 5a57047b Oct 18 15:49:51 openvpn 38153 TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, rec-sid=7d4069b3 5a57047b, rec-ip=[AF_INET]172.98.67.60:1197, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 UDPv4 READ [256] from [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=7d4069b3 5a57047b [ 3 sid=c8eeca5d ed9e29ea ] pid=6 DATA 17030300 e14159f6 35ebe945 3a1b3a79 a0a42ae2 01f3e29b e9aac1b5 f305aee[more...] Oct 18 15:49:51 openvpn 38153 UDPv4 read returned 256 Oct 18 15:49:51 openvpn 38153 I/O WAIT status=0x0001 Oct 18 15:49:51 openvpn 38153 event_wait returned 1 Oct 18 15:49:51 openvpn 38153 PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 I/O WAIT T?|T?|SR|Sw [1/250338] Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0001 ev=6 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: timeout set to 2 Oct 18 15:49:51 openvpn 38153 ACK reliable_send_timeout 2 [4] 3 Oct 18 15:49:51 openvpn 38153 ACK reliable_can_send active=1 current=0 : [4] 3 Oct 18 15:49:51 openvpn 38153 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 UDPv4 write returned 373 Oct 18 15:49:51 openvpn 38153 UDPv4 WRITE [373] to [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=c8eeca5d ed9e29ea [ 5 sid=7d4069b3 5a57047b ] pid=3 DATA 17030301 568b0a3f a48f769f b6e1d86f e8f48496 1299677a 2d53e178 fdb89fc[more...] Oct 18 15:49:51 openvpn 38153 I/O WAIT status=0x0002 Oct 18 15:49:51 openvpn 38153 event_wait returned 1 Oct 18 15:49:51 openvpn 38153 PO_WAIT[0,0] fd=6 rev=0x00000004 rwflags=0x0002 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 I/O WAIT T?|T?|SR|SW [1/250338] Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0003 ev=6 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: timeout set to 2 Oct 18 15:49:51 openvpn 38153 ACK reliable_send_timeout 2 [4] 3 Oct 18 15:49:51 openvpn 38153 Reliable -> TCP/UDP Oct 18 15:49:51 openvpn 38153 ACK write ID 5 (ack->len=1, n=1) Oct 18 15:49:51 openvpn 38153 ACK reliable_send ID 3 (size=351 to=2) Oct 18 15:49:51 openvpn 38153 ACK reliable_can_send active=1 current=1 : [4] 3 Oct 18 15:49:51 openvpn 38153 TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:51 openvpn 38153 Outgoing Ciphertext -> Reliable Oct 18 15:49:51 openvpn 38153 ACK mark active outgoing ID 3 Oct 18 15:49:51 openvpn 38153 BIO read tls_read_ciphertext 347 bytes Oct 18 15:49:51 openvpn 38153 Outgoing Plaintext -> TLS Oct 18 15:49:51 openvpn 38153 BIO write tls_write_plaintext 318 bytes Oct 18 15:49:51 openvpn 38153 SSL state (connect): SSLv3 read finished A Oct 18 15:49:51 openvpn 38153 Incoming Ciphertext -> TLS Oct 18 15:49:51 openvpn 38153 BIO write tls_write_ciphertext 51 bytes Oct 18 15:49:51 openvpn 38153 ACK reliable_can_send active=0 current=0 : [3] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 ACK acknowledge ID 5 (ack->len=1) Oct 18 15:49:51 openvpn 38153 ACK mark active incoming ID 5 Oct 18 15:49:51 openvpn 38153 ACK RWBS rel->size=8 rel->packet_id=00000005 id=00000005 ret=1 Oct 18 15:49:51 openvpn 38153 ACK read ID 5 (buf->len=51) Oct 18 15:49:51 openvpn 38153 ACK received for pid 2, deleting from send buffer Oct 18 15:49:51 openvpn 38153 TLS: received control channel packet s#=0 sid=7d4069b3 5a57047b Oct 18 15:49:51 openvpn 38153 TLS: found match, session[0], sid=7d4069b3 5a57047b Oct 18 15:49:51 openvpn 38153 TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, rec-sid=7d4069b3 5a57047b, rec-ip=[AF_INET]172.98.67.60:1197, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 UDPv4 READ [77] from [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=7d4069b3 5a57047b [ 2 sid=c8eeca5d ed9e29ea ] pid=5 DATA 14030300 01011603 03002841 59f635eb e945394c 9e0c788d 6791a9fe 50c6704[more...] Oct 18 15:49:51 openvpn 38153 UDPv4 read returned 77 Oct 18 15:49:51 openvpn 38153 I/O WAIT status=0x0001 Oct 18 15:49:51 openvpn 38153 event_wait returned 1 Oct 18 15:49:51 openvpn 38153 PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 I/O WAIT T?|T?|SR|Sw [1/250338] Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0001 ev=6 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: timeout set to 2 Oct 18 15:49:51 openvpn 38153 ACK reliable_send_timeout 2 [3] 2 Oct 18 15:49:51 openvpn 38153 ACK reliable_can_send active=1 current=0 : [3] 2 Oct 18 15:49:51 openvpn 38153 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 UDPv4 write returned 600 Oct 18 15:49:51 openvpn 38153 UDPv4 WRITE [600] to [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=c8eeca5d ed9e29ea [ 4 sid=7d4069b3 5a57047b ] pid=2 DATA 16030302 06100002 02020085 b8a3d197 b3637e85 8f8d7cde 8a4bf8eb 07e03bb[more...] Oct 18 15:49:51 openvpn 38153 I/O WAIT status=0x0002 Oct 18 15:49:51 openvpn 38153 event_wait returned 1 Oct 18 15:49:51 openvpn 38153 PO_WAIT[0,0] fd=6 rev=0x00000004 rwflags=0x0002 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 I/O WAIT T?|T?|SR|SW [1/250338] Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0003 ev=6 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: timeout set to 2 Oct 18 15:49:51 openvpn 38153 ACK reliable_send_timeout 2 [3] 2 Oct 18 15:49:51 openvpn 38153 Reliable -> TCP/UDP Oct 18 15:49:51 openvpn 38153 ACK write ID 4 (ack->len=1, n=1) Oct 18 15:49:51 openvpn 38153 ACK reliable_send ID 2 (size=578 to=2) Oct 18 15:49:51 openvpn 38153 ACK reliable_can_send active=1 current=1 : [3] 2 Oct 18 15:49:51 openvpn 38153 TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:51 openvpn 38153 Outgoing Ciphertext -> Reliable Oct 18 15:49:51 openvpn 38153 ACK mark active outgoing ID 2 Oct 18 15:49:51 openvpn 38153 BIO read tls_read_ciphertext 574 bytes Oct 18 15:49:51 openvpn 38153 SSL state (connect): SSLv3 flush data Oct 18 15:49:51 openvpn 38153 SSL state (connect): SSLv3 write finished A Oct 18 15:49:51 openvpn 38153 SSL state (connect): SSLv3 write