OpenVPN Sample Syslog Messages
-
Can anyone provide me with the sample syslogs for the openvpn login, logout, connection events., etc
-
Here's a login sequence but I don't see any matching logout. 1.2.3.4 is the sanitized source/client address. Hope that helps.
<29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_VER=2.4.4 <29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_PLAT=win <29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_PROTO=2 <29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_NCP=2 <29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_LZ4=1 <29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_LZ4v2=1 <29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_LZO=1 <29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_COMP_STUB=1 <29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_COMP_STUBv2=1 <29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_TCPNL=1 <29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 peer info: IV_GUI_VER=OpenVPN_GUI_11 <29>Jul 17 07:14:48 openvpn[67790]: 1.2.3.4:31569 [Peter] Peer Connection Initiated with [AF_INET]1.2.3.4:31569 <29>Jul 17 07:14:48 openvpn[67790]: Peter/1.2.3.4:31569 MULTI_sva: pool returned IPv4=172.23.23.6, IPv6=(Not enabled)
-
The above was from a friend's log, which has the "default" verbosity set. I just happened to have it open.
Below is the log from my own system, which is set to the "recommended" verbosity level. Not sure why it disconnects and reconnects every minute. I'll need to look into that. It even continues even after I have deliberately disconnected the client.
2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 TLS: Initial packet from [AF_INET]192.168.111.244:59228, sid=486fb48d 61e88213 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 VERIFY SCRIPT OK: depth=1, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Philter OpenVPN 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 VERIFY OK: depth=1, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Philter OpenVPN 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 VERIFY SCRIPT OK: depth=0, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Phil 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 VERIFY OK: depth=0, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Phil 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_VER=2.4.3 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_PLAT=win 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_PROTO=2 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_NCP=2 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_LZ4=1 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_LZ4v2=1 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_LZO=1 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_COMP_STUB=1 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_COMP_STUBv2=1 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_TCPNL=1 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 peer info: IV_GUI_VER=OpenVPN_GUI_11 2018-07-17 08:19:35 192.168.11.1 <37>Jul 17 08:19:35 openvpn: user 'Phil' authenticated 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 TLS: Username/Password authentication succeeded for username 'Phil' [CN SET] 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: 192.168.111.244:59228 [Phil] Peer Connection Initiated with [AF_INET]192.168.111.244:59228 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: Phil/192.168.111.244:59228 MULTI_sva: pool returned IPv4=172.23.23.6, IPv6=(Not enabled) 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: Phil/192.168.111.244:59228 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_66e6d88b239a33c467025687518b79cf.tmp 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: Phil/192.168.111.244:59228 MULTI: Learn: 172.23.23.6 -> Phil/192.168.111.244:59228 2018-07-17 08:19:35 192.168.11.1 <29>Jul 17 08:19:35 openvpn[78230]: Phil/192.168.111.244:59228 MULTI: primary virtual IP for Phil/192.168.111.244:59228: 172.23.23.6 2018-07-17 08:19:37 192.168.11.1 <29>Jul 17 08:19:37 openvpn[78230]: Phil/192.168.111.244:59228 PUSH: Received control message: 'PUSH_REQUEST' 2018-07-17 08:19:37 192.168.11.1 <29>Jul 17 08:19:37 openvpn[78230]: Phil/192.168.111.244:59228 SENT CONTROL [Phil]: 'PUSH_REPLY,route 192.168.111.0 255.255.255.0,route 192.168.100.0 255.255.255.0,route 192.168.101.0 255.255.255.0,route 192.168.144.0 255.255.255.0,dhcp-option DOMAIN pjb.cc,dhcp-option DNS 192.168.111.1,route 192.168.11.0 255.255.255.0,route 192.168.100.0 255.255.255.0,route 192.168.144.0 255.255.255.0,route 172.23.23.1,topology net30,ping 10,ping-restart 60,ifconfig 172.23.23.6 172.23.23.5,peer-id 0,cipher AES-256-GCM' (status=1) 2018-07-17 08:19:37 192.168.11.1 <29>Jul 17 08:19:37 openvpn[78230]: Phil/192.168.111.244:59228 Data Channel: using negotiated cipher 'AES-256-GCM' 2018-07-17 08:19:37 192.168.11.1 <29>Jul 17 08:19:37 openvpn[78230]: Phil/192.168.111.244:59228 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2018-07-17 08:19:37 192.168.11.1 <29>Jul 17 08:19:37 openvpn[78230]: Phil/192.168.111.244:59228 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2018-07-17 08:20:23 192.168.11.1 <29>Jul 17 08:20:23 openvpn[78230]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock 2018-07-17 08:20:23 192.168.11.1 <29>Jul 17 08:20:23 openvpn[78230]: MANAGEMENT: CMD 'status 2' 2018-07-17 08:20:23 192.168.11.1 <29>Jul 17 08:20:23 openvpn[78230]: MANAGEMENT: CMD 'quit' 2018-07-17 08:20:23 192.168.11.1 <29>Jul 17 08:20:23 openvpn[78230]: MANAGEMENT: Client disconnected 2018-07-17 08:21:25 192.168.11.1 <29>Jul 17 08:21:25 openvpn[78230]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock 2018-07-17 08:21:25 192.168.11.1 <29>Jul 17 08:21:25 openvpn[78230]: MANAGEMENT: CMD 'status 2' 2018-07-17 08:21:25 192.168.11.1 <29>Jul 17 08:21:25 openvpn[78230]: MANAGEMENT: CMD 'quit' 2018-07-17 08:21:25 192.168.11.1 <29>Jul 17 08:21:25 openvpn[78230]: MANAGEMENT: Client disconnected 2018-07-17 08:22:26 192.168.11.1 <29>Jul 17 08:22:26 openvpn[78230]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock 2018-07-17 08:22:27 192.168.11.1 <29>Jul 17 08:22:27 openvpn[78230]: MANAGEMENT: CMD 'status 2' 2018-07-17 08:22:27 192.168.11.1 <29>Jul 17 08:22:27 openvpn[78230]: MANAGEMENT: CMD 'quit' 2018-07-17 08:22:27 192.168.11.1 <29>Jul 17 08:22:27 openvpn[78230]: MANAGEMENT: Client disconnected 2018-07-17 08:23:28 192.168.11.1 <29>Jul 17 08:23:28 openvpn[78230]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock 2018-07-17 08:23:28 192.168.11.1 <29>Jul 17 08:23:28 openvpn[78230]: MANAGEMENT: CMD 'status 2' 2018-07-17 08:23:29 192.168.11.1 <29>Jul 17 08:23:29 openvpn[78230]: MANAGEMENT: CMD 'quit' 2018-07-17 08:23:29 192.168.11.1 <29>Jul 17 08:23:29 openvpn[78230]: MANAGEMENT: Client disconnected
-
And with verbosity level set to 2
<29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 VERIFY SCRIPT OK: depth=1, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Philter OpenVPN <29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 VERIFY OK: depth=1, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Philter OpenVPN <29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 VERIFY SCRIPT OK: depth=0, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Phil <29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 VERIFY OK: depth=0, C=AU, ST=New South Wales, L=Sydney, O=Me, emailAddress=me@home, CN=Phil <29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_VER=2.4.3 <29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_PLAT=win <29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_PROTO=2 <29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_NCP=2 <29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_LZ4=1 <29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_LZ4v2=1 <29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_LZO=1 <29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_COMP_STUB=1 <29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_COMP_STUBv2=1 <29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_TCPNL=1 <29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 peer info: IV_GUI_VER=OpenVPN_GUI_11 <37>Jul 17 08:59:00 openvpn: user 'Phil' authenticated <29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 TLS: Username/Password authentication succeeded for username 'Phil' [CN SET] <29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA <29>Jul 17 08:59:00 openvpn[74072]: 192.168.111.244:54668 [Phil] Peer Connection Initiated with [AF_INET]192.168.111.244:54668 <29>Jul 17 08:59:00 openvpn[74072]: Phil/192.168.111.244:54668 MULTI_sva: pool returned IPv4=172.23.23.6, IPv6=(Not enabled) <29>Jul 17 08:59:01 openvpn[74072]: Phil/192.168.111.244:54668 Data Channel: using negotiated cipher 'AES-256-GCM' <29>Jul 17 08:59:01 openvpn[74072]: Phil/192.168.111.244:54668 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key <29>Jul 17 08:59:01 openvpn[74072]: Phil/192.168.111.244:54668 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
I can't figure out why the disconnect/disconnect every minute when verbosity is set to 3 (recommended). It goes on and on, spamming the log, even with the client shut down.
-
Well, found the answer to the MANAGEMENT log entries. It has been mentioned a number of times in the OpenVPN category - e.g., here.
Reducing the verbosity to 2 (from the recommended 3) eliminates these entries from the log without, it seems, losing any connection information.
As for client disconnects, it looks as though there is no way to log those with OpenVPN. I even tried putting explicit-exit-notify into my client config. It made no difference.
-
@biggsy thank you very very much