[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN connection problems with TLS, not with static key


  • Subject: Re: [Openvpn-users] OpenVPN connection problems with TLS, not with static key
  • From: Sevrin Robstad <quackyo@xxxxxxxx>
  • Date: Tue, 27 Nov 2007 17:21:43 +0100

Thanks for replying,

Unfortunately, I have tried it already. As I wrote in the first post, I 
have tried different ports and with both UDP and TCP..
The Keep-alive stuff was 10 60 at first, but then I tried to set it to 5 
10 just to get it to restart quicker, since it didn't work the first 
time anyway.

Any other thoughts ?

Sevrin

Jan Just Keijser wrote:
> Hi,
>
> first of all, you're trying to run tcp-over-tcp, which can lead to 
> unpredictable results in case of a bad line.
> Second, you have
>  ping 5
>  ping-restart 10
> which means ping every 5 seconds and restart after 10 seconds of 
> inactivity... Try using something like
>  keep-alive 10 60
> (which means
>  ping 10
>  ping-restart 60
> ) to see if that helps you anything...
>
> cheers,
>
> JJK
>
> Sevrin Robstad wrote:
>> I have a very strange problem.
>>
>> I'm trying to set up a roadwarrior VPN server. Clients should get IP 
>> from the DHCP server inside VPN network, but the problems I have is 
>> the same if I run bridge (tap) or IP-subnet (tun).
>>
>> When I connect to the VPN-server, everything seems OK, and I get IP 
>> adress. If I at the same time as I connect to the VPN also have a 
>> "ping -t VPN_local_IP" going on I get 2 or 3 PONGs and then it's all 
>> gone.
>>
>> After 30 seconds or so the VPN connection dies and tries to 
>> reconnect. After not being able to connect a couple of times it 
>> suddenly connects and everythings seems OK, and after this connection 
>> the VPN-tunnel is stable.
>>
>>
>> I have tried several different ports, and both UDP and TCP.
>>
>> The strange thing is that this only happens with TLS-server 
>> certificates. If I run only with static-key it all works flawlessly, 
>> But then I can't run multiple clients..
>> It's only with tls certs I have to connect multiple times before the 
>> tunnel works as it should.
>> All certificates is built with the easy-rsa tool that comes with 
>> OpenVPN.
>>
>> client.conf:
>> client
>> dev tap
>> proto tcp-client
>> remote xxxxx.xxxxx.xx 443
>> resolv-retry infinite
>> nobind
>> persist-key
>> persist-tun
>> ca ca.crt
>> cert client1.crt
>> key client1.key
>> ns-cert-type server
>> comp-lzo
>> verb 5
>>
>> server.conf:
>> mode server
>> #proto udp
>> proto tcp-server
>> port 443
>> dev tap0
>> keepalive 5 10
>> daemon
>> verb 4
>> comp-lzo
>> client-to-client
>> duplicate-cn
>> tls-server
>> ca ca.crt
>> dh dh1024.pem
>> cert server.crt
>> key server.key
>> status /var/log/openvpn/status.log
>> log-append /var/log/openvpn/openvpn.log
>>
>> The logs  is from both client and server, only from the first 
>> connection with a following disconnection.