change cipher spec A Oct 18 15:49:51 openvpn 38153 SSL state (connect): SSLv3 write client key exchange A Oct 18 15:49:51 openvpn 38153 SSL state (connect): SSLv3 read server done A Oct 18 15:49:51 openvpn 38153 SSL state (connect): SSLv3 read server key exchange A Oct 18 15:49:51 openvpn 38153 Incoming Ciphertext -> TLS Oct 18 15:49:51 openvpn 38153 BIO write tls_write_ciphertext 110 bytes Oct 18 15:49:51 openvpn 38153 ACK reliable_can_send active=0 current=0 : [2] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 ACK acknowledge ID 4 (ack->len=1) Oct 18 15:49:51 openvpn 38153 ACK mark active incoming ID 4 Oct 18 15:49:51 openvpn 38153 ACK RWBS rel->size=8 rel->packet_id=00000004 id=00000004 ret=1 Oct 18 15:49:51 openvpn 38153 ACK read ID 4 (buf->len=110) Oct 18 15:49:51 openvpn 38153 TLS: received control channel packet s#=0 sid=7d4069b3 5a57047b Oct 18 15:49:51 openvpn 38153 TLS: found match, session[0], sid=7d4069b3 5a57047b Oct 18 15:49:51 openvpn 38153 TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, rec-sid=7d4069b3 5a57047b, rec-ip=[AF_INET]172.98.67.60:1197, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 UDPv4 READ [124] from [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=7d4069b3 5a57047b [ ] pid=4 DATA 18cdeb07 b9313e68 b43a99a7 bc25a577 40d214c3 475182fa 74e86788 b95dff2[more...] Oct 18 15:49:51 openvpn 38153 UDPv4 read returned 124 Oct 18 15:49:51 openvpn 38153 I/O WAIT status=0x0001 Oct 18 15:49:51 openvpn 38153 event_wait returned 1 Oct 18 15:49:51 openvpn 38153 PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 I/O WAIT T?|T?|SR|Sw [1/250338] Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0001 ev=6 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: timeout set to 60 Oct 18 15:49:51 openvpn 38153 ACK reliable_send_timeout 604800 [2] Oct 18 15:49:51 openvpn 38153 ACK reliable_can_send active=0 current=0 : [2] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 UDPv4 write returned 22 Oct 18 15:49:51 openvpn 38153 UDPv4 WRITE [22] to [AF_INET]172.98.67.60:1197: P_ACK_V1 kid=0 sid=c8eeca5d ed9e29ea [ 3 sid=7d4069b3 5a57047b ] Oct 18 15:49:51 openvpn 38153 I/O WAIT status=0x0003 Oct 18 15:49:51 openvpn 38153 event_wait returned 1 Oct 18 15:49:51 openvpn 38153 PO_WAIT[0,0] fd=6 rev=0x00000005 rwflags=0x0003 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 I/O WAIT T?|T?|SR|SW [1/250338] Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0003 ev=6 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: timeout set to 60 Oct 18 15:49:51 openvpn 38153 ACK reliable_send_timeout 604800 [2] Oct 18 15:49:51 openvpn 38153 Dedicated ACK -> TCP/UDP Oct 18 15:49:51 openvpn 38153 ACK write ID 3 (ack->len=1, n=1) Oct 18 15:49:51 openvpn 38153 ACK reliable_can_send active=0 current=0 : [2] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:51 openvpn 38153 Incoming Ciphertext -> TLS Oct 18 15:49:51 openvpn 38153 BIO write tls_write_ciphertext 1174 bytes Oct 18 15:49:51 openvpn 38153 ACK reliable_can_send active=0 current=0 : [2] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 ACK acknowledge ID 3 (ack->len=1) Oct 18 15:49:51 openvpn 38153 ACK mark active incoming ID 3 Oct 18 15:49:51 openvpn 38153 ACK RWBS rel->size=8 rel->packet_id=00000003 id=00000003 ret=1 Oct 18 15:49:51 openvpn 38153 ACK read ID 3 (buf->len=1174) Oct 18 15:49:51 openvpn 38153 TLS: received control channel packet s#=0 sid=7d4069b3 5a57047b Oct 18 15:49:51 openvpn 38153 TLS: found match, session[0], sid=7d4069b3 5a57047b Oct 18 15:49:51 openvpn 38153 TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, rec-sid=7d4069b3 5a57047b, rec-ip=[AF_INET]172.98.67.60:1197, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 UDPv4 READ [1188] from [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=7d4069b3 5a57047b [ ] pid=3 DATA ec9a3dcb 3588bc65 960374de cdeab7e2 ca46f378 fd7a4ff4 eead5755 f53fa6f[more...] Oct 18 15:49:51 openvpn 38153 UDPv4 read returned 1188 Oct 18 15:49:51 openvpn 38153 I/O WAIT status=0x0001 Oct 18 15:49:51 openvpn 38153 event_wait returned 1 Oct 18 15:49:51 openvpn 38153 PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 I/O WAIT T?|T?|SR|Sw [1/250338] Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0001 ev=6 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: timeout set to 60 Oct 18 15:49:51 openvpn 38153 ACK reliable_send_timeout 604800 [2] Oct 18 15:49:51 openvpn 38153 ACK reliable_can_send active=0 current=0 : [2] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 UDPv4 write returned 22 Oct 18 15:49:51 openvpn 38153 UDPv4 WRITE [22] to [AF_INET]172.98.67.60:1197: P_ACK_V1 kid=0 sid=c8eeca5d ed9e29ea [ 2 sid=7d4069b3 5a57047b ] Oct 18 15:49:51 openvpn 38153 I/O WAIT status=0x0003 Oct 18 15:49:51 openvpn 38153 event_wait returned 1 Oct 18 15:49:51 openvpn 38153 PO_WAIT[0,0] fd=6 rev=0x00000005 rwflags=0x0003 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 I/O WAIT T?|T?|SR|SW [1/250338] Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0003 ev=6 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: timeout set to 60 Oct 18 15:49:51 openvpn 38153 ACK reliable_send_timeout 604800 [2] Oct 18 15:49:51 openvpn 38153 Dedicated ACK -> TCP/UDP Oct 18 15:49:51 openvpn 38153 ACK write ID 2 (ack->len=1, n=1) Oct 18 15:49:51 openvpn 38153 ACK reliable_can_send active=0 current=0 : [2] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:51 openvpn 38153 SSL state (connect): SSLv3 read server certificate A Oct 18 15:49:51 openvpn 38153 VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=283a3b2f28a7261f7a8a7779f08355e6, name=283a3b2f28a7261f7a8a7779f08355e6 Oct 18 15:49:51 openvpn 38153 VERIFY EKU OK Oct 18 15:49:51 openvpn 38153 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Oct 18 15:49:51 openvpn 38153 Validating certificate