[HELP] Configuration tap server/client Openvpn

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi, i've already generate the keys and testes with a tun connection but with tun i can't navigate with my wan so i chose to try with tap but i always get this error.

TLS Error: cannot locate HMAC in incoming packet from

My server config

config openvpn 'test'
        option dev 'tap'
        option mssfix '1420'
        option verb '3'
        option comp_lzo 'yes'
        option ca '/etc/openvpn/ca.crt'
        option cert '/etc/openvpn/my-server.crt'
        option key '/etc/openvpn/my-server.key'
        option keepalive '10 120'
        option dh '/etc/openvpn/dh2048.pem'
        option port '1194'
        option enabled '1'
        option server_bridge '192.168.1.1 255.255.255.0 192.168.1.200 192.168.1.254'
        option dev_type 'tap'

My opvn client file

client
dev tap
proto udp
fast-io
remote mysite.com 1194
remote-cert-tls server
nobind
persist-key
persist-tun
comp-lzo no
verb 3
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>

Thanks for your help and time.

2

Please place code, configs, and log output within code blocks, not quote blocks

For your next post, please perform the steps in Troubleshooting

1 Like
3

Sry, i've edited.

On the openwrt forum someone suggested me to change and add chiper, auth and tls-auth

Server config:

config openvpn 'test'
        option dev 'tap'
        option mssfix '1420'
        option verb '5'
        option comp_lzo 'yes'
        option ca '/etc/openvpn/ca.crt'
        option cert '/etc/openvpn/my-server.crt'
        option key '/etc/openvpn/my-server.key'
        option keepalive '10 120'
        option dh '/etc/openvpn/dh2048.pem'
        option port '1194'
        option enabled '1'
        option server_bridge '192.168.1.1 255.255.255.0 192.168.1.200 192.168.1.254'
        option dev_type 'tap'
        option tls_auth '/etc/openvpn/tls-auth.key'
        option auth 'SHA1'
        option cipher 'BF-CBC'
        option proto 'tcp'
        option log '/tmp/openvpn.log'

Client

client
dev tap
proto tcp
comp-lzo
remote 92.82.232.44 1194
remote-cert-tls server
persist-key
persist-tun
verb 3
key-direction 1
cipher BF-CBC
auth SHA1

server log:

Tue Apr 17 14:31:53 2018 us=940402 OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Tue Apr 17 14:31:53 2018 us=940476 library versions: OpenSSL 1.0.2n  7 Dec 2017, LZO 2.10
Tue Apr 17 14:31:53 2018 us=940608 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Tue Apr 17 14:31:53 2018 us=941235 Diffie-Hellman initialized with 2048 bit key
Tue Apr 17 14:31:53 2018 us=942163 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 17 14:31:53 2018 us=942216 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 17 14:31:53 2018 us=942259 TLS-Auth MTU parms [ L:1655 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Tue Apr 17 14:31:53 2018 us=956683 TUN/TAP device tap0 opened
Tue Apr 17 14:31:53 2018 us=970749 TUN/TAP TX queue length set to 100
Tue Apr 17 14:31:53 2018 us=970898 Data Channel MTU parms [ L:1655 D:1420 EF:123 EB:411 ET:32 EL:3 ]
Tue Apr 17 14:31:53 2018 us=970971 Could not determine IPv4/IPv6 protocol. Using AF_INET
Tue Apr 17 14:31:53 2018 us=971031 Socket Buffers: R=[87380->87380] S=[16384->16384]
Tue Apr 17 14:31:53 2018 us=971077 Listening for incoming TCP connection on [AF_INET][undef]:1194
Tue Apr 17 14:31:53 2018 us=971119 TCPv4_SERVER link local (bound): [AF_INET][undef]:1194
Tue Apr 17 14:31:53 2018 us=971151 TCPv4_SERVER link remote: [AF_UNSPEC]
Tue Apr 17 14:31:53 2018 us=971187 MULTI: multi_init called, r=256 v=256
Tue Apr 17 14:31:53 2018 us=971243 IFCONFIG POOL: base=192.168.1.200 size=55, ipv6=0
Tue Apr 17 14:31:53 2018 us=971334 MULTI: TCP INIT maxclients=1024 maxevents=1028
Tue Apr 17 14:31:53 2018 us=971414 Initialization Sequence Completed
Tue Apr 17 14:32:04 2018 us=260655 MULTI: multi_create_instance called
Tue Apr 17 14:32:04 2018 us=260764 Re-using SSL/TLS context
Tue Apr 17 14:32:04 2018 us=260958 Control Channel MTU parms [ L:1655 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Tue Apr 17 14:32:04 2018 us=261031 Data Channel MTU parms [ L:1655 D:1420 EF:123 EB:411 ET:32 EL:3 ]
Tue Apr 17 14:32:04 2018 us=261107 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1575,tun-mtu 1532,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Tue Apr 17 14:32:04 2018 us=261142 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1575,tun-mtu 1532,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Tue Apr 17 14:32:04 2018 us=261208 TCP connection established with [AF_INET]80.116.104.14:60722
Tue Apr 17 14:32:04 2018 us=261243 TCPv4_SERVER link local: (not bound)
Tue Apr 17 14:32:04 2018 us=261279 TCPv4_SERVER link remote: [AF_INET]80.116.104.14:60722
RTue Apr 17 14:32:05 2018 us=209241 80.116.104.14:60722 TLS: Initial packet from [AF_INET]80.116.104.14:60722, sid=9715f902 3f1fddb5
Tue Apr 17 14:32:05 2018 us=209319 80.116.104.14:60722 Authenticate/Decrypt packet error: packet HMAC authentication failed
Tue Apr 17 14:32:05 2018 us=209365 80.116.104.14:60722 TLS Error: incoming packet authentication failed from [AF_INET]80.116.104.14:60722
Tue Apr 17 14:32:05 2018 us=209413 80.116.104.14:60722 Fatal TLS error (check_tls_errors_co), restarting
Tue Apr 17 14:32:05 2018 us=209448 80.116.104.14:60722 SIGUSR1[soft,tls-error] received, client-instance restarting
Tue Apr 17 14:32:05 2018 us=209551 TCP/UDP: Closing socket