>>
>> Log from client (ip adress to vpn server and mailadresses is changed 
>> to xx.xx.xx.xx) :
>>
>> Tue Nov 27 15:48:17 2007 us=140000   mtu_test = 0
>> Tue Nov 27 15:48:17 2007 us=140000   mlock = DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   keepalive_ping = 0
>> Tue Nov 27 15:48:17 2007 us=140000   keepalive_timeout = 0
>> Tue Nov 27 15:48:17 2007 us=140000   inactivity_timeout = 0
>> Tue Nov 27 15:48:17 2007 us=140000   ping_send_timeout = 0
>> Tue Nov 27 15:48:17 2007 us=140000   ping_rec_timeout = 0
>> Tue Nov 27 15:48:17 2007 us=140000   ping_rec_timeout_action = 0
>> Tue Nov 27 15:48:17 2007 us=140000   ping_timer_remote = DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   remap_sigusr1 = 0
>> Tue Nov 27 15:48:17 2007 us=140000   explicit_exit_notification = 0
>> Tue Nov 27 15:48:17 2007 us=140000   persist_tun = ENABLED
>> Tue Nov 27 15:48:17 2007 us=140000   persist_local_ip = DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   persist_remote_ip = DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   persist_key = ENABLED
>> Tue Nov 27 15:48:17 2007 us=140000   mssfix = 1450
>> Tue Nov 27 15:48:17 2007 us=140000   resolve_retry_seconds = 1000000000
>> Tue Nov 27 15:48:17 2007 us=140000   connect_retry_seconds = 5
>> Tue Nov 27 15:48:17 2007 us=140000   connect_timeout = 10
>> Tue Nov 27 15:48:17 2007 us=140000   connect_retry_max = 0
>> Tue Nov 27 15:48:17 2007 us=140000   username = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   groupname = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   chroot_dir = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   cd_dir = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   writepid = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   up_script = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   down_script = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   down_pre = DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   up_restart = DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   up_delay = DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   daemon = DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   inetd = 0
>> Tue Nov 27 15:48:17 2007 us=140000   log = DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   suppress_timestamps = DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   nice = 0
>> Tue Nov 27 15:48:17 2007 us=140000   verbosity = 5
>> Tue Nov 27 15:48:17 2007 us=140000   mute = 0
>> Tue Nov 27 15:48:17 2007 us=140000   gremlin = 0
>> Tue Nov 27 15:48:17 2007 us=140000   status_file = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   status_file_version = 1
>> Tue Nov 27 15:48:17 2007 us=140000   status_file_update_freq = 60
>> Tue Nov 27 15:48:17 2007 us=140000   occ = ENABLED
>> Tue Nov 27 15:48:17 2007 us=140000   rcvbuf = 0
>> Tue Nov 27 15:48:17 2007 us=140000   sndbuf = 0
>> Tue Nov 27 15:48:17 2007 us=140000   sockflags = 0
>> Tue Nov 27 15:48:17 2007 us=140000   socks_proxy_server = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   socks_proxy_port = 0
>> Tue Nov 27 15:48:17 2007 us=140000   socks_proxy_retry = DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   fast_io = DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   lzo = 7
>> Tue Nov 27 15:48:17 2007 us=140000   route_script = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   route_default_gateway = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   route_default_metric = 0
>> Tue Nov 27 15:48:17 2007 us=140000   route_noexec = DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   route_delay = 5
>> Tue Nov 27 15:48:17 2007 us=140000   route_delay_window = 30
>> Tue Nov 27 15:48:17 2007 us=140000   route_delay_defined = ENABLED
