Are there any errors reported by fw3 print ?
-
Change OpenVPN configs (server and clients) to utilize tcp instead of udp (for troubleshooting)
proto tcp
-
Change OpenVPN server verbosity to 9
verb 9
-
Change VPN client configs to verbosity 9
verb 9
-
Enable logging on the VPN network interfaces on the routers
option log 1
-
Apply iptables rules for logging traffic to the VPN port #
# Log VPN Traffic # #--------------------------------------------------- iptables -N LOG-VPN iptables -I INPUT -p tcp --dport 1194 -m state --state NEW -j LOG-VPN iptables -I INPUT -p udp --dport 1194 -m state --state NEW -j LOG-VPN iptables -A LOG-VPN -j LOG --log-prefix "<[[--- VPN Traffic ---]]> : " --log-level 4 iptables -A LOG-VPN -
Restart OpenVPN server
/etc/init.d/openvpn restart
-
Disconnect all clients, then reconnect.
- You must disconnect then select connect, and not simply reconnect, as that will utilize the old config.
-
Try connecting the SIP phone to the VPN, and once it fails, review VPN client, VPN server, and system logs side by side to determine what, if readily apparent, the issue is.
-
If these do not identify the issue, please post:
- OpenVPN Server
-
Config:
/etc/config/openvpn -
Log:
/tmp/openvpn.log
-
Config:
- OpenVPN Client
- Config
- Log
- Firewall Config
- LEDE:
/etc/config/firewall&/etc/firewall.user - Freepbx
- LEDE:
- Network Config
-
LEDE:
/etc/config/network - Freepbx
-
LEDE:
- System logs
-
LEDE:
logread - Freepbx
-
LEDE:
- OpenVPN Server
- Please ensure you remove any identifying information, such as MAC Addresses, WAN IP, DDNS host name, etc.
-
If these do not identify the issue, please post:
No
root@OpenWrt /etc/config [#]# fw3 print
Warning: Unable to locate ipset utility, disabling ipset support
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD DROP
iptables -t filter -N delegate_input
iptables -t filter -N delegate_output
iptables -t filter -N delegate_forward
iptables -t filter -N reject
iptables -t filter -N input_rule
iptables -t filter -N output_rule
iptables -t filter -N forwarding_rule
iptables -t filter -N syn_flood
iptables -t filter -N zone_lan_input
iptables -t filter -N zone_lan_output
iptables -t filter -N zone_lan_forward
iptables -t filter -N zone_lan_src_ACCEPT
iptables -t filter -N zone_lan_dest_ACCEPT
iptables -t filter -N input_lan_rule
iptables -t filter -N output_lan_rule
iptables -t filter -N forwarding_lan_rule
iptables -t filter -A zone_lan_input -m comment --comment "user chain for input" -j input_lan_rule
iptables -t filter -A zone_lan_output -m comment --comment "user chain for output" -j output_lan_rule
iptables -t filter -A zone_lan_forward -m comment --comment "user chain for forwarding" -j forwarding_lan_rule
iptables -t filter -N zone_wan_input
iptables -t filter -N zone_wan_output
iptables -t filter -N zone_wan_forward
iptables -t filter -N zone_wan_src_REJECT
iptables -t filter -N zone_wan_dest_ACCEPT
iptables -t filter -N zone_wan_dest_REJECT
iptables -t filter -N input_wan_rule
iptables -t filter -N output_wan_rule
iptables -t filter -N forwarding_wan_rule
iptables -t filter -A zone_wan_input -m comment --comment "user chain for input" -j input_wan_rule
iptables -t filter -A zone_wan_output -m comment --comment "user chain for output" -j output_wan_rule
iptables -t filter -A zone_wan_forward -m comment --comment "user chain for forwarding" -j forwarding_wan_rule
iptables -t filter -N zone_vpn_input
iptables -t filter -N zone_vpn_output
iptables -t filter -N zone_vpn_forward
iptables -t filter -N zone_vpn_src_ACCEPT
iptables -t filter -N zone_vpn_dest_ACCEPT
iptables -t filter -N zone_vpn_dest_REJECT
iptables -t filter -N input_vpn_rule
iptables -t filter -N output_vpn_rule
iptables -t filter -N forwarding_vpn_rule
iptables -t filter -A zone_vpn_input -m comment --comment "user chain for input" -j input_vpn_rule
iptables -t filter -A zone_vpn_output -m comment --comment "user chain for output" -j output_vpn_rule
iptables -t filter -A zone_vpn_forward -m comment --comment "user chain for forwarding" -j forwarding_vpn_rule
iptables -t filter -D INPUT -j delegate_input
iptables -t filter -A INPUT -j delegate_input
iptables -t filter -D OUTPUT -j delegate_output
iptables -t filter -A OUTPUT -j delegate_output
iptables -t filter -D FORWARD -j delegate_forward
iptables -t filter -A FORWARD -j delegate_forward
iptables -t filter -A delegate_input -i lo -j ACCEPT
iptables -t filter -A delegate_output -o lo -j ACCEPT
iptables -t filter -A delegate_input -m comment --comment "user chain for input" -j input_rule
iptables -t filter -A delegate_output -m comment --comment "user chain for output" -j output_rule
iptables -t filter -A delegate_forward -m comment --comment "user chain for forwarding" -j forwarding_rule
iptables -t filter -A delegate_input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A delegate_output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A delegate_forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -j RETURN
iptables -t filter -A syn_flood -j DROP
iptables -t filter -A delegate_input -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn_flood
iptables -t filter -A reject -p tcp -j REJECT --reject-with tcp-reset
iptables -t filter -A reject -j REJECT --reject-with icmp-port-unreachable
iptables -t filter -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment Allow-DHCP-Renew -j ACCEPT
iptables -t filter -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment Allow-Ping -j ACCEPT
iptables -t filter -A zone_wan_input -p 2 -m comment --comment Allow-IGMP -j ACCEPT
iptables -t filter -A zone_wan_forward -p esp -m comment --comment "@rule[7]" -j zone_lan_dest_ACCEPT
iptables -t filter -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "@rule[8]" -j zone_lan_dest_ACCEPT
iptables -t filter -A delegate_input -p udp -m udp --dport 1200 -m comment --comment "@rule[9]" -j ACCEPT
iptables -t filter -A zone_wan_input -p tcp -m comment --comment "@rule[10]" -j ACCEPT
iptables -t filter -A zone_wan_input -p udp -m comment --comment "@rule[10]" -j ACCEPT
iptables -t filter -A zone_wan_input -p tcp -m comment --comment "@rule[11]" -j ACCEPT
iptables -t filter -A zone_wan_input -p udp -m comment --comment "@rule[11]" -j ACCEPT
iptables -t filter -A zone_wan_input -p udp -m udp --dport 1194 -m comment --comment OpenVPN -j ACCEPT
iptables -t filter -A zone_lan_forward -m comment --comment "forwarding lan -> wan" -j zone_wan_dest_ACCEPT
iptables -t filter -A zone_vpn_forward -m comment --comment "forwarding vpn -> lan" -j zone_lan_dest_ACCEPT
iptables -t filter -A zone_lan_forward -m comment --comment "forwarding lan -> vpn" -j zone_vpn_dest_ACCEPT
iptables -t filter -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
iptables -t filter -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
iptables -t filter -A zone_lan_input -j zone_lan_src_ACCEPT
iptables -t filter -A zone_lan_forward -j zone_lan_dest_ACCEPT
iptables -t filter -A zone_lan_output -j zone_lan_dest_ACCEPT
iptables -t filter -D zone_lan_src_ACCEPT -i br-lan -j ACCEPT
iptables -t filter -A zone_lan_src_ACCEPT -i br-lan -j ACCEPT
iptables -t filter -D zone_lan_dest_ACCEPT -o br-lan -j ACCEPT
iptables -t filter -A zone_lan_dest_ACCEPT -o br-lan -j ACCEPT
iptables -t filter -D delegate_input -i br-lan -j zone_lan_input
iptables -t filter -A delegate_input -i br-lan -j zone_lan_input
iptables -t filter -D delegate_output -o br-lan -j zone_lan_output
iptables -t filter -A delegate_output -o br-lan -j zone_lan_output
iptables -t filter -D delegate_forward -i br-lan -j zone_lan_forward
iptables -t filter -A delegate_forward -i br-lan -j zone_lan_forward
iptables -t filter -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
iptables -t filter -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
iptables -t filter -A zone_wan_input -j zone_wan_src_REJECT
iptables -t filter -A zone_wan_forward -j zone_wan_dest_REJECT
iptables -t filter -A zone_wan_output -j zone_wan_dest_ACCEPT
iptables -t filter -D zone_wan_dest_ACCEPT -o pppoe-wan -j ACCEPT
iptables -t filter -A zone_wan_dest_ACCEPT -o pppoe-wan -j ACCEPT
iptables -t filter -D zone_wan_src_REJECT -i pppoe-wan -j reject
iptables -t filter -A zone_wan_src_REJECT -i pppoe-wan -j reject
iptables -t filter -D zone_wan_dest_REJECT -o pppoe-wan -j reject
iptables -t filter -A zone_wan_dest_REJECT -o pppoe-wan -j reject
iptables -t filter -D delegate_input -i pppoe-wan -j zone_wan_input
iptables -t filter -A delegate_input -i pppoe-wan -j zone_wan_input
iptables -t filter -D delegate_output -o pppoe-wan -j zone_wan_output
iptables -t filter -A delegate_output -o pppoe-wan -j zone_wan_output
iptables -t filter -D delegate_forward -i pppoe-wan -j zone_wan_forward
iptables -t filter -A delegate_forward -i pppoe-wan -j zone_wan_forward
iptables -t filter -D zone_wan_dest_ACCEPT -o eth0 -j ACCEPT
iptables -t filter -A zone_wan_dest_ACCEPT -o eth0 -j ACCEPT
iptables -t filter -D zone_wan_src_REJECT -i eth0 -j reject