Client log

Tue Apr 17 16:38:10 2018 us=80326 Current Parameter Settings:
Tue Apr 17 16:38:10 2018 us=80326   config = 'my-server.ovpn'
Tue Apr 17 16:38:10 2018 us=80326   mode = 0
Tue Apr 17 16:38:10 2018 us=80326   show_ciphers = DISABLED
Tue Apr 17 16:38:10 2018 us=80326   show_digests = DISABLED
Tue Apr 17 16:38:10 2018 us=80326   show_engines = DISABLED
Tue Apr 17 16:38:10 2018 us=80326   genkey = DISABLED
Tue Apr 17 16:38:10 2018 us=80326   key_pass_file = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=80326   show_tls_ciphers = DISABLED
Tue Apr 17 16:38:10 2018 us=80326   connect_retry_max = 0
Tue Apr 17 16:38:10 2018 us=80326 Connection profiles [0]:
Tue Apr 17 16:38:10 2018 us=80326   proto = tcp-client
Tue Apr 17 16:38:10 2018 us=80326   local = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=80326   local_port = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=80326   remote = '92.82.232.44'
Tue Apr 17 16:38:10 2018 us=80326   remote_port = '1194'
Tue Apr 17 16:38:10 2018 us=80326   remote_float = DISABLED
Tue Apr 17 16:38:10 2018 us=80326   bind_defined = DISABLED
Tue Apr 17 16:38:10 2018 us=80326   bind_local = DISABLED
Tue Apr 17 16:38:10 2018 us=80326   bind_ipv6_only = DISABLED
Tue Apr 17 16:38:10 2018 us=80326   connect_retry_seconds = 5
Tue Apr 17 16:38:10 2018 us=80326   connect_timeout = 120
Tue Apr 17 16:38:10 2018 us=80326   socks_proxy_server = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=80326   socks_proxy_port = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=80326   tun_mtu = 1500
Tue Apr 17 16:38:10 2018 us=80326   tun_mtu_defined = ENABLED
Tue Apr 17 16:38:10 2018 us=80326   link_mtu = 1500
Tue Apr 17 16:38:10 2018 us=80326   link_mtu_defined = DISABLED
Tue Apr 17 16:38:10 2018 us=80326   tun_mtu_extra = 32
Tue Apr 17 16:38:10 2018 us=80326   tun_mtu_extra_defined = ENABLED
Tue Apr 17 16:38:10 2018 us=80326   mtu_discover_type = -1
Tue Apr 17 16:38:10 2018 us=80326   fragment = 0
Tue Apr 17 16:38:10 2018 us=80326   mssfix = 1450
Tue Apr 17 16:38:10 2018 us=80326   explicit_exit_notification = 0
Tue Apr 17 16:38:10 2018 us=80326 Connection profiles END
Tue Apr 17 16:38:10 2018 us=80326   remote_random = DISABLED
Tue Apr 17 16:38:10 2018 us=80326   ipchange = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=80326   dev = 'tap'
Tue Apr 17 16:38:10 2018 us=80326   dev_type = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=80326   dev_node = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=80326   lladdr = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=80326   topology = 1
Tue Apr 17 16:38:10 2018 us=80326   ifconfig_local = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=80326   ifconfig_remote_netmask = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=80326   ifconfig_noexec = DISABLED
Tue Apr 17 16:38:10 2018 us=80326   ifconfig_nowarn = DISABLED
Tue Apr 17 16:38:10 2018 us=80326   ifconfig_ipv6_local = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=80326   ifconfig_ipv6_netbits = 0
Tue Apr 17 16:38:10 2018 us=80326   ifconfig_ipv6_remote = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=80326   shaper = 0
Tue Apr 17 16:38:10 2018 us=80326   mtu_test = 0
Tue Apr 17 16:38:10 2018 us=80326   mlock = DISABLED
Tue Apr 17 16:38:10 2018 us=80326   keepalive_ping = 0
Tue Apr 17 16:38:10 2018 us=80326   keepalive_timeout = 0
Tue Apr 17 16:38:10 2018 us=80326   inactivity_timeout = 0
Tue Apr 17 16:38:10 2018 us=80326   ping_send_timeout = 0
Tue Apr 17 16:38:10 2018 us=80326   ping_rec_timeout = 0
Tue Apr 17 16:38:10 2018 us=80326   ping_rec_timeout_action = 0
Tue Apr 17 16:38:10 2018 us=80326   ping_timer_remote = DISABLED
Tue Apr 17 16:38:10 2018 us=80326   remap_sigusr1 = 0
Tue Apr 17 16:38:10 2018 us=80326   persist_tun = ENABLED
Tue Apr 17 16:38:10 2018 us=80326   persist_local_ip = DISABLED
Tue Apr 17 16:38:10 2018 us=80326   persist_remote_ip = DISABLED
Tue Apr 17 16:38:10 2018 us=80326   persist_key = ENABLED
Tue Apr 17 16:38:10 2018 us=80326   passtos = DISABLED
Tue Apr 17 16:38:10 2018 us=80326   resolve_retry_seconds = 1000000000
Tue Apr 17 16:38:10 2018 us=80326   resolve_in_advance = DISABLED
Tue Apr 17 16:38:10 2018 us=80326   username = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=80326   groupname = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=80326   chroot_dir = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=80326   cd_dir = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=80326   writepid = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=80326   up_script = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=80326   down_script = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   down_pre = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   up_restart = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   up_delay = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   daemon = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   inetd = 0
Tue Apr 17 16:38:10 2018 us=81326   log = ENABLED
Tue Apr 17 16:38:10 2018 us=81326   suppress_timestamps = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   machine_readable_output = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   nice = 0
Tue Apr 17 16:38:10 2018 us=81326   verbosity = 5
Tue Apr 17 16:38:10 2018 us=81326   mute = 0
Tue Apr 17 16:38:10 2018 us=81326   gremlin = 0
Tue Apr 17 16:38:10 2018 us=81326   status_file = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   status_file_version = 1
Tue Apr 17 16:38:10 2018 us=81326   status_file_update_freq = 60
Tue Apr 17 16:38:10 2018 us=81326   occ = ENABLED
Tue Apr 17 16:38:10 2018 us=81326   rcvbuf = 0
Tue Apr 17 16:38:10 2018 us=81326   sndbuf = 0
Tue Apr 17 16:38:10 2018 us=81326   sockflags = 0
Tue Apr 17 16:38:10 2018 us=81326   fast_io = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   comp.alg = 2
Tue Apr 17 16:38:10 2018 us=81326   comp.flags = 1
Tue Apr 17 16:38:10 2018 us=81326   route_script = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   route_default_gateway = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   route_default_metric = 0
Tue Apr 17 16:38:10 2018 us=81326   route_noexec = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   route_delay = 5
Tue Apr 17 16:38:10 2018 us=81326   route_delay_window = 30
Tue Apr 17 16:38:10 2018 us=81326   route_delay_defined = ENABLED
Tue Apr 17 16:38:10 2018 us=81326   route_nopull = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   route_gateway_via_dhcp = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   allow_pull_fqdn = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   management_addr = '127.0.0.1'
Tue Apr 17 16:38:10 2018 us=81326   management_port = '25340'
Tue Apr 17 16:38:10 2018 us=81326   management_user_pass = 'stdin'
Tue Apr 17 16:38:10 2018 us=81326   management_log_history_cache = 250
Tue Apr 17 16:38:10 2018 us=81326   management_echo_buffer_size = 100
Tue Apr 17 16:38:10 2018 us=81326   management_write_peer_info_file = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   management_client_user = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   management_client_group = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   management_flags = 6
Tue Apr 17 16:38:10 2018 us=81326   shared_secret_file = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   key_direction = 1
Tue Apr 17 16:38:10 2018 us=81326   ciphername = 'BF-CBC'
Tue Apr 17 16:38:10 2018 us=81326   ncp_enabled = ENABLED
Tue Apr 17 16:38:10 2018 us=81326   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Tue Apr 17 16:38:10 2018 us=81326   authname = 'SHA1'
Tue Apr 17 16:38:10 2018 us=81326   prng_hash = 'SHA1'
Tue Apr 17 16:38:10 2018 us=81326   prng_nonce_secret_len = 16
Tue Apr 17 16:38:10 2018 us=81326   keysize = 0
Tue Apr 17 16:38:10 2018 us=81326   engine = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   replay = ENABLED
Tue Apr 17 16:38:10 2018 us=81326   mute_replay_warnings = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   replay_window = 64
Tue Apr 17 16:38:10 2018 us=81326   replay_time = 15
Tue Apr 17 16:38:10 2018 us=81326   packet_id_file = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   use_iv = ENABLED
Tue Apr 17 16:38:10 2018 us=81326   test_crypto = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   tls_server = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   tls_client = ENABLED
Tue Apr 17 16:38:10 2018 us=81326   key_method = 2
Tue Apr 17 16:38:10 2018 us=81326   ca_file = '[[INLINE]]'
Tue Apr 17 16:38:10 2018 us=81326   ca_path = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   dh_file = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   cert_file = '[[INLINE]]'
Tue Apr 17 16:38:10 2018 us=81326   extra_certs_file = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   priv_key_file = '[[INLINE]]'
Tue Apr 17 16:38:10 2018 us=81326   pkcs12_file = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   cryptoapi_cert = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   cipher_list = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   tls_cert_profile = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   tls_verify = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   tls_export_cert = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   verify_x509_type = 0
Tue Apr 17 16:38:10 2018 us=81326   verify_x509_name = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   crl_file = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   ns_cert_type = 0
Tue Apr 17 16:38:10 2018 us=81326   remote_cert_ku[i] = 65535
Tue Apr 17 16:38:10 2018 us=81326   remote_cert_ku[i] = 0
Tue Apr 17 16:38:10 2018 us=81326   remote_cert_ku[i] = 0
Tue Apr 17 16:38:10 2018 us=81326   remote_cert_ku[i] = 0
Tue Apr 17 16:38:10 2018 us=81326   remote_cert_ku[i] = 0
Tue Apr 17 16:38:10 2018 us=81326   remote_cert_ku[i] = 0
Tue Apr 17 16:38:10 2018 us=81326   remote_cert_ku[i] = 0
Tue Apr 17 16:38:10 2018 us=81326   remote_cert_ku[i] = 0
Tue Apr 17 16:38:10 2018 us=81326   remote_cert_ku[i] = 0
Tue Apr 17 16:38:10 2018 us=81326   remote_cert_ku[i] = 0
Tue Apr 17 16:38:10 2018 us=81326   remote_cert_ku[i] = 0
Tue Apr 17 16:38:10 2018 us=81326   remote_cert_ku[i] = 0
Tue Apr 17 16:38:10 2018 us=81326   remote_cert_ku[i] = 0
Tue Apr 17 16:38:10 2018 us=81326   remote_cert_ku[i] = 0
Tue Apr 17 16:38:10 2018 us=81326   remote_cert_ku[i] = 0
Tue Apr 17 16:38:10 2018 us=81326   remote_cert_ku[i] = 0
Tue Apr 17 16:38:10 2018 us=81326   remote_cert_eku = 'TLS Web Server Authentication'
Tue Apr 17 16:38:10 2018 us=81326   ssl_flags = 0
Tue Apr 17 16:38:10 2018 us=81326   tls_timeout = 2
Tue Apr 17 16:38:10 2018 us=81326   renegotiate_bytes = -1
Tue Apr 17 16:38:10 2018 us=81326   renegotiate_packets = 0
Tue Apr 17 16:38:10 2018 us=81326   renegotiate_seconds = 3600
Tue Apr 17 16:38:10 2018 us=81326   handshake_window = 60
Tue Apr 17 16:38:10 2018 us=81326   transition_window = 3600
Tue Apr 17 16:38:10 2018 us=81326   single_session = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   push_peer_info = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   tls_exit = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   tls_auth_file = '[[INLINE]]'
Tue Apr 17 16:38:10 2018 us=81326   tls_crypt_file = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_protected_authentication = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_protected_authentication = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_protected_authentication = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_protected_authentication = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_protected_authentication = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_protected_authentication = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_protected_authentication = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_protected_authentication = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_protected_authentication = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_protected_authentication = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_protected_authentication = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_protected_authentication = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_protected_authentication = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_protected_authentication = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_protected_authentication = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_protected_authentication = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_private_mode = 00000000
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_private_mode = 00000000
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_private_mode = 00000000
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_private_mode = 00000000
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_private_mode = 00000000
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_private_mode = 00000000
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_private_mode = 00000000
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_private_mode = 00000000
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_private_mode = 00000000
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_private_mode = 00000000
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_private_mode = 00000000
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_private_mode = 00000000
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_private_mode = 00000000
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_private_mode = 00000000
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_private_mode = 00000000
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_private_mode = 00000000
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_cert_private = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_cert_private = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_cert_private = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_cert_private = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_cert_private = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_cert_private = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_cert_private = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_cert_private = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_cert_private = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_cert_private = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_cert_private = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_cert_private = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_cert_private = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_cert_private = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_cert_private = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_cert_private = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_pin_cache_period = -1
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_id = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   pkcs11_id_management = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   server_network = 0.0.0.0
Tue Apr 17 16:38:10 2018 us=81326   server_netmask = 0.0.0.0
Tue Apr 17 16:38:10 2018 us=81326   server_network_ipv6 = ::
Tue Apr 17 16:38:10 2018 us=81326   server_netbits_ipv6 = 0
Tue Apr 17 16:38:10 2018 us=81326   server_bridge_ip = 0.0.0.0
Tue Apr 17 16:38:10 2018 us=81326   server_bridge_netmask = 0.0.0.0
Tue Apr 17 16:38:10 2018 us=81326   server_bridge_pool_start = 0.0.0.0
Tue Apr 17 16:38:10 2018 us=81326   server_bridge_pool_end = 0.0.0.0
Tue Apr 17 16:38:10 2018 us=81326   ifconfig_pool_defined = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   ifconfig_pool_start = 0.0.0.0
Tue Apr 17 16:38:10 2018 us=81326   ifconfig_pool_end = 0.0.0.0
Tue Apr 17 16:38:10 2018 us=81326   ifconfig_pool_netmask = 0.0.0.0
Tue Apr 17 16:38:10 2018 us=81326   ifconfig_pool_persist_filename = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   ifconfig_pool_persist_refresh_freq = 600
Tue Apr 17 16:38:10 2018 us=81326   ifconfig_ipv6_pool_defined = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   ifconfig_ipv6_pool_base = ::
Tue Apr 17 16:38:10 2018 us=81326   ifconfig_ipv6_pool_netbits = 0
Tue Apr 17 16:38:10 2018 us=81326   n_bcast_buf = 256
Tue Apr 17 16:38:10 2018 us=81326   tcp_queue_limit = 64
Tue Apr 17 16:38:10 2018 us=81326   real_hash_size = 256
Tue Apr 17 16:38:10 2018 us=81326   virtual_hash_size = 256
Tue Apr 17 16:38:10 2018 us=81326   client_connect_script = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   learn_address_script = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   client_disconnect_script = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   client_config_dir = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=81326   ccd_exclusive = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   tmp_dir = 'C:\Users\massi\AppData\Local\Temp\'
Tue Apr 17 16:38:10 2018 us=81326   push_ifconfig_defined = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   push_ifconfig_local = 0.0.0.0
Tue Apr 17 16:38:10 2018 us=81326   push_ifconfig_remote_netmask = 0.0.0.0
Tue Apr 17 16:38:10 2018 us=81326   push_ifconfig_ipv6_defined = DISABLED
Tue Apr 17 16:38:10 2018 us=81326   push_ifconfig_ipv6_local = ::/0
Tue Apr 17 16:38:10 2018 us=81326   push_ifconfig_ipv6_remote = ::
Tue Apr 17 16:38:10 2018 us=82326   enable_c2c = DISABLED
Tue Apr 17 16:38:10 2018 us=82326   duplicate_cn = DISABLED
Tue Apr 17 16:38:10 2018 us=82326   cf_max = 0
Tue Apr 17 16:38:10 2018 us=82326   cf_per = 0
Tue Apr 17 16:38:10 2018 us=82326   max_clients = 1024
Tue Apr 17 16:38:10 2018 us=82326   max_routes_per_client = 256
Tue Apr 17 16:38:10 2018 us=82326   auth_user_pass_verify_script = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=82326   auth_user_pass_verify_script_via_file = DISABLED
Tue Apr 17 16:38:10 2018 us=82326   auth_token_generate = DISABLED
Tue Apr 17 16:38:10 2018 us=82326   auth_token_lifetime = 0
Tue Apr 17 16:38:10 2018 us=82326   client = ENABLED
Tue Apr 17 16:38:10 2018 us=82326   pull = ENABLED
Tue Apr 17 16:38:10 2018 us=82326   auth_user_pass_file = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=82326   show_net_up = DISABLED
Tue Apr 17 16:38:10 2018 us=82326   route_method = 3
Tue Apr 17 16:38:10 2018 us=82326   block_outside_dns = DISABLED
Tue Apr 17 16:38:10 2018 us=82326   ip_win32_defined = DISABLED
Tue Apr 17 16:38:10 2018 us=82326   ip_win32_type = 3
Tue Apr 17 16:38:10 2018 us=82326   dhcp_masq_offset = 0
Tue Apr 17 16:38:10 2018 us=82326   dhcp_lease_time = 31536000
Tue Apr 17 16:38:10 2018 us=82326   tap_sleep = 0
Tue Apr 17 16:38:10 2018 us=82326   dhcp_options = DISABLED
Tue Apr 17 16:38:10 2018 us=82326   dhcp_renew = DISABLED
Tue Apr 17 16:38:10 2018 us=82326   dhcp_pre_release = DISABLED
Tue Apr 17 16:38:10 2018 us=82326   domain = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=82326   netbios_scope = '[UNDEF]'
Tue Apr 17 16:38:10 2018 us=82326   netbios_node_type = 0
Tue Apr 17 16:38:10 2018 us=82326   disable_nbt = DISABLED
Tue Apr 17 16:38:10 2018 us=82326 OpenVPN 2.4.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar  1 2018
Tue Apr 17 16:38:10 2018 us=82326 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Apr 17 16:38:10 2018 us=82326 library versions: OpenSSL 1.1.0f  25 May 2017, LZO 2.10
Enter Management Password:
Tue Apr 17 16:38:10 2018 us=82326 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Apr 17 16:38:10 2018 us=82326 Need hold release from management interface, waiting...
Tue Apr 17 16:38:10 2018 us=554175 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Apr 17 16:38:10 2018 us=655155 MANAGEMENT: CMD 'state on'
Tue Apr 17 16:38:10 2018 us=655155 MANAGEMENT: CMD 'log all on'
Tue Apr 17 16:38:10 2018 us=760109 MANAGEMENT: CMD 'echo all on'
Tue Apr 17 16:38:10 2018 us=761109 MANAGEMENT: CMD 'bytecount 5'
Tue Apr 17 16:38:10 2018 us=762108 MANAGEMENT: CMD 'hold off'
Tue Apr 17 16:38:10 2018 us=763108 MANAGEMENT: CMD 'hold release'
Tue Apr 17 16:38:10 2018 us=765108 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 17 16:38:10 2018 us=765108 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 17 16:38:10 2018 us=765108 LZO compression initializing
Tue Apr 17 16:38:10 2018 us=765108 Control Channel MTU parms [ L:1656 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Tue Apr 17 16:38:10 2018 us=765108 Data Channel MTU parms [ L:1656 D:1450 EF:124 EB:412 ET:32 EL:3 ]
Tue Apr 17 16:38:10 2018 us=765108 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Tue Apr 17 16:38:10 2018 us=765108 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Tue Apr 17 16:38:10 2018 us=765108 TCP/UDP: Preserving recently used remote address: [AF_INET]92.82.232.44:1194
Tue Apr 17 16:38:10 2018 us=765108 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Apr 17 16:38:10 2018 us=765108 Attempting to establish TCP connection with [AF_INET]92.82.232.44:1194 [nonblock]
Tue Apr 17 16:38:10 2018 us=765108 MANAGEMENT: >STATE:1523975890,TCP_CONNECT,,,,,,
Tue Apr 17 16:38:11 2018 us=765802 TCP connection established with [AF_INET]92.82.232.44:1194
Tue Apr 17 16:38:11 2018 us=765802 TCP_CLIENT link local: (not bound)
Tue Apr 17 16:38:11 2018 us=765802 TCP_CLIENT link remote: [AF_INET]92.82.232.44:1194
Tue Apr 17 16:38:11 2018 us=765802 MANAGEMENT: >STATE:1523975891,WAIT,,,,,,
Tue Apr 17 16:38:11 2018 us=813772 Connection reset, restarting [0]
Tue Apr 17 16:38:11 2018 us=813772 TCP/UDP: Closing socket
Tue Apr 17 16:38:11 2018 us=813772 SIGUSR1[soft,connection-reset] received, process restarting
Tue Apr 17 16:38:11 2018 us=813772 MANAGEMENT: >STATE:1523975891,RECONNECTING,connection-reset,,,,,
Tue Apr 17 16:38:11 2018 us=813772 Restart pause, 5 second(s)
Tue Apr 17 16:38:12 2018 us=814467 SIGTERM[hard,init_instance] received, process exiting
Tue Apr 17 16:38:12 2018 us=814467 MANAGEMENT: >STATE:1523975892,EXITING,init_instance,,,,,
W
4