extended key usage Oct 18 15:49:51 openvpn 38153 VERIFY KU OK Oct 18 15:49:51 openvpn 38153 ++ Certificate has key usage 00a0, expects 00a0 Oct 18 15:49:51 openvpn 38153 Validating certificate key usage Oct 18 15:49:51 openvpn 38153 VERIFY OK: depth=1, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com Oct 18 15:49:51 openvpn 38153 Incoming Ciphertext -> TLS Oct 18 15:49:51 openvpn 38153 BIO write tls_write_ciphertext 1174 bytes Oct 18 15:49:51 openvpn 38153 ACK reliable_can_send active=0 current=0 : [2] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 ACK acknowledge ID 2 (ack->len=1) Oct 18 15:49:51 openvpn 38153 ACK mark active incoming ID 2 Oct 18 15:49:51 openvpn 38153 ACK RWBS rel->size=8 rel->packet_id=00000002 id=00000002 ret=1 Oct 18 15:49:51 openvpn 38153 ACK read ID 2 (buf->len=1174) Oct 18 15:49:51 openvpn 38153 TLS: received control channel packet s#=0 sid=7d4069b3 5a57047b Oct 18 15:49:51 openvpn 38153 TLS: found match, session[0], sid=7d4069b3 5a57047b Oct 18 15:49:51 openvpn 38153 TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, rec-sid=7d4069b3 5a57047b, rec-ip=[AF_INET]172.98.67.60:1197, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 UDPv4 READ [1188] from [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=7d4069b3 5a57047b [ ] pid=2 DATA 04030206 40301d06 03551d0e 04160414 3ce258a8 84075704 06a7c109 2944217[more...] Oct 18 15:49:51 openvpn 38153 UDPv4 read returned 1188 Oct 18 15:49:51 openvpn 38153 I/O WAIT status=0x0001 Oct 18 15:49:51 openvpn 38153 event_wait returned 1 Oct 18 15:49:51 openvpn 38153 PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 I/O WAIT T?|T?|SR|Sw [1/250338] Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0001 ev=6 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: timeout set to 60 Oct 18 15:49:51 openvpn 38153 ACK reliable_send_timeout 604800 [2] Oct 18 15:49:51 openvpn 38153 ACK reliable_can_send active=0 current=0 : [2] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 UDPv4 write returned 22 Oct 18 15:49:51 openvpn 38153 UDPv4 WRITE [22] to [AF_INET]172.98.67.60:1197: P_ACK_V1 kid=0 sid=c8eeca5d ed9e29ea [ 1 sid=7d4069b3 5a57047b ] Oct 18 15:49:51 openvpn 38153 I/O WAIT status=0x0003 Oct 18 15:49:51 openvpn 38153 event_wait returned 1 Oct 18 15:49:51 openvpn 38153 PO_WAIT[0,0] fd=6 rev=0x00000005 rwflags=0x0003 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 I/O WAIT T?|T?|SR|SW [1/250338] Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0003 ev=6 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: timeout set to 60 Oct 18 15:49:51 openvpn 38153 ACK reliable_send_timeout 604800 [2] Oct 18 15:49:51 openvpn 38153 Dedicated ACK -> TCP/UDP Oct 18 15:49:51 openvpn 38153 ACK write ID 1 (ack->len=1, n=1) Oct 18 15:49:51 openvpn 38153 ACK reliable_can_send active=0 current=0 : [2] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:51 openvpn 38153 SSL state (connect): SSLv3 read server hello A Oct 18 15:49:51 openvpn 38153 Incoming Ciphertext -> TLS Oct 18 15:49:51 openvpn 38153 BIO write tls_write_ciphertext 1174 bytes Oct 18 15:49:51 openvpn 38153 ACK reliable_can_send active=0 current=0 : [2] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 ACK acknowledge ID 1 (ack->len=1) Oct 18 15:49:51 openvpn 38153 ACK mark active incoming ID 1 Oct 18 15:49:51 openvpn 38153 ACK RWBS rel->size=8 rel->packet_id=00000001 id=00000001 ret=1 Oct 18 15:49:51 openvpn 38153 ACK read ID 1 (buf->len=1174) Oct 18 15:49:51 openvpn 38153 ACK received for pid 1, deleting from send buffer Oct 18 15:49:51 openvpn 38153 TLS: received control channel packet s#=0 sid=7d4069b3 5a57047b Oct 18 15:49:51 openvpn 38153 TLS: found match, session[0], sid=7d4069b3 5a57047b Oct 18 15:49:51 openvpn 38153 TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, rec-sid=7d4069b3 5a57047b, rec-ip=[AF_INET]172.98.67.60:1197, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 TLS: control channel, op=P_CONTROL_V1, IP=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 UDPv4 READ [1200] from [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=7d4069b3 5a57047b [ 1 sid=c8eeca5d ed9e29ea ] pid=1 DATA 16030300 36020000 32030358 d82a436a ea90a9f5 c5f92ac5 5f59b1f9 730c1d2[more...] Oct 18 15:49:51 openvpn 38153 UDPv4 read returned 1200 Oct 18 15:49:51 openvpn 38153 I/O WAIT status=0x0001 Oct 18 15:49:51 openvpn 38153 event_wait returned 1 Oct 18 15:49:51 openvpn 38153 PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 I/O WAIT T?|T?|SR|Sw [1/250338] Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0001 ev=5 arg=0x00693c38 Oct 18 15:49:51 openvpn 38153 PO_CTL rwflags=0x0001 ev=6 arg=0x00694de0 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:51 openvpn 38153 TLS: tls_process: timeout set to 2 Oct 18 15:49:51 openvpn 38153 ACK reliable_send_timeout 2 [2] 1 Oct 18 15:49:51 openvpn 38153 ACK reliable_can_send active=1 current=0 : [2] 1 Oct 18 15:49:51 openvpn 38153 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800 Oct 18 15:49:51 openvpn 38153 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=c8eeca5d ed9e29ea, stored-sid=7d4069b3 5a57047b, stored-ip=[AF_INET]172.98.67.60:1197 Oct 18 15:49:51 openvpn 38153 UDPv4 write returned 263 Oct 18 15:49:51 openvpn 38153 UDPv4 WRITE [263] to [AF_INET]172.98.67.60:1197: P_CONTROL_V1 kid=0 sid=c8eeca5d ed9e29ea [ ] pid=1 DATA 16030100 f4010000 f003031d bd66e2cb 7ce2b273 90d08a6f 4be8a234 c16274f[more...] Oct 18 15:49:51 openvpn 38153 I/O WAIT status=0x0002 Oct 18 15:49:51 openvpn 38153 event_wait returned 1 -
Have I discovered a bug, or do I have a setting configured incorrectly? The Virtual Address is 10.69.10.6, but for some reason the status screen is showning 10.69.10.5, and the gateway is 10.69.10.1 as can be seen from this traceroute:
Which status screen do you mean?