iptables -t filter -A zone_wan_src_REJECT -i eth0 -j reject
iptables -t filter -D zone_wan_dest_REJECT -o eth0 -j reject
iptables -t filter -A zone_wan_dest_REJECT -o eth0 -j reject
iptables -t filter -D delegate_input -i eth0 -j zone_wan_input
iptables -t filter -A delegate_input -i eth0 -j zone_wan_input
iptables -t filter -D delegate_output -o eth0 -j zone_wan_output
iptables -t filter -A delegate_output -o eth0 -j zone_wan_output
iptables -t filter -D delegate_forward -i eth0 -j zone_wan_forward
iptables -t filter -A delegate_forward -i eth0 -j zone_wan_forward
iptables -t filter -A zone_vpn_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
iptables -t filter -A zone_vpn_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
iptables -t filter -A zone_vpn_input -j zone_vpn_src_ACCEPT
iptables -t filter -A zone_vpn_forward -j zone_vpn_dest_REJECT
iptables -t filter -A zone_vpn_output -j zone_vpn_dest_ACCEPT
iptables -t filter -D zone_vpn_src_ACCEPT -i tun0 -j ACCEPT
iptables -t filter -A zone_vpn_src_ACCEPT -i tun0 -j ACCEPT
iptables -t filter -D zone_vpn_dest_ACCEPT -o tun0 -j ACCEPT
iptables -t filter -A zone_vpn_dest_ACCEPT -o tun0 -j ACCEPT
iptables -t filter -D zone_vpn_dest_REJECT -o tun0 -j reject
iptables -t filter -A zone_vpn_dest_REJECT -o tun0 -j reject
iptables -t filter -D delegate_input -i tun0 -j zone_vpn_input
iptables -t filter -A delegate_input -i tun0 -j zone_vpn_input
iptables -t filter -D delegate_output -o tun0 -j zone_vpn_output
iptables -t filter -A delegate_output -o tun0 -j zone_vpn_output
iptables -t filter -D delegate_forward -i tun0 -j zone_vpn_forward
iptables -t filter -A delegate_forward -i tun0 -j zone_vpn_forward
iptables -t filter -A delegate_forward -j reject
iptables -t nat -N delegate_prerouting
iptables -t nat -N delegate_postrouting
iptables -t nat -N prerouting_rule
iptables -t nat -N postrouting_rule
iptables -t nat -N zone_lan_postrouting
iptables -t nat -N zone_lan_prerouting
iptables -t nat -N prerouting_lan_rule
iptables -t nat -N postrouting_lan_rule
iptables -t nat -A zone_lan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_lan_rule
iptables -t nat -A zone_lan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_lan_rule
iptables -t nat -N zone_wan_postrouting
iptables -t nat -N zone_wan_prerouting
iptables -t nat -N prerouting_wan_rule
iptables -t nat -N postrouting_wan_rule
iptables -t nat -A zone_wan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_wan_rule
iptables -t nat -A zone_wan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_wan_rule
iptables -t nat -N zone_vpn_postrouting
iptables -t nat -N zone_vpn_prerouting
iptables -t nat -N prerouting_vpn_rule
iptables -t nat -N postrouting_vpn_rule
iptables -t nat -A zone_vpn_prerouting -m comment --comment "user chain for prerouting" -j prerouting_vpn_rule
iptables -t nat -A zone_vpn_postrouting -m comment --comment "user chain for postrouting" -j postrouting_vpn_rule
iptables -t nat -D PREROUTING -j delegate_prerouting
iptables -t nat -A PREROUTING -j delegate_prerouting
iptables -t nat -D POSTROUTING -j delegate_postrouting
iptables -t nat -A POSTROUTING -j delegate_postrouting
iptables -t nat -A delegate_prerouting -m comment --comment "user chain for prerouting" -j prerouting_rule
iptables -t nat -A delegate_postrouting -m comment --comment "user chain for postrouting" -j postrouting_rule
iptables -t nat -A zone_wan_prerouting -p tcp -m tcp --dport 443 -m comment --comment odoo -j DNAT --to-destination 10.66.0.250:443
iptables -t nat -A zone_wan_prerouting -p udp -m udp --dport 443 -m comment --comment odoo -j DNAT --to-destination 10.66.0.250:443
iptables -t nat -D zone_lan_prerouting -p tcp -s 10.66.0.0/255.255.255.0 -d WAN_IP_OPENWRT/255.255.255.255 -m tcp --dport 443 -m comment --comment "odoo (reflection)" -j DNAT --to-destination 10.66.0.250:443
iptables -t nat -A zone_lan_prerouting -p tcp -s 10.66.0.0/255.255.255.0 -d WAN_IP_OPENWRT/255.255.255.255 -m tcp --dport 443 -m comment --comment "odoo (reflection)" -j DNAT --to-destination 10.66.0.250:443
iptables -t nat -D zone_lan_postrouting -p tcp -s 10.66.0.0/255.255.255.0 -d 10.66.0.250/255.255.255.255 -m tcp --dport 443 -m comment --comment "odoo (reflection)" -j SNAT --to-source 10.66.0.1
iptables -t nat -A zone_lan_postrouting -p tcp -s 10.66.0.0/255.255.255.0 -d 10.66.0.250/255.255.255.255 -m tcp --dport 443 -m comment --comment "odoo (reflection)" -j SNAT --to-source 10.66.0.1
iptables -t nat -D zone_lan_prerouting -p udp -s 10.66.0.0/255.255.255.0 -d WAN_IP_OPENWRT/255.255.255.255 -m udp --dport 443 -m comment --comment "odoo (reflection)" -j DNAT --to-destination 10.66.0.250:443
iptables -t nat -A zone_lan_prerouting -p udp -s 10.66.0.0/255.255.255.0 -d WAN_IP_OPENWRT/255.255.255.255 -m udp --dport 443 -m comment --comment "odoo (reflection)" -j DNAT --to-destination 10.66.0.250:443
iptables -t nat -D zone_lan_postrouting -p udp -s 10.66.0.0/255.255.255.0 -d 10.66.0.250/255.255.255.255 -m udp --dport 443 -m comment --comment "odoo (reflection)" -j SNAT --to-source 10.66.0.1
iptables -t nat -A zone_lan_postrouting -p udp -s 10.66.0.0/255.255.255.0 -d 10.66.0.250/255.255.255.255 -m udp --dport 443 -m comment --comment "odoo (reflection)" -j SNAT --to-source 10.66.0.1
iptables -t nat -A zone_wan_prerouting -p udp -m udp --dport 1194 -m comment --comment "FreePBX VPN Server" -j DNAT --to-destination 10.66.0.2:1194
iptables -t nat -D zone_lan_prerouting -p udp -s 10.66.0.0/255.255.255.0 -d WAN_IP_OPENWRT/255.255.255.255 -m udp --dport 1194 -m comment --comment "FreePBX VPN Server (reflection)" -j DNAT --to-destination 10.66.0.2:1194
iptables -t nat -A zone_lan_prerouting -p udp -s 10.66.0.0/255.255.255.0 -d WAN_IP_OPENWRT/255.255.255.255 -m udp --dport 1194 -m comment --comment "FreePBX VPN Server (reflection)" -j DNAT --to-destination 10.66.0.2:1194
iptables -t nat -D zone_lan_postrouting -p udp -s 10.66.0.0/255.255.255.0 -d 10.66.0.2/255.255.255.255 -m udp --dport 1194 -m comment --comment "FreePBX VPN Server (reflection)" -j SNAT --to-source 10.66.0.1
iptables -t nat -A zone_lan_postrouting -p udp -s 10.66.0.0/255.255.255.0 -d 10.66.0.2/255.255.255.255 -m udp --dport 1194 -m comment --comment "FreePBX VPN Server (reflection)" -j SNAT --to-source 10.66.0.1
iptables -t nat -D delegate_prerouting -i br-lan -j zone_lan_prerouting
iptables -t nat -A delegate_prerouting -i br-lan -j zone_lan_prerouting
iptables -t nat -D delegate_postrouting -o br-lan -j zone_lan_postrouting
iptables -t nat -A delegate_postrouting -o br-lan -j zone_lan_postrouting
iptables -t nat -A zone_wan_postrouting -j MASQUERADE
iptables -t nat -D delegate_prerouting -i pppoe-wan -j zone_wan_prerouting
iptables -t nat -A delegate_prerouting -i pppoe-wan -j zone_wan_prerouting
iptables -t nat -D delegate_postrouting -o pppoe-wan -j zone_wan_postrouting
iptables -t nat -A delegate_postrouting -o pppoe-wan -j zone_wan_postrouting
iptables -t nat -D delegate_prerouting -i eth0 -j zone_wan_prerouting
iptables -t nat -A delegate_prerouting -i eth0 -j zone_wan_prerouting
iptables -t nat -D delegate_postrouting -o eth0 -j zone_wan_postrouting
iptables -t nat -A delegate_postrouting -o eth0 -j zone_wan_postrouting
iptables -t nat -A zone_vpn_postrouting -j MASQUERADE
iptables -t nat -D delegate_prerouting -i tun0 -j zone_vpn_prerouting
iptables -t nat -A delegate_prerouting -i tun0 -j zone_vpn_prerouting
iptables -t nat -D delegate_postrouting -o tun0 -j zone_vpn_postrouting
iptables -t nat -A delegate_postrouting -o tun0 -j zone_vpn_postrouting
iptables -t mangle -N mssfix
iptables -t mangle -N fwmark
iptables -t mangle -D FORWARD -j mssfix
iptables -t mangle -A FORWARD -j mssfix
iptables -t mangle -D PREROUTING -j fwmark
iptables -t mangle -A PREROUTING -j fwmark
iptables -t mangle -D mssfix -p tcp -o pppoe-wan -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
iptables -t mangle -A mssfix -p tcp -o pppoe-wan -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
iptables -t mangle -D mssfix -p tcp -o eth0 -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
iptables -t mangle -A mssfix -p tcp -o eth0 -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
iptables -t raw -N delegate_notrack
iptables -t raw -D PREROUTING -j delegate_notrack
iptables -t raw -A PREROUTING -j delegate_notrack
It appears the port forward rule is installed fine then. Not sure what the problem is in the end. Can you try to connect with a desktop openvpn client to port 1194?
I forget to say that on the openwrt Main Router there is also an openVPN server running and listening on port 1200.
I change the port 1194 to 1200 so I can make a redirect rule for 1194 port for the IP Phone VPN client to get the VPN server on the Freepbx server
May be this information could change the way you read the log.
_
Without performing the steps, and posting the information requested, in my previous post, there is no way to help you.
