[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN connection problems with TLS, not with static key


  • Subject: Re: [Openvpn-users] OpenVPN connection problems with TLS, not with static key
  • From: Jan Just Keijser <janjust@xxxxxxxxx>
  • Date: Tue, 27 Nov 2007 16:24:24 +0100

Hi,

first of all, you're trying to run tcp-over-tcp, which can lead to 
unpredictable results in case of a bad line.
Second, you have
  ping 5
  ping-restart 10
which means ping every 5 seconds and restart after 10 seconds of 
inactivity... Try using something like
  keep-alive 10 60
(which means
  ping 10
  ping-restart 60
) to see if that helps you anything...

cheers,

JJK

Sevrin Robstad wrote:
> I have a very strange problem.
>
> I'm trying to set up a roadwarrior VPN server. Clients should get IP 
> from the DHCP server inside VPN network, but the problems I have is 
> the same if I run bridge (tap) or IP-subnet (tun).
>
> When I connect to the VPN-server, everything seems OK, and I get IP 
> adress. If I at the same time as I connect to the VPN also have a 
> "ping -t VPN_local_IP" going on I get 2 or 3 PONGs and then it's all gone.
>
> After 30 seconds or so the VPN connection dies and tries to reconnect. 
> After not being able to connect a couple of times it suddenly connects 
> and everythings seems OK, and after this connection the VPN-tunnel is 
> stable.
>
>
> I have tried several different ports, and both UDP and TCP.
>
> The strange thing is that this only happens with TLS-server 
> certificates. If I run only with static-key it all works flawlessly, 
> But then I can't run multiple clients..
> It's only with tls certs I have to connect multiple times before the 
> tunnel works as it should.
> All certificates is built with the easy-rsa tool that comes with OpenVPN.
>
> client.conf:
> client
> dev tap
> proto tcp-client
> remote xxxxx.xxxxx.xx 443
> resolv-retry infinite
> nobind
> persist-key
> persist-tun
> ca ca.crt
> cert client1.crt
> key client1.key
> ns-cert-type server
> comp-lzo
> verb 5
>
> server.conf:
> mode server
> #proto udp
> proto tcp-server
> port 443
> dev tap0
> keepalive 5 10
> daemon
> verb 4
> comp-lzo
> client-to-client
> duplicate-cn
> tls-server
> ca ca.crt
> dh dh1024.pem
> cert server.crt
> key server.key
> status /var/log/openvpn/status.log
> log-append /var/log/openvpn/openvpn.log
>
> The logs  is from both client and server, only from the first 
> connection with a following disconnection.
>
> Log from client (ip adress to vpn server and mailadresses is changed 
> to xx.xx.xx.xx) :
>
> Tue Nov 27 15:48:17 2007 us=140000   mtu_test = 0
> Tue Nov 27 15:48:17 2007 us=140000   mlock = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   keepalive_ping = 0
> Tue Nov 27 15:48:17 2007 us=140000   keepalive_timeout = 0
> Tue Nov 27 15:48:17 2007 us=140000   inactivity_timeout = 0
> Tue Nov 27 15:48:17 2007 us=140000   ping_send_timeout = 0
> Tue Nov 27 15:48:17 2007 us=140000   ping_rec_timeout = 0
> Tue Nov 27 15:48:17 2007 us=140000   ping_rec_timeout_action = 0
> Tue Nov 27 15:48:17 2007 us=140000   ping_timer_remote = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   remap_sigusr1 = 0
> Tue Nov 27 15:48:17 2007 us=140000   explicit_exit_notification = 0
> Tue Nov 27 15:48:17 2007 us=140000   persist_tun = ENABLED
> Tue Nov 27 15:48:17 2007 us=140000   persist_local_ip = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   persist_remote_ip = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   persist_key = ENABLED
> Tue Nov 27 15:48:17 2007 us=140000   mssfix = 1450