10.69.10.6 is your virtual address in the VPN tunnel, 10.69.10.5 is the server side address, which is used as gateway by pfSense. The server uses a net30 topology, so there are only two devices in the tunnel subnet.
10.69.10.1 is the next hop, the vpn servers IP.10.69.10.1 will response to pings and could be used for monitoring here instead of 10.69.10.5, but since the tunnel subnet changes on every connecting, that's no option.
So to get rid of the offline (shown) gateway, you can either disable gateway monitoring or monitor another IP which only can be reached via the vpn.
-
Which status screen do you mean?
The gateways panel on the Home/Dashboard screen.
10.69.10.6 is your virtual address in the VPN tunnel, 10.69.10.5 is the server side address, which is used as gateway by pfSense. The server uses a net30 topology, so there are only two devices in the tunnel subnet.
According to the documentation provided by the VPN provider the Topology should be configured as "Subnet - One IP address per client in a common sub-net", which is how I have the client configured. It seems that pfSense is treating the interface like it iis net30.
That looks like a bug to me – if not, tell me what I'm missing.
As an aside, I did change the configuration to use the net30 topology, and it refused to connect.
10.69.10.1 will response to pings and could be used for monitoring here instead of 10.69.10.5, but since the tunnel subnet changes on every connecting, that's no option.
So to get rid of the offline (shown) gateway, you can either disable gateway monitoring or monitor another IP which only can be reached via the vpn.
Just wondering if there is any way to script this part of the setup? (I would rather not disable the monitoring if possible.)
-
As mentioned, 10.69.10.5 is your gateway here when using VPN.
The client side topology setting will not take effect, since the network topology is specified by the server.
That looks like a bug to me – if not, tell me what I'm missing.
What? That the gateway doesn't respond to pings?
10.69.10.1 will response to pings and could be used for monitoring here instead of 10.69.10.5, but since the tunnel subnet changes on every connecting, that's no option.
So to get rid of the offline (shown) gateway, you can either disable gateway monitoring or monitor another IP which only can be reached via the vpn.
Just wondering if there is any way to script this part of the setup? (I would rather not disable the monitoring if possible.)
Of course you can script that if you want. You can find the server IP in the vpn client log file behind the "PUSH" command - 'route 10.69.10.1'.
But I think, it will be much easier to change monitor-IP to e.g. 8.8.8.8 (Google) and set a static route for that IP to use the vpn gateway.
-
Please help me out a bit as to how you came to that conclusion.
As mentioned, 10.69.10.5 is your gateway here when using VPN.
The client side topology setting will not take effect, since the network topology is specified by the server.
The information that I have from the provider is that I receive a single IP address in a common subnet. (Likely a private VLAN)
My probing of the connections seems to agree with the provider's assertion.The gateway 10.69.10.1 is the gateway from the private subnet to the internet, but my gateway to that private subnet is 10.69.10.6 (the interface address). in order to reach 10.69.10.1.
i.e. With the source address set to the interface on the ping tool on the Diagnostic menu, I can ping 10.69.10.6, 10.69.10.1 and internet addresses, but not 10.69.10.5! (Hope I explaned that properly.) I don't understand where 10.69.10.5 is coming from as it doesn't show up in a traceroute, and won't respond to a ping.That looks like a bug to me – if not, tell me what I'm missing.
What? That the gateway doesn't respond to pings?
If 10.69.10.5 is actually the gateway, it does NOT respond to a ping! I don't believe that pfSense has identified the gateway correctly. My gateway is 10.69.10.6 NOT 10.69.10.5. Once I exit through 10.69.10.6, I'm on 10.69.10.1/24, the gateway from that network is 10.69.10.1. In short the VPN works a lot like my cable internet (except modem/hardware) - I get a single IP which leads to a private network, and that network has a gateway to the internet.
I suspect that this part of the log
Oct 18 15:49:54 openvpn 38153 Initialization Sequence Completed Oct 18 15:49:54 openvpn 38153 /usr/local/sbin/ovpn-linkup ovpnc1 1500 1570 10.69.10.6 10.69.10.5 init Oct 18 15:49:54 openvpn 38153 /sbin/ifconfig ovpnc1 10.69.10.6 10.69.10.5 mtu 1500 netmask 255.255.255.255 up Oct 18 15:49:54 openvpn 38153 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Oct 18 15:49:54 openvpn 38153 TUN/TAP device /dev/tun1 opened Oct 18 15:49:54 openvpn 38153 TUN/TAP device ovpnc1 exists previously, keep at program end Oct 18 15:49:54 openvpn 38153 OPTIONS IMPORT: --ifconfig/up options modified Oct 18 15:49:54 openvpn 38153 OPTIONS IMPORT: LZO parms modified Oct 18 15:49:54 openvpn 38153 OPTIONS IMPORT: timers and/or timeouts modified Oct 18 15:49:54 openvpn 38153 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Oct 18 15:49:54 openvpn 38153 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Oct 18 15:49:54 openvpn 38153 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Oct 18 15:49:54 openvpn 38153 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) Oct 18 15:49:54 openvpn 38153 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,comp-lzo no,route 10.69.10.1,topology net30,ifconfig 10.69.10.6 10.69.10.5,auth-token cWH8XGbkmA2cWXnJyKr8NSALW56rxCiyjYXcyOLZ5ok=' Oct 18 15:49:54 openvpn 38153 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:54 openvpn 38153 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=e5576ed7 8ca7bbd4, stored-sid=00000000 00000000, stored-ip=[undef] Oct 18 15:49:54 openvpn 38153 TLS: tls_process: timeout set to 57 Oct 18 15:49:54 openvpn 38153 ACK reliable_send_timeout 604800 [5]might contain the reason, but I don't know what messages are as a result of server and what messages are as a result of my client.