I was wondering where I should put this. Cannot find this statement in server.conf on google.
but I find some log:
tail /var/log/messages on the freepbx server said:
tail -f /var/log/messages
Jan 13 03:27:50 localhost openvpn[6538]: UDPv4 link local (bound): [undef]
Jan 13 03:27:50 localhost openvpn[6538]: UDPv4 link remote: [undef]
Jan 13 03:27:50 localhost openvpn[6538]: MULTI: multi_init called, r=256 v=256
Jan 13 03:27:50 localhost openvpn[6538]: IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Jan 13 03:27:50 localhost openvpn[6538]: IFCONFIG POOL LIST
Jan 13 03:27:50 localhost openvpn[6538]: Initialization Sequence Completed
Jan 13 03:27:52 localhost ntpd[1651]: Listen normally on 9 tun0 10.8.0.1 UDP 123
Jan 13 03:27:52 localhost ntpd[1651]: peers refreshed
Jan 13 03:29:33 localhost ntpd[1651]: 0.0.0.0 c612 02 freq_set kernel -17.824 PPM
Jan 13 03:29:33 localhost ntpd[1651]: 0.0.0.0 c615 05 clock_sync
Jan 13 03:32:27 localhost openvpn[6538]: :33032 TLS: Initial packet from [AF_INET]103.17.45.190:33032, sid=5d0e129b 7ada5f29
Jan 13 03:32:29 localhost openvpn[6538]: WAN_REMOTE_PUBLIC_IP:33032 CRL CHECK OK: CN=FreePBX
Jan 13 03:32:29 localhost openvpn[6538]: WAN_REMOTE_PUBLIC_IP:33032 VERIFY OK: depth=1, CN=FreePBX
Jan 13 03:32:29 localhost openvpn[6538]: WAN_REMOTE_PUBLIC_IP:33032 CRL CHECK OK: CN=client0
Jan 13 03:32:29 localhost openvpn[6538]: WAN_REMOTE_PUBLIC_IP:33032 VERIFY OK: depth=0, CN=client0
Jan 13 03:32:29 localhost openvpn[6538]: WAN_REMOTE_PUBLIC_IP:33032 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 13 03:32:29 localhost openvpn[6538]: WAN_REMOTE_PUBLIC_IP:33032 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 13 03:32:29 localhost openvpn[6538]:WAN_REMOTE_PUBLIC_IP:33032 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jan 13 03:32:29 localhost openvpn[6538]: WAN_REMOTE_PUBLIC_IP:33032 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jan 13 03:32:29 localhost openvpn[6538]: WAN_REMOTE_PUBLIC_IP:33032 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Jan 13 03:32:29 localhost openvpn[6538]: WAN_REMOTE_PUBLIC_IP:33032 [client0] Peer Connection Initiated with [AF_INET]103.17.45.190:33032
Jan 13 03:32:29 localhost openvpn[6538]: client0/WAN_REMOTE_PUBLIC_IP:33032 OPTIONS IMPORT: reading client specific options from: ccd/client0
Jan 13 03:32:29 localhost openvpn[6538]: client0/WAN_REMOTE_PUBLIC_IP:33032 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Jan 13 03:32:29 localhost openvpn[6538]: client0/WAN_REMOTE_PUBLIC_IP:33032 MULTI: Learn: 10.8.0.2 -> client0/103.17.45.190:33032
Jan 13 03:32:29 localhost openvpn[6538]: client0/WAN_REMOTE_PUBLIC_IP:33032 MULTI: primary virtual IP for client0/103.17.45.190:33032: 10.8.0.2
Jan 13 03:32:33 localhost openvpn[6538]: client0/WAN_REMOTE_PUBLIC_IP:33032 PUSH: Received control message: 'PUSH_REQUEST'
Jan 13 03:32:33 localhost openvpn[6538]: client0/WAN_REMOTE_PUBLIC_IP:33032 send_push_reply(): safe_cap=940
Jan 13 03:32:33 localhost openvpn[6538]: client0/WAN_REMOTE_PUBLIC_IP:33032 SENT CONTROL [client0]: 'PUSH_REPLY,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1)
cat /etc/openvpn/sysadmin_server1
sysadmin_server1.conf sysadmin_server1.crt sysadmin_server1.key sysadmin_server1-status.log
[root@localhost asterisk]# cat /etc/openvpn/sysadmin_server1-status.log
TITLE OpenVPN 2.3.7 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 9 2015
TIME Sat Jan 13 08:18:07 2018 1515791887
HEADER CLIENT_LIST Common Name Real Address Virtual Address Bytes Received Bytes Sent Connected Since Connected Since (time_t) Username
CLIENT_LIST client0 WAN_REMOTE_PUBLIC_IP:43632 10.8.0.2 15532 15716 Sat Jan 13 07:41:22 2018 1515789682 UNDEF
HEADER ROUTING_TABLE Virtual Address Common Name Real Address Last Ref Last Ref (time_t)
ROUTING_TABLE 10.8.0.2 client0 WAN_REMOTE_PUBLIC_IP:43632 Sat Jan 13 07:41:26 2018 1515789686
GLOBAL_STATS Max bcast/mcast queue length 0
from freepbx i can ping 10.8.0.2 so everything seems to be ok.
sip show peers
Name/username Host Dyn Forcerport Comedia ACL Port Status Description
1/1 10.66.0.180 D No No A 5060 OK (19 ms)
2/2 10.66.0.235 D No No A 5060 OK (22 ms)
3/3 10.66.0.154 D No No A 5060 OK (8 ms)
4/4 10.66.0.152 D No No A 5060 OK (8 ms)
5 (Unspecified) D No No A 0 UNKNOWN
5 is my phone ip is not registered . I think it's a SIP problem.
I try to find other log files.
Thanks for your help.Please edit your post and put everything within proper code boxes, not quote boxes, as it's an illegible mess
- Code boxes:
- Three back ticks on new line, code on next line, finally three more back ticks on a new line
Please also include the sysadmin_server1.conf, as that appears to be your server config.
- The server log location will be referenced in that config, and that is the server log we need to see, as the status log is a different log we don't need for troubleshooting.
You will need to change the server and client verbosity setting to 9 (if the OpenVPN server is not on LEDE, as it appears I misread, the verbosity option would be verb 9, with no option in front of it). The default verbosity of 3 is too low (minimum to troubleshoot is 5)
Is it syntax like markdown?
FREEBPX# cat /etc/openvpn/sysadmin_server1.
sysadmin_server1.conf sysadmin_server1.crt sysadmin_server1.key
[root@localhost asterisk]# cat /etc/openvpn/sysadmin_server1.conf
# Configuration automatically generated via Sysadmin RPM
# MODIFICATIONS TO THIS FILE WILL BE OVERWRITTEN.
# Generated at: Fri, 12 Jan 2018 16:27:48 +0000
port 1194
proto udp
dev tun
topology subnet
ca sysadmin_ca.crt
dh sysadmin_dh.pem
crl-verify sysadmin_crl.pem
cert sysadmin_server1.crt
key sysadmin_server1.key
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
#verb 3
verb 9
client-config-dir ccd
ccd-exclusive
status sysadmin_server1-status.log 10
status-version 3
script-security 2
server 10.8.0.0 255.255.255.0
There is no info on the server log file path.
cat /etc/openvpn/clients/sysadmin_client0.conf
# Configuration automatically generated via Sysadmin RPM
# MODIFICATIONS TO THIS FILE WILL BE OVERWRITTEN.
# Generated at: Fri, 12 Jan 2018 16:27:48 +0000
client
dev tun
proto udp
resolv-retry 60
nobind
persist-key
persist-tun
remote-cert-tls server
ca sysadmin_ca.crt
cert sysadmin_client0.crt
key sysadmin_client0.key
comp-lzo
#verb 3
verb 9
remote goeen.ddns.net 1194
/etc/init.d/openvpn restart
FREEPBX tail -f /var/log/messages
tail -f /var/log/messages
Jan 13 19:39:53 localhost openvpn[32315]: PO_CTL rwflags=0x0000 ev=7 arg=0x0069cf88
Jan 13 19:39:53 localhost openvpn[32315]: I/O WAIT Tr|Tw|Sr|SW [7/154417]
Jan 13 19:39:53 localhost openvpn[32315]: PO_WAIT[0,0] fd=6 rev=0x00000004 rwflags=0x0002 arg=0x0069d0a8
Jan 13 19:39:53 localhost openvpn[32315]: event_wait returned 1
Jan 13 19:39:53 localhost openvpn[32315]: I/O WAIT status=0x0002
Jan 13 19:39:53 localhost openvpn[32315]: client0/WAN_IP_IPPHONE_SUBNET:48835 UDPv4 WRITE [53] to [AF_INET]WAN_IP_IPPHONE_SUBNET:48835: P_DATA_V1 kid=0 DATA 8bacffeb db18fb59 b8bb0506 efa1d974 6f9ea12b 41e3a5a3 d1d81298 5872f75[more...]
Jan 13 19:39:53 localhost openvpn[32315]: client0/WAN_IP_IPPHONE_SUBNET:48835 UDPv4 write returned 53
Jan 13 19:39:53 localhost openvpn[32315]: PO_CTL rwflags=0x0001 ev=6 arg=0x0069d0a8
Jan 13 19:39:53 localhost openvpn[32315]: PO_CTL rwflags=0x0001 ev=7 arg=0x0069cf88
Jan 13 19:39:53 localhost openvpn[32315]: I/O WAIT TR|Tw|SR|Sw [7/154417]
Jan 13 19:39:57 localhost openvpn[32315]: PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x0069d0a8
Jan 13 19:39:57 localhost openvpn[32315]: event_wait returned 1
[...]
