port 443
proto tcp-server
dev tap0

verb 256

ca /etc/openvpn/keys/roadwarrior/ca.crt
cert /etc/openvpn/keys/roadwarrior/server.crt
key /etc/openvpn/keys/roadwarrior/server.key
dh /etc/openvpn/keys/roadwarrior/dh1024.pem

tls-server
mode server
ifconfig 192.168.139.1 255.255.255.0
ifconfig-pool 192.168.139.10 192.168.139.50

push "route 192.168.10.0 255.255.255.0"
push "route-gateway 192.168.139.1"

#log /var/log/openvpn/roadwarrior.log

client-config-dir /etc/openvpn/ccd

keepalive 10 120
persist-key
persist-tun
#status openvpn-roadwarrior-status.log

Wed Apr 30 23:02:24 2008 us=170489 Current Parameter Settings:
Wed Apr 30 23:02:24 2008 us=170526   config = 'cz-br-axmanova.ovpn'
Wed Apr 30 23:02:24 2008 us=170536   mode = 0
Wed Apr 30 23:02:24 2008 us=170545   show_ciphers = DISABLED
Wed Apr 30 23:02:24 2008 us=170555   show_digests = DISABLED
Wed Apr 30 23:02:24 2008 us=170564   show_engines = DISABLED
Wed Apr 30 23:02:24 2008 us=170573   genkey = DISABLED
Wed Apr 30 23:02:24 2008 us=170582   key_pass_file = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=170591   show_tls_ciphers = DISABLED
Wed Apr 30 23:02:24 2008 us=170600   proto = 2
Wed Apr 30 23:02:24 2008 us=170608   local = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=170618   remote_list[0] = {'cz-br-axmanova.domain.tld', 443}
Wed Apr 30 23:02:24 2008 us=170628   remote_random = DISABLED
Wed Apr 30 23:02:24 2008 us=170637   local_port = 1194
Wed Apr 30 23:02:24 2008 us=170646   remote_port = 1194
Wed Apr 30 23:02:24 2008 us=170655   remote_float = DISABLED
Wed Apr 30 23:02:24 2008 us=170664   ipchange = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=170673   bind_local = DISABLED
Wed Apr 30 23:02:24 2008 us=170682   dev = 'tap'
Wed Apr 30 23:02:24 2008 us=170691   dev_type = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=170700   dev_node = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=170709   tun_ipv6 = DISABLED
Wed Apr 30 23:02:24 2008 us=170718   ifconfig_local = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=170728   ifconfig_remote_netmask = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=170737   ifconfig_noexec = DISABLED
Wed Apr 30 23:02:24 2008 us=170747   ifconfig_nowarn = DISABLED
Wed Apr 30 23:02:24 2008 us=170756   shaper = 0
Wed Apr 30 23:02:24 2008 us=170765   tun_mtu = 1500
Wed Apr 30 23:02:24 2008 us=170774   tun_mtu_defined = ENABLED
Wed Apr 30 23:02:24 2008 us=170783   link_mtu = 1500
Wed Apr 30 23:02:24 2008 us=170792   link_mtu_defined = DISABLED
Wed Apr 30 23:02:24 2008 us=170801   tun_mtu_extra = 32
Wed Apr 30 23:02:24 2008 us=170811   tun_mtu_extra_defined = ENABLED
Wed Apr 30 23:02:24 2008 us=170820   fragment = 0
Wed Apr 30 23:02:24 2008 us=170828   mtu_discover_type = -1
Wed Apr 30 23:02:24 2008 us=170837   mtu_test = 0
Wed Apr 30 23:02:24 2008 us=170846   mlock = DISABLED
Wed Apr 30 23:02:24 2008 us=170854   keepalive_ping = 0
Wed Apr 30 23:02:24 2008 us=170863   keepalive_timeout = 0
Wed Apr 30 23:02:24 2008 us=170872   inactivity_timeout = 0
Wed Apr 30 23:02:24 2008 us=170881   ping_send_timeout = 0
Wed Apr 30 23:02:24 2008 us=170890   ping_rec_timeout = 0
Wed Apr 30 23:02:24 2008 us=170899   ping_rec_timeout_action = 0
Wed Apr 30 23:02:24 2008 us=170908   ping_timer_remote = DISABLED
Wed Apr 30 23:02:24 2008 us=170918   remap_sigusr1 = 0
Wed Apr 30 23:02:24 2008 us=170927   explicit_exit_notification = 0
Wed Apr 30 23:02:24 2008 us=170936   persist_tun = ENABLED
Wed Apr 30 23:02:24 2008 us=170945   persist_local_ip = DISABLED
Wed Apr 30 23:02:24 2008 us=170954   persist_remote_ip = DISABLED
Wed Apr 30 23:02:24 2008 us=170963   persist_key = ENABLED
Wed Apr 30 23:02:24 2008 us=170972   mssfix = 1450
Wed Apr 30 23:02:24 2008 us=170981   resolve_retry_seconds = 1000000000
Wed Apr 30 23:02:24 2008 us=170991   connect_retry_seconds = 5
Wed Apr 30 23:02:24 2008 us=171000   username = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=171009   groupname = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=171018   chroot_dir = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=171027   cd_dir = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=171036   writepid = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=171045   up_script = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=171054   down_script = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=171063   down_pre = DISABLED
Wed Apr 30 23:02:24 2008 us=171072   up_restart = DISABLED
Wed Apr 30 23:02:24 2008 us=171090   up_delay = DISABLED
Wed Apr 30 23:02:24 2008 us=171100   daemon = DISABLED
Wed Apr 30 23:02:24 2008 us=171109   inetd = 0
Wed Apr 30 23:02:24 2008 us=171118   log = DISABLED
Wed Apr 30 23:02:24 2008 us=171127   suppress_timestamps = DISABLED
Wed Apr 30 23:02:24 2008 us=171137   nice = 0