If I understand things correctly, the ACK/TLS/TLS are just at the end of the key exchange process and acknowledge the presence of a secure tunnel.
Thanks in advance for any comments/suggestions/solutions.
-
Dude, the behaviour was already described above: https://forum.pfsense.org/index.php?topic=138316.msg756666#msg756666
Again, it looks like this:
you | tunnel | server your virt. IP | | servers virt. IP in subnet server IP 10.69.10.6 ---|---------------------|--- 10.69.10.5 -------------------- 10.69.10.1The vpn server provide a /30 subnet. It has 4 IP addresses:
10.69.10.4 …....... network address
10.69.10.5 .......... servers virt. IP in the subnet
10.69.10.6 .......... your virtual IP in the subnet
10.69.10.7 .......... broadcast address10.69.10.6 is your virtual IP in the tunnel, of course you can ping it!
The virt. tunnel address of the server doesn't response to pings. That's a normal behaviour in OpenVPN. But you can ping the servers address: 10.69.10.110.69.10.1 is not in your subnet, but OpenVPN sets a route to it using the gateway 10.69.10.5 (Yes, the server virtual IP is your gateway).
Check the routing table to review. Diagnostic > routes
You can only use IP addresses as gateways which are directly connected to pfSense. 10.69.10.5 is (virtual), 10.69.10.1 is not.The line
Oct 18 15:49:54 openvpn 38153 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,comp-lzo no,route 10.69.10.1,topology net30,ifconfig 10.69.10.6 10.69.10.5,auth-token cWH8XGbkmA2cWXnJyKr8NSALW56rxCiyjYXcyOLZ5ok='is what you get from the server. It contains the interface configuration, compression mode, DNS and routes.
You might have set a high Verbosity level in the client config, there's very much noise in the log.
-
Deleted & reposted below with Verbosity reduced and appropriate changes
-
Your Verbosity level is too high, set it to 4.
-
Thanks for taking the time to make that so clear, even though you described it, I didnt get it.
It's sometimes difficult to know what you don't know and distinguish it from things that you think you know but just aren't so.
What was confusing me was these setup instructions https://www.privateinternetaccess.com/pages/client-support/pfsense, and that the Topologiy setting shows 'Subnet - One IP address per client in a common sub-net' in the provided example. What's the difference between this setting and 'net30 -Isolated /30 network per client'? The topology you described looks more like the /30 than One IP address per client to me.
When I change the setting to 'net30 -Isolated /30 network per client', the log looks like this.
Oct 20 15:39:59 openvpn 53417 MANAGEMENT: Client disconnected Oct 20 15:39:59 openvpn 53417 MANAGEMENT: CMD 'status 2' Oct 20 15:39:59 openvpn 53417 MANAGEMENT: CMD 'state 1' Oct 20 15:39:59 openvpn 53417 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock Oct 20 15:39:56 openvpn 53417 Initialization Sequence Completed Oct 20 15:39:56 openvpn 53417 /usr/local/sbin/ovpn-linkup ovpnc1 1500 1570 10.8.10.10 10.8.10.9 init Oct 20 15:39:56 openvpn 53417 /sbin/ifconfig ovpnc1 10.8.10.10 10.8.10.9 mtu 1500 netmask 255.255.255.255 up Oct 20 15:39:56 openvpn 53417 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Oct 20 15:39:56 openvpn 53417 TUN/TAP device /dev/tun1 opened Oct 20 15:39:56 openvpn 53417 TUN/TAP device ovpnc1 exists previously, keep at program end Oct 20 15:39:56 openvpn 53417 OPTIONS IMPORT: --ifconfig/up options modified Oct 20 15:39:56 openvpn 53417 OPTIONS IMPORT: LZO parms modified Oct 20 15:39:56 openvpn 53417 OPTIONS IMPORT: timers and/or timeouts modified Oct 20 15:39:56 openvpn 53417 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) Oct 20 15:39:56 openvpn 53417 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Oct 20 15:39:56 openvpn 53417 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) Oct 20 15:39:56 openvpn 53417 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) Oct 20 15:39:56 openvpn 53417 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,comp-lzo no,route 10.8.10.1,topology net30,ifconfig 10.8.10.10 10.8.10.9,auth-token /9q33gukKF57s9njKLNkDUHrt6LMQ+vRHjYh2Wr++MQ=' Oct 20 15:39:56 openvpn 53417 SENT CONTROL [c76d465f591f9ff1adf44a1f4d7c7d9b]: 'PUSH_REQUEST' (status=1) Oct 20 15:39:54 openvpn 53417 [c76d465f591f9ff1adf44a1f4d7c7d9b] Peer Connection Initiated with [AF_INET]172.98.67.67:1197 Oct 20 15:39:54 openvpn 53417 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Oct 20 15:39:54 openvpn 53417 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Oct 20 15:39:54 openvpn 53417 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Oct 20 15:39:54 openvpn 53417 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Oct 20 15:39:54 openvpn 53417 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Oct 20 15:39:54 openvpn 53417 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128' Oct 20 15:39:54 openvpn 53417 WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1' Oct 20 15:39:54 openvpn 53417 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC' Oct 20 15:39:54 openvpn 53417 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1542' Oct 20 15:39:54 openvpn 53417 VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=c76d465f591f9ff1adf44a1f4d7c7d9b, name=c76d465f591f9ff1adf44a1f4d7c7d9b Oct 20 15:39:54 openvpn 53417 VERIFY EKU OK Oct 20 15:39:54 openvpn 53417 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Oct 20 15:39:54 openvpn 53417 Validating certificate extended key usage Oct 20 15:39:54 openvpn 53417 VERIFY KU OK Oct 20 15:39:54 openvpn 53417 ++ Certificate has key usage 00a0, expects 00a0 Oct 20 15:39:54 openvpn 53417 Validating certificate key usage Oct 20 15:39:54 openvpn 53417 VERIFY OK: depth=1, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com