>> Tue Nov 27 15:48:17 2007 us=140000   route_nopull = DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   management_addr = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   management_port = 0
>> Tue Nov 27 15:48:17 2007 us=140000   management_user_pass = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   management_log_history_cache = 250
>> Tue Nov 27 15:48:17 2007 us=140000   management_echo_buffer_size = 100
>> Tue Nov 27 15:48:17 2007 us=140000   management_query_passwords = 
>> DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   management_hold = DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   management_client = DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   management_write_peer_info_file 
>> = '[UNDEF]'
>>
>> Tue Nov 27 15:48:17 2007 us=140000   shared_secret_file = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   key_direction = 0
>> Tue Nov 27 15:48:17 2007 us=140000   ciphername_defined = ENABLED
>> Tue Nov 27 15:48:17 2007 us=140000   ciphername = 'BF-CBC'
>> Tue Nov 27 15:48:17 2007 us=140000   authname_defined = ENABLED
>> Tue Nov 27 15:48:17 2007 us=140000   authname = 'SHA1'
>> Tue Nov 27 15:48:17 2007 us=140000   keysize = 0
>> Tue Nov 27 15:48:17 2007 us=140000   engine = DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   replay = ENABLED
>> Tue Nov 27 15:48:17 2007 us=140000   mute_replay_warnings = DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   replay_window = 0
>> Tue Nov 27 15:48:17 2007 us=140000   replay_time = 0
>> Tue Nov 27 15:48:17 2007 us=140000   packet_id_file = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   use_iv = ENABLED
>> Tue Nov 27 15:48:17 2007 us=140000   test_crypto = DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   tls_server = DISABLED
>> Tue Nov 27 15:48:17 2007 us=140000   tls_client = ENABLED
>> Tue Nov 27 15:48:17 2007 us=140000   key_method = 2
>> Tue Nov 27 15:48:17 2007 us=140000   ca_file = 'ca.crt'
>> Tue Nov 27 15:48:17 2007 us=140000   ca_path = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   dh_file = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   cert_file = 'sevrin.crt'
>> Tue Nov 27 15:48:17 2007 us=140000   priv_key_file = 'sevrin.key'
>> Tue Nov 27 15:48:17 2007 us=140000   pkcs12_file = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   cryptoapi_cert = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   cipher_list = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   tls_verify = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   tls_remote = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   crl_file = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=140000   ns_cert_type = 64
>> Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
>> Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
>> Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
>> Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
>> Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
>> Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
>> Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
>> Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
>> Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
>> Tue Nov 27 15:48:17 2007 us=140000   remote_cert_ku[i] = 0
>> Tue Nov 27 15:48:17 2007 us=171000   remote_cert_ku[i] = 0
>> Tue Nov 27 15:48:17 2007 us=171000   remote_cert_ku[i] = 0
>> Tue Nov 27 15:48:17 2007 us=171000   remote_cert_ku[i] = 0
>> Tue Nov 27 15:48:17 2007 us=171000   remote_cert_ku[i] = 0
>> Tue Nov 27 15:48:17 2007 us=171000   remote_cert_ku[i] = 0
>> Tue Nov 27 15:48:17 2007 us=171000   remote_cert_ku[i] = 0
>> Tue Nov 27 15:48:17 2007 us=171000   remote_cert_eku = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=171000   tls_timeout = 2
>> Tue Nov 27 15:48:17 2007 us=171000   renegotiate_bytes = 0
>> Tue Nov 27 15:48:17 2007 us=171000   renegotiate_packets = 0
