4. OpenVPN Sample Syslog Messages

OpenVPN Sample Syslog Messages

  • C

    Can anyone provide me with the sample syslogs for the openvpn login, logout, connection events., etc

    0
  • B

    Here's a login sequence but I don't see any matching logout. 1.2.3.4 is the sanitized source/client address. Hope that helps.

    <29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_VER=2.4.4
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_PLAT=win
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_PROTO=2
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_NCP=2
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_LZ4=1
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_LZ4v2=1
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_LZO=1
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_COMP_STUB=1
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_COMP_STUBv2=1
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_TCPNL=1
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_GUI_VER=OpenVPN_GUI_11
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 [Peter] Peer Connection Initiated with [AF_INET]1.2.3.4:31569
<29>Jul 17 07:14:48 openvpn[67790]: Peter/1.2.3.4:31569 MULTI_sva: pool returned IPv4=172.23.23.6, IPv6=(Not enabled)
    0
  • B

    The above was from a friend's log, which has the "default" verbosity set. I just happened to have it open.

    Below is the log from my own system, which is set to the "recommended" verbosity level. Not sure why it disconnects and reconnects every minute. I'll need to look into that. It even continues even after I have deliberately disconnected the client.

    2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 TLS: Initial packet from [AF_INET]192.168.111.244:59228, sid=486fb48d 61e88213
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 VERIFY SCRIPT OK: depth=1, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Philter OpenVPN
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 VERIFY OK: depth=1, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Philter OpenVPN
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 VERIFY SCRIPT OK: depth=0, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Phil
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 VERIFY OK: depth=0, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Phil
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_VER=2.4.3
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_PLAT=win
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_PROTO=2
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_NCP=2
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_LZ4=1
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_LZ4v2=1
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_LZO=1
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_COMP_STUB=1
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_COMP_STUBv2=1
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_TCPNL=1
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_GUI_VER=OpenVPN_GUI_11
2018-07-17 08:19:35	192.168.11.1	<37>Jul 17 08:19:35 openvpn: user 'Phil' authenticated
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 TLS: Username/Password authentication succeeded for username 'Phil' [CN SET]
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 [Phil] Peer Connection Initiated with [AF_INET]192.168.111.244:59228
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: Phil/192.168.111.244:59228 MULTI_sva: pool returned IPv4=172.23.23.6, IPv6=(Not enabled)
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: Phil/192.168.111.244:59228 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_66e6d88b239a33c467025687518b79cf.tmp
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: Phil/192.168.111.244:59228 MULTI: Learn: 172.23.23.6 -> Phil/192.168.111.244:59228
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: Phil/192.168.111.244:59228 MULTI: primary virtual IP for Phil/192.168.111.244:59228: 172.23.23.6
2018-07-17 08:19:37	192.168.11.1	<29>Jul 17 08:19:37 openvpn[78230]: Phil/192.168.111.244:59228 PUSH: Received control message: 'PUSH_REQUEST'
2018-07-17 08:19:37	192.168.11.1	<29>Jul 17 08:19:37 openvpn[78230]: Phil/192.168.111.244:59228 SENT CONTROL [Phil]: 'PUSH_REPLY,route 192.168.111.0 255.255.255.0,route 192.168.100.0 255.255.255.0,route 192.168.101.0 255.255.255.0,route 192.168.144.0 255.255.255.0,dhcp-option DOMAIN pjb.cc,dhcp-option DNS 192.168.111.1,route 192.168.11.0 255.255.255.0,route 192.168.100.0 255.255.255.0,route 192.168.144.0 255.255.255.0,route 172.23.23.1,topology net30,ping 10,ping-restart 60,ifconfig 172.23.23.6 172.23.23.5,peer-id 0,cipher AES-256-GCM' (status=1)
2018-07-17 08:19:37	192.168.11.1	<29>Jul 17 08:19:37 openvpn[78230]: Phil/192.168.111.244:59228 Data Channel: using negotiated cipher 'AES-256-GCM'
2018-07-17 08:19:37	192.168.11.1	<29>Jul 17 08:19:37 openvpn[78230]: Phil/192.168.111.244:59228 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2018-07-17 08:19:37	192.168.11.1	<29>Jul 17 08:19:37 openvpn[78230]: Phil/192.168.111.244:59228 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2018-07-17 08:20:23	192.168.11.1	<29>Jul 17 08:20:23 openvpn[78230]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
2018-07-17 08:20:23	192.168.11.1	<29>Jul 17 08:20:23 openvpn[78230]: MANAGEMENT: CMD 'status 2'
2018-07-17 08:20:23	192.168.11.1	<29>Jul 17 08:20:23 openvpn[78230]: MANAGEMENT: CMD 'quit'
2018-07-17 08:20:23	192.168.11.1	<29>Jul 17 08:20:23 openvpn[78230]: MANAGEMENT: Client disconnected
2018-07-17 08:21:25	192.168.11.1	<29>Jul 17 08:21:25 openvpn[78230]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
2018-07-17 08:21:25	192.168.11.1	<29>Jul 17 08:21:25 openvpn[78230]: MANAGEMENT: CMD 'status 2'
2018-07-17 08:21:25	192.168.11.1	<29>Jul 17 08:21:25 openvpn[78230]: MANAGEMENT: CMD 'quit'
2018-07-17 08:21:25	192.168.11.1	<29>Jul 17 08:21:25 openvpn[78230]: MANAGEMENT: Client disconnected
2018-07-17 08:22:26	192.168.11.1	<29>Jul 17 08:22:26 openvpn[78230]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
2018-07-17 08:22:27	192.168.11.1	<29>Jul 17 08:22:27 openvpn[78230]: MANAGEMENT: CMD 'status 2'
2018-07-17 08:22:27	192.168.11.1	<29>Jul 17 08:22:27 openvpn[78230]: MANAGEMENT: CMD 'quit'
2018-07-17 08:22:27	192.168.11.1	<29>Jul 17 08:22:27 openvpn[78230]: MANAGEMENT: Client disconnected
2018-07-17 08:23:28	192.168.11.1	<29>Jul 17 08:23:28 openvpn[78230]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
2018-07-17 08:23:28	192.168.11.1	<29>Jul 17 08:23:28 openvpn[78230]: MANAGEMENT: CMD 'status 2'
2018-07-17 08:23:29	192.168.11.1	<29>Jul 17 08:23:29 openvpn[78230]: MANAGEMENT: CMD 'quit'
2018-07-17 08:23:29	192.168.11.1	<29>Jul 17 08:23:29 openvpn[78230]: MANAGEMENT: Client disconnected
    0
  • B