Oct 20 15:39:54 openvpn 53417 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Oct 20 15:39:54 openvpn 53417 TLS: Initial packet from [AF_INET]172.98.67.67:1197, sid=e1e50acc 434d35d6 Oct 20 15:39:54 openvpn 53417 UDPv4 link remote: [AF_INET]172.98.67.67:1197 Oct 20 15:39:54 openvpn 53417 UDPv4 link local (bound): [AF_INET]192.168.0.15 Oct 20 15:39:54 openvpn 53417 Expected Remote Options hash (VER=V4): '79a26cd9' Oct 20 15:39:54 openvpn 53417 Local Options hash (VER=V4): 'fc8ba345' Oct 20 15:39:54 openvpn 53417 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-server' Oct 20 15:39:54 openvpn 53417 Local Options String: 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA256,keysize 256,key-method 2,tls-client' Oct 20 15:39:54 openvpn 53417 Data Channel MTU parms [ L:1570 D:1450 EF:70 EB:143 ET:0 EL:3 AF:3/1 ] Oct 20 15:39:53 openvpn 53417 Socket Buffers: R=[42080->42080] S=[57344->57344] Oct 20 15:39:53 openvpn 53417 Control Channel MTU parms [ L:1570 D:1212 EF:38 EB:0 ET:0 EL:3 ] Oct 20 15:39:53 openvpn 53417 LZO compression initialized Oct 20 15:39:53 openvpn 53417 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Oct 20 15:39:53 openvpn 53417 MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock Oct 20 15:39:53 openvpn 52592 WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible Oct 20 15:39:53 openvpn 52592 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.10 Oct 20 15:39:53 openvpn 52592 OpenVPN 2.3.17 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jun 26 2017 Oct 20 15:39:53 openvpn 52592 auth_user_pass_file = '/var/etc/openvpn/client1.up' Oct 20 15:39:53 openvpn 52592 pull = ENABLED Oct 20 15:39:53 openvpn 52592 client = ENABLED Oct 20 15:39:53 openvpn 52592 port_share_port = 0 Oct 20 15:39:53 openvpn 52592 port_share_host = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 auth_user_pass_verify_script_via_file = DISABLED Oct 20 15:39:53 openvpn 52592 auth_user_pass_verify_script = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 max_routes_per_client = 256 Oct 20 15:39:53 openvpn 52592 max_clients = 1024 Oct 20 15:39:53 openvpn 52592 cf_per = 0 Oct 20 15:39:53 openvpn 52592 cf_max = 0 Oct 20 15:39:53 openvpn 52592 duplicate_cn = DISABLED Oct 20 15:39:53 openvpn 52592 enable_c2c = DISABLED Oct 20 15:39:53 openvpn 52592 push_ifconfig_ipv6_remote = :: Oct 20 15:39:53 openvpn 52592 push_ifconfig_ipv6_local = ::/0 Oct 20 15:39:53 openvpn 52592 push_ifconfig_ipv6_defined = DISABLED Oct 20 15:39:53 openvpn 52592 push_ifconfig_remote_netmask = 0.0.0.0 Oct 20 15:39:53 openvpn 52592 push_ifconfig_local = 0.0.0.0 Oct 20 15:39:53 openvpn 52592 push_ifconfig_defined = DISABLED Oct 20 15:39:53 openvpn 52592 tmp_dir = '/tmp' Oct 20 15:39:53 openvpn 52592 ccd_exclusive = DISABLED Oct 20 15:39:53 openvpn 52592 client_config_dir = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 client_disconnect_script = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 learn_address_script = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 client_connect_script = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 virtual_hash_size = 256 Oct 20 15:39:53 openvpn 52592 real_hash_size = 256 Oct 20 15:39:53 openvpn 52592 tcp_queue_limit = 64 Oct 20 15:39:53 openvpn 52592 n_bcast_buf = 256 Oct 20 15:39:53 openvpn 52592 ifconfig_ipv6_pool_netbits = 0 Oct 20 15:39:53 openvpn 52592 ifconfig_ipv6_pool_base = :: Oct 20 15:39:53 openvpn 52592 ifconfig_ipv6_pool_defined = DISABLED Oct 20 15:39:53 openvpn 52592 ifconfig_pool_persist_refresh_freq = 600 Oct 20 15:39:53 openvpn 52592 ifconfig_pool_persist_filename = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 ifconfig_pool_netmask = 0.0.0.0 Oct 20 15:39:53 openvpn 52592 ifconfig_pool_end = 0.0.0.0 Oct 20 15:39:53 openvpn 52592 ifconfig_pool_start = 0.0.0.0 Oct 20 15:39:53 openvpn 52592 ifconfig_pool_defined = DISABLED Oct 20 15:39:53 openvpn 52592 server_bridge_pool_end = 0.0.0.0 Oct 20 15:39:53 openvpn 52592 server_bridge_pool_start = 0.0.0.0 Oct 20 15:39:53 openvpn 52592 server_bridge_netmask = 0.0.0.0 Oct 20 15:39:53 openvpn 52592 server_bridge_ip = 0.0.0.0 Oct 20 15:39:53 openvpn 52592 server_netbits_ipv6 = 0 Oct 20 15:39:53 openvpn 52592 server_network_ipv6 = :: Oct 20 15:39:53 openvpn 52592 server_netmask = 0.0.0.0 Oct 20 15:39:53 openvpn 52592 server_network = 0.0.0.0 Oct 20 15:39:53 openvpn 52592 tls_auth_file = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 tls_exit = DISABLED Oct 20 15:39:53 openvpn 52592 push_peer_info = DISABLED Oct 20 15:39:53 openvpn 52592 single_session = DISABLED Oct 20 15:39:53 openvpn 52592 transition_window = 3600 Oct 20 15:39:53 openvpn 52592 handshake_window = 60 Oct 20 15:39:53 openvpn 52592 renegotiate_seconds = 0 Oct 20 15:39:53 openvpn 52592 renegotiate_packets = 0 Oct 20 15:39:53 openvpn 52592 renegotiate_bytes = -1 Oct 20 15:39:53 openvpn 52592 tls_timeout = 2 Oct 20 15:39:53 openvpn 52592 ssl_flags = 0 Oct 20 15:39:53 openvpn 52592 remote_cert_eku = 'TLS Web Server Authentication' Oct 20 15:39:53 openvpn 52592 remote_cert_ku[i] = 0 Oct 20 15:39:53 openvpn 52592 remote_cert_ku[i] = 0 Oct 20 15:39:53 openvpn 52592 remote_cert_ku[i] = 0 Oct 20 15:39:53 openvpn 52592 remote_cert_ku[i] = 0 Oct 20 15:39:53 openvpn 52592 remote_cert_ku[i] = 0 Oct 20 15:39:53 openvpn 52592 remote_cert_ku[i] = 0 Oct 20 15:39:53 openvpn 52592 remote_cert_ku[i] = 0 Oct 20 15:39:53 openvpn 52592 remote_cert_ku[i] = 0 Oct 20 15:39:53 openvpn 52592 remote_cert_ku[i] = 0 Oct 20 15:39:53 openvpn 52592 remote_cert_ku[i] = 0 Oct 20 15:39:53 openvpn 52592 remote_cert_ku[i] = 0 Oct 20 15:39:53 openvpn 52592 remote_cert_ku[i] = 0 Oct 20 15:39:53 openvpn 52592 remote_cert_ku[i] = 0 Oct 20 15:39:53 openvpn 52592 remote_cert_ku[i] = 0 Oct 20 