>> Tue Nov 27 15:48:17 2007 us=171000   renegotiate_seconds = 3600
>> Tue Nov 27 15:48:17 2007 us=171000   handshake_window = 60
>> Tue Nov 27 15:48:17 2007 us=171000   transition_window = 3600
>> Tue Nov 27 15:48:17 2007 us=171000   single_session = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   tls_exit = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   tls_auth_file = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication 
>> = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication 
>> = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication 
>> = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication 
>> = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication 
>> = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication 
>> = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication 
>> = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication 
>> = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication 
>> = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication 
>> = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication 
>> = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication 
>> = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication 
>> = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication 
>> = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication 
>> = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_protected_authentication 
>> = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_cert_private = DISABLED
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_pin_cache_period = -1
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_slot_type = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_slot = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_id_type = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=171000   pkcs11_id = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=171000   server_network = 0.0.0.0
>> Tue Nov 27 15:48:17 2007 us=171000   server_netmask = 0.0.0.0
>> Tue Nov 27 15:48:17 2007 us=171000   server_bridge_ip = 0.0.0.0
>> Tue Nov 27 15:48:17 2007 us=203000   server_bridge_netmask = 0.0.0.0
>> Tue Nov 27 15:48:17 2007 us=203000   server_bridge_pool_start = 0.0.0.0
>> Tue Nov 27 15:48:17 2007 us=203000   server_bridge_pool_end = 0.0.0.0
>> Tue Nov 27 15:48:17 2007 us=203000   ifconfig_pool_defined = DISABLED
>> Tue Nov 27 15:48:17 2007 us=203000   ifconfig_pool_start = 0.0.0.0
>> Tue Nov 27 15:48:17 2007 us=203000   ifconfig_pool_end = 0.0.0.0
>> Tue Nov 27 15:48:17 2007 us=203000   ifconfig_pool_netmask = 0.0.0.0
>> Tue Nov 27 15:48:17 2007 us=203000   ifconfig_pool_persist_filename = 
>> '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=203000   
>> ifconfig_pool_persist_refresh_freq = 600
>> Tue Nov 27 15:48:17 2007 us=203000   n_bcast_buf = 256
>> Tue Nov 27 15:48:17 2007 us=203000   tcp_queue_limit = 64
>> Tue Nov 27 15:48:17 2007 us=203000   real_hash_size = 256
>> Tue Nov 27 15:48:17 2007 us=203000   virtual_hash_size = 256
>> Tue Nov 27 15:48:17 2007 us=203000   client_connect_script = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=203000   learn_address_script = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=203000   client_disconnect_script = 
>> '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=203000   client_config_dir = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=203000   ccd_exclusive = DISABLED
>> Tue Nov 27 15:48:17 2007 us=203000   tmp_dir = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=203000   push_ifconfig_defined = DISABLED
>> Tue Nov 27 15:48:17 2007 us=203000   push_ifconfig_local = 0.0.0.0
>> Tue Nov 27 15:48:17 2007 us=203000   push_ifconfig_remote_netmask = 
>> 0.0.0.0
>> Tue Nov 27 15:48:17 2007 us=203000   enable_c2c = DISABLED
>> Tue Nov 27 15:48:17 2007 us=203000   duplicate_cn = DISABLED