> Tue Nov 27 15:48:17 2007 us=140000   resolve_retry_seconds = 1000000000
> Tue Nov 27 15:48:17 2007 us=140000   connect_retry_seconds = 5
> Tue Nov 27 15:48:17 2007 us=140000   connect_timeout = 10
> Tue Nov 27 15:48:17 2007 us=140000   connect_retry_max = 0
> Tue Nov 27 15:48:17 2007 us=140000   username = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   groupname = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   chroot_dir = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   cd_dir = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   writepid = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   up_script = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   down_script = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   down_pre = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   up_restart = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   up_delay = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   daemon = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   inetd = 0
> Tue Nov 27 15:48:17 2007 us=140000   log = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   suppress_timestamps = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   nice = 0
> Tue Nov 27 15:48:17 2007 us=140000   verbosity = 5
> Tue Nov 27 15:48:17 2007 us=140000   mute = 0
> Tue Nov 27 15:48:17 2007 us=140000   gremlin = 0
> Tue Nov 27 15:48:17 2007 us=140000   status_file = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   status_file_version = 1
> Tue Nov 27 15:48:17 2007 us=140000   status_file_update_freq = 60
> Tue Nov 27 15:48:17 2007 us=140000   occ = ENABLED
> Tue Nov 27 15:48:17 2007 us=140000   rcvbuf = 0
> Tue Nov 27 15:48:17 2007 us=140000   sndbuf = 0
> Tue Nov 27 15:48:17 2007 us=140000   sockflags = 0
> Tue Nov 27 15:48:17 2007 us=140000   socks_proxy_server = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   socks_proxy_port = 0
> Tue Nov 27 15:48:17 2007 us=140000   socks_proxy_retry = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   fast_io = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   lzo = 7
> Tue Nov 27 15:48:17 2007 us=140000   route_script = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   route_default_gateway = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   route_default_metric = 0
> Tue Nov 27 15:48:17 2007 us=140000   route_noexec = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   route_delay = 5
> Tue Nov 27 15:48:17 2007 us=140000   route_delay_window = 30
> Tue Nov 27 15:48:17 2007 us=140000   route_delay_defined = ENABLED
> Tue Nov 27 15:48:17 2007 us=140000   route_nopull = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   management_addr = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   management_port = 0
> Tue Nov 27 15:48:17 2007 us=140000   management_user_pass = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   management_log_history_cache = 250
> Tue Nov 27 15:48:17 2007 us=140000   management_echo_buffer_size = 100
> Tue Nov 27 15:48:17 2007 us=140000   management_query_passwords = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   management_hold = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   management_client = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   management_write_peer_info_file = 
> '[UNDEF]'
>
> Tue Nov 27 15:48:17 2007 us=140000   shared_secret_file = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   key_direction = 0
> Tue Nov 27 15:48:17 2007 us=140000   ciphername_defined = ENABLED