15:39:53 openvpn 52592 remote_cert_ku[i] = 136 Oct 20 15:39:53 openvpn 52592 remote_cert_ku[i] = 160 Oct 20 15:39:53 openvpn 52592 ns_cert_type = 0 Oct 20 15:39:53 openvpn 52592 crl_file = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 verify_x509_name = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 verify_x509_type = 0 Oct 20 15:39:53 openvpn 52592 tls_export_cert = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 tls_verify = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 cipher_list = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 pkcs12_file = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 priv_key_file = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 extra_certs_file = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 cert_file = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 dh_file = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 ca_path = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 ca_file = '/var/etc/openvpn/client1.ca' Oct 20 15:39:53 openvpn 52592 key_method = 2 Oct 20 15:39:53 openvpn 52592 tls_client = ENABLED Oct 20 15:39:53 openvpn 52592 tls_server = DISABLED Oct 20 15:39:53 openvpn 52592 test_crypto = DISABLED Oct 20 15:39:53 openvpn 52592 use_iv = ENABLED Oct 20 15:39:53 openvpn 52592 packet_id_file = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 replay_time = 15 Oct 20 15:39:53 openvpn 52592 replay_window = 64 Oct 20 15:39:53 openvpn 52592 mute_replay_warnings = DISABLED Oct 20 15:39:53 openvpn 52592 replay = ENABLED Oct 20 15:39:53 openvpn 52592 engine = DISABLED Oct 20 15:39:53 openvpn 52592 keysize = 0 Oct 20 15:39:53 openvpn 52592 prng_nonce_secret_len = 16 Oct 20 15:39:53 openvpn 52592 prng_hash = 'SHA1' Oct 20 15:39:53 openvpn 52592 authname = 'SHA256' Oct 20 15:39:53 openvpn 52592 authname_defined = ENABLED Oct 20 15:39:53 openvpn 52592 ciphername = 'AES-256-CBC' Oct 20 15:39:53 openvpn 52592 ciphername_defined = ENABLED Oct 20 15:39:53 openvpn 52592 key_direction = 0 Oct 20 15:39:53 openvpn 52592 shared_secret_file = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 management_flags = 256 Oct 20 15:39:53 openvpn 52592 management_client_group = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 management_client_user = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 management_write_peer_info_file = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 management_echo_buffer_size = 100 Oct 20 15:39:53 openvpn 52592 management_log_history_cache = 250 Oct 20 15:39:53 openvpn 52592 management_user_pass = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 management_port = 0 Oct 20 15:39:53 openvpn 52592 management_addr = '/var/etc/openvpn/client1.sock' Oct 20 15:39:53 openvpn 52592 allow_pull_fqdn = DISABLED Oct 20 15:39:53 openvpn 52592 max_routes = 100 Oct 20 15:39:53 openvpn 52592 route_gateway_via_dhcp = DISABLED Oct 20 15:39:53 openvpn 52592 route_nopull = ENABLED Oct 20 15:39:53 openvpn 52592 route_delay_defined = DISABLED Oct 20 15:39:53 openvpn 52592 route_delay_window = 30 Oct 20 15:39:53 openvpn 52592 route_delay = 0 Oct 20 15:39:53 openvpn 52592 route_noexec = ENABLED Oct 20 15:39:53 openvpn 52592 route_default_metric = 0 Oct 20 15:39:53 openvpn 52592 route_default_gateway = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 route_script = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 lzo = 7 Oct 20 15:39:53 openvpn 52592 fast_io = DISABLED Oct 20 15:39:53 openvpn 52592 sockflags = 0 Oct 20 15:39:53 openvpn 52592 sndbuf = 0 Oct 20 15:39:53 openvpn 52592 rcvbuf = 0 Oct 20 15:39:53 openvpn 52592 occ = ENABLED Oct 20 15:39:53 openvpn 52592 status_file_update_freq = 60 Oct 20 15:39:53 openvpn 52592 status_file_version = 1 Oct 20 15:39:53 openvpn 52592 status_file = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 gremlin = 0 Oct 20 15:39:53 openvpn 52592 mute = 0 Oct 20 15:39:53 openvpn 52592 verbosity = 4 Oct 20 15:39:53 openvpn 52592 nice = 0 Oct 20 15:39:53 openvpn 52592 suppress_timestamps = DISABLED Oct 20 15:39:53 openvpn 52592 log = DISABLED Oct 20 15:39:53 openvpn 52592 inetd = 0 Oct 20 15:39:53 openvpn 52592 daemon = ENABLED Oct 20 15:39:53 openvpn 52592 up_delay = DISABLED Oct 20 15:39:53 openvpn 52592 up_restart = DISABLED Oct 20 15:39:53 openvpn 52592 down_pre = DISABLED Oct 20 15:39:53 openvpn 52592 down_script = '/usr/local/sbin/ovpn-linkdown' Oct 20 15:39:53 openvpn 52592 up_script = '/usr/local/sbin/ovpn-linkup' Oct 20 15:39:53 openvpn 52592 writepid = '/var/run/openvpn_client1.pid' Oct 20 15:39:53 openvpn 52592 cd_dir = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 chroot_dir = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 groupname = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 username = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 resolve_retry_seconds = 1000000000 Oct 20 15:39:53 openvpn 52592 passtos = DISABLED Oct 20 15:39:53 openvpn 52592 persist_key = ENABLED Oct 20 15:39:53 openvpn 52592 persist_remote_ip = DISABLED Oct 20 15:39:53 openvpn 52592 persist_local_ip = DISABLED Oct 20 15:39:53 openvpn 52592 persist_tun = ENABLED Oct 20 15:39:53 openvpn 52592 remap_sigusr1 = 0 Oct 20 15:39:53 openvpn 52592 ping_timer_remote = ENABLED Oct 20 15:39:53 openvpn 52592 ping_rec_timeout_action = 2 Oct 20 15:39:53 openvpn 52592 ping_rec_timeout = 60 Oct 20 15:39:53 openvpn 52592 ping_send_timeout = 10 Oct 20 15:39:53 openvpn 52592 inactivity_timeout = 0 Oct 20 15:39:53 openvpn 52592 keepalive_timeout = 60 Oct 20 15:39:53 openvpn 52592 keepalive_ping = 10 Oct 20 15:39:53 openvpn 52592 mlock = DISABLED Oct 20 15:39:53 openvpn 52592 mtu_test = 0 Oct 20 15:39:53 openvpn 52592 shaper = 0 Oct 20 15:39:53 openvpn 52592 ifconfig_ipv6_remote = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 