Client log was requested for a reason...

1 Like
5

Sry, i've added it

6

Unless you're needing to access devices on other routers behind different subnets, TAP should not be utilized.

Either way, your current config setup has multiple issues, and rather than going one by one, please utilize the following configs, modifying with your custom information (IPs, DDNS, port #, file locations), as well as making the changes I specified below to the configs in that wiki.

  • Server Config
    • Change
      • SSL Cipher
        • cipher AES-256-CBC to cipher AES-128-CBC

      • Auth Hash
        • If all clients are x86
          • auth 'SHA512' to auth 'SHA256'

      • TLS Cipher
        tls_cipher          'TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384:!aNULL:!eNULL:!LOW:!3DES:!MD5:!SHA:!EXP:!PSK:!SRP:!DSS:!RC4:!kRSA'
        to
        tls_cipher          'TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256:TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256:!aNULL:!eNULL:!LOW:!3DES:!MD5:!SHA:!EXP:!PSK:!SRP:!DSS:!RC4:!kRSA'

  • Client Configs
    • Android
    • BSD/Linux
    • Windows

    • Change
      • Auth Hash
        • If all clients are x86
          • auth 'SHA512' to auth 'SHA256'

      • SSL Cipher
        • cipher AES-256-CBC to cipher AES-128-CBC

      • EKU
        • If you generated certs with Easy-RSA
          • remote-cert-eku "TLS Web Server Authentication" to remote-cert-tls server
1 Like
8

I just need to add my remote server inside my lan. I'm using openvpn on windows just for testing, then i will move it to my asus router.
With tun i was able to access my server but all my internet was forwarded and so i couldn't access internet with my wan, just my server.

I can do this with tun or tap is my only solution?

9

TUN should be utilized then

Incorrect server and/or client configuration(s) is the reason for this

Please see the OpenVPN (Server Setup) wiki for a simple wiki or the aforementioned OpenVPN Server (Comprehensive) wiki for a more thorough wak through with buffer and MTU tuning options in the configs.

  • Whichever you chose, I highly recommend using the configs from the Comprehensive wiki as you will have better throughput due to the additional tuning options set.
1 Like
10

The Server Setup was the guide i've used, with that my internet dosen't work.
I will try with Comprehensive and following your suggestiong.
Really thanks for your help. Now i will take a break, i have worked on it for like 7-8 hours. My brain is melting.

11

While I abhor Easy-RSA, if you already generated your certs, then simply mirror the server and client configs linked to above (copy/paste).

1 Like
13

Thanks really thanks it's working but..

i can access only the router (where i've installed openvpn) but not my server connected to it, i think because this is just point to point. If i want to access my server i need to install openvpn on my server and connect to my router and enable client_to_client?

14

You're clearly not following what I've stated twice now... Use the configs in the comprehensive wiki and modify the information in the wiki's configs to match your environment.

1 Like
15

Sorry to bother, i've started from scratch and followed the guide step by step but now i get this error:

Client log:

Wed Apr 18 16:03:11 2018 us=146357 Current Parameter Settings:
Wed Apr 18 16:03:11 2018 us=146357   config = 'my-server.ovpn'
Wed Apr 18 16:03:11 2018 us=146357   mode = 0
Wed Apr 18 16:03:11 2018 us=146357   show_ciphers = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   show_digests = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   show_engines = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   genkey = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   key_pass_file = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=146357   show_tls_ciphers = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   connect_retry_max = 0
Wed Apr 18 16:03:11 2018 us=146357 Connection profiles [0]:
Wed Apr 18 16:03:11 2018 us=146357   proto = udp
Wed Apr 18 16:03:11 2018 us=146357   local = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=146357   local_port = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=146357   remote = 'keltere.com'
Wed Apr 18 16:03:11 2018 us=146357   remote_port = '5000'
Wed Apr 18 16:03:11 2018 us=146357   remote_float = ENABLED
Wed Apr 18 16:03:11 2018 us=146357   bind_defined = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   bind_local = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   bind_ipv6_only = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   connect_retry_seconds = 5
Wed Apr 18 16:03:11 2018 us=146357   connect_timeout = 120
Wed Apr 18 16:03:11 2018 us=146357   socks_proxy_server = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=146357   socks_proxy_port = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=146357   tun_mtu = 48000
Wed Apr 18 16:03:11 2018 us=146357   tun_mtu_defined = ENABLED
Wed Apr 18 16:03:11 2018 us=146357   link_mtu = 1500
Wed Apr 18 16:03:11 2018 us=146357   link_mtu_defined = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   tun_mtu_extra = 0
Wed Apr 18 16:03:11 2018 us=146357   tun_mtu_extra_defined = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   mtu_discover_type = -1
Wed Apr 18 16:03:11 2018 us=146357   fragment = 0
Wed Apr 18 16:03:11 2018 us=146357   mssfix = 0
Wed Apr 18 16:03:11 2018 us=146357   explicit_exit_notification = 0
Wed Apr 18 16:03:11 2018 us=146357 Connection profiles END
Wed Apr 18 16:03:11 2018 us=146357   remote_random = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   ipchange = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=146357   dev = 'tun'
Wed Apr 18 16:03:11 2018 us=146357   dev_type = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=146357   dev_node = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=146357   lladdr = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=146357   topology = 1
Wed Apr 18 16:03:11 2018 us=146357   ifconfig_local = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=146357   ifconfig_remote_netmask = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=146357   ifconfig_noexec = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   ifconfig_nowarn = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   ifconfig_ipv6_local = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=146357   ifconfig_ipv6_netbits = 0
Wed Apr 18 16:03:11 2018 us=146357   ifconfig_ipv6_remote = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=146357   shaper = 0
Wed Apr 18 16:03:11 2018 us=146357   mtu_test = 0
Wed Apr 18 16:03:11 2018 us=146357   mlock = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   keepalive_ping = 0
Wed Apr 18 16:03:11 2018 us=146357   keepalive_timeout = 0
Wed Apr 18 16:03:11 2018 us=146357   inactivity_timeout = 0
Wed Apr 18 16:03:11 2018 us=146357   ping_send_timeout = 0
Wed Apr 18 16:03:11 2018 us=146357   ping_rec_timeout = 0
Wed Apr 18 16:03:11 2018 us=146357   ping_rec_timeout_action = 0
Wed Apr 18 16:03:11 2018 us=146357   ping_timer_remote = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   remap_sigusr1 = 0
Wed Apr 18 16:03:11 2018 us=146357   persist_tun = ENABLED
Wed Apr 18 16:03:11 2018 us=146357   persist_local_ip = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   persist_remote_ip = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   persist_key = ENABLED
Wed Apr 18 16:03:11 2018 us=146357   passtos = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   resolve_retry_seconds = 1000000000
Wed Apr 18 16:03:11 2018 us=146357   resolve_in_advance = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   username = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=146357   groupname = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=146357   chroot_dir = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=146357   cd_dir = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=146357   writepid = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=146357   up_script = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=146357   down_script = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=146357   down_pre = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   up_restart = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   up_delay = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   daemon = DISABLED
Wed Apr 18 16:03:11 2018 us=146357   inetd = 0
Wed Apr 18 16:03:11 2018 us=146357   log = ENABLED
Wed Apr 18 16:03:11 2018 us=146357   suppress_timestamps = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   machine_readable_output = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   nice = 0
Wed Apr 18 16:03:11 2018 us=147357   verbosity = 5
Wed Apr 18 16:03:11 2018 us=147357   mute = 0
Wed Apr 18 16:03:11 2018 us=147357   gremlin = 0
Wed Apr 18 16:03:11 2018 us=147357   status_file = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   status_file_version = 1
Wed Apr 18 16:03:11 2018 us=147357   status_file_update_freq = 60
Wed Apr 18 16:03:11 2018 us=147357   occ = ENABLED
Wed Apr 18 16:03:11 2018 us=147357   rcvbuf = 0
Wed Apr 18 16:03:11 2018 us=147357   sndbuf = 0
Wed Apr 18 16:03:11 2018 us=147357   sockflags = 0
Wed Apr 18 16:03:11 2018 us=147357   fast_io = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   comp.alg = 2
Wed Apr 18 16:03:11 2018 us=147357   comp.flags = 1
Wed Apr 18 16:03:11 2018 us=147357   route_script = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   route_default_gateway = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   route_default_metric = 0
Wed Apr 18 16:03:11 2018 us=147357   route_noexec = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   route_delay = 5
Wed Apr 18 16:03:11 2018 us=147357   route_delay_window = 30
Wed Apr 18 16:03:11 2018 us=147357   route_delay_defined = ENABLED
Wed Apr 18 16:03:11 2018 us=147357   route_nopull = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   route_gateway_via_dhcp = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   allow_pull_fqdn = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   management_addr = '127.0.0.1'
Wed Apr 18 16:03:11 2018 us=147357   management_port = '25340'
Wed Apr 18 16:03:11 2018 us=147357   management_user_pass = 'stdin'
Wed Apr 18 16:03:11 2018 us=147357   management_log_history_cache = 250
Wed Apr 18 16:03:11 2018 us=147357   management_echo_buffer_size = 100
Wed Apr 18 16:03:11 2018 us=147357   management_write_peer_info_file = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   management_client_user = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   management_client_group = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   management_flags = 6
Wed Apr 18 16:03:11 2018 us=147357   shared_secret_file = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   key_direction = 1
Wed Apr 18 16:03:11 2018 us=147357   ciphername = 'AES-256-CBC'
Wed Apr 18 16:03:11 2018 us=147357   ncp_enabled = ENABLED
Wed Apr 18 16:03:11 2018 us=147357   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Wed Apr 18 16:03:11 2018 us=147357   authname = 'SHA512'
Wed Apr 18 16:03:11 2018 us=147357   prng_hash = 'SHA1'
Wed Apr 18 16:03:11 2018 us=147357   prng_nonce_secret_len = 16
Wed Apr 18 16:03:11 2018 us=147357   keysize = 0
Wed Apr 18 16:03:11 2018 us=147357   engine = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   replay = ENABLED
Wed Apr 18 16:03:11 2018 us=147357   mute_replay_warnings = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   replay_window = 64
Wed Apr 18 16:03:11 2018 us=147357   replay_time = 15
Wed Apr 18 16:03:11 2018 us=147357   packet_id_file = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   use_iv = ENABLED
Wed Apr 18 16:03:11 2018 us=147357   test_crypto = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   tls_server = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   tls_client = ENABLED
Wed Apr 18 16:03:11 2018 us=147357   key_method = 2
Wed Apr 18 16:03:11 2018 us=147357   ca_file = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   ca_path = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   dh_file = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   cert_file = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   extra_certs_file = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   priv_key_file = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   pkcs12_file = 'VPN-Client1.p12'
Wed Apr 18 16:03:11 2018 us=147357   cryptoapi_cert = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   cipher_list = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   tls_cert_profile = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   tls_verify = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   tls_export_cert = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   verify_x509_type = 0
Wed Apr 18 16:03:11 2018 us=147357   verify_x509_name = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   crl_file = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   ns_cert_type = 0
Wed Apr 18 16:03:11 2018 us=147357   remote_cert_ku[i] = 0
Wed Apr 18 16:03:11 2018 us=147357   remote_cert_ku[i] = 0
Wed Apr 18 16:03:11 2018 us=147357   remote_cert_ku[i] = 0
Wed Apr 18 16:03:11 2018 us=147357   remote_cert_ku[i] = 0
Wed Apr 18 16:03:11 2018 us=147357   remote_cert_ku[i] = 0
Wed Apr 18 16:03:11 2018 us=147357   remote_cert_ku[i] = 0
Wed Apr 18 16:03:11 2018 us=147357   remote_cert_ku[i] = 0
Wed Apr 18 16:03:11 2018 us=147357   remote_cert_ku[i] = 0
Wed Apr 18 16:03:11 2018 us=147357   remote_cert_ku[i] = 0
Wed Apr 18 16:03:11 2018 us=147357   remote_cert_ku[i] = 0
Wed Apr 18 16:03:11 2018 us=147357   remote_cert_ku[i] = 0
Wed Apr 18 16:03:11 2018 us=147357   remote_cert_ku[i] = 0
Wed Apr 18 16:03:11 2018 us=147357   remote_cert_ku[i] = 0
Wed Apr 18 16:03:11 2018 us=147357   remote_cert_ku[i] = 0
Wed Apr 18 16:03:11 2018 us=147357   remote_cert_ku[i] = 0
Wed Apr 18 16:03:11 2018 us=147357   remote_cert_ku[i] = 0
Wed Apr 18 16:03:11 2018 us=147357   remote_cert_eku = 'TLS Web Server Authentication'
Wed Apr 18 16:03:11 2018 us=147357   ssl_flags = 192
Wed Apr 18 16:03:11 2018 us=147357   tls_timeout = 2
Wed Apr 18 16:03:11 2018 us=147357   renegotiate_bytes = -1
Wed Apr 18 16:03:11 2018 us=147357   renegotiate_packets = 0
Wed Apr 18 16:03:11 2018 us=147357   renegotiate_seconds = 3600
Wed Apr 18 16:03:11 2018 us=147357   handshake_window = 60
Wed Apr 18 16:03:11 2018 us=147357   transition_window = 3600
Wed Apr 18 16:03:11 2018 us=147357   single_session = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   push_peer_info = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   tls_exit = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   tls_auth_file = '[[INLINE]]'
Wed Apr 18 16:03:11 2018 us=147357   tls_crypt_file = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_protected_authentication = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_protected_authentication = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_protected_authentication = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_protected_authentication = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_protected_authentication = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_protected_authentication = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_protected_authentication = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_protected_authentication = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_protected_authentication = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_protected_authentication = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_protected_authentication = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_protected_authentication = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_protected_authentication = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_protected_authentication = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_protected_authentication = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_protected_authentication = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_private_mode = 00000000
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_private_mode = 00000000
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_private_mode = 00000000
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_private_mode = 00000000
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_private_mode = 00000000
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_private_mode = 00000000
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_private_mode = 00000000
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_private_mode = 00000000
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_private_mode = 00000000
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_private_mode = 00000000
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_private_mode = 00000000
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_private_mode = 00000000
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_private_mode = 00000000
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_private_mode = 00000000
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_private_mode = 00000000
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_private_mode = 00000000
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_cert_private = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_cert_private = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_cert_private = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_cert_private = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_cert_private = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_cert_private = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_cert_private = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_cert_private = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_cert_private = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_cert_private = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_cert_private = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_cert_private = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_cert_private = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_cert_private = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_cert_private = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_cert_private = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_pin_cache_period = -1
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_id = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   pkcs11_id_management = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   server_network = 0.0.0.0
Wed Apr 18 16:03:11 2018 us=147357   server_netmask = 0.0.0.0
Wed Apr 18 16:03:11 2018 us=147357   server_network_ipv6 = ::
Wed Apr 18 16:03:11 2018 us=147357   server_netbits_ipv6 = 0
Wed Apr 18 16:03:11 2018 us=147357   server_bridge_ip = 0.0.0.0
Wed Apr 18 16:03:11 2018 us=147357   server_bridge_netmask = 0.0.0.0
Wed Apr 18 16:03:11 2018 us=147357   server_bridge_pool_start = 0.0.0.0
Wed Apr 18 16:03:11 2018 us=147357   server_bridge_pool_end = 0.0.0.0
Wed Apr 18 16:03:11 2018 us=147357   ifconfig_pool_defined = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   ifconfig_pool_start = 0.0.0.0
Wed Apr 18 16:03:11 2018 us=147357   ifconfig_pool_end = 0.0.0.0
Wed Apr 18 16:03:11 2018 us=147357   ifconfig_pool_netmask = 0.0.0.0
Wed Apr 18 16:03:11 2018 us=147357   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   ifconfig_pool_persist_refresh_freq = 600
Wed Apr 18 16:03:11 2018 us=147357   ifconfig_ipv6_pool_defined = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   ifconfig_ipv6_pool_base = ::
Wed Apr 18 16:03:11 2018 us=147357   ifconfig_ipv6_pool_netbits = 0
Wed Apr 18 16:03:11 2018 us=147357   n_bcast_buf = 256
Wed Apr 18 16:03:11 2018 us=147357   tcp_queue_limit = 64
Wed Apr 18 16:03:11 2018 us=147357   real_hash_size = 256
Wed Apr 18 16:03:11 2018 us=147357   virtual_hash_size = 256
Wed Apr 18 16:03:11 2018 us=147357   client_connect_script = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   learn_address_script = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   client_disconnect_script = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   client_config_dir = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=147357   ccd_exclusive = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   tmp_dir = 'C:\Users\massi\AppData\Local\Temp\'
Wed Apr 18 16:03:11 2018 us=147357   push_ifconfig_defined = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   push_ifconfig_local = 0.0.0.0
Wed Apr 18 16:03:11 2018 us=147357   push_ifconfig_remote_netmask = 0.0.0.0
Wed Apr 18 16:03:11 2018 us=147357   push_ifconfig_ipv6_defined = DISABLED
Wed Apr 18 16:03:11 2018 us=147357   push_ifconfig_ipv6_local = ::/0
Wed Apr 18 16:03:11 2018 us=148356   push_ifconfig_ipv6_remote = ::
Wed Apr 18 16:03:11 2018 us=148356   enable_c2c = DISABLED
Wed Apr 18 16:03:11 2018 us=148356   duplicate_cn = DISABLED
Wed Apr 18 16:03:11 2018 us=148356   cf_max = 0
Wed Apr 18 16:03:11 2018 us=148356   cf_per = 0
Wed Apr 18 16:03:11 2018 us=148356   max_clients = 1024
Wed Apr 18 16:03:11 2018 us=148356   max_routes_per_client = 256
Wed Apr 18 16:03:11 2018 us=148356   auth_user_pass_verify_script = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=148356   auth_user_pass_verify_script_via_file = DISABLED
Wed Apr 18 16:03:11 2018 us=148356   auth_token_generate = DISABLED
Wed Apr 18 16:03:11 2018 us=148356   auth_token_lifetime = 0
Wed Apr 18 16:03:11 2018 us=148356   client = ENABLED
Wed Apr 18 16:03:11 2018 us=148356   pull = ENABLED
Wed Apr 18 16:03:11 2018 us=148356   auth_user_pass_file = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=148356   show_net_up = DISABLED
Wed Apr 18 16:03:11 2018 us=148356   route_method = 3
Wed Apr 18 16:03:11 2018 us=148356   block_outside_dns = DISABLED
Wed Apr 18 16:03:11 2018 us=148356   ip_win32_defined = DISABLED
Wed Apr 18 16:03:11 2018 us=148356   ip_win32_type = 3
Wed Apr 18 16:03:11 2018 us=148356   dhcp_masq_offset = 0
Wed Apr 18 16:03:11 2018 us=148356   dhcp_lease_time = 31536000
Wed Apr 18 16:03:11 2018 us=148356   tap_sleep = 0
Wed Apr 18 16:03:11 2018 us=148356   dhcp_options = DISABLED
Wed Apr 18 16:03:11 2018 us=148356   dhcp_renew = DISABLED
Wed Apr 18 16:03:11 2018 us=148356   dhcp_pre_release = DISABLED
Wed Apr 18 16:03:11 2018 us=148356   domain = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=148356   netbios_scope = '[UNDEF]'
Wed Apr 18 16:03:11 2018 us=148356   netbios_node_type = 0
Wed Apr 18 16:03:11 2018 us=148356   disable_nbt = DISABLED
Wed Apr 18 16:03:11 2018 us=148356 OpenVPN 2.4.5 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar  1 2018
Wed Apr 18 16:03:11 2018 us=148356 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Apr 18 16:03:11 2018 us=148356 library versions: OpenSSL 1.1.0f  25 May 2017, LZO 2.10
Enter Management Password:
Wed Apr 18 16:03:11 2018 us=148356 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Apr 18 16:03:11 2018 us=148356 Need hold release from management interface, waiting...
Wed Apr 18 16:03:11 2018 us=609817 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Apr 18 16:03:11 2018 us=710779 MANAGEMENT: CMD 'state on'
Wed Apr 18 16:03:11 2018 us=710779 MANAGEMENT: CMD 'log all on'
Wed Apr 18 16:03:11 2018 us=822743 MANAGEMENT: CMD 'echo all on'
Wed Apr 18 16:03:11 2018 us=823743 MANAGEMENT: CMD 'bytecount 5'
Wed Apr 18 16:03:11 2018 us=825742 MANAGEMENT: CMD 'hold off'
Wed Apr 18 16:03:11 2018 us=826742 MANAGEMENT: CMD 'hold release'
Wed Apr 18 16:03:18 2018 us=629496 MANAGEMENT: CMD 'password [...]'
Wed Apr 18 16:03:18 2018 us=632469 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Apr 18 16:03:18 2018 us=632469 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Apr 18 16:03:18 2018 us=632469 LZO compression initializing
Wed Apr 18 16:03:18 2018 us=632469 Control Channel MTU parms [ L:48122 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Wed Apr 18 16:03:18 2018 us=632469 MANAGEMENT: >STATE:1524060198,RESOLVE,,,,,,
Wed Apr 18 16:03:18 2018 us=635468 Data Channel MTU parms [ L:48122 D:48122 EF:122 EB:8156 ET:0 EL:3 ]
Wed Apr 18 16:03:18 2018 us=636468 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 48102,tun-mtu 48000,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Wed Apr 18 16:03:18 2018 us=636468 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 48102,tun-mtu 48000,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Wed Apr 18 16:03:18 2018 us=636468 TCP/UDP: Preserving recently used remote address: [AF_INET]92.82.232.44:5000
Wed Apr 18 16:03:18 2018 us=636468 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Apr 18 16:03:18 2018 us=636468 UDP link local: (not bound)
Wed Apr 18 16:03:18 2018 us=636468 UDP link remote: [AF_INET]92.82.232.44:5000
Wed Apr 18 16:03:18 2018 us=636468 MANAGEMENT: >STATE:1524060198,WAIT,,,,,,
Wed Apr 18 16:03:18 2018 us=680466 MANAGEMENT: >STATE:1524060198,AUTH,,,,,,
Wed Apr 18 16:03:18 2018 us=680466 TLS: Initial packet from [AF_INET]92.82.232.44:5000, sid=73b1a8fc 84548822
Wed Apr 18 16:03:18 2018 us=799018 VERIFY OK: depth=2, C=xx, ST=State, L=Locality, O=Sophos UTM, OU=LAN
Wed Apr 18 16:03:18 2018 us=800018 VERIFY OK: depth=1, C=xx, ST=State, L=Locality, O=Sophos UTM, OU=LAN
Wed Apr 18 16:03:18 2018 us=800018 VERIFY ERROR: could not extract CN from X509 subject string ('C=xx, ST=State, L=Locality, O=Sophos UTM, OU=LAN') -- note that the username length is limited to 64 characters
Wed Apr 18 16:03:18 2018 us=800018 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Wed Apr 18 16:03:18 2018 us=800018 TLS_ERROR: BIO read tls_read_plaintext error
Wed Apr 18 16:03:18 2018 us=800018 TLS Error: TLS object -> incoming plaintext read error
Wed Apr 18 16:03:18 2018 us=800018 TLS Error: TLS handshake failed
Wed Apr 18 16:03:18 2018 us=801018 TCP/UDP: Closing socket
Wed Apr 18 16:03:18 2018 us=801018 SIGUSR1[soft,tls-error] received, process restarting
Wed Apr 18 16:03:18 2018 us=801018 MANAGEMENT: >STATE:1524060198,RECONNECTING,tls-error,,,,,
Wed Apr 18 16:03:18 2018 us=801018 Restart pause, 5 second(s)
Wed Apr 18 16:03:21 2018 us=802662 SIGTERM[hard,init_instance] received, process exiting
Wed Apr 18 16:03:21 2018 us=802662 MANAGEMENT: >STATE:1524060201,EXITING,init_instance,,,,,
WRWWRWRWRWRWR