> Tue Nov 27 15:48:17 2007 us=140000   ciphername = 'BF-CBC'
> Tue Nov 27 15:48:17 2007 us=140000   authname_defined = ENABLED
> Tue Nov 27 15:48:17 2007 us=140000   authname = 'SHA1'
> Tue Nov 27 15:48:17 2007 us=140000   keysize = 0
> Tue Nov 27 15:48:17 2007 us=140000   engine = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   replay = ENABLED
> Tue Nov 27 15:48:17 2007 us=140000   mute_replay_warnings = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   replay_window = 0
> Tue Nov 27 15:48:17 2007 us=140000   replay_time = 0
> Tue Nov 27 15:48:17 2007 us=140000   packet_id_file = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   use_iv = ENABLED
> Tue Nov 27 15:48:17 2007 us=140000   test_crypto = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   tls_server = DISABLED
> Tue Nov 27 15:48:17 2007 us=140000   tls_client = ENABLED
> Tue Nov 27 15:48:17 2007 us=140000   key_method = 2
> Tue Nov 27 15:48:17 2007 us=140000   ca_file = 'ca.crt'
> Tue Nov 27 15:48:17 2007 us=140000   ca_path = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   dh_file = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   cert_file = 'sevrin.crt'
> Tue Nov 27 15:48:17 2007 us=140000   priv_key_file = 'sevrin.key'
> Tue Nov 27 15:48:17 2007 us=140000   pkcs12_file = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   cryptoapi_cert = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   cipher_list = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   tls_verify = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   tls_remote = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   crl_file = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=140000   ns_cert_type = 64
> Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
> Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
> Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
> Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
> Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
> Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
> Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
> Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
> Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
> Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
> Tue Nov 27 15:48:17 2007 us=171000   remote_cert_ku[i] = 0
> Tue Nov 27 15:48:17 2007 us=171000   remote_cert_ku[i] = 0
> Tue Nov 27 15:48:17 2007 us=171000   remote_cert_ku[i] = 0
> Tue Nov 27 15:48:17 2007 us=171000   remote_cert_ku[i] = 0
> Tue Nov 27 15:48:17 2007 us=171000   remote_cert_ku[i] = 0
> Tue Nov 27 15:48:17 2007 us=171000   remote_cert_ku[i] = 0
> Tue Nov 27 15:48:17 2007 us=171000   remote_cert_eku = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=171000   tls_timeout = 2
> Tue Nov 27 15:48:17 2007 us=171000   renegotiate_bytes = 0
> Tue Nov 27 15:48:17 2007 us=171000   renegotiate_packets = 0
> Tue Nov 27 15:48:17 2007 us=171000   renegotiate_seconds = 3600
> Tue Nov 27 15:48:17 2007 us=171000   handshake_window = 60
> Tue Nov 27 15:48:17 2007 us=171000   transition_window = 3600
> Tue Nov 27 15:48:17 2007 us=171000   single_session = DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   tls_exit = DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   tls_auth_file = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = 
> DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = 
> DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = 
> DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = 
> DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = 
> DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = 
> DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = 
> DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = 
> DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = 
> DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = 
> DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = 
> DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = 
> DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = 
> DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = 
> DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = 
> DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication = 
> DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_pin_cache_period = -1
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_slot_type = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_slot = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_id_type = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_id = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=171000   server_network = 0.0.0.0
> Tue Nov 27 15:48:17 2007 us=171000   server_netmask = 0.0.0.0
> Tue Nov 27 15:48:17 2007 us=171000   server_bridge_ip = 0.0.0.0
> Tue Nov 27 15:48:17 2007 us=203000   server_bridge_netmask = 0.0.0.0
> Tue Nov 27 15:48:17 2007 us=203000   server_bridge_pool_start = 0.0.0.0
> Tue Nov 27 15:48:17 2007 us=203000   server_bridge_pool_end = 0.0.0.0
> Tue Nov 27 15:48:17 2007 us=203000   ifconfig_pool_defined = DISABLED
> Tue Nov 27 15:48:17 2007 us=203000   ifconfig_pool_start = 0.0.0.0
> Tue Nov 27 15:48:17 2007 us=203000   ifconfig_pool_end = 0.0.0.0
> Tue Nov 27 15:48:17 2007 us=203000   ifconfig_pool_netmask = 0.0.0.0
> Tue Nov 27 15:48:17 2007 us=203000   ifconfig_pool_persist_filename = 
> '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=203000   
> ifconfig_pool_persist_refresh_freq = 600
> Tue Nov 27 15:48:17 2007 us=203000   n_bcast_buf = 256
> Tue Nov 27 15:48:17 2007 us=203000   tcp_queue_limit = 64
> Tue Nov 27 15:48:17 2007 us=203000   real_hash_size = 256
> Tue Nov 27 15:48:17 2007 us=203000   virtual_hash_size = 256
> Tue Nov 27 15:48:17 2007 us=203000   client_connect_script = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=203000   learn_address_script = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=203000   client_disconnect_script = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=203000   client_config_dir = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=203000   ccd_exclusive = DISABLED
> Tue Nov 27 15:48:17 2007 us=203000   tmp_dir = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=203000   push_ifconfig_defined = DISABLED
> Tue Nov 27 15:48:17 2007 us=203000   push_ifconfig_local = 0.0.0.0
> Tue Nov 27 15:48:17 2007 us=203000   push_ifconfig_remote_netmask = 
> 0.0.0.0
> Tue Nov 27 15:48:17 2007 us=203000   enable_c2c = DISABLED
> Tue Nov 27 15:48:17 2007 us=203000   duplicate_cn = DISABLED
> Tue Nov 27 15:48:17 2007 us=203000   cf_max = 0
> Tue Nov 27 15:48:17 2007 us=203000   cf_per = 0
> Tue Nov 27 15:48:17 2007 us=203000   max_clients = 1024
> Tue Nov 27 15:48:17 2007 us=203000   max_routes_per_client = 256
> Tue Nov 27 15:48:17 2007 us=203000   client_cert_not_required = DISABLED
> Tue Nov 27 15:48:17 2007 us=203000   username_as_common_name = DISABLED
> Tue Nov 27 15:48:17 2007 us=203000   auth_user_pass_verify_script = 
> '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=203000   
> auth_user_pass_verify_script_via_file = DIS
> ABLED