Jan 13 19:40:03 localhost openvpn[32315]: MULTI: REAP range 176 -> 192
Jan 13 19:40:03 localhost openvpn[32315]: client0/WAN_IP_IPPHONE_SUBNET:48835 TLS: tls_pre_encrypt: key_id=0
Jan 13 19:40:03 localhost openvpn[32315]: client0/WAN_IP_IPPHONE_SUBNET:48835 ENCRYPT IV: f3f9dc32 d3c32c62
Jan 13 19:40:03 localhost openvpn[32315]: client0/WAN_IP_IPPHONE_SUBNET:48835 ENCRYPT FROM: 00000038 fa2a187b f3641eb4 cb07ed2d 0a981fc7 48
Jan 13 19:40:03 localhost openvpn[32315]: client0/WAN_IP_IPPHONE_SUBNET:48835 ENCRYPT TO: f3f9dc32 d3c32c62 44380f1f 51c5a850 34694b21 2a458662 c73ec435 191901cf
Jan 13 19:40:03 localhost openvpn[32315]: client0/WAN_IP_IPPHONE_SUBNET:48835 SENT PING
Jan 13 19:40:03 localhost openvpn[32315]: client0/WAN_IP_IPPHONE_SUBNET:48835 TIMER: coarse timer wakeup 10 seconds
Jan 13 19:40:03 localhost openvpn[32315]: client0/WAN_IP_IPPHONE_SUBNET:48835 RANDOM USEC=144132
Jan 13 19:40:03 localhost openvpn[32315]: client0/WAN_IP_IPPHONE_SUBNET:48835 SCHEDULE: schedule_add_modify wakeup=[Sat Jan 13 19:40:14 2018 us=95269] pri=1350140420
Jan 13 19:40:03 localhost openvpn[32315]: SCHEDULE: schedule_find_least wakeup=[Sat Jan 13 19:40:14 2018 us=95269] pri=1959752348
Jan 13 19:40:03 localhost openvpn[32315]: PO_CTL rwflags=0x0002 ev=6 arg=0x0069d0a8
Jan 13 19:40:03 localhost openvpn[32315]: PO_CTL rwflags=0x0000 ev=7 arg=0x0069cf88
Jan 13 19:40:03 localhost openvpn[32315]: I/O WAIT Tr|Tw|Sr|SW [10/0]
Jan 13 19:40:03 localhost openvpn[32315]: PO_WAIT[0,0] fd=6 rev=0x00000004 rwflags=0x0002 arg=0x0069d0a8
Jan 13 19:40:03 localhost openvpn[32315]: event_wait returned 1
Jan 13 19:40:03 localhost openvpn[32315]: I/O WAIT status=0x0002
Jan 13 19:40:03 localhost openvpn[32315]: client0/WAN_IP_IPPHONE_SUBNET:48835 UDPv4 WRITE [53] to [AF_INET]WAN_IP_IPPHONE_SUBNET:48835: P_DATA_V1 kid=0 DATA e5dadb2e 3977869d 4187b703 4936b3d2 2661bf06 f3f9dc32 d3c32c62 44380f1[more...]
Jan 13 19:40:03 localhost openvpn[32315]: client0/WAN_IP_IPPHONE_SUBNET:48835 UDPv4 write returned 53
Jan 13 19:40:03 localhost openvpn[32315]: PO_CTL rwflags=0x0001 ev=6 arg=0x0069d0a8
Jan 13 19:40:03 localhost openvpn[32315]: PO_CTL rwflags=0x0001 ev=7 arg=0x0069cf88
Jan 13 19:40:03 localhost openvpn[32315]: I/O WAIT TR|Tw|SR|Sw [10/0]
Jan 13 19:40:08 localhost openvpn[32315]: PO_WAIT[0,0] fd=6 rev=0x00000001 rwflags=0x0001 arg=0x0069d0a8
Jan 13 19:40:08 localhost openvpn[32315]: event_wait returned 1
Jan 13 19:40:08 localhost openvpn[32315]: I/O WAIT status=0x0001
Jan 13 19:40:08 localhost openvpn[32315]: MULTI: REAP range 192 -> 208
Jan 13 19:40:08 localhost openvpn[32315]: UDPv4 read returned 53
Jan 13 19:40:08 localhost openvpn[32315]: GET INST BY REAL: WAN_IP_IPPHONE_SUBNET:48835 [succeeded]
Jan 13 19:40:08 localhost openvpn[32315]: client0/WAN_IP_IPPHONE_SUBNET:48835 UDPv4 READ [53] from [AF_INET]WAN_IP_IPPHONE_SUBNET:48835: P_DATA_V1 kid=0 DATA f42e5df4 a79d67fb 10992684 b2483b87 e284d083 f4167c34 7862296a c1550c2[more...]
Jan 13 19:40:08 localhost openvpn[32315]: client0/WAN_IP_IPPHONE_SUBNET:48835 TLS: tls_pre_decrypt, key_id=0, IP=[AF_INET]WAN_IP_IPPHONE_SUBNET:48835
Jan 13 19:40:08 localhost openvpn[32315]: client0/WAN_IP_IPPHONE_SUBNET:48835 DECRYPT IV: f4167c34 7862296a
Jan 13 19:40:08 localhost openvpn[32315]: client0/WAN_IP_IPPHONE_SUBNET:48835 DECRYPT TO: 00000038 fa2a187b f3641eb4 cb07ed2d 0a981fc7 48
Jan 13 19:40:08 localhost openvpn[32315]: client0/WAN_IP_IPPHONE_SUBNET:48835 PID_TEST [0] [SSL-0] [>EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE] 0:55 0:56 t=1515832808[0] r=[0,64,15,0,1] sl=[9,55,64,528]
Jan 13 19:40:08 localhost openvpn[32315]: client0/WAN_IP_IPPHONE_SUBNET:48835 RECEIVED PING PACKET
Jan 13 19:40:08 localhost openvpn[32315]: PO_CTL rwflags=0x0001 ev=6 arg=0x0069d0a8
Jan 13 19:40:08 localhost openvpn[32315]: PO_CTL rwflags=0x0001 ev=7 arg=0x0069cf88
Jan 13 19:40:08 localhost openvpn[32315]: I/O WAIT TR|Tw|SR|Sw [5/95556]
FREEPBX ping 10.8.0.2 is OK.
I think the VPN is ok. It's aSIP problem maybe.
sip show peers
Name/username Host Dyn Forcerport Comedia ACL Port Status Description
1/1 10.66.0.180 D No No A 5060 OK (17 ms)
2/2 10.66.0.235 D No No A 5060 OK (21 ms)
3/3 10.66.0.154 D No No A 5060 OK (16 ms)
4/4 10.66.0.152 D No No A 5060 OK (15 ms)
5 (Unspecified) D No No A 0 UNKNOWN
5 is my remote IP phone
Again, please change client and server configs to proto tcp
-
Logging:
- For the server config, add
log /var/openvpn.log - For the client config, add the same, however depending on it's filesystem, it may need to be changed to
/tmp/openvpn.log
- For the server config, add
-
The reason why the logging for OpenVPN is required is it will show precisely what is occurring when the SIP Phone (VPN Client) tries to access the tunnel.
Please go through my previous post and post ALL the requested information, and make ALL the requested changes...
- Before doing this, since you don't have CCD properly configured, remove it from your server config, restart the server, and see if that solves the issue.
- Remove:
client-config-dir ccd&ccd-exclusive
- Remove:
Where should I put this ?
I misread your original post, so that won't apply since I thought you were running the VPN server on the LEDE router.
- However, the iptables rules would allow logging. What's most important at this point is removing the CCD directives and posting the VPN server and client logs with the new verbosity level
OK
My config:
My config:
-the what I call the LAN subnet:
Main router TPLINK OpenWrt Chaos Calmer 15.05
Switch Cisco L3
VPN server on the openwrt (10.10.0.0 subnet port 1200)
AND VPN server on the Freepbx server (10.8.0.0 subnet port 1194)
Current Asterisk Version: 11.23.0
Freepbx FreePBX 13.0.192.19
A firewall rule on the openwrt main router redirect port 1194 to LAN subnet IP of freepbx server for openvpn server on freepbx..
-and a REMOTE subnet where I try to install a S700 sangoma ip phone.
from the REMOTE subnet I can ping any server in the LAN subnet by the openvpn server on the Main Router openvpn server on the LAN.
None of that is useful, and since I no longer have the patience to ask for a fourth time for what you need to post, someone else can help you. Best of luck =]
- One cannot help when one refuses to help themselves...
I just repost that because you said you misread my post.
Just for that.
And yes I am running an openvpn server on the lede main router and
an other one on the freepbx server with different port.
And I really thank you for the time you spent helping me.
Then where are the logs and configs? This will be my last post, but you need to realize none of us have access to your systems and the only way anyone can determine where the issue is at is by viewing the all the logs and the relevant configs.
When users are trying to help you by requesting configs and logs that are necessary to troubleshoot and you repeatedly ignore what needs to be shared, why should one take the time to help you?
- It's entirely possible all the logs and configs I requested may not be necessary (same goes for the high verbosity), however, in order to make it more convenient for you, I requested all at once so you don't have to be repeatedly posting new information that may be needed.
You know what's needed to be shared because I asked for it in posts #9, #15, #17, #20... perhaps someone else will have more patience than I. Best of luck =]
With proto UDP.