Server log:

Wed Apr 18 14:03:08 2018 us=186497 OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Apr 18 14:03:08 2018 us=186566 library versions: OpenSSL 1.0.2n  7 Dec 2017, LZO 2.10
Wed Apr 18 14:03:08 2018 us=187251 Diffie-Hellman initialized with 2048 bit key
Wed Apr 18 14:03:08 2018 us=187363 No valid translation found for TLS cipher '!aNULL'
Wed Apr 18 14:03:08 2018 us=187415 No valid translation found for TLS cipher '!eNULL'
Wed Apr 18 14:03:08 2018 us=187479 No valid translation found for TLS cipher '!3DES'
Wed Apr 18 14:03:08 2018 us=187525 No valid translation found for TLS cipher '!MD5'
Wed Apr 18 14:03:08 2018 us=187571 No valid translation found for TLS cipher '!SHA'
Wed Apr 18 14:03:08 2018 us=187634 No valid translation found for TLS cipher '!PSK'
Wed Apr 18 14:03:08 2018 us=187697 No valid translation found for TLS cipher '!DSS'
Wed Apr 18 14:03:08 2018 us=187743 No valid translation found for TLS cipher '!RC4'
Wed Apr 18 14:03:08 2018 us=198668 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Apr 18 14:03:08 2018 us=198738 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Apr 18 14:03:08 2018 us=198784 TLS-Auth MTU parms [ L:48121 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Wed Apr 18 14:03:08 2018 us=199798 TUN/TAP device tun0 opened
Wed Apr 18 14:03:08 2018 us=200095 TUN/TAP TX queue length set to 100
Wed Apr 18 14:03:08 2018 us=200160 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Apr 18 14:03:08 2018 us=200228 /sbin/ifconfig tun0 10.1.0.1 netmask 255.255.255.240 mtu 48000 broadcast 10.1.0.15
Wed Apr 18 14:03:08 2018 us=205038 Data Channel MTU parms [ L:48121 D:48121 EF:121 EB:8156 ET:0 EL:3 ]
Wed Apr 18 14:03:08 2018 us=205156 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Apr 18 14:03:08 2018 us=205206 Socket Buffers: R=[163840->327680] S=[163840->327680]
Wed Apr 18 14:03:08 2018 us=205254 UDPv4 link local (bound): [AF_INET][undef]:5000
Wed Apr 18 14:03:08 2018 us=205287 UDPv4 link remote: [AF_UNSPEC]
Wed Apr 18 14:03:08 2018 us=205324 GID set to nogroup
Wed Apr 18 14:03:08 2018 us=205361 UID set to nobody
Wed Apr 18 14:03:08 2018 us=205397 MULTI: multi_init called, r=256 v=256
Wed Apr 18 14:03:08 2018 us=205452 IFCONFIG POOL: base=10.1.0.2 size=12, ipv6=0
Wed Apr 18 14:03:08 2018 us=206030 Initialization Sequence Completed
Wed Apr 18 14:03:18 2018 us=703696 MULTI: multi_create_instance called
Wed Apr 18 14:03:18 2018 us=703842 80.116.104.14:55052 Re-using SSL/TLS context
Wed Apr 18 14:03:18 2018 us=705463 80.116.104.14:55052 Control Channel MTU parms [ L:48121 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Wed Apr 18 14:03:18 2018 us=705524 80.116.104.14:55052 Data Channel MTU parms [ L:48121 D:48121 EF:121 EB:8156 ET:0 EL:3 ]
Wed Apr 18 14:03:18 2018 us=705616 80.116.104.14:55052 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 48101,tun-mtu 48000,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Wed Apr 18 14:03:18 2018 us=705654 80.116.104.14:55052 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 48101,tun-mtu 48000,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
RWed Apr 18 14:03:18 2018 us=705735 80.116.104.14:55052 TLS: Initial packet from [AF_INET]80.116.104.14:55052, sid=a960c1a2 dc6b1d48
WRRWWWWRWRRRWWWWWed Apr 18 14:04:19 2018 us=25266 80.116.104.14:55052 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Apr 18 14:04:19 2018 us=25341 80.116.104.14:55052 TLS Error: TLS handshake failed
Wed Apr 18 14:04:19 2018 us=26240 80.116.104.14:55052 SIGUSR1[soft,tls-error] received, client-instance restarting

The settings of server and client are the same of the guide except the dns of the server in the client config.

16

You didn't correctly issue your certs... Use the simpler server setup wiki to generate a new CA and certs, then replace all your current ones with those

1 Like
17

Thanks.
I added -sha512 because i've read that sha512 is more efficient on x64 enviroment and i've used PKCS12 but without pem files. Is that a good idea?
Before i gave the same certificate to all client so the server didn't recognize each client as different client and gave to all the same ip. Now it gives different ip to each other and the connection between my remote and my openvpn server it's working but not from my server and my openvpn server.
Also it dosen't work with comp-lzo enabled on the client side even if it's enabled on the server.
If i start the openvpn client on my server i will lose connection and it will start to be unstable even after i stop the openvpn on my router, to restore i need to reboot the server.

Client log (server same network as openvpn server)