Wed Apr 30 23:02:24 2008 us=171146   verbosity = 4
Wed Apr 30 23:02:24 2008 us=224332   mute = 0
Wed Apr 30 23:02:24 2008 us=224410   gremlin = 0
Wed Apr 30 23:02:24 2008 us=224459   status_file = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=224483   status_file_version = 1
Wed Apr 30 23:02:24 2008 us=224493   status_file_update_freq = 60
Wed Apr 30 23:02:24 2008 us=224506   occ = ENABLED
Wed Apr 30 23:02:24 2008 us=224518   rcvbuf = 0
Wed Apr 30 23:02:24 2008 us=224529   sndbuf = 0
Wed Apr 30 23:02:24 2008 us=224541   socks_proxy_server = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=224559   socks_proxy_port = 0
Wed Apr 30 23:02:24 2008 us=224571   socks_proxy_retry = DISABLED
Wed Apr 30 23:02:24 2008 us=224583   fast_io = DISABLED
Wed Apr 30 23:02:24 2008 us=224595   comp_lzo = DISABLED
Wed Apr 30 23:02:24 2008 us=224607   comp_lzo_adaptive = ENABLED
Wed Apr 30 23:02:24 2008 us=224619   route_script = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=224629   route_default_gateway = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=224638   route_noexec = DISABLED
Wed Apr 30 23:02:24 2008 us=236632   route_delay = 0
Wed Apr 30 23:02:24 2008 us=236646   route_delay_window = 30
Wed Apr 30 23:02:24 2008 us=236656   route_delay_defined = ENABLED
Wed Apr 30 23:02:24 2008 us=236665   management_addr = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=236674   management_port = 0
Wed Apr 30 23:02:24 2008 us=236683   management_user_pass = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=236692   management_log_history_cache = 250
Wed Apr 30 23:02:24 2008 us=236744   management_echo_buffer_size = 100
Wed Apr 30 23:02:24 2008 us=236755   management_query_passwords = DISABLED
Wed Apr 30 23:02:24 2008 us=236780   management_hold = DISABLED
Wed Apr 30 23:02:24 2008 us=236790   shared_secret_file = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=236799   key_direction = 0
Wed Apr 30 23:02:24 2008 us=236848   ciphername_defined = ENABLED
Wed Apr 30 23:02:24 2008 us=236859   ciphername = 'BF-CBC'
Wed Apr 30 23:02:24 2008 us=236868   authname_defined = ENABLED
Wed Apr 30 23:02:24 2008 us=246126   authname = 'SHA1'
Wed Apr 30 23:02:24 2008 us=246143   keysize = 0
Wed Apr 30 23:02:24 2008 us=246166   engine = DISABLED
Wed Apr 30 23:02:24 2008 us=246188   replay = ENABLED
Wed Apr 30 23:02:24 2008 us=246198   mute_replay_warnings = DISABLED
Wed Apr 30 23:02:24 2008 us=246206   replay_window = 0
Wed Apr 30 23:02:24 2008 us=246215   replay_time = 0
Wed Apr 30 23:02:24 2008 us=246224   packet_id_file = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=246233   use_iv = ENABLED
Wed Apr 30 23:02:24 2008 us=246241   test_crypto = DISABLED
Wed Apr 30 23:02:24 2008 us=246250   tls_server = DISABLED
Wed Apr 30 23:02:24 2008 us=246259   tls_client = ENABLED
Wed Apr 30 23:02:24 2008 us=246267   key_method = 2
Wed Apr 30 23:02:24 2008 us=246276   ca_file = 'cz-br-axmanova/ca.crt'
Wed Apr 30 23:02:24 2008 us=246285   dh_file = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=246294   cert_file = 'cz-br-axmanova/mb.crt'
Wed Apr 30 23:02:24 2008 us=253360   priv_key_file = 'cz-br-axmanova/mb.key'
Wed Apr 30 23:02:24 2008 us=253389   pkcs12_file = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=253415   cryptoapi_cert = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=253425   cipher_list = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=253434   tls_verify = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=253443   tls_remote = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=253451   crl_file = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=253460   ns_cert_type = 0
Wed Apr 30 23:02:24 2008 us=253468   tls_timeout = 2
Wed Apr 30 23:02:24 2008 us=253476   renegotiate_bytes = 0
Wed Apr 30 23:02:24 2008 us=253485   renegotiate_packets = 0
Wed Apr 30 23:02:24 2008 us=253493   renegotiate_seconds = 3600
Wed Apr 30 23:02:24 2008 us=253502   handshake_window = 60
Wed Apr 30 23:02:24 2008 us=253511   transition_window = 3600
Wed Apr 30 23:02:24 2008 us=253523   single_session = DISABLED
Wed Apr 30 23:02:24 2008 us=261070   tls_exit = DISABLED
Wed Apr 30 23:02:24 2008 us=261091   tls_auth_file = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=261133   server_network = 0.0.0.0
Wed Apr 30 23:02:24 2008 us=261156   server_netmask = 0.0.0.0
Wed Apr 30 23:02:24 2008 us=261166   server_bridge_ip = 0.0.0.0
Wed Apr 30 23:02:24 2008 us=261175   server_bridge_netmask = 0.0.0.0
Wed Apr 30 23:02:24 2008 us=261185   server_bridge_pool_start = 0.0.0.0
Wed Apr 30 23:02:24 2008 us=261195   server_bridge_pool_end = 0.0.0.0
Wed Apr 30 23:02:24 2008 us=261204   ifconfig_pool_defined = DISABLED
Wed Apr 30 23:02:24 2008 us=261215   ifconfig_pool_start = 0.0.0.0