On The FREEPBX server . Restarting the server VPN
Jan 15 20:54:11 localhost openvpn[28414]: event_wait : Interrupted system call (code=4)
Jan 15 20:54:11 localhost openvpn[28414]: Closing TUN/TAP interface
Jan 15 20:54:11 localhost openvpn[28414]: /sbin/ip addr del dev tun0 10.8.0.1/24
Jan 15 20:54:11 localhost openvpn[28414]: SIGTERM[hard,] received, process exiting
Jan 15 20:54:13 localhost ntpd[1651]: Deleting interface #18 tun0, 10.8.0.1#123, interface stats: received=0, sent=0, dropped=0, active_time=6157 secs
Jan 15 20:54:13 localhost ntpd[1651]: peers refreshed
Jan 15 20:54:15 localhost php: /sbin/ip6tables -D fpbxinterfaces 4
Jan 15 20:54:15 localhost php: /sbin/iptables -D fpbxinterfaces 4
Jan 15 20:54:39 localhost openvpn[5373]: OpenVPN 2.3.7 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 9 2015
Jan 15 20:54:39 localhost openvpn[5373]: library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.03
Jan 15 20:54:39 localhost openvpn[5374]: Diffie-Hellman initialized with 2048 bit key
Jan 15 20:54:39 localhost openvpn[5374]: Socket Buffers: R=[124928->131072] S=[124928->131072]
Jan 15 20:54:39 localhost kernel: tun0: Disabled Privacy Extensions
Jan 15 20:54:39 localhost openvpn[5374]: TUN/TAP device tun0 opened
Jan 15 20:54:39 localhost openvpn[5374]: TUN/TAP TX queue length set to 100
Jan 15 20:54:39 localhost openvpn[5374]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Jan 15 20:54:39 localhost openvpn[5374]: /sbin/ip link set dev tun0 up mtu 1500
Jan 15 20:54:39 localhost openvpn[5374]: /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Jan 15 20:54:39 localhost openvpn[5374]: UDPv4 link local (bound): [undef]
Jan 15 20:54:39 localhost openvpn[5374]: UDPv4 link remote: [undef]
Jan 15 20:54:39 localhost openvpn[5374]: MULTI: multi_init called, r=256 v=256
Jan 15 20:54:39 localhost openvpn[5374]: IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Jan 15 20:54:39 localhost openvpn[5374]: ifconfig_pool_read(), in='client0,10.8.0.2', TODO: IPv6
Jan 15 20:54:39 localhost openvpn[5374]: succeeded -> ifconfig_pool_set()
Jan 15 20:54:39 localhost openvpn[5374]: IFCONFIG POOL LIST
Jan 15 20:54:39 localhost openvpn[5374]: client0,10.8.0.2
Jan 15 20:54:39 localhost openvpn[5374]: Initialization Sequence Completed
Jan 15 20:54:41 localhost ntpd[1651]: Listen normally on 19 tun0 10.8.0.1 UDP 123
Jan 15 20:54:41 localhost ntpd[1651]: peers refreshed
Jan 15 20:54:50 localhost php: /sbin/ip6tables -A fpbxinterfaces -i tun0 -j zone-internal
Jan 15 20:54:50 localhost php: /sbin/iptables -A fpbxinterfaces -i tun0 -j zone-internal
cat /etc/openvpn/sysadmin_server1-status.log
TITLE OpenVPN 2.3.7 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 9 2015
TIME Mon Jan 15 20:57:57 2018 1516010277
HEADER CLIENT_LIST Common Name Real Address Virtual Address Bytes Received Bytes Sent Connected Since Connected Since (time_t) Username
CLIENT_LIST client0 IP_PUBLIC_REMOTE_SUBNET:46071 10.8.0.2 4508 4639 Mon Jan 15 20:56:11 2018 1516010171 UNDEF
HEADER ROUTING_TABLE Virtual Address Common Name Real Address Last Ref Last Ref (time_t)
ROUTING_TABLE 10.8.0.2 client0 IP_PUBLIC_REMOTE_SUBNET:46071 Mon Jan 15 20:56:14 2018 1516010174
GLOBAL_STATS Max bcast/mcast queue length 0
Freepbx : ping 10.8.0.2 is ok
# ip addr show
[...]
18: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
link/[65534]
inet 10.8.0.1/24 brd 10.8.0.255 scope global tun0with proto tcp.
freepbx cat /var/log/messages :
Jan 15 22:13:32 localhost openvpn[12585]: Current Parameter Settings:
Jan 15 22:13:32 localhost openvpn[12585]: config = 'sysadmin_server1.conf'
Jan 15 22:13:32 localhost openvpn[12585]: mode = 1
Jan 15 22:13:32 localhost openvpn[12585]: persist_config = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: persist_mode = 1
Jan 15 22:13:32 localhost openvpn[12585]: show_ciphers = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: show_digests = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: show_engines = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: genkey = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: key_pass_file = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: show_tls_ciphers = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: Connection profiles [default]:
Jan 15 22:13:32 localhost openvpn[12585]: proto = tcp-server
Jan 15 22:13:32 localhost openvpn[12585]: local = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: local_port = 1194
Jan 15 22:13:32 localhost openvpn[12585]: remote = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: remote_port = 1194
Jan 15 22:13:32 localhost openvpn[12585]: remote_float = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: bind_defined = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: bind_local = ENABLED
Jan 15 22:13:32 localhost openvpn[12585]: connect_retry_seconds = 5
Jan 15 22:13:32 localhost openvpn[12585]: connect_timeout = 10
Jan 15 22:13:32 localhost openvpn[12585]: connect_retry_max = 0
Jan 15 22:13:32 localhost openvpn[12585]: socks_proxy_server = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: socks_proxy_port = 0
Jan 15 22:13:32 localhost openvpn[12585]: socks_proxy_retry = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: tun_mtu = 1500
Jan 15 22:13:32 localhost openvpn[12585]: tun_mtu_defined = ENABLED
Jan 15 22:13:32 localhost openvpn[12585]: link_mtu = 1500
Jan 15 22:13:32 localhost openvpn[12585]: link_mtu_defined = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: tun_mtu_extra = 0
Jan 15 22:13:32 localhost openvpn[12585]: tun_mtu_extra_defined = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: mtu_discover_type = -1
Jan 15 22:13:32 localhost openvpn[12585]: fragment = 0
Jan 15 22:13:32 localhost openvpn[12585]: mssfix = 1450
Jan 15 22:13:32 localhost openvpn[12585]: explicit_exit_notification = 0
Jan 15 22:13:32 localhost openvpn[12585]: Connection profiles END
Jan 15 22:13:32 localhost openvpn[12585]: remote_random = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: ipchange = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: dev = 'tun'
Jan 15 22:13:32 localhost openvpn[12585]: dev_type = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: dev_node = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: lladdr = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: topology = 3
Jan 15 22:13:32 localhost openvpn[12585]: tun_ipv6 = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: ifconfig_local = '10.8.0.1'
Jan 15 22:13:32 localhost openvpn[12585]: ifconfig_remote_netmask = '255.255.255.0'
Jan 15 22:13:32 localhost openvpn[12585]: ifconfig_noexec = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: ifconfig_nowarn = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: ifconfig_ipv6_local = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: ifconfig_ipv6_netbits = 0
Jan 15 22:13:32 localhost openvpn[12585]: ifconfig_ipv6_remote = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: shaper = 0
Jan 15 22:13:32 localhost openvpn[12585]: mtu_test = 0
Jan 15 22:13:32 localhost openvpn[12585]: mlock = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: keepalive_ping = 10
Jan 15 22:13:32 localhost openvpn[12585]: keepalive_timeout = 120
Jan 15 22:13:32 localhost openvpn[12585]: inactivity_timeout = 0
Jan 15 22:13:32 localhost openvpn[12585]: ping_send_timeout = 10
Jan 15 22:13:32 localhost openvpn[12585]: ping_rec_timeout = 240
Jan 15 22:13:32 localhost openvpn[12585]: ping_rec_timeout_action = 2
Jan 15 22:13:32 localhost openvpn[12585]: ping_timer_remote = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: remap_sigusr1 = 0
Jan 15 22:13:32 localhost openvpn[12585]: persist_tun = ENABLED
Jan 15 22:13:32 localhost openvpn[12585]: persist_local_ip = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: persist_remote_ip = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: persist_key = ENABLED
Jan 15 22:13:32 localhost openvpn[12585]: passtos = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: resolve_retry_seconds = 1000000000
Jan 15 22:13:32 localhost openvpn[12585]: username = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: groupname = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: chroot_dir = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: cd_dir = '/etc/openvpn'
Jan 15 22:13:32 localhost openvpn[12585]: writepid = '/var/run/openvpn/sysadmin_server1.pid'
Jan 15 22:13:32 localhost openvpn[12585]: up_script = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: down_script = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: down_pre = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: up_restart = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: up_delay = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: daemon = ENABLED
Jan 15 22:13:32 localhost openvpn[12585]: inetd = 0
Jan 15 22:13:32 localhost openvpn[12585]: log = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: suppress_timestamps = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: nice = 0
Jan 15 22:13:32 localhost openvpn[12585]: verbosity = 9
Jan 15 22:13:32 localhost openvpn[12585]: mute = 0
Jan 15 22:13:32 localhost openvpn[12585]: gremlin = 0
Jan 15 22:13:32 localhost openvpn[12585]: status_file = 'sysadmin_server1-status.log'
Jan 15 22:13:32 localhost openvpn[12585]: status_file_version = 3
Jan 15 22:13:32 localhost openvpn[12585]: status_file_update_freq = 10
Jan 15 22:13:32 localhost openvpn[12585]: occ = ENABLED
Jan 15 22:13:32 localhost openvpn[12585]: rcvbuf = 65536
Jan 15 22:13:32 localhost openvpn[12585]: sndbuf = 65536
Jan 15 22:13:32 localhost openvpn[12585]: mark = 0
Jan 15 22:13:32 localhost openvpn[12585]: sockflags = 0
Jan 15 22:13:32 localhost openvpn[12585]: fast_io = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: lzo = 7
Jan 15 22:13:32 localhost openvpn[12585]: route_script = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: route_default_gateway = '10.8.0.2'
Jan 15 22:13:32 localhost openvpn[12585]: route_default_metric = 0
Jan 15 22:13:32 localhost openvpn[12585]: route_noexec = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: route_delay = 0
Jan 15 22:13:32 localhost openvpn[12585]: route_delay_window = 30
Jan 15 22:13:32 localhost openvpn[12585]: route_delay_defined = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: route_nopull = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: route_gateway_via_dhcp = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: max_routes = 100
Jan 15 22:13:32 localhost openvpn[12585]: allow_pull_fqdn = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: management_addr = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: management_port = 0
Jan 15 22:13:32 localhost openvpn[12585]: management_user_pass = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: management_log_history_cache = 250
Jan 15 22:13:32 localhost openvpn[12585]: management_echo_buffer_size = 100
Jan 15 22:13:32 localhost openvpn[12585]: management_write_peer_info_file = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: management_client_user = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: management_client_group = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: management_flags = 0
Jan 15 22:13:32 localhost openvpn[12585]: shared_secret_file = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: key_direction = 0
Jan 15 22:13:32 localhost openvpn[12585]: ciphername_defined = ENABLED
Jan 15 22:13:32 localhost openvpn[12585]: ciphername = 'BF-CBC'
Jan 15 22:13:32 localhost openvpn[12585]: authname_defined = ENABLED
Jan 15 22:13:32 localhost openvpn[12585]: authname = 'SHA1'
Jan 15 22:13:32 localhost openvpn[12585]: prng_hash = 'SHA1'
Jan 15 22:13:32 localhost openvpn[12585]: prng_nonce_secret_len = 16
Jan 15 22:13:32 localhost openvpn[12585]: keysize = 0
Jan 15 22:13:32 localhost openvpn[12585]: engine = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: replay = ENABLED
Jan 15 22:13:32 localhost openvpn[12585]: mute_replay_warnings = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: replay_window = 64
Jan 15 22:13:32 localhost openvpn[12585]: replay_time = 15
Jan 15 22:13:32 localhost openvpn[12585]: packet_id_file = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: use_iv = ENABLED
Jan 15 22:13:32 localhost openvpn[12585]: test_crypto = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: tls_server = ENABLED
Jan 15 22:13:32 localhost openvpn[12585]: tls_client = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: key_method = 2
Jan 15 22:13:32 localhost openvpn[12585]: ca_file = 'sysadmin_ca.crt'
Jan 15 22:13:32 localhost openvpn[12585]: ca_path = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: dh_file = 'sysadmin_dh.pem'
Jan 15 22:13:32 localhost openvpn[12585]: cert_file = 'sysadmin_server1.crt'
Jan 15 22:13:32 localhost openvpn[12585]: priv_key_file = 'sysadmin_server1.key'
Jan 15 22:13:32 localhost openvpn[12585]: pkcs12_file = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: cipher_list = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: tls_verify = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: tls_export_cert = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: verify_x509_type = 0
Jan 15 22:13:32 localhost openvpn[12585]: verify_x509_name = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: crl_file = 'sysadmin_crl.pem'
Jan 15 22:13:32 localhost openvpn[12585]: ns_cert_type = 0
Jan 15 22:13:32 localhost openvpn[12585]: remote_cert_ku[i] = 0
Jan 15 22:13:32 localhost openvpn[12585]: remote_cert_ku[i] = 0
Jan 15 22:13:32 localhost openvpn[12585]: remote_cert_ku[i] = 0
Jan 15 22:13:32 localhost openvpn[12585]: remote_cert_ku[i] = 0
Jan 15 22:13:32 localhost openvpn[12585]: remote_cert_ku[i] = 0
Jan 15 22:13:32 localhost openvpn[12585]: remote_cert_ku[i] = 0
Jan 15 22:13:32 localhost openvpn[12585]: remote_cert_ku[i] = 0
Jan 15 22:13:32 localhost openvpn[12585]: remote_cert_ku[i] = 0
Jan 15 22:13:32 localhost openvpn[12585]: remote_cert_ku[i] = 0
Jan 15 22:13:32 localhost openvpn[12585]: remote_cert_ku[i] = 0
Jan 15 22:13:32 localhost openvpn[12585]: remote_cert_ku[i] = 0
Jan 15 22:13:32 localhost openvpn[12585]: remote_cert_ku[i] = 0
Jan 15 22:13:32 localhost openvpn[12585]: remote_cert_ku[i] = 0
Jan 15 22:13:32 localhost openvpn[12585]: remote_cert_ku[i] = 0
Jan 15 22:13:32 localhost openvpn[12585]: remote_cert_ku[i] = 0
Jan 15 22:13:32 localhost openvpn[12585]: remote_cert_ku[i] = 0
Jan 15 22:13:32 localhost openvpn[12585]: remote_cert_eku = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: ssl_flags = 0
Jan 15 22:13:32 localhost openvpn[12585]: tls_timeout = 2
Jan 15 22:13:32 localhost openvpn[12585]: renegotiate_bytes = 0
Jan 15 22:13:32 localhost openvpn[12585]: renegotiate_packets = 0
Jan 15 22:13:32 localhost openvpn[12585]: renegotiate_seconds = 3600
Jan 15 22:13:32 localhost openvpn[12585]: handshake_window = 60
Jan 15 22:13:32 localhost openvpn[12585]: transition_window = 3600
Jan 15 22:13:32 localhost openvpn[12585]: single_session = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: push_peer_info = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: tls_exit = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: tls_auth_file = '[UNDEF]'
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_protected_authentication = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_protected_authentication = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_protected_authentication = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_protected_authentication = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_protected_authentication = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_protected_authentication = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_protected_authentication = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_protected_authentication = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_protected_authentication = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_protected_authentication = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_protected_authentication = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_protected_authentication = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_protected_authentication = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_protected_authentication = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_protected_authentication = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_protected_authentication = DISABLED
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_private_mode = 00000000
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_private_mode = 00000000
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_private_mode = 00000000
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_private_mode = 00000000
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_private_mode = 00000000
Jan 15 22:13:32 localhost openvpn[12585]: pkcs11_private_mode = 00000000
Jan 15 22:13:32 localhost rsyslogd-2177: imuxsock begins to drop messages from pid 12585 due to rate-limiting
Jan 15 22:13:32 localhost openvpn[12586]: PKCS#11: pkcs11_initialize - entered
Jan 15 22:13:32 localhost openvpn[12586]: PKCS#11: pkcs11_initialize - return 0-'CKR_OK'
Jan 15 22:13:32 localhost openvpn[12586]: Diffie-Hellman initialized with 2048 bit key
Jan 15 22:13:32 localhost openvpn[12586]: PRNG init md=SHA1 size=36
Jan 15 22:13:32 localhost kernel: tun0: Disabled Privacy Extensions
Jan 15 22:13:32 localhost openvpn[12586]: crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 40 bytes
Jan 15 22:13:32 localhost openvpn[12586]: MTU DYNAMIC mtu=0, flags=1, 0 -> 140
Jan 15 22:13:32 localhost openvpn[12586]: TLS-Auth MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:3 ]
Jan 15 22:13:32 localhost openvpn[12586]: MTU DYNAMIC mtu=1450, flags=2, 1544 -> 1450
Jan 15 22:13:32 localhost openvpn[12586]: Socket Buffers: R=[87380->131072] S=[16384->131072]
Jan 15 22:13:32 localhost openvpn[12586]: TUN/TAP device tun0 opened
Jan 15 22:13:32 localhost openvpn[12586]: TUN/TAP TX queue length set to 100
Jan 15 22:13:32 localhost openvpn[12586]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Jan 15 22:13:32 localhost openvpn[12586]: /sbin/ip link set dev tun0 up mtu 1500
Jan 15 22:13:32 localhost openvpn[12590]: PKCS#11: __pkcs11h_forkFixup entry pid=12590, activate_slotevent=1
Jan 15 22:13:32 localhost openvpn[12590]: PKCS#11: __pkcs11h_forkFixup return
Jan 15 22:13:32 localhost openvpn[12586]: /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Jan 15 22:13:32 localhost openvpn[12592]: PKCS#11: __pkcs11h_forkFixup entry pid=12592, activate_slotevent=1
Jan 15 22:13:32 localhost openvpn[12592]: PKCS#11: __pkcs11h_forkFixup return
Jan 15 22:13:32 localhost openvpn[12586]: Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:143 ET:0 EL:3 AF:3/1 ]
Jan 15 22:13:32 localhost openvpn[12586]: STREAM: RESET
Jan 15 22:13:32 localhost openvpn[12586]: STREAM: INIT maxlen=1547
Jan 15 22:13:32 localhost openvpn[12586]: Listening for incoming TCP connection on [undef]
Jan 15 22:13:32 localhost openvpn[12586]: TCPv4_SERVER link local (bound): [undef]
Jan 15 22:13:32 localhost openvpn[12586]: TCPv4_SERVER link remote: [undef]
Jan 15 22:13:32 localhost openvpn[12586]: MULTI: multi_init called, r=256 v=256
Jan 15 22:13:32 localhost openvpn[12586]: IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Jan 15 22:13:32 localhost openvpn[12586]: ifconfig_pool_read(), in='client0,10.8.0.2', TODO: IPv6
Jan 15 22:13:32 localhost openvpn[12586]: succeeded -> ifconfig_pool_set()
Jan 15 22:13:32 localhost openvpn[12586]: IFCONFIG POOL LIST
Jan 15 22:13:32 localhost openvpn[12586]: client0,10.8.0.2
Jan 15 22:13:32 localhost openvpn[12586]: EP_INIT maxevents=1028 flags=0x00000000
Jan 15 22:13:32 localhost openvpn[12586]: MULTI: TCP INIT maxclients=1024 maxevents=1028
Jan 15 22:13:32 localhost openvpn[12586]: Initialization Sequence Completed
Jan 15 22:13:32 localhost openvpn[12586]: SCHEDULE: schedule_find_least NULL
Jan 15 22:13:32 localhost openvpn[12586]: EP_CTL fd=6 rwflags=0x0001 ev=0x00000001 arg=0x00000001
Jan 15 22:13:32 localhost openvpn[12586]: EP_CTL fd=7 rwflags=0x0001 ev=0x00000001 arg=0x00000002
Jan 15 22:13:34 localhost ntpd[1651]: Listen normally on 23 tun0 10.8.0.1 UDP 123
Jan 15 22:13:34 localhost ntpd[1651]: peers refreshed
Jan 15 22:13:42 localhost openvpn[12586]: MULTI: REAP range 0 -> 16
Jan 15 22:13:42 localhost openvpn[12586]: MULTI TCP: multi_tcp_action a=TA_TIMEOUT p=0
Jan 15 22:13:42 localhost openvpn[12586]: MULTI TCP: multi_tcp_dispatch a=TA_TIMEOUT mi=0x00000000
Jan 15 22:13:42 localhost openvpn[12586]: MULTI TCP: multi_tcp_post TA_TIMEOUT -> TA_UNDEF
Jan 15 22:13:42 localhost openvpn[12586]: SCHEDULE: schedule_find_least NULL
Jan 15 22:13:52 localhost openvpn[12586]: MULTI: REAP range 16 -> 32
Jan 15 22:13:52 localhost openvpn[12586]: MULTI TCP: multi_tcp_action a=TA_TIMEOUT p=0
Jan 15 22:13:52 localhost openvpn[12586]: MULTI TCP: multi_tcp_dispatch a=TA_TIMEOUT mi=0x00000000
Jan 15 22:13:52 localhost openvpn[12586]: MULTI TCP: multi_tcp_post TA_TIMEOUT -> TA_UNDEF
Jan 15 22:13:52 localhost openvpn[12586]: SCHEDULE: schedule_find_least NULL
Jan 15 22:13:56 localhost php: /sbin/ip6tables -A fpbxinterfaces -i tun0 -j zone-internal
Jan 15 22:13:56 localhost php: /sbin/iptables -A fpbxinterfaces -i tun0 -j zone-internal
Jan 15 22:14:02 localhost openvpn[12586]: MULTI: REAP range 32 -> 48
Jan 15 22:14:02 localhost openvpn[12586]: MULTI TCP: multi_tcp_action a=TA_TIMEOUT p=0
Jan 15 22:14:02 localhost openvpn[12586]: MULTI TCP: multi_tcp_dispatch a=TA_TIMEOUT mi=0x00000000
Jan 15 22:14:02 localhost openvpn[12586]: MULTI TCP: multi_tcp_post TA_TIMEOUT -> TA_UNDEF
Jan 15 22:14:02 localhost openvpn[12586]: SCHEDULE: schedule_find_least NULL
Jan 15 22:14:12 localhost openvpn[12586]: MULTI: REAP range 48 -> 64
Jan 15 22:14:12 localhost openvpn[12586]: MULTI TCP: multi_tcp_action a=TA_TIMEOUT p=0
Jan 15 22:14:12 localhost openvpn[12586]: MULTI TCP: multi_tcp_dispatch a=TA_TIMEOUT mi=0x00000000
Jan 15 22:14:12 localhost openvpn[12586]: MULTI TCP: multi_tcp_post TA_TIMEOUT -> TA_UNDEF
Jan 15 22:14:12 localhost openvpn[12586]: SCHEDULE: schedule_find_least NULL
[...]