hu Apr 19 13:50:24 2018 us=517604 WARNING: file '/etc/openvpn/client/my-client2.p12' is group or others access                            ible
Thu Apr 19 13:50:24 2018 us=517652 Current Parameter Settings:
Thu Apr 19 13:50:24 2018 us=517660   config = '/etc/openvpn/client/client.conf'
Thu Apr 19 13:50:24 2018 us=517667   mode = 0
Thu Apr 19 13:50:24 2018 us=517672   persist_config = DISABLED
Thu Apr 19 13:50:24 2018 us=517683   persist_mode = 1
Thu Apr 19 13:50:24 2018 us=517694   show_ciphers = DISABLED
Thu Apr 19 13:50:24 2018 us=517705   show_digests = DISABLED
Thu Apr 19 13:50:24 2018 us=517715   show_engines = DISABLED
Thu Apr 19 13:50:24 2018 us=517725   genkey = DISABLED
Thu Apr 19 13:50:24 2018 us=517735   key_pass_file = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=517744   show_tls_ciphers = DISABLED
Thu Apr 19 13:50:24 2018 us=517754   connect_retry_max = 0
Thu Apr 19 13:50:24 2018 us=517763 Connection profiles [0]:
Thu Apr 19 13:50:24 2018 us=517773   proto = udp
Thu Apr 19 13:50:24 2018 us=517782   local = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=517790   local_port = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=517807   remote = '192.168.1.1'
Thu Apr 19 13:50:24 2018 us=517817   remote_port = '5000'
Thu Apr 19 13:50:24 2018 us=517826   remote_float = ENABLED
Thu Apr 19 13:50:24 2018 us=517834   bind_defined = DISABLED
Thu Apr 19 13:50:24 2018 us=517843   bind_local = DISABLED
Thu Apr 19 13:50:24 2018 us=517858   bind_ipv6_only = DISABLED
Thu Apr 19 13:50:24 2018 us=517868   connect_retry_seconds = 5
Thu Apr 19 13:50:24 2018 us=517877   connect_timeout = 120
Thu Apr 19 13:50:24 2018 us=517886   socks_proxy_server = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=517895   socks_proxy_port = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=517909   tun_mtu = 48000
Thu Apr 19 13:50:24 2018 us=517917   tun_mtu_defined = ENABLED
Thu Apr 19 13:50:24 2018 us=517926   link_mtu = 1500
Thu Apr 19 13:50:24 2018 us=517935   link_mtu_defined = DISABLED
Thu Apr 19 13:50:24 2018 us=517944   tun_mtu_extra = 0
Thu Apr 19 13:50:24 2018 us=517952   tun_mtu_extra_defined = DISABLED
Thu Apr 19 13:50:24 2018 us=517966   mtu_discover_type = -1
Thu Apr 19 13:50:24 2018 us=517975   fragment = 0
Thu Apr 19 13:50:24 2018 us=517984   mssfix = 0
Thu Apr 19 13:50:24 2018 us=517993   explicit_exit_notification = 0
Thu Apr 19 13:50:24 2018 us=518002 Connection profiles END
Thu Apr 19 13:50:24 2018 us=518017   remote_random = DISABLED
Thu Apr 19 13:50:24 2018 us=518026   ipchange = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518034   dev = 'tun'
Thu Apr 19 13:50:24 2018 us=518043   dev_type = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518052   dev_node = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518061   lladdr = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518074   topology = 1
Thu Apr 19 13:50:24 2018 us=518084   ifconfig_local = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518092   ifconfig_remote_netmask = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518101   ifconfig_noexec = DISABLED
Thu Apr 19 13:50:24 2018 us=518110   ifconfig_nowarn = DISABLED
Thu Apr 19 13:50:24 2018 us=518124   ifconfig_ipv6_local = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518133   ifconfig_ipv6_netbits = 0
Thu Apr 19 13:50:24 2018 us=518142   ifconfig_ipv6_remote = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518151   shaper = 0
Thu Apr 19 13:50:24 2018 us=518160   mtu_test = 0
Thu Apr 19 13:50:24 2018 us=518169   mlock = DISABLED
Thu Apr 19 13:50:24 2018 us=518177   keepalive_ping = 0
Thu Apr 19 13:50:24 2018 us=518186   keepalive_timeout = 0
Thu Apr 19 13:50:24 2018 us=518195   inactivity_timeout = 0
Thu Apr 19 13:50:24 2018 us=518204   ping_send_timeout = 0
Thu Apr 19 13:50:24 2018 us=518213   ping_rec_timeout = 0
Thu Apr 19 13:50:24 2018 us=518221   ping_rec_timeout_action = 0
Thu Apr 19 13:50:24 2018 us=518230   ping_timer_remote = DISABLED
Thu Apr 19 13:50:24 2018 us=518239   remap_sigusr1 = 0
Thu Apr 19 13:50:24 2018 us=518248   persist_tun = ENABLED
Thu Apr 19 13:50:24 2018 us=518256   persist_local_ip = DISABLED
Thu Apr 19 13:50:24 2018 us=518265   persist_remote_ip = DISABLED
Thu Apr 19 13:50:24 2018 us=518274   persist_key = ENABLED
Thu Apr 19 13:50:24 2018 us=518282   passtos = DISABLED
Thu Apr 19 13:50:24 2018 us=518291   resolve_retry_seconds = 1000000000
Thu Apr 19 13:50:24 2018 us=518300   resolve_in_advance = DISABLED
Thu Apr 19 13:50:24 2018 us=518309   username = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518318   groupname = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518327   chroot_dir = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518335   cd_dir = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518344   writepid = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518353   up_script = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518362   down_script = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518370   down_pre = DISABLED
Thu Apr 19 13:50:24 2018 us=518379   up_restart = DISABLED
Thu Apr 19 13:50:24 2018 us=518388   up_delay = DISABLED
Thu Apr 19 13:50:24 2018 us=518396   daemon = DISABLED
Thu Apr 19 13:50:24 2018 us=518405   inetd = 0
Thu Apr 19 13:50:24 2018 us=518414   log = DISABLED
Thu Apr 19 13:50:24 2018 us=518423   suppress_timestamps = DISABLED
Thu Apr 19 13:50:24 2018 us=518431   machine_readable_output = DISABLED
Thu Apr 19 13:50:24 2018 us=518440   nice = 0
Thu Apr 19 13:50:24 2018 us=518449   verbosity = 5
Thu Apr 19 13:50:24 2018 us=518458   mute = 0
Thu Apr 19 13:50:24 2018 us=518466   gremlin = 0
Thu Apr 19 13:50:24 2018 us=518475   status_file = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518484   status_file_version = 1
Thu Apr 19 13:50:24 2018 us=518493   status_file_update_freq = 60
Thu Apr 19 13:50:24 2018 us=518501   occ = ENABLED
Thu Apr 19 13:50:24 2018 us=518510   rcvbuf = 0
Thu Apr 19 13:50:24 2018 us=518519   sndbuf = 0
Thu Apr 19 13:50:24 2018 us=518527   mark = 0
Thu Apr 19 13:50:24 2018 us=518536   sockflags = 0
Thu Apr 19 13:50:24 2018 us=518545   fast_io = DISABLED
Thu Apr 19 13:50:24 2018 us=518553   comp.alg = 0
Thu Apr 19 13:50:24 2018 us=518562   comp.flags = 0
Thu Apr 19 13:50:24 2018 us=518571   route_script = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518580   route_default_gateway = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518589   route_default_metric = 0
Thu Apr 19 13:50:24 2018 us=518597   route_noexec = DISABLED
Thu Apr 19 13:50:24 2018 us=518606   route_delay = 0
Thu Apr 19 13:50:24 2018 us=518615   route_delay_window = 30
Thu Apr 19 13:50:24 2018 us=518624   route_delay_defined = DISABLED
Thu Apr 19 13:50:24 2018 us=518633   route_nopull = DISABLED
Thu Apr 19 13:50:24 2018 us=518641   route_gateway_via_dhcp = DISABLED
Thu Apr 19 13:50:24 2018 us=518651   allow_pull_fqdn = DISABLED
Thu Apr 19 13:50:24 2018 us=518660   management_addr = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518669   management_port = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518677   management_user_pass = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518686   management_log_history_cache = 250
Thu Apr 19 13:50:24 2018 us=518695   management_echo_buffer_size = 100
Thu Apr 19 13:50:24 2018 us=518704   management_write_peer_info_file = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518713   management_client_user = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518722   management_client_group = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518731   management_flags = 0
Thu Apr 19 13:50:24 2018 us=518740   shared_secret_file = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518749   key_direction = 1
Thu Apr 19 13:50:24 2018 us=518758   ciphername = 'AES-256-CBC'
Thu Apr 19 13:50:24 2018 us=518767   ncp_enabled = ENABLED
Thu Apr 19 13:50:24 2018 us=518776   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Thu Apr 19 13:50:24 2018 us=518784   authname = 'SHA512'
Thu Apr 19 13:50:24 2018 us=518793   prng_hash = 'SHA1'
Thu Apr 19 13:50:24 2018 us=518803   prng_nonce_secret_len = 16
Thu Apr 19 13:50:24 2018 us=518812   keysize = 0
Thu Apr 19 13:50:24 2018 us=518821   engine = DISABLED
Thu Apr 19 13:50:24 2018 us=518830   replay = ENABLED
Thu Apr 19 13:50:24 2018 us=518839   mute_replay_warnings = DISABLED
Thu Apr 19 13:50:24 2018 us=518848   replay_window = 64
Thu Apr 19 13:50:24 2018 us=518856   replay_time = 15
Thu Apr 19 13:50:24 2018 us=518865   packet_id_file = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518874   use_iv = ENABLED
Thu Apr 19 13:50:24 2018 us=518883   test_crypto = DISABLED
Thu Apr 19 13:50:24 2018 us=518892   tls_server = DISABLED
Thu Apr 19 13:50:24 2018 us=518901   tls_client = ENABLED
Thu Apr 19 13:50:24 2018 us=518909   key_method = 2
Thu Apr 19 13:50:24 2018 us=518918   ca_file = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518927   ca_path = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518936   dh_file = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518945   cert_file = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518954   extra_certs_file = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518963   priv_key_file = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518972   pkcs12_file = '/etc/openvpn/client/my-client2.p12'
Thu Apr 19 13:50:24 2018 us=518981   cipher_list = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518990   tls_cert_profile = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=518999   tls_verify = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=519008   tls_export_cert = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=519017   verify_x509_type = 0
Thu Apr 19 13:50:24 2018 us=519025   verify_x509_name = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=519034   crl_file = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=519043   ns_cert_type = 0
Thu Apr 19 13:50:24 2018 us=519052   remote_cert_ku[i] = 0
Thu Apr 19 13:50:24 2018 us=519061   remote_cert_ku[i] = 0
Thu Apr 19 13:50:24 2018 us=519069   remote_cert_ku[i] = 0
Thu Apr 19 13:50:24 2018 us=519078   remote_cert_ku[i] = 0
Thu Apr 19 13:50:24 2018 us=519087   remote_cert_ku[i] = 0
Thu Apr 19 13:50:24 2018 us=519096   remote_cert_ku[i] = 0
Thu Apr 19 13:50:24 2018 us=519104   remote_cert_ku[i] = 0
Thu Apr 19 13:50:24 2018 us=519113   remote_cert_ku[i] = 0
Thu Apr 19 13:50:24 2018 us=519122   remote_cert_ku[i] = 0
Thu Apr 19 13:50:24 2018 us=519130   remote_cert_ku[i] = 0
Thu Apr 19 13:50:24 2018 us=519140   remote_cert_ku[i] = 0
Thu Apr 19 13:50:24 2018 us=519148   remote_cert_ku[i] = 0
Thu Apr 19 13:50:24 2018 us=519157   remote_cert_ku[i] = 0
Thu Apr 19 13:50:24 2018 us=519166   remote_cert_ku[i] = 0
Thu Apr 19 13:50:24 2018 us=519174   remote_cert_ku[i] = 0
Thu Apr 19 13:50:24 2018 us=519183   remote_cert_ku[i] = 0
Thu Apr 19 13:50:24 2018 us=519192   remote_cert_eku = 'TLS Web Server Authentication'
Thu Apr 19 13:50:24 2018 us=519201   ssl_flags = 192
Thu Apr 19 13:50:24 2018 us=519210   tls_timeout = 2
Thu Apr 19 13:50:24 2018 us=519219   renegotiate_bytes = -1
Thu Apr 19 13:50:24 2018 us=519228   renegotiate_packets = 0
Thu Apr 19 13:50:24 2018 us=519236   renegotiate_seconds = 3600
Thu Apr 19 13:50:24 2018 us=519245   handshake_window = 60
Thu Apr 19 13:50:24 2018 us=519254   transition_window = 3600
Thu Apr 19 13:50:24 2018 us=519263   single_session = DISABLED
Thu Apr 19 13:50:24 2018 us=519272   push_peer_info = DISABLED
Thu Apr 19 13:50:24 2018 us=519281   tls_exit = DISABLED
Thu Apr 19 13:50:24 2018 us=519289   tls_auth_file = '[[INLINE]]'
Thu Apr 19 13:50:24 2018 us=519298   tls_crypt_file = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=519307   pkcs11_protected_authentication = DISABLED
Thu Apr 19 13:50:24 2018 us=519316   pkcs11_protected_authentication = DISABLED
Thu Apr 19 13:50:24 2018 us=519325   pkcs11_protected_authentication = DISABLED
Thu Apr 19 13:50:24 2018 us=519333   pkcs11_protected_authentication = DISABLED
Thu Apr 19 13:50:24 2018 us=519342   pkcs11_protected_authentication = DISABLED
Thu Apr 19 13:50:24 2018 us=519352   pkcs11_protected_authentication = DISABLED
Thu Apr 19 13:50:24 2018 us=519361   pkcs11_protected_authentication = DISABLED
Thu Apr 19 13:50:24 2018 us=519370   pkcs11_protected_authentication = DISABLED
Thu Apr 19 13:50:24 2018 us=519378   pkcs11_protected_authentication = DISABLED
Thu Apr 19 13:50:24 2018 us=519387   pkcs11_protected_authentication = DISABLED
Thu Apr 19 13:50:24 2018 us=519396   pkcs11_protected_authentication = DISABLED
Thu Apr 19 13:50:24 2018 us=519405   pkcs11_protected_authentication = DISABLED
Thu Apr 19 13:50:24 2018 us=519414   pkcs11_protected_authentication = DISABLED
Thu Apr 19 13:50:24 2018 us=519423   pkcs11_protected_authentication = DISABLED
Thu Apr 19 13:50:24 2018 us=519431   pkcs11_protected_authentication = DISABLED
Thu Apr 19 13:50:24 2018 us=519440   pkcs11_protected_authentication = DISABLED
Thu Apr 19 13:50:24 2018 us=519450   pkcs11_private_mode = 00000000
Thu Apr 19 13:50:24 2018 us=519459   pkcs11_private_mode = 00000000
Thu Apr 19 13:50:24 2018 us=519468   pkcs11_private_mode = 00000000
Thu Apr 19 13:50:24 2018 us=519477   pkcs11_private_mode = 00000000
Thu Apr 19 13:50:24 2018 us=519485   pkcs11_private_mode = 00000000
Thu Apr 19 13:50:24 2018 us=519494   pkcs11_private_mode = 00000000
Thu Apr 19 13:50:24 2018 us=519503   pkcs11_private_mode = 00000000
Thu Apr 19 13:50:24 2018 us=519512   pkcs11_private_mode = 00000000
Thu Apr 19 13:50:24 2018 us=519520   pkcs11_private_mode = 00000000
Thu Apr 19 13:50:24 2018 us=519529   pkcs11_private_mode = 00000000
Thu Apr 19 13:50:24 2018 us=519538   pkcs11_private_mode = 00000000
Thu Apr 19 13:50:24 2018 us=519547   pkcs11_private_mode = 00000000
Thu Apr 19 13:50:24 2018 us=519556   pkcs11_private_mode = 00000000
Thu Apr 19 13:50:24 2018 us=519565   pkcs11_private_mode = 00000000
Thu Apr 19 13:50:24 2018 us=519573   pkcs11_private_mode = 00000000
Thu Apr 19 13:50:24 2018 us=519582   pkcs11_private_mode = 00000000
Thu Apr 19 13:50:24 2018 us=519591   pkcs11_cert_private = DISABLED
Thu Apr 19 13:50:24 2018 us=519600   pkcs11_cert_private = DISABLED
Thu Apr 19 13:50:24 2018 us=519608   pkcs11_cert_private = DISABLED
Thu Apr 19 13:50:24 2018 us=519617   pkcs11_cert_private = DISABLED
Thu Apr 19 13:50:24 2018 us=519626   pkcs11_cert_private = DISABLED
Thu Apr 19 13:50:24 2018 us=519635   pkcs11_cert_private = DISABLED
Thu Apr 19 13:50:24 2018 us=519643   pkcs11_cert_private = DISABLED
Thu Apr 19 13:50:24 2018 us=519652   pkcs11_cert_private = DISABLED
Thu Apr 19 13:50:24 2018 us=519661   pkcs11_cert_private = DISABLED
Thu Apr 19 13:50:24 2018 us=519670   pkcs11_cert_private = DISABLED
Thu Apr 19 13:50:24 2018 us=519678   pkcs11_cert_private = DISABLED
Thu Apr 19 13:50:24 2018 us=519687   pkcs11_cert_private = DISABLED
Thu Apr 19 13:50:24 2018 us=519696   pkcs11_cert_private = DISABLED
Thu Apr 19 13:50:24 2018 us=519704   pkcs11_cert_private = DISABLED
Thu Apr 19 13:50:24 2018 us=519713   pkcs11_cert_private = DISABLED
Thu Apr 19 13:50:24 2018 us=519722   pkcs11_cert_private = DISABLED
Thu Apr 19 13:50:24 2018 us=519731   pkcs11_pin_cache_period = -1
Thu Apr 19 13:50:24 2018 us=519740   pkcs11_id = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=519749   pkcs11_id_management = DISABLED
Thu Apr 19 13:50:24 2018 us=519760   server_network = 0.0.0.0
Thu Apr 19 13:50:24 2018 us=519769   server_netmask = 0.0.0.0
Thu Apr 19 13:50:24 2018 us=519783   server_network_ipv6 = ::
Thu Apr 19 13:50:24 2018 us=519792   server_netbits_ipv6 = 0
Thu Apr 19 13:50:24 2018 us=519802   server_bridge_ip = 0.0.0.0
Thu Apr 19 13:50:24 2018 us=519811   server_bridge_netmask = 0.0.0.0
Thu Apr 19 13:50:24 2018 us=519821   server_bridge_pool_start = 0.0.0.0
Thu Apr 19 13:50:24 2018 us=519831   server_bridge_pool_end = 0.0.0.0
Thu Apr 19 13:50:24 2018 us=519839   ifconfig_pool_defined = DISABLED
Thu Apr 19 13:50:24 2018 us=519849   ifconfig_pool_start = 0.0.0.0
Thu Apr 19 13:50:24 2018 us=519859   ifconfig_pool_end = 0.0.0.0
Thu Apr 19 13:50:24 2018 us=519868   ifconfig_pool_netmask = 0.0.0.0
Thu Apr 19 13:50:24 2018 us=519877   ifconfig_pool_persist_filename = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=519886   ifconfig_pool_persist_refresh_freq = 600
Thu Apr 19 13:50:24 2018 us=519895   ifconfig_ipv6_pool_defined = DISABLED
Thu Apr 19 13:50:24 2018 us=519905   ifconfig_ipv6_pool_base = ::
Thu Apr 19 13:50:24 2018 us=519914   ifconfig_ipv6_pool_netbits = 0
Thu Apr 19 13:50:24 2018 us=519923   n_bcast_buf = 256
Thu Apr 19 13:50:24 2018 us=519932   tcp_queue_limit = 64
Thu Apr 19 13:50:24 2018 us=519941   real_hash_size = 256
Thu Apr 19 13:50:24 2018 us=519950   virtual_hash_size = 256
Thu Apr 19 13:50:24 2018 us=519959   client_connect_script = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=519968   learn_address_script = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=519991   client_disconnect_script = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=520003   client_config_dir = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=520012   ccd_exclusive = DISABLED
Thu Apr 19 13:50:24 2018 us=520021   tmp_dir = '/tmp'
Thu Apr 19 13:50:24 2018 us=520030   push_ifconfig_defined = DISABLED
Thu Apr 19 13:50:24 2018 us=520040   push_ifconfig_local = 0.0.0.0
Thu Apr 19 13:50:24 2018 us=520050   push_ifconfig_remote_netmask = 0.0.0.0
Thu Apr 19 13:50:24 2018 us=520059   push_ifconfig_ipv6_defined = DISABLED
Thu Apr 19 13:50:24 2018 us=520068   push_ifconfig_ipv6_local = ::/0
Thu Apr 19 13:50:24 2018 us=520078   push_ifconfig_ipv6_remote = ::
Thu Apr 19 13:50:24 2018 us=520086   enable_c2c = DISABLED
Thu Apr 19 13:50:24 2018 us=520095   duplicate_cn = DISABLED
Thu Apr 19 13:50:24 2018 us=520104   cf_max = 0
Thu Apr 19 13:50:24 2018 us=520113   cf_per = 0
Thu Apr 19 13:50:24 2018 us=520122   max_clients = 1024
Thu Apr 19 13:50:24 2018 us=520131   max_routes_per_client = 256
Thu Apr 19 13:50:24 2018 us=520140   auth_user_pass_verify_script = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=520149   auth_user_pass_verify_script_via_file = DISABLED
Thu Apr 19 13:50:24 2018 us=520158   auth_token_generate = DISABLED
Thu Apr 19 13:50:24 2018 us=520167   auth_token_lifetime = 0
Thu Apr 19 13:50:24 2018 us=520176   port_share_host = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=520185   port_share_port = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=520194   client = ENABLED
Thu Apr 19 13:50:24 2018 us=520202   pull = ENABLED
Thu Apr 19 13:50:24 2018 us=520211   auth_user_pass_file = '[UNDEF]'
Thu Apr 19 13:50:24 2018 us=520222 OpenVPN 2.4.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS1                            1] [MH/PKTINFO] [AEAD] built on Mar  1 2018
Thu Apr 19 13:50:24 2018 us=520238 library versions: OpenSSL 1.1.0h  27 Mar 2018, LZO 2.10
Thu Apr 19 13:50:24 2018 us=530437 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512'                             for HMAC authentication
Thu Apr 19 13:50:24 2018 us=530472 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512'                             for HMAC authentication
Thu Apr 19 13:50:24 2018 us=531536 Control Channel MTU parms [ L:48121 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Thu Apr 19 13:50:24 2018 us=531856 Data Channel MTU parms [ L:48121 D:48121 EF:121 EB:8156 ET:0 EL:3 ]
Thu Apr 19 13:50:24 2018 us=531905 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 48101,tun-mtu 48000                            ,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
Thu Apr 19 13:50:24 2018 us=531921 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 48101,tun                            -mtu 48000,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Thu Apr 19 13:50:24 2018 us=531944 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.1:5000
Thu Apr 19 13:50:24 2018 us=531977 Socket Buffers: R=[1048576->1048576] S=[1048576->1048576]
Thu Apr 19 13:50:24 2018 us=531990 UDP link local: (not bound)
Thu Apr 19 13:50:24 2018 us=532006 UDP link remote: [AF_INET]192.168.1.1:5000
WRThu Apr 19 13:50:24 2018 us=534538 TLS: Initial packet from [AF_INET]192.168.1.1:5000, sid=0e3c8eaa acc6b768
WWRWRWRThu Apr 19 13:50:24 2018 us=693474 VERIFY OK: depth=1, C=GB, ST=London, L=Locality, O=WWW Ltd., OU=LAN
Thu Apr 19 13:50:24 2018 us=694234 Validating certificate extended key usage
Thu Apr 19 13:50:24 2018 us=694268 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web                             Server Authentication
Thu Apr 19 13:50:24 2018 us=694284 VERIFY EKU OK
Thu Apr 19 13:50:24 2018 us=694298 VERIFY OK: depth=0, CN=my-server
WRWWWWRRRRWRWThu Apr 19 13:50:24 2018 us=738364 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-S                            HA384, 4096 bit RSA
Thu Apr 19 13:50:24 2018 us=738443 [my-server] Peer Connection Initiated with [AF_INET]192.168.1.1:5000
Thu Apr 19 13:50:25 2018 us=788644 SENT CONTROL [my-server]: 'PUSH_REQUEST' (status=1)
WRRThu Apr 19 13:50:25 2018 us=789907 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255                            .0,dhcp-option    DNS 192.168.1.1,dhcp-option    WINS 192.168.1.1,dhcp-option    DNS 208.67.222.123,dhcp-option                                DNS 208.67.220.123,dhcp-option    NTP 129.6.15.30,sndbuf 393216,rcvbuf 393216,route-gateway 10.1.0.1,topolo                            gy subnet,ping 10,ping-restart 120,ifconfig 10.1.0.2 255.255.255.240,peer-id 0,cipher AES-256-GCM'
Thu Apr 19 13:50:25 2018 us=790253 OPTIONS IMPORT: timers and/or timeouts modified
Thu Apr 19 13:50:25 2018 us=790286 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Thu Apr 19 13:50:25 2018 us=790331 Socket Buffers: R=[1048576->786432] S=[1048576->786432]
Thu Apr 19 13:50:25 2018 us=790351 OPTIONS IMPORT: --ifconfig/up options modified
Thu Apr 19 13:50:25 2018 us=790374 OPTIONS IMPORT: route options modified
Thu Apr 19 13:50:25 2018 us=790396 OPTIONS IMPORT: route-related options modified
Thu Apr 19 13:50:25 2018 us=790419 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Apr 19 13:50:25 2018 us=790441 OPTIONS IMPORT: peer-id set
Thu Apr 19 13:50:25 2018 us=790464 OPTIONS IMPORT: adjusting link_mtu to 48124
Thu Apr 19 13:50:25 2018 us=790485 OPTIONS IMPORT: data channel crypto options modified
Thu Apr 19 13:50:25 2018 us=790511 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Apr 19 13:50:25 2018 us=790561 Data Channel MTU parms [ L:48052 D:48052 EF:52 EB:8156 ET:0 EL:3 ]
Thu Apr 19 13:50:25 2018 us=790772 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Apr 19 13:50:25 2018 us=790804 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Apr 19 13:50:25 2018 us=791049 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enp0s31f6 HWADDR=d0:50:99:94:6                            d:a2
Thu Apr 19 13:50:25 2018 us=804185 TUN/TAP device tun0 opened
Thu Apr 19 13:50:25 2018 us=804236 TUN/TAP TX queue length set to 100
Thu Apr 19 13:50:25 2018 us=804252 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Apr 19 13:50:25 2018 us=804265 /usr/bin/ip link set dev tun0 up mtu 48000
Thu Apr 19 13:50:25 2018 us=829921 /usr/bin/ip addr add dev tun0 10.1.0.2/28 broadcast 10.1.0.15
Thu Apr 19 13:50:25 2018 us=831512 /usr/bin/ip route add 192.168.1.0/24 via 10.1.0.1
Thu Apr 19 13:50:25 2018 us=833036 Initialization Sequence Completed
WrWrThu Apr 19 13:50:25 2018 us=833174 Recursive routing detected, drop tun packet to [AF_INET]192.168.1.1:5000
rThu Apr 19 13:50:25 2018 us=833197 Recursive routing detected, drop tun packet to [AF_INET]192.168.1.1:5000
rWrThu Apr 19 13:50:29 2018 us=813533 Recursive routing detected, drop tun packet to [AF_INET]192.168.1.1:5000
rWrThu Apr 19 13:50:37 2018 us=706874 Recursive routing detected, drop tun packet to [AF_INET]192.168.1.1:5000
WrThu Apr 19 13:50:47 2018 us=436334 Recursive routing detected, drop tun packet to [AF_INET]192.168.1.1:5000