Wed Apr 30 23:02:24 2008 us=261225   ifconfig_pool_end = 0.0.0.0
Wed Apr 30 23:02:24 2008 us=261235   ifconfig_pool_netmask = 0.0.0.0
Wed Apr 30 23:02:24 2008 us=261246   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=261255   ifconfig_pool_persist_refresh_freq = 600
Wed Apr 30 23:02:24 2008 us=261265   ifconfig_pool_linear = DISABLED
Wed Apr 30 23:02:24 2008 us=268756   n_bcast_buf = 256
Wed Apr 30 23:02:24 2008 us=268786   tcp_queue_limit = 64
Wed Apr 30 23:02:24 2008 us=268810   real_hash_size = 256
Wed Apr 30 23:02:24 2008 us=268833   virtual_hash_size = 256
Wed Apr 30 23:02:24 2008 us=268843   client_connect_script = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=268852   learn_address_script = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=268861   client_disconnect_script = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=268870   client_config_dir = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=268879   ccd_exclusive = DISABLED
Wed Apr 30 23:02:24 2008 us=268888   tmp_dir = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=268897   push_ifconfig_defined = DISABLED
Wed Apr 30 23:02:24 2008 us=268908   push_ifconfig_local = 0.0.0.0
Wed Apr 30 23:02:24 2008 us=268918   push_ifconfig_remote_netmask = 0.0.0.0
Wed Apr 30 23:02:24 2008 us=268928   enable_c2c = DISABLED
Wed Apr 30 23:02:24 2008 us=268936   duplicate_cn = DISABLED
Wed Apr 30 23:02:24 2008 us=275590   cf_max = 0
Wed Apr 30 23:02:24 2008 us=275611   cf_per = 0
Wed Apr 30 23:02:24 2008 us=275625   max_clients = 1024
Wed Apr 30 23:02:24 2008 us=275642   max_routes_per_client = 256
Wed Apr 30 23:02:24 2008 us=275663   client_cert_not_required = DISABLED
Wed Apr 30 23:02:24 2008 us=275674   username_as_common_name = DISABLED
Wed Apr 30 23:02:24 2008 us=275684   auth_user_pass_verify_script = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=275694   auth_user_pass_verify_script_via_file = DISABLED
Wed Apr 30 23:02:24 2008 us=275704   client = ENABLED
Wed Apr 30 23:02:24 2008 us=275712   pull = ENABLED
Wed Apr 30 23:02:24 2008 us=275722   auth_user_pass_file = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=275733   show_net_up = DISABLED
Wed Apr 30 23:02:24 2008 us=275742   route_method = 1
Wed Apr 30 23:02:24 2008 us=275750   ip_win32_defined = DISABLED
Wed Apr 30 23:02:24 2008 us=275759   ip_win32_type = 3
Wed Apr 30 23:02:24 2008 us=275768   dhcp_masq_offset = 0
Wed Apr 30 23:02:24 2008 us=283263   dhcp_lease_time = 31536000
Wed Apr 30 23:02:24 2008 us=283306   tap_sleep = 0
Wed Apr 30 23:02:24 2008 us=283321   dhcp_options = DISABLED
Wed Apr 30 23:02:24 2008 us=283331   dhcp_renew = DISABLED
Wed Apr 30 23:02:24 2008 us=283340   dhcp_pre_release = DISABLED
Wed Apr 30 23:02:24 2008 us=283349   dhcp_release = DISABLED
Wed Apr 30 23:02:24 2008 us=283358   domain = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=283367   netbios_scope = '[UNDEF]'
Wed Apr 30 23:02:24 2008 us=283376   netbios_node_type = 0
Wed Apr 30 23:02:24 2008 us=283386   disable_nbt = DISABLED
Wed Apr 30 23:02:24 2008 us=283403 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Wed Apr 30 23:02:24 2008 us=283504 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Apr 30 23:02:24 2008 us=283517 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Apr 30 23:02:26 2008 us=649873 Control Channel MTU parms [ L:1575 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Apr 30 23:02:27 2008 us=860435 Data Channel MTU parms [ L:1575 D:1450 EF:43 EB:4 ET:32 EL:0 ]
Wed Apr 30 23:02:27 2008 us=860519 Local Options String: 'V4,dev-type tap,link-mtu 1575,tun-mtu 1532,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Apr 30 23:02:27 2008 us=860542 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1575,tun-mtu 1532,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Apr 30 23:02:27 2008 us=860590 Local Options hash (VER=V4): '10f35004'
Wed Apr 30 23:02:27 2008 us=860620 Expected Remote Options hash (VER=V4): 'a917298a'
Wed Apr 30 23:02:27 2008 us=860721 Attempting to establish TCP connection with 11.22.16.121:443
Wed Apr 30 23:02:27 2008 us=987990 TCP connection established with 11.22.16.121:443
Wed Apr 30 23:02:27 2008 us=988039 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Apr 30 23:02:27 2008 us=988072 TCPv4_CLIENT link local: [undef]
Wed Apr 30 23:02:27 2008 us=988111 TCPv4_CLIENT link remote: 11.22.16.121:443
Wed Apr 30 23:03:28 2008 us=445747 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Apr 30 23:03:28 2008 us=445786 TLS Error: TLS handshake failed
Wed Apr 30 23:03:28 2008 us=446072 Fatal TLS error (check_tls_errors_co), restarting
Wed Apr 30 23:03:28 2008 us=446152 TCP/UDP: Closing socket
Wed Apr 30 23:03:28 2008 us=446549 SIGUSR1[soft,tls-error] received, process restarting
Wed Apr 30 23:03:28 2008 us=446574 Restart pause, 5 second(s)