> Tue Nov 27 15:48:17 2007 us=203000   client = ENABLED
> Tue Nov 27 15:48:17 2007 us=203000   pull = ENABLED
> Tue Nov 27 15:48:17 2007 us=203000   auth_user_pass_file = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=203000   show_net_up = DISABLED
> Tue Nov 27 15:48:17 2007 us=203000   route_method = 0
> Tue Nov 27 15:48:17 2007 us=203000   ip_win32_defined = DISABLED
> Tue Nov 27 15:48:17 2007 us=203000   ip_win32_type = 3
> Tue Nov 27 15:48:17 2007 us=203000   dhcp_masq_offset = 0
> Tue Nov 27 15:48:17 2007 us=203000   dhcp_lease_time = 31536000
> Tue Nov 27 15:48:17 2007 us=203000   tap_sleep = 0
> Tue Nov 27 15:48:17 2007 us=203000   dhcp_options = DISABLED
> Tue Nov 27 15:48:17 2007 us=203000   dhcp_renew = DISABLED
> Tue Nov 27 15:48:17 2007 us=203000   dhcp_pre_release = DISABLED
> Tue Nov 27 15:48:17 2007 us=203000   dhcp_release = DISABLED
> Tue Nov 27 15:48:17 2007 us=203000   domain = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=203000   netbios_scope = '[UNDEF]'
> Tue Nov 27 15:48:17 2007 us=203000   netbios_node_type = 0
> Tue Nov 27 15:48:17 2007 us=203000   disable_nbt = DISABLED
> Tue Nov 27 15:48:17 2007 us=203000 OpenVPN 2.1_rc4 Win32-MinGW [SSL] 
> [LZO2] buil
> t on Apr 25 2007
> Tue Nov 27 15:48:17 2007 us=203000 LZO compression initialized
> Tue Nov 27 15:48:17 2007 us=203000 Control Channel MTU parms [ L:1576 
> D:140 EF:4
> 0 EB:0 ET:0 EL:0 ]
> Tue Nov 27 15:48:17 2007 us=546000 Data Channel MTU parms [ L:1576 
> D:1450 EF:44
> EB:135 ET:32 EL:0 AF:3/1 ]
> Tue Nov 27 15:48:17 2007 us=546000 Local Options String: 'V4,dev-type 
> tap,link-m
> tu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth 
> SHA1,keysize
>  128,key-method 2,tls-client'
> Tue Nov 27 15:48:17 2007 us=546000 Expected Remote Options String: 
> 'V4,dev-type
> tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher 
> BF-CBC,auth SH
> A1,keysize 128,key-method 2,tls-server'
> Tue Nov 27 15:48:17 2007 us=546000 Local Options hash (VER=V4): '31fdf004'
> Tue Nov 27 15:48:17 2007 us=546000 Expected Remote Options hash 
> (VER=V4): '3e6d1
> 056'
> Tue Nov 27 15:48:17 2007 us=546000 Attempting to establish TCP 
> connection with 8
> 0.202.154.115:443
> Tue Nov 27 15:48:17 2007 us=562000 TCP connection established with 
> xx.xxx.xxx.xx
> 5:443
> Tue Nov 27 15:48:17 2007 us=562000 Socket Buffers: R=[8192->8192] 
> S=[64512->6451
> 2]
> Tue Nov 27 15:48:17 2007 us=562000 TCPv4_CLIENT link local: [undef]
> Tue Nov 27 15:48:17 2007 us=562000 TCPv4_CLIENT link remote: 
> xx.xxx.xxx.xx5:443
> WRTue Nov 27 15:48:17 2007 us=593000 TLS: Initial packet from 
> xx.xxx.xxx.xx5:443
> , sid=7cd2f873 7e439cad
> WWRWRRRWWRWRWRRWWRWRWRTue Nov 27 15:48:17 2007 us=984000 VERIFY OK: 
> depth=1, /C=
> no/ST=VA/L=Kristiansand/O=compaq_home_network/CN=sevrin.xxxxxx.xx/emailAddress=s
> evrin@xxxxxxxx
> Tue Nov 27 15:48:17 2007 us=984000 VERIFY OK: nsCertType=SERVER
> Tue Nov 27 15:48:17 2007 us=984000 VERIFY OK: depth=0, 
> /C=no/ST=VA/L=Kristiansan
> d/O=compaq_home_network/CN=sevrin.xxxxxx.xx/emailAddress=sevrin@xxxxxxxx
> RWWRWRWRRWWRWWWWRWRRRWWWRWRWRRWWRWRWRRWWRWRWRRWWRWRWRRWRRRWWWWRRRRRRTue 
> Nov 27 1
> 5:48:19 2007 us=140000 Data Channel Encrypt: Cipher 'BF-CBC' 
> initialized with 12
> 8 bit key
> Tue Nov 27 15:48:19 2007 us=140000 Data Channel Encrypt: Using 160 bit 
> message h
> ash 'SHA1' for HMAC authentication
> Tue Nov 27 15:48:19 2007 us=140000 Data Channel Decrypt: Cipher 
> 'BF-CBC' initial
> ized with 128 bit key
> Tue Nov 27 15:48:19 2007 us=140000 Data Channel Decrypt: Using 160 bit 
> message h