>> Tue Nov 27 15:48:17 2007 us=203000   cf_max = 0
>> Tue Nov 27 15:48:17 2007 us=203000   cf_per = 0
>> Tue Nov 27 15:48:17 2007 us=203000   max_clients = 1024
>> Tue Nov 27 15:48:17 2007 us=203000   max_routes_per_client = 256
>> Tue Nov 27 15:48:17 2007 us=203000   client_cert_not_required = DISABLED
>> Tue Nov 27 15:48:17 2007 us=203000   username_as_common_name = DISABLED
>> Tue Nov 27 15:48:17 2007 us=203000   auth_user_pass_verify_script = 
>> '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=203000   
>> auth_user_pass_verify_script_via_file = DIS
>> ABLED
>> Tue Nov 27 15:48:17 2007 us=203000   client = ENABLED
>> Tue Nov 27 15:48:17 2007 us=203000   pull = ENABLED
>> Tue Nov 27 15:48:17 2007 us=203000   auth_user_pass_file = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=203000   show_net_up = DISABLED
>> Tue Nov 27 15:48:17 2007 us=203000   route_method = 0
>> Tue Nov 27 15:48:17 2007 us=203000   ip_win32_defined = DISABLED
>> Tue Nov 27 15:48:17 2007 us=203000   ip_win32_type = 3
>> Tue Nov 27 15:48:17 2007 us=203000   dhcp_masq_offset = 0
>> Tue Nov 27 15:48:17 2007 us=203000   dhcp_lease_time = 31536000
>> Tue Nov 27 15:48:17 2007 us=203000   tap_sleep = 0
>> Tue Nov 27 15:48:17 2007 us=203000   dhcp_options = DISABLED
>> Tue Nov 27 15:48:17 2007 us=203000   dhcp_renew = DISABLED
>> Tue Nov 27 15:48:17 2007 us=203000   dhcp_pre_release = DISABLED
>> Tue Nov 27 15:48:17 2007 us=203000   dhcp_release = DISABLED
>> Tue Nov 27 15:48:17 2007 us=203000   domain = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=203000   netbios_scope = '[UNDEF]'
>> Tue Nov 27 15:48:17 2007 us=203000   netbios_node_type = 0
>> Tue Nov 27 15:48:17 2007 us=203000   disable_nbt = DISABLED
>> Tue Nov 27 15:48:17 2007 us=203000 OpenVPN 2.1_rc4 Win32-MinGW [SSL] 
>> [LZO2] buil
>> t on Apr 25 2007
>> Tue Nov 27 15:48:17 2007 us=203000 LZO compression initialized
>> Tue Nov 27 15:48:17 2007 us=203000 Control Channel MTU parms [ L:1576 
>> D:140 EF:4
>> 0 EB:0 ET:0 EL:0 ]
>> Tue Nov 27 15:48:17 2007 us=546000 Data Channel MTU parms [ L:1576 
>> D:1450 EF:44
>> EB:135 ET:32 EL:0 AF:3/1 ]
>> Tue Nov 27 15:48:17 2007 us=546000 Local Options String: 'V4,dev-type 
>> tap,link-m
>> tu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth 
>> SHA1,keysize
>>  128,key-method 2,tls-client'
>> Tue Nov 27 15:48:17 2007 us=546000 Expected Remote Options String: 
>> 'V4,dev-type
>> tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher 
>> BF-CBC,auth SH
>> A1,keysize 128,key-method 2,tls-server'
>> Tue Nov 27 15:48:17 2007 us=546000 Local Options hash (VER=V4): 
>> '31fdf004'
>> Tue Nov 27 15:48:17 2007 us=546000 Expected Remote Options hash 
>> (VER=V4): '3e6d1
>> 056'
>> Tue Nov 27 15:48:17 2007 us=546000 Attempting to establish TCP 
>> connection with 8
>> 0.202.154.115:443
>> Tue Nov 27 15:48:17 2007 us=562000 TCP connection established with 
>> xx.xxx.xxx.xx
>> 5:443
>> Tue Nov 27 15:48:17 2007 us=562000 Socket Buffers: R=[8192->8192] 
>> S=[64512->6451
>> 2]
>> Tue Nov 27 15:48:17 2007 us=562000 TCPv4_CLIENT link local: [undef]
>> Tue Nov 27 15:48:17 2007 us=562000 TCPv4_CLIENT link remote: 
>> xx.xxx.xxx.xx5:443
>> WRTue Nov 27 15:48:17 2007 us=593000 TLS: Initial packet from 
>> xx.xxx.xxx.xx5:443
>> , sid=7cd2f873 7e439cad
>> WWRWRRRWWRWRWRRWWRWRWRTue Nov 27 15:48:17 2007 us=984000 VERIFY OK: 
>> depth=1, /C=
>> no/ST=VA/L=Kristiansand/O=compaq_home_network/CN=sevrin.xxxxxx.xx/emailAddress=s 
>>
>> evrin@xxxxxxxx
>> Tue Nov 27 15:48:17 2007 us=984000 VERIFY OK: nsCertType=SERVER
>> Tue Nov 27 15:48:17 2007 us=984000 VERIFY OK: depth=0, 
>> /C=no/ST=VA/L=Kristiansan
>> d/O=compaq_home_network/CN=sevrin.xxxxxx.xx/emailAddress=sevrin@xxxxxxxx
>> RWWRWRWRRWWRWWWWRWRRRWWWRWRWRRWWRWRWRRWWRWRWRRWWRWRWRRWRRRWWWWRRRRRRTue 
>> Nov 27 1