21:06:07.653569 IP client.1153 > server.443: S 382081031:382081031(0) win 65535 <mss 1380,nop,wscale 1,nop,nop,sackOK>
21:06:07.653951 IP server.443 > client.1153: S 1927034756:1927034756(0) ack 382081032 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 1>
21:06:07.779266 IP client.1153 > server.443: . ack 1 win 64000
21:06:07.791182 IP client.1153 > server.443: P 1:17(16) ack 1 win 64000
21:06:10.777131 IP client.1153 > server.443: P 1:33(32) ack 1 win 64000
21:06:12.044748 IP server.443 > client.1153: S 1927034756:1927034756(0) ack 382081032 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 1>
21:06:12.166505 IP client.1153 > server.443: . ack 1 win 64000
21:06:18.014140 IP client.1153 > server.443: P 1:81(80) ack 1 win 64000
21:06:18.444787 IP server.443 > client.1153: S 1927034756:1927034756(0) ack 382081032 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 1>
21:06:18.569575 IP client.1153 > server.443: . ack 1 win 64000
21:06:30.090804 IP client.1153 > server.443: P 1:177(176) ack 1 win 64000
21:06:31.244876 IP server.443 > client.1153: S 1927034756:1927034756(0) ack 382081032 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 1>
21:06:31.394387 IP client.1153 > server.443: . ack 1 win 64000

define Build/Configure
    $(call Build/Configure/Default, \
        --disable-pthread \
        --disable-debug \
        --disable-plugins \
        --enable-management \
        --disable-socks \
        --enable-password-save \
        ac_cv_func_epoll_create=no \
    )
endef

proto tcp-server
port 443
dev tap0

keepalive 10 180
push "keepalive 10 180"

ifconfig 192.168.139.1 255.255.255.0

tls-server
ca /etc/openvpn/keys/roadwarrior/ca.crt
cert /etc/openvpn/keys/roadwarrior/server.crt
key /etc/openvpn/keys/roadwarrior/server.key
dh /etc/openvpn/keys/roadwarrior/dh1024.pem
persist-key
persist-tun