> ash 'SHA1' for HMAC authentication
> WWTue Nov 27 15:48:19 2007 us=140000 Control Channel: TLSv1, cipher 
> TLSv1/SSLv3
> DHE-RSA-AES256-SHA, 1024 bit RSA
> Tue Nov 27 15:48:19 2007 us=156000 [sevrin.xxxxxx.xx] Peer Connection 
> Initiated
> with xx.xxx.xxx.xx5:443
> Tue Nov 27 15:48:20 2007 us=218000 SENT CONTROL [sevrin.xxxxxx.xx]: 
> 'PUSH_REQUES
> T' (status=1)
> WRRRTue Nov 27 15:48:20 2007 us=437000 PUSH: Received control message: 
> 'PUSH_REP
> LY,ping 5,ping-restart 10'
> Tue Nov 27 15:48:20 2007 us=437000 OPTIONS IMPORT: timers and/or 
> timeouts modifi
> ed
> Tue Nov 27 15:48:20 2007 us=453000 TAP-WIN32 device [OpenVPN] opened: 
> \\.\Global
> \{5434819F-4705-4D56-9845-43A6A6B6B3E1}.tap
> Tue Nov 27 15:48:20 2007 us=453000 TAP-Win32 Driver Version 9.3
> Tue Nov 27 15:48:20 2007 us=453000 TAP-Win32 MTU=1500
> Tue Nov 27 15:48:20 2007 us=453000 Successful ARP Flush on interface 
> [4] {543481
> 9F-4705-4D56-9845-43A6A6B6B3E1}
> WWrWRwRwRwRwrWRwrWrWRwrWTue Nov 27 15:48:25 2007 us=15000 TEST ROUTES: 
> 0/0 succe
> eded len=-1 ret=1 a=0 u/d=up
> Tue Nov 27 15:48:25 2007 us=15000 Initialization Sequence Completed
> RwrWrWrWRwrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrTue 
> Nov 27
> 15:48:36 2007 us=296000 [sevrin.xxxxxx.xx] Inactivity timeout 
> (--ping-restart),
> restarting
> Tue Nov 27 15:48:36 2007 us=296000 TCP/UDP: Closing socket
> Tue Nov 27 15:48:36 2007 us=296000 SIGUSR1[soft,ping-restart] 
> received, process
> restarting
> Tue Nov 27 15:48:36 2007 us=296000 Restart pause, 5 second(s)
> Tue Nov 27 15:48:41 2007 us=296000 Re-using SSL/TLS context
> Tue Nov 27 15:48:41 2007 us=296000 LZO compression initialized
> Tue Nov 27 15:48:41 2007 us=296000 Control Channel MTU parms [ L:1576 
> D:140 EF:4
> 0 EB:0 ET:0 EL:0 ]
> Tue Nov 27 15:48:42 2007 us=343000 Data Channel MTU parms [ L:1576 
> D:1450 EF:44
> EB:135 ET:32 EL:0 AF:3/1 ]
> Tue Nov 27 15:48:42 2007 us=343000 Local Options String: 'V4,dev-type 
> tap,link-m
> tu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth 
> SHA1,keysize
>  128,key-method 2,tls-client'
> Tue Nov 27 15:48:42 2007 us=343000 Expected Remote Options String: 
> 'V4,dev-type
> tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher 
> BF-CBC,auth SH
> A1,keysize 128,key-method 2,tls-server'
> Tue Nov 27 15:48:42 2007 us=343000 Local Options hash (VER=V4): '31fdf004'
> Tue Nov 27 15:48:42 2007 us=343000 Expected Remote Options hash 
> (VER=V4): '3e6d1
> 056'
> Tue Nov 27 15:48:42 2007 us=343000 Attempting to establish TCP 
> connection with 8
> 0.202.154.115:443
>
> -----------------------
> Log from server (ips and mailadresses is xxxxxxxxx)
>
> Tue Nov 27 15:53:40 2007 us=14256 Diffie-Hellman initialized with 1024 
> bit key
> Tue Nov 27 15:53:40 2007 us=15992 TLS-Auth MTU parms [ L:1576 D:140 
> EF:40 EB:0 ET:0 EL:0 ]
> Tue Nov 27 15:53:40 2007 us=16160 TUN/TAP device tap0 opened
> Tue Nov 27 15:53:40 2007 us=16206 TUN/TAP TX queue length set to 100
> Tue Nov 27 15:53:40 2007 us=16316 Data Channel MTU parms [ L:1576 
> D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
> Tue Nov 27 15:53:40 2007 us=17173 Listening for incoming TCP 
> connection on [undef]:443
> Tue Nov 27 15:53:40 2007 us=17381 Socket Buffers: R=[87380->131072] 
> S=[16384->131072]
> Tue Nov 27 15:53:40 2007 us=17425 TCPv4_SERVER link local (bound): 
> [undef]:443
> Tue Nov 27 15:53:40 2007 us=17450 TCPv4_SERVER link remote: [undef]
> Tue Nov 27 15:53:40 2007 us=17487 MULTI: multi_init called, r=256 v=256
> Tue Nov 27 15:53:40 2007 us=17695 MULTI: TCP INIT maxclients=1024 