    And with verbosity level set to 2

    <29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 VERIFY SCRIPT OK: depth=1, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Philter OpenVPN
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 VERIFY OK: depth=1, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Philter OpenVPN
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 VERIFY SCRIPT OK: depth=0, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Phil
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 VERIFY OK: depth=0, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Phil
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_VER=2.4.3
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_PLAT=win
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_PROTO=2
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_NCP=2
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_LZ4=1
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_LZ4v2=1
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_LZO=1
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_COMP_STUB=1
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_COMP_STUBv2=1
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_TCPNL=1
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_GUI_VER=OpenVPN_GUI_11
<37>Jul 17 08:59:00 openvpn: user 'Phil' authenticated
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 TLS: Username/Password authentication succeeded for username 'Phil' [CN SET]
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 [Phil] Peer Connection Initiated with [AF_INET]192.168.111.244:54668
<29>Jul 17 08:59:00 openvpn[74072]: Phil/192.168.111.244:54668 MULTI_sva: pool returned IPv4=172.23.23.6, IPv6=(Not enabled)
<29>Jul 17 08:59:01 openvpn[74072]: Phil/192.168.111.244:54668 Data Channel: using negotiated cipher 'AES-256-GCM'
<29>Jul 17 08:59:01 openvpn[74072]: Phil/192.168.111.244:54668 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
<29>Jul 17 08:59:01 openvpn[74072]: Phil/192.168.111.244:54668 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

    I can't figure out why the disconnect/disconnect every minute when verbosity is set to 3 (recommended). It goes on and on, spamming the log, even with the client shut down.

    0
  • B

    Well, found the answer to the MANAGEMENT log entries. It has been mentioned a number of times in the OpenVPN category - e.g., here.

    Reducing the verbosity to 2 (from the recommended 3) eliminates these entries from the log without, it seems, losing any connection information.

    As for client disconnects, it looks as though there is no way to log those with OpenVPN. I even tried putting explicit-exit-notify into my client config. It made no difference.

    0
    C
     1 Reply
  • C

    @biggsy thank you very very much

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy