[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] OpenVPN connection problems with TLS, not with static key


  • Subject: [Openvpn-users] OpenVPN connection problems with TLS, not with static key
  • From: Sevrin Robstad <quackyo@xxxxxxxx>
  • Date: Tue, 27 Nov 2007 16:00:37 +0100

I have a very strange problem.

I'm trying to set up a roadwarrior VPN server. Clients should get IP from the DHCP server inside VPN network, but the problems I have is the same if I run bridge (tap) or IP-subnet (tun).

When I connect to the VPN-server, everything seems OK, and I get IP adress. If I at the same time as I connect to the VPN also have a "ping -t VPN_local_IP" going on I get 2 or 3 PONGs and then it's all gone.

After 30 seconds or so the VPN connection dies and tries to reconnect. After not being able to connect a couple of times it suddenly connects and everythings seems OK, and after this connection the VPN-tunnel is stable.


I have tried several different ports, and both UDP and TCP.

The strange thing is that this only happens with TLS-server certificates. If I run only with static-key it all works flawlessly, But then I can't run multiple clients..
It's only with tls certs I have to connect multiple times before the tunnel works as it should.
All certificates is built with the easy-rsa tool that comes with OpenVPN.

client.conf:
client
dev tap
proto tcp-client
remote xxxxx.xxxxx.xx 443
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
verb 5

server.conf:
mode server
#proto udp
proto tcp-server
port 443
dev tap0
keepalive 5 10
daemon
verb 4
comp-lzo
client-to-client
duplicate-cn
tls-server
ca ca.crt
dh dh1024.pem
cert server.crt
key server.key
status /var/log/openvpn/status.log
log-append /var/log/openvpn/openvpn.log

The logs  is from both client and server, only from the first connection with a following disconnection.

Log from client (ip adress to vpn server and mailadresses is changed to xx.xx.xx.xx) :

Tue Nov 27 15:48:17 2007 us=140000   mtu_test = 0
Tue Nov 27 15:48:17 2007 us=140000   mlock = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   keepalive_ping = 0
Tue Nov 27 15:48:17 2007 us=140000   keepalive_timeout = 0
Tue Nov 27 15:48:17 2007 us=140000   inactivity_timeout = 0
Tue Nov 27 15:48:17 2007 us=140000   ping_send_timeout = 0
Tue Nov 27 15:48:17 2007 us=140000   ping_rec_timeout = 0
Tue Nov 27 15:48:17 2007 us=140000   ping_rec_timeout_action = 0
Tue Nov 27 15:48:17 2007 us=140000   ping_timer_remote = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   remap_sigusr1 = 0
Tue Nov 27 15:48:17 2007 us=140000   explicit_exit_notification = 0
Tue Nov 27 15:48:17 2007 us=140000   persist_tun = ENABLED
Tue Nov 27 15:48:17 2007 us=140000   persist_local_ip = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   persist_remote_ip = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   persist_key = ENABLED
Tue Nov 27 15:48:17 2007 us=140000   mssfix = 1450
Tue Nov 27 15:48:17 2007 us=140000   resolve_retry_seconds = 1000000000
Tue Nov 27 15:48:17 2007 us=140000   connect_retry_seconds = 5
Tue Nov 27 15:48:17 2007 us=140000   connect_timeout = 10
Tue Nov 27 15:48:17 2007 us=140000   connect_retry_max = 0
Tue Nov 27 15:48:17 2007 us=140000   username = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   groupname = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   chroot_dir = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   cd_dir = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   writepid = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   up_script = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   down_script = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   down_pre = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   up_restart = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   up_delay = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   daemon = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   inetd = 0
Tue Nov 27 15:48:17 2007 us=140000   log = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   suppress_timestamps = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   nice = 0
Tue Nov 27 15:48:17 2007 us=140000   verbosity = 5
Tue Nov 27 15:48:17 2007 us=140000   mute = 0
Tue Nov 27 15:48:17 2007 us=140000   gremlin = 0
Tue Nov 27 15:48:17 2007 us=140000   status_file = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   status_file_version = 1
Tue Nov 27 15:48:17 2007 us=140000   status_file_update_freq = 60
Tue Nov 27 15:48:17 2007 us=140000   occ = ENABLED
Tue Nov 27 15:48:17 2007 us=140000   rcvbuf = 0
Tue Nov 27 15:48:17 2007 us=140000   sndbuf = 0
Tue Nov 27 15:48:17 2007 us=140000   sockflags = 0
Tue Nov 27 15:48:17 2007 us=140000   socks_proxy_server = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   socks_proxy_port = 0
Tue Nov 27 15:48:17 2007 us=140000   socks_proxy_retry = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   fast_io = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   lzo = 7
Tue Nov 27 15:48:17 2007 us=140000   route_script = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   route_default_gateway = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   route_default_metric = 0
Tue Nov 27 15:48:17 2007 us=140000   route_noexec = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   route_delay = 5
Tue Nov 27 15:48:17 2007 us=140000   route_delay_window = 30
Tue Nov 27 15:48:17 2007 us=140000   route_delay_defined = ENABLED
Tue Nov 27 15:48:17 2007 us=140000   route_nopull = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   management_addr = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   management_port = 0
Tue Nov 27 15:48:17 2007 us=140000   management_user_pass = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   management_log_history_cache = 250
Tue Nov 27 15:48:17 2007 us=140000   management_echo_buffer_size = 100
Tue Nov 27 15:48:17 2007 us=140000   management_query_passwords = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   management_hold = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   management_client = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   management_write_peer_info_file = '[UNDEF]'

Tue Nov 27 15:48:17 2007 us=140000   shared_secret_file = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   key_direction = 0
Tue Nov 27 15:48:17 2007 us=140000   ciphername_defined = ENABLED
Tue Nov 27 15:48:17 2007 us=140000   ciphername = 'BF-CBC'
Tue Nov 27 15:48:17 2007 us=140000   authname_defined = ENABLED
Tue Nov 27 15:48:17 2007 us=140000   authname = 'SHA1'
Tue Nov 27 15:48:17 2007 us=140000   keysize = 0
Tue Nov 27 15:48:17 2007 us=140000   engine = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   replay = ENABLED
Tue Nov 27 15:48:17 2007 us=140000   mute_replay_warnings = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   replay_window = 0
Tue Nov 27 15:48:17 2007 us=140000   replay_time = 0
Tue Nov 27 15:48:17 2007 us=140000   packet_id_file = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   use_iv = ENABLED
Tue Nov 27 15:48:17 2007 us=140000   test_crypto = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   tls_server = DISABLED
Tue Nov 27 15:48:17 2007 us=140000   tls_client = ENABLED
Tue Nov 27 15:48:17 2007 us=140000   key_method = 2
Tue Nov 27 15:48:17 2007 us=140000   ca_file = 'ca.crt'
Tue Nov 27 15:48:17 2007 us=140000   ca_path = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   dh_file = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   cert_file = 'sevrin.crt'
Tue Nov 27 15:48:17 2007 us=140000   priv_key_file = 'sevrin.key'
Tue Nov 27 15:48:17 2007 us=140000   pkcs12_file = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   cryptoapi_cert = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   cipher_list = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   tls_verify = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   tls_remote = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   crl_file = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=140000   ns_cert_type = 64
Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
Tue Nov 27 15:48:17 2007 us=171000   remote_cert_ku[i] = 0
Tue Nov 27 15:48:17 2007 us=171000   remote_cert_ku[i] = 0
Tue Nov 27 15:48:17 2007 us=171000   remote_cert_ku[i] = 0
Tue Nov 27 15:48:17 2007 us=171000   remote_cert_ku[i] = 0
Tue Nov 27 15:48:17 2007 us=171000   remote_cert_ku[i] = 0
Tue Nov 27 15:48:17 2007 us=171000   remote_cert_ku[i] = 0
Tue Nov 27 15:48:17 2007 us=171000   remote_cert_eku = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=171000   tls_timeout = 2
Tue Nov 27 15:48:17 2007 us=171000   renegotiate_bytes = 0
Tue Nov 27 15:48:17 2007 us=171000   renegotiate_packets = 0
Tue Nov 27 15:48:17 2007 us=171000   renegotiate_seconds = 3600
Tue Nov 27 15:48:17 2007 us=171000   handshake_window = 60
Tue Nov 27 15:48:17 2007 us=171000   transition_window = 3600
Tue Nov 27 15:48:17 2007 us=171000   single_session = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   tls_exit = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   tls_auth_file = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_pin_cache_period = -1
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_slot_type = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_slot = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_id_type = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=171000   pkcs11_id = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=171000   server_network = 0.0.0.0
Tue Nov 27 15:48:17 2007 us=171000   server_netmask = 0.0.0.0
Tue Nov 27 15:48:17 2007 us=171000   server_bridge_ip = 0.0.0.0
Tue Nov 27 15:48:17 2007 us=203000   server_bridge_netmask = 0.0.0.0
Tue Nov 27 15:48:17 2007 us=203000   server_bridge_pool_start = 0.0.0.0
Tue Nov 27 15:48:17 2007 us=203000   server_bridge_pool_end = 0.0.0.0
Tue Nov 27 15:48:17 2007 us=203000   ifconfig_pool_defined = DISABLED
Tue Nov 27 15:48:17 2007 us=203000   ifconfig_pool_start = 0.0.0.0
Tue Nov 27 15:48:17 2007 us=203000   ifconfig_pool_end = 0.0.0.0
Tue Nov 27 15:48:17 2007 us=203000   ifconfig_pool_netmask = 0.0.0.0
Tue Nov 27 15:48:17 2007 us=203000   ifconfig_pool_persist_filename = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=203000   ifconfig_pool_persist_refresh_freq = 600
Tue Nov 27 15:48:17 2007 us=203000   n_bcast_buf = 256
Tue Nov 27 15:48:17 2007 us=203000   tcp_queue_limit = 64
Tue Nov 27 15:48:17 2007 us=203000   real_hash_size = 256
Tue Nov 27 15:48:17 2007 us=203000   virtual_hash_size = 256
Tue Nov 27 15:48:17 2007 us=203000   client_connect_script = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=203000   learn_address_script = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=203000   client_disconnect_script = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=203000   client_config_dir = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=203000   ccd_exclusive = DISABLED
Tue Nov 27 15:48:17 2007 us=203000   tmp_dir = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=203000   push_ifconfig_defined = DISABLED
Tue Nov 27 15:48:17 2007 us=203000   push_ifconfig_local = 0.0.0.0
Tue Nov 27 15:48:17 2007 us=203000   push_ifconfig_remote_netmask = 0.0.0.0
Tue Nov 27 15:48:17 2007 us=203000   enable_c2c = DISABLED
Tue Nov 27 15:48:17 2007 us=203000   duplicate_cn = DISABLED
Tue Nov 27 15:48:17 2007 us=203000   cf_max = 0
Tue Nov 27 15:48:17 2007 us=203000   cf_per = 0
Tue Nov 27 15:48:17 2007 us=203000   max_clients = 1024
Tue Nov 27 15:48:17 2007 us=203000   max_routes_per_client = 256
Tue Nov 27 15:48:17 2007 us=203000   client_cert_not_required = DISABLED
Tue Nov 27 15:48:17 2007 us=203000   username_as_common_name = DISABLED
Tue Nov 27 15:48:17 2007 us=203000   auth_user_pass_verify_script = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=203000   auth_user_pass_verify_script_via_file = DIS
ABLED
Tue Nov 27 15:48:17 2007 us=203000   client = ENABLED
Tue Nov 27 15:48:17 2007 us=203000   pull = ENABLED
Tue Nov 27 15:48:17 2007 us=203000   auth_user_pass_file = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=203000   show_net_up = DISABLED
Tue Nov 27 15:48:17 2007 us=203000   route_method = 0
Tue Nov 27 15:48:17 2007 us=203000   ip_win32_defined = DISABLED
Tue Nov 27 15:48:17 2007 us=203000   ip_win32_type = 3
Tue Nov 27 15:48:17 2007 us=203000   dhcp_masq_offset = 0
Tue Nov 27 15:48:17 2007 us=203000   dhcp_lease_time = 31536000
Tue Nov 27 15:48:17 2007 us=203000   tap_sleep = 0
Tue Nov 27 15:48:17 2007 us=203000   dhcp_options = DISABLED
Tue Nov 27 15:48:17 2007 us=203000   dhcp_renew = DISABLED
Tue Nov 27 15:48:17 2007 us=203000   dhcp_pre_release = DISABLED
Tue Nov 27 15:48:17 2007 us=203000   dhcp_release = DISABLED
Tue Nov 27 15:48:17 2007 us=203000   domain = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=203000   netbios_scope = '[UNDEF]'
Tue Nov 27 15:48:17 2007 us=203000   netbios_node_type = 0
Tue Nov 27 15:48:17 2007 us=203000   disable_nbt = DISABLED
Tue Nov 27 15:48:17 2007 us=203000 OpenVPN 2.1_rc4 Win32-MinGW [SSL] [LZO2] buil
t on Apr 25 2007
Tue Nov 27 15:48:17 2007 us=203000 LZO compression initialized
Tue Nov 27 15:48:17 2007 us=203000 Control Channel MTU parms [ L:1576 D:140 EF:4
0 EB:0 ET:0 EL:0 ]
Tue Nov 27 15:48:17 2007 us=546000 Data Channel MTU parms [ L:1576 D:1450 EF:44
EB:135 ET:32 EL:0 AF:3/1 ]
Tue Nov 27 15:48:17 2007 us=546000 Local Options String: 'V4,dev-type tap,link-m
tu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize
 128,key-method 2,tls-client'
Tue Nov 27 15:48:17 2007 us=546000 Expected Remote Options String: 'V4,dev-type
tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SH
A1,keysize 128,key-method 2,tls-server'
Tue Nov 27 15:48:17 2007 us=546000 Local Options hash (VER=V4): '31fdf004'
Tue Nov 27 15:48:17 2007 us=546000 Expected Remote Options hash (VER=V4): '3e6d1
056'
Tue Nov 27 15:48:17 2007 us=546000 Attempting to establish TCP connection with 8
0.202.154.115:443
Tue Nov 27 15:48:17 2007 us=562000 TCP connection established with xx.xxx.xxx.xx
5:443
Tue Nov 27 15:48:17 2007 us=562000 Socket Buffers: R=[8192->8192] S=[64512->6451
2]
Tue Nov 27 15:48:17 2007 us=562000 TCPv4_CLIENT link local: [undef]
Tue Nov 27 15:48:17 2007 us=562000 TCPv4_CLIENT link remote: xx.xxx.xxx.xx5:443
WRTue Nov 27 15:48:17 2007 us=593000 TLS: Initial packet from xx.xxx.xxx.xx5:443
, sid=7cd2f873 7e439cad
WWRWRRRWWRWRWRRWWRWRWRTue Nov 27 15:48:17 2007 us=984000 VERIFY OK: depth=1, /C=
no/ST=VA/L=Kristiansand/O=compaq_home_network/CN=sevrin.xxxxxx.xx/emailAddress=s
evrin@xxxxxxxx
Tue Nov 27 15:48:17 2007 us=984000 VERIFY OK: nsCertType=SERVER
Tue Nov 27 15:48:17 2007 us=984000 VERIFY OK: depth=0, /C=no/ST=VA/L=Kristiansan
d/O=compaq_home_network/CN=sevrin.xxxxxx.xx/emailAddress=sevrin@xxxxxxxx