>> 5:48:19 2007 us=140000 Data Channel Encrypt: Cipher 'BF-CBC' 
>> initialized with 12
>> 8 bit key
>> Tue Nov 27 15:48:19 2007 us=140000 Data Channel Encrypt: Using 160 
>> bit message h
>> ash 'SHA1' for HMAC authentication
>> Tue Nov 27 15:48:19 2007 us=140000 Data Channel Decrypt: Cipher 
>> 'BF-CBC' initial
>> ized with 128 bit key
>> Tue Nov 27 15:48:19 2007 us=140000 Data Channel Decrypt: Using 160 
>> bit message h
>> ash 'SHA1' for HMAC authentication
>> WWTue Nov 27 15:48:19 2007 us=140000 Control Channel: TLSv1, cipher 
>> TLSv1/SSLv3
>> DHE-RSA-AES256-SHA, 1024 bit RSA
>> Tue Nov 27 15:48:19 2007 us=156000 [sevrin.xxxxxx.xx] Peer Connection 
>> Initiated
>> with xx.xxx.xxx.xx5:443
>> Tue Nov 27 15:48:20 2007 us=218000 SENT CONTROL [sevrin.xxxxxx.xx]: 
>> 'PUSH_REQUES
>> T' (status=1)
>> WRRRTue Nov 27 15:48:20 2007 us=437000 PUSH: Received control 
>> message: 'PUSH_REP
>> LY,ping 5,ping-restart 10'
>> Tue Nov 27 15:48:20 2007 us=437000 OPTIONS IMPORT: timers and/or 
>> timeouts modifi
>> ed
>> Tue Nov 27 15:48:20 2007 us=453000 TAP-WIN32 device [OpenVPN] opened: 
>> \\.\Global
>> \{5434819F-4705-4D56-9845-43A6A6B6B3E1}.tap
>> Tue Nov 27 15:48:20 2007 us=453000 TAP-Win32 Driver Version 9.3
>> Tue Nov 27 15:48:20 2007 us=453000 TAP-Win32 MTU=1500
>> Tue Nov 27 15:48:20 2007 us=453000 Successful ARP Flush on interface 
>> [4] {543481
>> 9F-4705-4D56-9845-43A6A6B6B3E1}
>> WWrWRwRwRwRwrWRwrWrWRwrWTue Nov 27 15:48:25 2007 us=15000 TEST 
>> ROUTES: 0/0 succe
>> eded len=-1 ret=1 a=0 u/d=up
>> Tue Nov 27 15:48:25 2007 us=15000 Initialization Sequence Completed
>> RwrWrWrWRwrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrTue 
>> Nov 27
>> 15:48:36 2007 us=296000 [sevrin.xxxxxx.xx] Inactivity timeout 
>> (--ping-restart),
>> restarting
>> Tue Nov 27 15:48:36 2007 us=296000 TCP/UDP: Closing socket
>> Tue Nov 27 15:48:36 2007 us=296000 SIGUSR1[soft,ping-restart] 
>> received, process
>> restarting
>> Tue Nov 27 15:48:36 2007 us=296000 Restart pause, 5 second(s)
>> Tue Nov 27 15:48:41 2007 us=296000 Re-using SSL/TLS context
>> Tue Nov 27 15:48:41 2007 us=296000 LZO compression initialized
>> Tue Nov 27 15:48:41 2007 us=296000 Control Channel MTU parms [ L:1576 
>> D:140 EF:4
>> 0 EB:0 ET:0 EL:0 ]
>> Tue Nov 27 15:48:42 2007 us=343000 Data Channel MTU parms [ L:1576 
>> D:1450 EF:44
>> EB:135 ET:32 EL:0 AF:3/1 ]
>> Tue Nov 27 15:48:42 2007 us=343000 Local Options String: 'V4,dev-type 
>> tap,link-m
>> tu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth 
>> SHA1,keysize
>>  128,key-method 2,tls-client'
>> Tue Nov 27 15:48:42 2007 us=343000 Expected Remote Options String: 
>> 'V4,dev-type
>> tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher 
>> BF-CBC,auth SH
>> A1,keysize 128,key-method 2,tls-server'
>> Tue Nov 27 15:48:42 2007 us=343000 Local Options hash (VER=V4): 
>> '31fdf004'
>> Tue Nov 27 15:48:42 2007 us=343000 Expected Remote Options hash 
>> (VER=V4): '3e6d1
>> 056'
>> Tue Nov 27 15:48:42 2007 us=343000 Attempting to establish TCP 
>> connection with 8
>> 0.202.154.115:443
>>
>> -----------------------
>> Log from server (ips and mailadresses is xxxxxxxxx)
>>
>> Tue Nov 27 15:53:40 2007 us=14256 Diffie-Hellman initialized with 
>> 1024 bit key
>> Tue Nov 27 15:53:40 2007 us=15992 TLS-Auth MTU parms [ L:1576 D:140 
>> EF:40 EB:0 ET:0 EL:0 ]
>> Tue Nov 27 15:53:40 2007 us=16160 TUN/TAP device tap0 opened
>> Tue Nov 27 15:53:40 2007 us=16206 TUN/TAP TX queue length set to 100
>> Tue Nov 27 15:53:40 2007 us=16316 Data Channel MTU parms [ L:1576 
>> D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
>> Tue Nov 27 15:53:40 2007 us=17173 Listening for incoming TCP 
>> connection on [undef]:443
>> Tue Nov 27 15:53:40 2007 us=17381 Socket Buffers: R=[87380->131072] 
>> S=[16384->131072]
>> Tue Nov 27 15:53:40 2007 us=17425 TCPv4_SERVER link local (bound): 
>> [undef]:443