Jan 15 22:17:28 localhost openvpn[12586]: GET INST BY VIRT: 10.8.0.2 [failed]
Jan 15 22:17:28 localhost openvpn[12586]: MULTI TCP: multi_tcp_post TA_TUN_READ -> TA_UNDEF
Jan 15 22:17:28 localhost openvpn[12586]: SCHEDULE: schedule_find_least NULL
Jan 15 22:17:29 localhost openvpn[12586]: EP_WAIT[0] rwflags=0x0001 ev=0x00000001 arg=0x00000002
Jan 15 22:17:29 localhost openvpn[12586]: MULTI: REAP range 0 -> 16
Jan 15 22:17:29 localhost openvpn[12586]: MULTI TCP: multi_tcp_action a=TA_TUN_READ p=0
Jan 15 22:17:29 localhost openvpn[12586]: MULTI TCP: multi_tcp_dispatch a=TA_TUN_READ mi=0x00000000
Jan 15 22:17:29 localhost openvpn[12586]: read from TUN/TAP returned 84
Jan 15 22:17:29 localhost openvpn[12586]: GET INST BY VIRT: 10.8.0.2 [failed]
Jan 15 22:17:29 localhost openvpn[12586]: MULTI TCP: multi_tcp_post TA_TUN_READ -> TA_UNDEF
Jan 15 22:17:29 localhost openvpn[12586]: SCHEDULE: schedule_find_least NULL
Jan 15 22:17:30 localhost openvpn[12586]: EP_WAIT[0] rwflags=0x0001 ev=0x00000001 arg=0x00000002
Jan 15 22:17:30 localhost openvpn[12586]: MULTI: REAP range 16 -> 32
Jan 15 22:17:30 localhost openvpn[12586]: MULTI TCP: multi_tcp_action a=TA_TUN_READ p=0
Jan 15 22:17:30 localhost openvpn[12586]: MULTI TCP: multi_tcp_dispatch a=TA_TUN_READ mi=0x00000000
Jan 15 22:17:30 localhost openvpn[12586]: read from TUN/TAP returned 84
Jan 15 22:17:30 localhost openvpn[12586]: GET INST BY VIRT: 10.8.0.2 [failed]
Jan 15 22:17:30 localhost openvpn[12586]: MULTI TCP: multi_tcp_post TA_TUN_READ -> TA_UNDEF
Jan 15 22:17:30 localhost openvpn[12586]: SCHEDULE: schedule_find_least NULL
Jan 15 22:17:31 localhost openvpn[12586]: EP_WAIT[0] rwflags=0x0001 ev=0x00000001 arg=0x00000002
Jan 15 22:17:31 localhost openvpn[12586]: MULTI: REAP range 32 -> 48
Jan 15 22:17:31 localhost openvpn[12586]: MULTI TCP: multi_tcp_action a=TA_TUN_READ p=0
Jan 15 22:17:31 localhost openvpn[12586]: MULTI TCP: multi_tcp_dispatch a=TA_TUN_READ mi=0x00000000
Jan 15 22:17:31 localhost openvpn[12586]: read from TUN/TAP returned 84
Jan 15 22:17:31 localhost openvpn[12586]: GET INST BY VIRT: 10.8.0.2 [failed]
Jan 15 22:17:31 localhost openvpn[12586]: MULTI TCP: multi_tcp_post TA_TUN_READ -> TA_UNDEF
Jan 15 22:17:31 localhost openvpn[12586]: SCHEDULE: schedule_find_least NULL
Jan 15 22:17:32 localhost openvpn[12586]: EP_WAIT[0] rwflags=0x0001 ev=0x00000001 arg=0x00000002
Jan 15 22:17:32 localhost openvpn[12586]: MULTI: REAP range 48 -> 64
Jan 15 22:17:32 localhost openvpn[12586]: MULTI TCP: multi_tcp_action a=TA_TUN_READ p=0
Jan 15 22:17:32 localhost openvpn[12586]: MULTI TCP: multi_tcp_dispatch a=TA_TUN_READ mi=0x00000000
Jan 15 22:17:32 localhost openvpn[12586]: read from TUN/TAP returned 84
Jan 15 22:17:32 localhost openvpn[12586]: GET INST BY VIRT: 10.8.0.2 [failed]
Jan 15 22:17:32 localhost openvpn[12586]: MULTI TCP: multi_tcp_post TA_TUN_READ -> TA_UNDEF
Jan 15 22:17:32 localhost openvpn[12586]: SCHEDULE: schedule_find_least NULL
Jan 15 22:17:33 localhost openvpn[12586]: EP_WAIT[0] rwflags=0x0001 ev=0x00000001 arg=0x00000002
Jan 15 22:17:33 localhost openvpn[12586]: MULTI: REAP range 64 -> 80
Jan 15 22:17:33 localhost openvpn[12586]: MULTI TCP: multi_tcp_action a=TA_TUN_READ p=0
Jan 15 22:17:33 localhost openvpn[12586]: MULTI TCP: multi_tcp_dispatch a=TA_TUN_READ mi=0x00000000
Jan 15 22:17:33 localhost openvpn[12586]: read from TUN/TAP returned 84
Jan 15 22:17:33 localhost openvpn[12586]: GET INST BY VIRT: 10.8.0.2 [failed]
Jan 15 22:17:33 localhost openvpn[12586]: MULTI TCP: multi_tcp_post TA_TUN_READ -> TA_UNDEF
Jan 15 22:17:33 localhost openvpn[12586]: SCHEDULE: schedule_find_least NULL
sysadmin-server1-status.log there is no client.
Can't ping 10.8.0.2
The IP phone client seem not connected.No VPN address. Reboot no chance
Sytem log for the ip phone
Finaly ! found the log for the iP phone.
[01-15 11:54:37 50:19:73]
[01-15 11:54:37 50:19:73] RTOS_Upgrade: Free ImgBuf
[01-15 11:54:37 50:19:73] RTOS_Upgrade: Alloc ImgBuf
[01-15 11:54:37 50:19:73] RTOS_Upgrade: Device Will Upgrade User Access Level File ...
[01-15 11:54:37 50:19:73] RTOS_Upgrade: Free ImgBuf
[01-15 11:54:37 50:19:73] WEBS: Write web file 26002
[01-15 11:54:37 50:19:73] SIP: sip_nict_init, no route, req_uri->host:port is 10.66.0.2:5060
[01-15 11:54:48 50:19:73] SYSLOG: load flash Flie 1 -2
[01-15 11:54:49 50:19:73] SYSLOG: read flash Flie /hlfs/message01 size = 1062619
[01-15 11:54:49 50:19:73] SYSLOG: read flash Flie /hlfs/message02 size = 388501
[01-15 11:54:49 50:19:73] SYSLOG: read flash Flie /tmp/message01 size = 102814
[01-15 11:55:39 50:19:73] SIP: aid 0, cid 0, tid 0, did 0, REQUEST: REGISTER, Event: 2
[01-15 11:55:39 50:19:73] SipProc:aid 0 enter NoAnswer SIP_REGISTRATION_FAILURE ====
[01-15 11:55:39 50:19:73] CALL: State=0x60, Event=0x31e, Chn=0
[01-15 11:55:39 50:19:73] CallCtl: SendEvent2Lcm: aid 0, Line: 0, event 0x8d3
[01-15 11:55:39 50:19:73] GUI: Receive Call Register Failed!
[01-15 11:55:39 50:19:73] LCM: Select aid:0
[01-15 11:55:39 50:19:73] L2C: LCM set aid 0
[01-15 11:55:39 50:19:73] SIP: aid 0, Need Re-Register after 32 seconds..
[01-15 11:55:55 50:19:73] Open /dev/ttyS1
[01-15 11:55:55 50:19:73] Baudrate is 2400
[01-15 11:55:55 50:19:73] init_ehs_mode
[01-15 11:56:11 50:19:73] SIP: aid 0, Re-Register Timer Timeout
[01-15 11:56:11 50:19:73] SIP: aid 0, Re-Register Timer Timeout, Try to Re-Register...
[01-15 11:56:11 50:19:73] SIP: aid 0 Reg Start...