RWWRWRWRRWWRWWWWRWRRRWWWRWRWRRWWRWRWRRWWRWRWRRWWRWRWRRWRRRWWWWRRRRRRTue Nov 27 1
5:48:19 2007 us=140000 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 12
8 bit key
Tue Nov 27 15:48:19 2007 us=140000 Data Channel Encrypt: Using 160 bit message h
ash 'SHA1' for HMAC authentication
Tue Nov 27 15:48:19 2007 us=140000 Data Channel Decrypt: Cipher 'BF-CBC' initial
ized with 128 bit key
Tue Nov 27 15:48:19 2007 us=140000 Data Channel Decrypt: Using 160 bit message h
ash 'SHA1' for HMAC authentication
WWTue Nov 27 15:48:19 2007 us=140000 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Nov 27 15:48:19 2007 us=156000 [sevrin.xxxxxx.xx] Peer Connection Initiated
with xx.xxx.xxx.xx5:443
Tue Nov 27 15:48:20 2007 us=218000 SENT CONTROL [sevrin.xxxxxx.xx]: 'PUSH_REQUES
T' (status=1)
WRRRTue Nov 27 15:48:20 2007 us=437000 PUSH: Received control message: 'PUSH_REP
LY,ping 5,ping-restart 10'
Tue Nov 27 15:48:20 2007 us=437000 OPTIONS IMPORT: timers and/or timeouts modifi
ed
Tue Nov 27 15:48:20 2007 us=453000 TAP-WIN32 device [OpenVPN] opened: \\.\Global
\{5434819F-4705-4D56-9845-43A6A6B6B3E1}.tap
Tue Nov 27 15:48:20 2007 us=453000 TAP-Win32 Driver Version 9.3
Tue Nov 27 15:48:20 2007 us=453000 TAP-Win32 MTU=1500
Tue Nov 27 15:48:20 2007 us=453000 Successful ARP Flush on interface [4] {543481
9F-4705-4D56-9845-43A6A6B6B3E1}
WWrWRwRwRwRwrWRwrWrWRwrWTue Nov 27 15:48:25 2007 us=15000 TEST ROUTES: 0/0 succe
eded len=-1 ret=1 a=0 u/d=up
Tue Nov 27 15:48:25 2007 us=15000 Initialization Sequence Completed
RwrWrWrWRwrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrTue Nov 27
15:48:36 2007 us=296000 [sevrin.xxxxxx.xx] Inactivity timeout (--ping-restart),
restarting
Tue Nov 27 15:48:36 2007 us=296000 TCP/UDP: Closing socket
Tue Nov 27 15:48:36 2007 us=296000 SIGUSR1[soft,ping-restart] received, process
restarting
Tue Nov 27 15:48:36 2007 us=296000 Restart pause, 5 second(s)
Tue Nov 27 15:48:41 2007 us=296000 Re-using SSL/TLS context
Tue Nov 27 15:48:41 2007 us=296000 LZO compression initialized
Tue Nov 27 15:48:41 2007 us=296000 Control Channel MTU parms [ L:1576 D:140 EF:4
0 EB:0 ET:0 EL:0 ]
Tue Nov 27 15:48:42 2007 us=343000 Data Channel MTU parms [ L:1576 D:1450 EF:44
EB:135 ET:32 EL:0 AF:3/1 ]
Tue Nov 27 15:48:42 2007 us=343000 Local Options String: 'V4,dev-type tap,link-m
tu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize
 128,key-method 2,tls-client'
Tue Nov 27 15:48:42 2007 us=343000 Expected Remote Options String: 'V4,dev-type
tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SH
A1,keysize 128,key-method 2,tls-server'
Tue Nov 27 15:48:42 2007 us=343000 Local Options hash (VER=V4): '31fdf004'
Tue Nov 27 15:48:42 2007 us=343000 Expected Remote Options hash (VER=V4): '3e6d1
056'
Tue Nov 27 15:48:42 2007 us=343000 Attempting to establish TCP connection with 8
0.202.154.115:443