ifconfig_ipv6_netbits = 0 Oct 20 15:39:53 openvpn 52592 ifconfig_ipv6_local = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 ifconfig_nowarn = DISABLED Oct 20 15:39:53 openvpn 52592 ifconfig_noexec = DISABLED Oct 20 15:39:53 openvpn 52592 ifconfig_remote_netmask = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 ifconfig_local = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 tun_ipv6 = DISABLED Oct 20 15:39:53 openvpn 52592 topology = 1 Oct 20 15:39:53 openvpn 52592 lladdr = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 dev_node = '/dev/tun1' Oct 20 15:39:53 openvpn 52592 dev_type = 'tun' Oct 20 15:39:53 openvpn 52592 dev = 'ovpnc1' Oct 20 15:39:53 openvpn 52592 ipchange = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 remote_random = DISABLED Oct 20 15:39:53 openvpn 52592 Connection profiles END Oct 20 15:39:53 openvpn 52592 explicit_exit_notification = 0 Oct 20 15:39:53 openvpn 52592 mssfix = 1450 Oct 20 15:39:53 openvpn 52592 fragment = 0 Oct 20 15:39:53 openvpn 52592 mtu_discover_type = -1 Oct 20 15:39:53 openvpn 52592 tun_mtu_extra_defined = DISABLED Oct 20 15:39:53 openvpn 52592 tun_mtu_extra = 0 Oct 20 15:39:53 openvpn 52592 link_mtu_defined = DISABLED Oct 20 15:39:53 openvpn 52592 link_mtu = 1500 Oct 20 15:39:53 openvpn 52592 tun_mtu_defined = ENABLED Oct 20 15:39:53 openvpn 52592 tun_mtu = 1500 Oct 20 15:39:53 openvpn 52592 socks_proxy_retry = DISABLED Oct 20 15:39:53 openvpn 52592 socks_proxy_port = 0 Oct 20 15:39:53 openvpn 52592 socks_proxy_server = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 connect_retry_max = 0 Oct 20 15:39:53 openvpn 52592 connect_timeout = 10 Oct 20 15:39:53 openvpn 52592 connect_retry_seconds = 5 Oct 20 15:39:53 openvpn 52592 bind_local = ENABLED Oct 20 15:39:53 openvpn 52592 bind_defined = DISABLED Oct 20 15:39:53 openvpn 52592 remote_float = DISABLED Oct 20 15:39:53 openvpn 52592 remote_port = 1197 Oct 20 15:39:53 openvpn 52592 remote = 'xxx.privateinternetaccess.com' Oct 20 15:39:53 openvpn 52592 local_port = 0 Oct 20 15:39:53 openvpn 52592 local = '192.168.0.15' Oct 20 15:39:53 openvpn 52592 proto = udp Oct 20 15:39:53 openvpn 52592 Connection profiles [default]: Oct 20 15:39:53 openvpn 52592 show_tls_ciphers = DISABLED Oct 20 15:39:53 openvpn 52592 key_pass_file = '[UNDEF]' Oct 20 15:39:53 openvpn 52592 genkey = DISABLED Oct 20 15:39:53 openvpn 52592 show_engines = DISABLED Oct 20 15:39:53 openvpn 52592 show_digests = DISABLED Oct 20 15:39:53 openvpn 52592 show_ciphers = DISABLED Oct 20 15:39:53 openvpn 52592 mode = 0 Oct 20 15:39:53 openvpn 52592 config = '/var/etc/openvpn/client1.conf' Oct 20 15:39:53 openvpn 52592 Current Parameter Settings: The way you describe this, it makes me think that this is a normal/expected behavior from OpenVPN. If so, why doesn't the gateway monitor have a setting that can cope with it? Something I'm missing? [/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i] -
https://doc.pfsense.org/index.php/Why_can%27t_I_ping_some_OpenVPN_adapter_addresses
Set something as the monitor IP address that will actually respond to pings.
-
Has anyone been able to get the Gateway Pinger working with Private Internet Access?
My OpenVPN connection is working fine, the interface seems to be working but I'm having trouble getting the status on the home page to display properly
-
What was confusing me was these setup instructions https://www.privateinternetaccess.com/pages/client-support/pfsense, and that the Topologiy setting shows 'Subnet - One IP address per client in a common sub-net' in the provided example. What's the difference between this setting and 'net30 -Isolated /30 network per client'? The topology you described looks more like the /30 than One IP address per client to me.
A /30 subnet results in one IP per client. See her how I've explained the addresses of such a subnet. There is place for one client only.
The server provides a /30 subnet for each client, already mentioned that.When I change the setting to 'net30 -Isolated /30 network per client', the log looks like this.
The setting will be ignored, since it is given by the server. Already mentioned that here: https://forum.pfsense.org/index.php?topic=138316.msg756795#msg756795
Oct 20 15:39:56 openvpn 53417 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,comp-lzo no,route 10.8.10.1,topology net30,ifconfig 10.8.10.10 10.8.10.9,auth-token /9q33gukKF57s9njKLNkDUHrt6LMQ+vRHjYh2Wr++MQ='
-
https://doc.pfsense.org/index.php/Why_can%27t_I_ping_some_OpenVPN_adapter_addresses
Set something else as the monitor IP address.
And we don't need multiple threads about the same thing, please.
-
https://doc.pfsense.org/index.php/Why_can%27t_I_ping_some_OpenVPN_adapter_addresses
Set something else as the monitor IP address.
And we don't need multiple threads about the same thing, please.
I wanted to focus the discussion on the pinger, not OpenVPN.
The place I'm trying to go with this is that based on what I'm learning in this thread it appears that the design of the pinger falls a bit short.
There should be some way to have the option be able to automatically insert x.x.x.1 as the monitor address where x.x.x.y is the dynamic address assigned by the VPN.
If I stick in some external address ( say 8.8.8.8 ) what is the likelihood of a false (i.e reports up when down or down when up) status?
-
dpinger works fine. You are seeing an OpenVPN issue. You have to monitor something that will actually respond to pings.
The gateway address is automatically inserted. There is no mechanism to "automatically" choose something else.
You can place whatever monitor IP address in there you think is better than the gateway address.
This has nothing to do with dpinger.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.