[01-15 11:56:11 50:19:73] SIP: sip_nict_init, no route, req_uri->host:port is 10.66.0.2:5060
[01-15 11:56:13 50:19:73] NTP: NTP Server1 IP: 103.242.70.5
[01-15 11:56:13 50:19:73] NTP: GetNtpTime from 103.242.70.5 OK, 1516017548 seconds
[01-15 11:56:13 50:19:73]
Set time [1516017548] seconds to linux
[01-15 11:56:13 50:19:73] Update the local time to flash for phone :2018-01-15 11:59:08
[01-15 11:56:13 50:19:73] SaveCfg2Flash: cfg_if.c:9706
[01-15 11:56:13 50:19:73] =======SET ADMIN USER INFO SUCCESS=========
[01-15 11:56:13 50:19:73] =======SET USER INFO SUCCESS=========
[01-15 11:56:13 50:19:73] UpdateTonesByTemplate:11254*******CountryCode*10*******
[01-15 11:56:13 50:19:73] 802.1x Write to file len[86]
[01-15 11:56:13 50:19:73] RTOS_Upgrade: Will Parse Config Server Path http://a59e816d:76a12@10.66.0.2:83
[01-15 11:56:13 50:19:73] ParseSerPathStr:====== addr is 10.66.0.2
[01-15 11:56:13 50:19:73] ParseSerPathStr: ip is 10.66.0.2, 0xa420002
[01-15 11:56:13 50:19:73] ParseSerPathStr:====== addr is 10.66.0.2
[01-15 11:56:13 50:19:73] ParseSerPathStr: ip is 10.66.0.2, 0xa420002
[01-15 11:56:13 50:19:73] ParseSerPathStr: path is sangoma/1
[01-15 11:56:13 50:19:73] CFG: aid 1, set to invalid
[01-15 11:56:13 50:19:73] CFG: aid 2, set to invalid
[01-15 11:56:13 50:19:73] CFG: aid 3, set to invalid
[01-15 11:56:13 50:19:73] CFG: aid 4, set to invalid
[01-15 11:56:13 50:19:73] CFG: aid 5, set to invalid
[01-15 11:56:13 50:19:73] Chn 0 digitmap: {[x*]+}
[01-15 11:56:13 50:19:73] Chn 1 digitmap: {[x*]+}
[01-15 11:56:13 50:19:73] Chn 2 digitmap: {[x*]+}
[01-15 11:56:13 50:19:73] Chn 3 digitmap: {[x*]+}
[01-15 11:56:13 50:19:73] Chn 4 digitmap: {[x*]+}
[01-15 11:56:13 50:19:73] Chn 5 digitmap: {[x*]+}
[01-15 11:56:13 50:19:73] CFG: aid 1, setting has been change!!!
[01-15 11:56:13 50:19:73] CFG: aid 1 Send CfgUpdate Event to SIPPro
[01-15 11:56:13 50:19:73] CFG: aid 2 Send CfgUpdate Event to SIPPro
[01-15 11:56:13 50:19:73] CFG: aid 3 Send CfgUpdate Event to SIPPro
[01-15 11:56:13 50:19:73] CFG: aid 4 Send CfgUpdate Event to SIPPro
[01-15 11:56:13 50:19:73] CFG: aid 5 Send CfgUpdate Event to SIPPro
[01-15 11:56:13 50:19:73] WriteHlcfgFile:write hlcfg file sucessed !
[01-15 11:56:13 50:19:73] SaveCfg2Flash:save Cfg file to Flash Sucessed!
[01-15 11:56:13 50:19:73] SIP: aid 1 Receive CfgUpdateEvent
[01-15 11:56:13 50:19:73] SIP: aid 1, BLF UnSubscribe, Account InValid
[01-15 11:56:13 50:19:73] SIP: aid 1 CfgChange UnRegister1
[01-15 11:56:13 50:19:73] SIP: aid 1, BLF UnRegister, Account InValid
[01-15 11:56:13 50:19:73] SIP: aid 2 Receive CfgUpdateEvent
[01-15 11:56:13 50:19:73] SIP: aid 2, BLF UnSubscribe, Account InValid
[01-15 11:56:13 50:19:73] SIP: aid 2 CfgChange UnRegister1
[01-15 11:56:13 50:19:73] SIP: aid 2, BLF UnRegister, Account InValid
[01-15 11:56:13 50:19:73] SIP: aid 3 Receive CfgUpdateEvent
[01-15 11:56:13 50:19:73] SIP: aid 3, BLF UnSubscribe, Account InValid
[01-15 11:56:13 50:19:73] SIP: aid 3 CfgChange UnRegister1
[01-15 11:56:13 50:19:73] SIP: aid 3, BLF UnRegister, Account InValid
[01-15 11:56:13 50:19:73] SIP: aid 4 Receive CfgUpdateEvent
[01-15 11:56:13 50:19:73] SIP: aid 4, BLF UnSubscribe, Account InValid
[01-15 11:56:13 50:19:73] SIP: aid 4 CfgChange UnRegister1
[01-15 11:56:13 50:19:73] SIP: aid 4, BLF UnRegister, Account InValid
[01-15 11:56:13 50:19:73] SIP: aid 5 Receive CfgUpdateEvent
[01-15 11:56:13 50:19:73] SIP: aid 5, BLF UnSubscribe, Account InValid
[01-15 11:56:13 50:19:73] SIP: aid 5 CfgChange UnRegister1
[01-15 11:56:13 50:19:73] SIP: aid 5, BLF UnRegister, Account InValid
[01-15 11:56:13 50:19:73] NTP: AdjustTimeZone, 758674748 seconds
[01-15 11:56:13 50:19:73] NTP: Old Count1s is 116
[01-15 11:56:13 50:19:73] NTP: New Count1s is 758674748
[01-15 11:56:13 50:19:73] SIP: aid 0, cid 0, tid 0, did 0, REQUEST: REGISTER, Event: 2
[01-15 11:56:13 50:19:73] SipProc:aid 0 enter NoAnswer SIP_REGISTRATION_FAILURE ====
[01-15 11:56:13 50:19:73] CALL: State=0x60, Event=0x31e, Chn=0
[01-15 11:56:13 50:19:73] CallCtl: SendEvent2Lcm: aid 0, Line: 0, event 0x8d3
[01-15 11:56:13 50:19:73] GUI:CFG_SAVETO_FLASH_EVENT
[01-15 11:56:13 50:19:73] GUI: aid:0, AccountInfo->name:5
[01-15 11:56:13 50:19:73] GUI: Idle Softkey History,,,Menu
[01-15 11:56:13 50:19:73] GUI: RemoteDir 3, BSDir 3, APDir 3
[01-15 11:56:13 50:19:73] GUI: Receive Call Register Failed!
[01-15 11:56:13 50:19:73] LCM: Select aid:0
[01-15 11:56:13 50:19:73] L2C: LCM set aid 0
[01-15 22:59:08 50:19:73] <Set SoftClock from 2018-01-15 11:56:13 to 2018-01-15 22:59:08>
[01-15 22:59:08 50:19:73] SIP: aid 0, Need Re-Register after 64 seconds..
[01-15 22:59:12 50:19:73] CFG: aid 1, set to invalid
[01-15 22:59:12 50:19:73] CFG: aid 2, set to invalid
[01-15 22:59:12 50:19:73] CFG: aid 3, set to invalid
[01-15 22:59:12 50:19:73] CFG: aid 4, set to invalid
[01-15 22:59:12 50:19:73] CFG: aid 5, set to invalid
[01-15 22:59:12 50:19:73] SIP: Update SipInfo
[01-15 22:59:12 50:19:73] SIP: aid 0 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 1 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 2 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 3 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 4 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 5 RegTimer Start...
[01-15 22:59:12 50:19:73] CFG: aid 1, set to invalid
[01-15 22:59:12 50:19:73] CFG: aid 2, set to invalid
[01-15 22:59:12 50:19:73] CFG: aid 3, set to invalid
[01-15 22:59:12 50:19:73] CFG: aid 4, set to invalid
[01-15 22:59:12 50:19:73] CFG: aid 5, set to invalid
[01-15 22:59:12 50:19:73] SIP: Update SipInfo
[01-15 22:59:12 50:19:73] SIP: aid 0 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 1 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 2 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 3 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 4 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 5 RegTimer Start...
[01-15 22:59:12 50:19:73] CFG: aid 1, set to invalid
[01-15 22:59:12 50:19:73] CFG: aid 2, set to invalid
[01-15 22:59:12 50:19:73] CFG: aid 3, set to invalid
[01-15 22:59:12 50:19:73] CFG: aid 4, set to invalid
[01-15 22:59:12 50:19:73] CFG: aid 5, set to invalid
[01-15 22:59:12 50:19:73] SIP: Update SipInfo
[01-15 22:59:12 50:19:73] SIP: aid 0 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 1 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 2 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 3 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 4 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 5 RegTimer Start...
[01-15 22:59:12 50:19:73] CFG: aid 1, set to invalid
[01-15 22:59:12 50:19:73] CFG: aid 2, set to invalid
[01-15 22:59:12 50:19:73] CFG: aid 3, set to invalid
[01-15 22:59:12 50:19:73] CFG: aid 4, set to invalid
[01-15 22:59:12 50:19:73] CFG: aid 5, set to invalid
[01-15 22:59:12 50:19:73] SIP: Update SipInfo
[01-15 22:59:12 50:19:73] SIP: aid 0 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 1 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 2 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 3 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 4 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 5 RegTimer Start...
[01-15 22:59:12 50:19:73] CFG: aid 1, set to invalid
[01-15 22:59:12 50:19:73] CFG: aid 2, set to invalid
[01-15 22:59:12 50:19:73] CFG: aid 3, set to invalid
[01-15 22:59:12 50:19:73] CFG: aid 4, set to invalid
[01-15 22:59:12 50:19:73] CFG: aid 5, set to invalid
[01-15 22:59:12 50:19:73] SIP: Update SipInfo
[01-15 22:59:12 50:19:73] SIP: aid 0 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 1 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 2 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 3 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 4 RegTimer Start...
[01-15 22:59:12 50:19:73] SIP: aid 5 RegTimer Start...
[01-15 22:59:13 50:19:73] SIP: aid 0 Reg Start...
[01-15 22:59:13 50:19:73] SIP: sip_nict_init, no route, req_uri->host:port is 10.66.0.2:5060
[01-15 22:59:38 50:19:73] DNSC: resolv HostName -- 0.oceania.pool.ntp.org
[01-15 22:59:39 50:19:73] DNSC: Domain 0.oceania.pool.ntp.org, ip 144.48.166.166, TTL 149
[01-15 22:59:58 50:19:73] websError: code 401
<html><head><title>Document Error: Unauthorized</title></head>
<body><h2>Access Error: Unauthorized</h2>
<p>TimeOut, Need ReLogin</p></body></html>
[01-15 22:59:58 50:19:73] Webserver Request: from 192.168.1.153, TimeOut or Logout, need ReLogin
[01-15 23:00:06 50:19:73] Webs: admin login Web UI success, from 192.168.1.153!!
[01-15 23:00:06 50:19:73] SYSLOG: load flash Flie 1 -2
[01-15 23:00:07 50:19:73] SYSLOG: read flash Flie /hlfs/message01 size = 1062619
[01-15 23:00:07 50:19:73] SYSLOG: read flash Flie /hlfs/message02 size = 388501There is nothing in the phone logs mentioning the VPN, are you sure its configured correctly?
From what I can see its just trying to connect to SIP on the LAN not over a VPN.
[01-15 11:54:37 50:19:73] SIP: sip_nict_init, no route, req_uri->host:port is 10.66.0.2:5060