-----------------------
Log from server (ips and mailadresses is xxxxxxxxx)

Tue Nov 27 15:53:40 2007 us=14256 Diffie-Hellman initialized with 1024 bit key
Tue Nov 27 15:53:40 2007 us=15992 TLS-Auth MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Nov 27 15:53:40 2007 us=16160 TUN/TAP device tap0 opened
Tue Nov 27 15:53:40 2007 us=16206 TUN/TAP TX queue length set to 100
Tue Nov 27 15:53:40 2007 us=16316 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Nov 27 15:53:40 2007 us=17173 Listening for incoming TCP connection on [undef]:443
Tue Nov 27 15:53:40 2007 us=17381 Socket Buffers: R=[87380->131072] S=[16384->131072]
Tue Nov 27 15:53:40 2007 us=17425 TCPv4_SERVER link local (bound): [undef]:443
Tue Nov 27 15:53:40 2007 us=17450 TCPv4_SERVER link remote: [undef]
Tue Nov 27 15:53:40 2007 us=17487 MULTI: multi_init called, r=256 v=256
Tue Nov 27 15:53:40 2007 us=17695 MULTI: TCP INIT maxclients=1024 maxevents=1028
Tue Nov 27 15:53:40 2007 us=17776 Initialization Sequence Completed
Tue Nov 27 15:53:51 2007 us=707030 MULTI: multi_create_instance called
Tue Nov 27 15:53:51 2007 us=707198 Re-using SSL/TLS context
Tue Nov 27 15:53:51 2007 us=707335 LZO compression initialized
Tue Nov 27 15:53:51 2007 us=707854 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Nov 27 15:53:51 2007 us=708006 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Tue Nov 27 15:53:51 2007 us=708081 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Tue Nov 27 15:53:51 2007 us=708105 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Tue Nov 27 15:53:51 2007 us=708170 Local Options hash (VER=V4): '3e6d1056'
Tue Nov 27 15:53:51 2007 us=708212 Expected Remote Options hash (VER=V4): '31fdf004'
Tue Nov 27 15:53:51 2007 us=708325 TCP connection established with xx.xx.xx.xx:63311
Tue Nov 27 15:53:51 2007 us=708364 Socket Buffers: R=[131072->131072] S=[131072->131072]
Tue Nov 27 15:53:51 2007 us=708400 TCPv4_SERVER link local: [undef]
Tue Nov 27 15:53:51 2007 us=708428 TCPv4_SERVER link remote: xx.xx.xx.xx:63311
Tue Nov 27 15:53:51 2007 us=708871 xx.xx.xx.xx:63311 TLS: Initial packet from xx.xx.xx.xx:63311, sid=407d6310 69d6d4aa
Tue Nov 27 15:53:52 2007 us=629835 xx.xx.xx.xx:63311 VERIFY OK: depth=1, /C=no/ST=VA/L=Kristiansand/O=compaq_home_network/CN=sevrin.xxxxxx.xx/emailAddress=sevrin@xxxxxxxx
Tue Nov 27 15:53:52 2007 us=630350 xx.xx.xx.xx:63311 VERIFY OK: depth=0, /C=no/ST=VA/L=Kristiansand/O=compaq_home_network/CN=sevrin/emailAddress=sevrin@xxxxxxxx
Tue Nov 27 15:53:53 2007 us=128915 xx.xx.xx.xx:63311 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Nov 27 15:53:53 2007 us=129016 xx.xx.xx.xx:63311 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov 27 15:53:53 2007 us=129154 xx.xx.xx.xx:63311 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Nov 27 15:53:53 2007 us=129186 xx.xx.xx.xx:63311 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Nov 27 15:53:53 2007 us=391095 xx.xx.xx.xx:63311 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Nov 27 15:53:53 2007 us=391218 xx.xx.xx.xx:63311 [sevrin] Peer Connection Initiated with xx.xx.xx.xx:63311
Tue Nov 27 15:53:53 2007 us=391333 sevrin/xx.xx.xx.xx:63311 MULTI: no dynamic or static remote --ifconfig address is available for sevrin/xx.xx.xx.xx:63311
Tue Nov 27 15:53:55 2007 us=1272 sevrin/xx.xx.xx.xx:63311 PUSH: Received control message: 'PUSH_REQUEST'
Tue Nov 27 15:53:55 2007 us=1595 sevrin/xx.xx.xx.xx:63311 SENT CONTROL [sevrin]: 'PUSH_REPLY,ping 5,ping-restart 10' (status=1)
Tue Nov 27 15:53:55 2007 us=745196 sevrin/xx.xx.xx.xx:63311 MULTI: Learn: 00:ff:54:34:81:9f -> sevrin/xx.xx.xx.xx:63311
Tue Nov 27 15:54:17 2007 us=152037 sevrin/xx.xx.xx.xx:63311 [sevrin] Inactivity timeout (--ping-restart), restarting
Tue Nov 27 15:54:17 2007 us=152160 sevrin/xx.xx.xx.xx:63311 SIGUSR1[soft,ping-restart] received, client-instance restarting
Tue Nov 27 15:54:17 2007 us=152727 TCP/UDP: Closing socket


-------------------------------------------------------------------------
Få din egen, gratis e-postadresse på Start.no

______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users