>> Tue Nov 27 15:53:40 2007 us=17450 TCPv4_SERVER link remote: [undef]
>> Tue Nov 27 15:53:40 2007 us=17487 MULTI: multi_init called, r=256 v=256
>> Tue Nov 27 15:53:40 2007 us=17695 MULTI: TCP INIT maxclients=1024 
>> maxevents=1028
>> Tue Nov 27 15:53:40 2007 us=17776 Initialization Sequence Completed
>> Tue Nov 27 15:53:51 2007 us=707030 MULTI: multi_create_instance called
>> Tue Nov 27 15:53:51 2007 us=707198 Re-using SSL/TLS context
>> Tue Nov 27 15:53:51 2007 us=707335 LZO compression initialized
>> Tue Nov 27 15:53:51 2007 us=707854 Control Channel MTU parms [ L:1576 
>> D:140 EF:40 EB:0 ET:0 EL:0 ]
>> Tue Nov 27 15:53:51 2007 us=708006 Data Channel MTU parms [ L:1576 
>> D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
>> Tue Nov 27 15:53:51 2007 us=708081 Local Options String: 'V4,dev-type 
>> tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher 
>> BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
>> Tue Nov 27 15:53:51 2007 us=708105 Expected Remote Options String: 
>> 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto 
>> TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 
>> 2,tls-client'
>> Tue Nov 27 15:53:51 2007 us=708170 Local Options hash (VER=V4): 
>> '3e6d1056'
>> Tue Nov 27 15:53:51 2007 us=708212 Expected Remote Options hash 
>> (VER=V4): '31fdf004'
>> Tue Nov 27 15:53:51 2007 us=708325 TCP connection established with 
>> xx.xx.xx.xx:63311
>> Tue Nov 27 15:53:51 2007 us=708364 Socket Buffers: R=[131072->131072] 
>> S=[131072->131072]
>> Tue Nov 27 15:53:51 2007 us=708400 TCPv4_SERVER link local: [undef]
>> Tue Nov 27 15:53:51 2007 us=708428 TCPv4_SERVER link remote: 
>> xx.xx.xx.xx:63311
>> Tue Nov 27 15:53:51 2007 us=708871 xx.xx.xx.xx:63311 TLS: Initial 
>> packet from xx.xx.xx.xx:63311, sid=407d6310 69d6d4aa
>> Tue Nov 27 15:53:52 2007 us=629835 xx.xx.xx.xx:63311 VERIFY OK: 
>> depth=1, 
>> /C=no/ST=VA/L=Kristiansand/O=compaq_home_network/CN=sevrin.xxxxxx.xx/emailAddress=sevrin@xxxxxxxx 
>>
>> Tue Nov 27 15:53:52 2007 us=630350 xx.xx.xx.xx:63311 VERIFY OK: 
>> depth=0, 
>> /C=no/ST=VA/L=Kristiansand/O=compaq_home_network/CN=sevrin/emailAddress=sevrin@xxxxxxxx 
>>
>> Tue Nov 27 15:53:53 2007 us=128915 xx.xx.xx.xx:63311 Data Channel 
>> Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
>> Tue Nov 27 15:53:53 2007 us=129016 xx.xx.xx.xx:63311 Data Channel 
>> Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
>> Tue Nov 27 15:53:53 2007 us=129154 xx.xx.xx.xx:63311 Data Channel 
>> Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
>> Tue Nov 27 15:53:53 2007 us=129186 xx.xx.xx.xx:63311 Data Channel 
>> Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
>> Tue Nov 27 15:53:53 2007 us=391095 xx.xx.xx.xx:63311 Control Channel: 
>> TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
>> Tue Nov 27 15:53:53 2007 us=391218 xx.xx.xx.xx:63311 [sevrin] Peer 
>> Connection Initiated with xx.xx.xx.xx:63311
>> Tue Nov 27 15:53:53 2007 us=391333 sevrin/xx.xx.xx.xx:63311 MULTI: no 
>> dynamic or static remote --ifconfig address is available for 
>> sevrin/xx.xx.xx.xx:63311
>> Tue Nov 27 15:53:55 2007 us=1272 sevrin/xx.xx.xx.xx:63311 PUSH: 
>> Received control message: 'PUSH_REQUEST'
>> Tue Nov 27 15:53:55 2007 us=1595 sevrin/xx.xx.xx.xx:63311 SENT 
>> CONTROL [sevrin]: 'PUSH_REPLY,ping 5,ping-restart 10' (status=1)
>> Tue Nov 27 15:53:55 2007 us=745196 sevrin/xx.xx.xx.xx:63311 MULTI: 
>> Learn: 00:ff:54:34:81:9f -> sevrin/xx.xx.xx.xx:63311
>> Tue Nov 27 15:54:17 2007 us=152037 sevrin/xx.xx.xx.xx:63311 [sevrin] 
>> Inactivity timeout (--ping-restart), restarting
>> Tue Nov 27 15:54:17 2007 us=152160 sevrin/xx.xx.xx.xx:63311 
>> SIGUSR1[soft,ping-restart] received, client-instance restarting
>> Tue Nov 27 15:54:17 2007 us=152727 TCP/UDP: Closing socket
>>
>
>

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users