Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Sample Syslog Messages

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 657 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      christenjm
      last edited by

      Can anyone provide me with the sample syslogs for the openvpn login, logout, connection events., etc

      1 Reply Last reply Reply Quote 0
      • B
        biggsy
        last edited by

        Here's a login sequence but I don't see any matching logout. 1.2.3.4 is the sanitized source/client address. Hope that helps.

        <29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_VER=2.4.4
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_PLAT=win
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_PROTO=2
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_NCP=2
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_LZ4=1
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_LZ4v2=1
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_LZO=1
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_COMP_STUB=1
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_COMP_STUBv2=1
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_TCPNL=1
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_GUI_VER=OpenVPN_GUI_11
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 [Peter] Peer Connection Initiated with [AF_INET]1.2.3.4:31569
<29>Jul 17 07:14:48 openvpn[67790]: Peter/1.2.3.4:31569 MULTI_sva: pool returned IPv4=172.23.23.6, IPv6=(Not enabled)
        1 Reply Last reply Reply Quote 0
        • B
          biggsy
          last edited by

          The above was from a friend's log, which has the "default" verbosity set. I just happened to have it open.

          Below is the log from my own system, which is set to the "recommended" verbosity level. Not sure why it disconnects and reconnects every minute. I'll need to look into that. It even continues even after I have deliberately disconnected the client.

          2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 TLS: Initial packet from [AF_INET]192.168.111.244:59228, sid=486fb48d 61e88213
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 VERIFY SCRIPT OK: depth=1, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Philter OpenVPN
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 VERIFY OK: depth=1, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Philter OpenVPN
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 VERIFY SCRIPT OK: depth=0, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Phil
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 VERIFY OK: depth=0, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Phil
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_VER=2.4.3
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_PLAT=win
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_PROTO=2
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_NCP=2
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_LZ4=1
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_LZ4v2=1
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_LZO=1
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_COMP_STUB=1
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_COMP_STUBv2=1
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_TCPNL=1
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_GUI_VER=OpenVPN_GUI_11
2018-07-17 08:19:35	192.168.11.1	<37>Jul 17 08:19:35 openvpn: user 'Phil' authenticated
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 TLS: Username/Password authentication succeeded for username 'Phil' [CN SET]
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 [Phil] Peer Connection Initiated with [AF_INET]192.168.111.244:59228
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: Phil/192.168.111.244:59228 MULTI_sva: pool returned IPv4=172.23.23.6, IPv6=(Not enabled)
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: Phil/192.168.111.244:59228 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_66e6d88b239a33c467025687518b79cf.tmp
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: Phil/192.168.111.244:59228 MULTI: Learn: 172.23.23.6 -> Phil/192.168.111.244:59228
2018-07-17 08:19:35	192.168.11.1	<29>Jul 17 08:19:35 openvpn[78230]: Phil/192.168.111.244:59228 MULTI: primary virtual IP for Phil/192.168.111.244:59228: 172.23.23.6
2018-07-17 08:19:37	192.168.11.1	<29>Jul 17 08:19:37 openvpn[78230]: Phil/192.168.111.244:59228 PUSH: Received control message: 'PUSH_REQUEST'
2018-07-17 08:19:37	192.168.11.1	<29>Jul 17 08:19:37 openvpn[78230]: Phil/192.168.111.244:59228 SENT CONTROL [Phil]: 'PUSH_REPLY,route 192.168.111.0 255.255.255.0,route 192.168.100.0 255.255.255.0,route 192.168.101.0 255.255.255.0,route 192.168.144.0 255.255.255.0,dhcp-option DOMAIN pjb.cc,dhcp-option DNS 192.168.111.1,route 192.168.11.0 255.255.255.0,route 192.168.100.0 255.255.255.0,route 192.168.144.0 255.255.255.0,route 172.23.23.1,topology net30,ping 10,ping-restart 60,ifconfig 172.23.23.6 172.23.23.5,peer-id 0,cipher AES-256-GCM' (status=1)
2018-07-17 08:19:37	192.168.11.1	<29>Jul 17 08:19:37 openvpn[78230]: Phil/192.168.111.244:59228 Data Channel: using negotiated cipher 'AES-256-GCM'
2018-07-17 08:19:37	192.168.11.1	<29>Jul 17 08:19:37 openvpn[78230]: Phil/192.168.111.244:59228 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2018-07-17 08:19:37	192.168.11.1	<29>Jul 17 08:19:37 openvpn[78230]: Phil/192.168.111.244:59228 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2018-07-17 08:20:23	192.168.11.1	<29>Jul 17 08:20:23 openvpn[78230]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
2018-07-17 08:20:23	192.168.11.1	<29>Jul 17 08:20:23 openvpn[78230]: MANAGEMENT: CMD 'status 2'
2018-07-17 08:20:23	192.168.11.1	<29>Jul 17 08:20:23 openvpn[78230]: MANAGEMENT: CMD 'quit'
2018-07-17 08:20:23	192.168.11.1	<29>Jul 17 08:20:23 openvpn[78230]: MANAGEMENT: Client disconnected
2018-07-17 08:21:25	192.168.11.1	<29>Jul 17 08:21:25 openvpn[78230]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
2018-07-17 08:21:25	192.168.11.1	<29>Jul 17 08:21:25 openvpn[78230]: MANAGEMENT: CMD 'status 2'
2018-07-17 08:21:25	192.168.11.1	<29>Jul 17 08:21:25 openvpn[78230]: MANAGEMENT: CMD 'quit'
2018-07-17 08:21:25	192.168.11.1	<29>Jul 17 08:21:25 openvpn[78230]: MANAGEMENT: Client disconnected
2018-07-17 08:22:26	192.168.11.1	<29>Jul 17 08:22:26 openvpn[78230]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
2018-07-17 08:22:27	192.168.11.1	<29>Jul 17 08:22:27 openvpn[78230]: MANAGEMENT: CMD 'status 2'
2018-07-17 08:22:27	192.168.11.1	<29>Jul 17 08:22:27 openvpn[78230]: MANAGEMENT: CMD 'quit'
2018-07-17 08:22:27	192.168.11.1	<29>Jul 17 08:22:27 openvpn[78230]: MANAGEMENT: Client disconnected
2018-07-17 08:23:28	192.168.11.1	<29>Jul 17 08:23:28 openvpn[78230]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
2018-07-17 08:23:28	192.168.11.1	<29>Jul 17 08:23:28 openvpn[78230]: MANAGEMENT: CMD 'status 2'
2018-07-17 08:23:29	192.168.11.1	<29>Jul 17 08:23:29 openvpn[78230]: MANAGEMENT: CMD 'quit'
2018-07-17 08:23:29	192.168.11.1	<29>Jul 17 08:23:29 openvpn[78230]: MANAGEMENT: Client disconnected
          1 Reply Last reply Reply Quote 0
          • B
            biggsy
            last edited by