> maxevents=1028
> Tue Nov 27 15:53:40 2007 us=17776 Initialization Sequence Completed
> Tue Nov 27 15:53:51 2007 us=707030 MULTI: multi_create_instance called
> Tue Nov 27 15:53:51 2007 us=707198 Re-using SSL/TLS context
> Tue Nov 27 15:53:51 2007 us=707335 LZO compression initialized
> Tue Nov 27 15:53:51 2007 us=707854 Control Channel MTU parms [ L:1576 
> D:140 EF:40 EB:0 ET:0 EL:0 ]
> Tue Nov 27 15:53:51 2007 us=708006 Data Channel MTU parms [ L:1576 
> D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
> Tue Nov 27 15:53:51 2007 us=708081 Local Options String: 'V4,dev-type 
> tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher 
> BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
> Tue Nov 27 15:53:51 2007 us=708105 Expected Remote Options String: 
> 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto 
> TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 
> 2,tls-client'
> Tue Nov 27 15:53:51 2007 us=708170 Local Options hash (VER=V4): '3e6d1056'
> Tue Nov 27 15:53:51 2007 us=708212 Expected Remote Options hash 
> (VER=V4): '31fdf004'
> Tue Nov 27 15:53:51 2007 us=708325 TCP connection established with 
> xx.xx.xx.xx:63311
> Tue Nov 27 15:53:51 2007 us=708364 Socket Buffers: R=[131072->131072] 
> S=[131072->131072]
> Tue Nov 27 15:53:51 2007 us=708400 TCPv4_SERVER link local: [undef]
> Tue Nov 27 15:53:51 2007 us=708428 TCPv4_SERVER link remote: 
> xx.xx.xx.xx:63311
> Tue Nov 27 15:53:51 2007 us=708871 xx.xx.xx.xx:63311 TLS: Initial 
> packet from xx.xx.xx.xx:63311, sid=407d6310 69d6d4aa
> Tue Nov 27 15:53:52 2007 us=629835 xx.xx.xx.xx:63311 VERIFY OK: 
> depth=1, 
> /C=no/ST=VA/L=Kristiansand/O=compaq_home_network/CN=sevrin.xxxxxx.xx/emailAddress=sevrin@xxxxxxxx
> Tue Nov 27 15:53:52 2007 us=630350 xx.xx.xx.xx:63311 VERIFY OK: 
> depth=0, 
> /C=no/ST=VA/L=Kristiansand/O=compaq_home_network/CN=sevrin/emailAddress=sevrin@xxxxxxxx
> Tue Nov 27 15:53:53 2007 us=128915 xx.xx.xx.xx:63311 Data Channel 
> Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
> Tue Nov 27 15:53:53 2007 us=129016 xx.xx.xx.xx:63311 Data Channel 
> Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
> Tue Nov 27 15:53:53 2007 us=129154 xx.xx.xx.xx:63311 Data Channel 
> Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
> Tue Nov 27 15:53:53 2007 us=129186 xx.xx.xx.xx:63311 Data Channel 
> Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
> Tue Nov 27 15:53:53 2007 us=391095 xx.xx.xx.xx:63311 Control Channel: 
> TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
> Tue Nov 27 15:53:53 2007 us=391218 xx.xx.xx.xx:63311 [sevrin] Peer 
> Connection Initiated with xx.xx.xx.xx:63311
> Tue Nov 27 15:53:53 2007 us=391333 sevrin/xx.xx.xx.xx:63311 MULTI: no 
> dynamic or static remote --ifconfig address is available for 
> sevrin/xx.xx.xx.xx:63311
> Tue Nov 27 15:53:55 2007 us=1272 sevrin/xx.xx.xx.xx:63311 PUSH: 
> Received control message: 'PUSH_REQUEST'
> Tue Nov 27 15:53:55 2007 us=1595 sevrin/xx.xx.xx.xx:63311 SENT CONTROL 
> [sevrin]: 'PUSH_REPLY,ping 5,ping-restart 10' (status=1)
> Tue Nov 27 15:53:55 2007 us=745196 sevrin/xx.xx.xx.xx:63311 MULTI: 
> Learn: 00:ff:54:34:81:9f -> sevrin/xx.xx.xx.xx:63311
> Tue Nov 27 15:54:17 2007 us=152037 sevrin/xx.xx.xx.xx:63311 [sevrin] 
> Inactivity timeout (--ping-restart), restarting
> Tue Nov 27 15:54:17 2007 us=152160 sevrin/xx.xx.xx.xx:63311 
> SIGUSR1[soft,ping-restart] received, client-instance restarting
> Tue Nov 27 15:54:17 2007 us=152727 TCP/UDP: Closing socket
>

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users