            And with verbosity level set to 2

            <29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 VERIFY SCRIPT OK: depth=1, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Philter OpenVPN
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 VERIFY OK: depth=1, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Philter OpenVPN
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 VERIFY SCRIPT OK: depth=0, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Phil
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 VERIFY OK: depth=0, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Phil
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_VER=2.4.3
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_PLAT=win
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_PROTO=2
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_NCP=2
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_LZ4=1
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_LZ4v2=1
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_LZO=1
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_COMP_STUB=1
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_COMP_STUBv2=1
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_TCPNL=1
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_GUI_VER=OpenVPN_GUI_11
<37>Jul 17 08:59:00 openvpn: user 'Phil' authenticated
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 TLS: Username/Password authentication succeeded for username 'Phil' [CN SET]
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 [Phil] Peer Connection Initiated with [AF_INET]192.168.111.244:54668
<29>Jul 17 08:59:00 openvpn[74072]: Phil/192.168.111.244:54668 MULTI_sva: pool returned IPv4=172.23.23.6, IPv6=(Not enabled)
<29>Jul 17 08:59:01 openvpn[74072]: Phil/192.168.111.244:54668 Data Channel: using negotiated cipher 'AES-256-GCM'
<29>Jul 17 08:59:01 openvpn[74072]: Phil/192.168.111.244:54668 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
<29>Jul 17 08:59:01 openvpn[74072]: Phil/192.168.111.244:54668 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

            I can't figure out why the disconnect/disconnect every minute when verbosity is set to 3 (recommended). It goes on and on, spamming the log, even with the client shut down.

            1 Reply Last reply Reply Quote 0
            • B
              biggsy
              last edited by

              Well, found the answer to the MANAGEMENT log entries. It has been mentioned a number of times in the OpenVPN category - e.g., here.

              Reducing the verbosity to 2 (from the recommended 3) eliminates these entries from the log without, it seems, losing any connection information.

              As for client disconnects, it looks as though there is no way to log those with OpenVPN. I even tried putting explicit-exit-notify into my client config. It made no difference.

              C 1 Reply Last reply Reply Quote 0
              • C
                christenjm @biggsy
                last edited by

                @biggsy thank you very very much

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.