Server openpvn log:

Thu Apr 19 13:52:30 2018 us=793639 OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Apr 19 13:52:30 2018 us=793706 library versions: OpenSSL 1.0.2n  7 Dec 2017, LZO 2.10
Thu Apr 19 13:52:30 2018 us=794451 Diffie-Hellman initialized with 2048 bit key
Thu Apr 19 13:52:30 2018 us=794567 No valid translation found for TLS cipher '!aNULL'
Thu Apr 19 13:52:30 2018 us=794621 No valid translation found for TLS cipher '!eNULL'
Thu Apr 19 13:52:30 2018 us=794686 No valid translation found for TLS cipher '!3DES'
Thu Apr 19 13:52:30 2018 us=794733 No valid translation found for TLS cipher '!MD5'
Thu Apr 19 13:52:30 2018 us=794779 No valid translation found for TLS cipher '!SHA'
Thu Apr 19 13:52:30 2018 us=794842 No valid translation found for TLS cipher '!PSK'
Thu Apr 19 13:52:30 2018 us=794906 No valid translation found for TLS cipher '!DSS'
Thu Apr 19 13:52:30 2018 us=794952 No valid translation found for TLS cipher '!RC4'
Thu Apr 19 13:52:30 2018 us=805571 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Apr 19 13:52:30 2018 us=805638 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Apr 19 13:52:30 2018 us=805684 TLS-Auth MTU parms [ L:48121 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Thu Apr 19 13:52:30 2018 us=806203 TUN/TAP device tun0 opened
Thu Apr 19 13:52:30 2018 us=806340 TUN/TAP TX queue length set to 100
Thu Apr 19 13:52:30 2018 us=806391 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Apr 19 13:52:30 2018 us=806452 /sbin/ifconfig tun0 10.1.0.1 netmask 255.255.255.240 mtu 48000 broadcast 10.1.0.15
Thu Apr 19 13:52:30 2018 us=809739 Data Channel MTU parms [ L:48121 D:48121 EF:121 EB:8156 ET:0 EL:3 ]
Thu Apr 19 13:52:30 2018 us=809872 Could not determine IPv4/IPv6 protocol. Using AF_INET
Thu Apr 19 13:52:30 2018 us=809928 Socket Buffers: R=[163840->327680] S=[163840->327680]
Thu Apr 19 13:52:30 2018 us=809979 UDPv4 link local (bound): [AF_INET][undef]:5000
Thu Apr 19 13:52:30 2018 us=810011 UDPv4 link remote: [AF_UNSPEC]
Thu Apr 19 13:52:30 2018 us=810049 GID set to nogroup
Thu Apr 19 13:52:30 2018 us=810087 UID set to nobody
Thu Apr 19 13:52:30 2018 us=810129 MULTI: multi_init called, r=256 v=256
Thu Apr 19 13:52:30 2018 us=810188 IFCONFIG POOL: base=10.1.0.2 size=12, ipv6=0
Thu Apr 19 13:52:30 2018 us=810778 Initialization Sequence Completed
Thu Apr 19 13:52:36 2018 us=250749 MULTI: multi_create_instance called
Thu Apr 19 13:52:36 2018 us=250887 192.168.1.100:50669 Re-using SSL/TLS context
Thu Apr 19 13:52:36 2018 us=252508 192.168.1.100:50669 Control Channel MTU parms [ L:48121 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Thu Apr 19 13:52:36 2018 us=252571 192.168.1.100:50669 Data Channel MTU parms [ L:48121 D:48121 EF:121 EB:8156 ET:0 EL:3 ]
Thu Apr 19 13:52:36 2018 us=252665 192.168.1.100:50669 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 48101,tun-mtu 48000,proto UDPv4,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server'
Thu Apr 19 13:52:36 2018 us=252699 192.168.1.100:50669 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 48101,tun-mtu 48000,proto UDPv4,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client'
RThu Apr 19 13:52:36 2018 us=252780 192.168.1.100:50669 TLS: Initial packet from [AF_INET]192.168.1.100:50669, sid=1c9642b5 1687e90d
WRRWWWWRRRRWRWRThu Apr 19 13:52:36 2018 us=448365 192.168.1.100:50669 VERIFY OK: depth=1, C=GB, ST=London, L=Locality, O=WWW Ltd., OU=LAN
Thu Apr 19 13:52:36 2018 us=450748 192.168.1.100:50669 VERIFY OK: depth=0, CN=my-client2
WRWRThu Apr 19 13:52:36 2018 us=456128 192.168.1.100:50669 peer info: IV_VER=2.4.5
Thu Apr 19 13:52:36 2018 us=456183 192.168.1.100:50669 peer info: IV_PLAT=linux
Thu Apr 19 13:52:36 2018 us=456217 192.168.1.100:50669 peer info: IV_PROTO=2
Thu Apr 19 13:52:36 2018 us=456266 192.168.1.100:50669 peer info: IV_NCP=2
Thu Apr 19 13:52:36 2018 us=456299 192.168.1.100:50669 peer info: IV_LZ4=1
Thu Apr 19 13:52:36 2018 us=456330 192.168.1.100:50669 peer info: IV_LZ4v2=1
Thu Apr 19 13:52:36 2018 us=456365 192.168.1.100:50669 peer info: IV_LZO=1
Thu Apr 19 13:52:36 2018 us=456397 192.168.1.100:50669 peer info: IV_COMP_STUB=1
Thu Apr 19 13:52:36 2018 us=456429 192.168.1.100:50669 peer info: IV_COMP_STUBv2=1
Thu Apr 19 13:52:36 2018 us=456459 192.168.1.100:50669 peer info: IV_TCPNL=1
WRThu Apr 19 13:52:36 2018 us=456967 192.168.1.100:50669 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Thu Apr 19 13:52:36 2018 us=457035 192.168.1.100:50669 [my-client2] Peer Connection Initiated with [AF_INET]192.168.1.100:50669
Thu Apr 19 13:52:36 2018 us=457099 my-client2/192.168.1.100:50669 MULTI_sva: pool returned IPv4=10.1.0.2, IPv6=(Not enabled)
Thu Apr 19 13:52:36 2018 us=457242 my-client2/192.168.1.100:50669 MULTI: Learn: 10.1.0.2 -> my-client2/192.168.1.100:50669
Thu Apr 19 13:52:36 2018 us=457283 my-client2/192.168.1.100:50669 MULTI: primary virtual IP for my-client2/192.168.1.100:50669: 10.1.0.2
RThu Apr 19 13:52:37 2018 us=507503 my-client2/192.168.1.100:50669 PUSH: Received control message: 'PUSH_REQUEST'
Thu Apr 19 13:52:37 2018 us=507673 my-client2/192.168.1.100:50669 SENT CONTROL [my-client2]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,dhcp-option    DNS 192.168.1.1,dhcp-option    WINS 192.168.1.1,dhcp-option    DNS 208.67.222.123,dhcp-option    DNS 208.67.220.123,dhcp-option    NTP 129.6.15.30,sndbuf 393216,rcvbuf 393216,route-gateway 10.1.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.1.0.2 255.255.255.240,peer-id 0,cipher AES-256-GCM' (status=1)
Thu Apr 19 13:52:37 2018 us=507717 my-client2/192.168.1.100:50669 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Apr 19 13:52:37 2018 us=507767 my-client2/192.168.1.100:50669 Data Channel MTU parms [ L:48049 D:48049 EF:49 EB:8156 ET:0 EL:3 ]
Thu Apr 19 13:52:37 2018 us=507965 my-client2/192.168.1.100:50669 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Apr 19 13:52:37 2018 us=508007 my-client2/192.168.1.100:50669 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Client (server same lan) conf:

# Config Type #
#------------------------------------------------
client
 
# Connection  #
#------------------------------------------------
dev tun
proto udp
remote 192.168.1.1 5000
 
# Speed #
#------------------------------------------------
mssfix 0
fragment 0
tun-mtu 48000
 
# Reliability #
#------------------------------------------------
float
nobind
#comp-lzo
 
persist-key
persist-tun
resolv-retry infinite
 
    # Encryption #
#------------------------------------------------
auth SHA512
auth-nocache
 
# --- SSL --- #
cipher AES-256-CBC
 
# --- TLS --- #
key-direction 1
tls-version-min 1.2
 
pkcs12 /etc/openvpn/client/my-client2.p12
remote-cert-eku "TLS Web Server Authentication"
 
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
 
# Logging #
#------------------------------------------------
verb 5
18

Ok i think i made a mistake, in theory i can access devices on the same lan of the server without starting a vpn client. Now i just need to figure how.

19

All you need to do is google the error in your log file: Recursive routing detected

I assumed when you stated "remote server" that it's not behind your router... if this is the case, OpenVPN would be used to allow access between the remote server and the router or clients behind the router. If this is not your setup, a VPN is not required.

  • There's two use cases for a VPN:

    • Most common is Remote Access
      • This use case creates a tunnel over WAN between a client and a server and/or a client and client(s) behind the server
        • An SSH session can accomplish the same encrypted access, however an SSH session cannot be tuned for optimal throughput, nor is it as versatile as a VPN connection.

    • The second type is Gateway Redirect
      • This use case secures traffic between local interfaces behind the router
        • For example, take a roommate scenario where one of the roommates has their own router and wants to ensure their traffic is encrypted until it reaches the WAN interface of the main router
        • Another use case would be for torrent traffic.
      • Whenever this type is utilized, the encryption ends on the local network(s) behind the router and does not continue on through WAN.
1 Like
20

This is what i'm trying to get: i need to access both router and my public web server from my devices on my lan.

Untitled

I also changed my home lan from 192.168.1.0 to 192.168.0.0 to avoid conflicts.

I don't even know if it's possible to do.

21

Do you want any and all devices connected to the home router to have access to the remote web server (this includes any future clients)?

  • If not, it would be better to configure each client versus configuring the router as a client.

Is the web server the only device connected to the remote router?

  • If not, change the ports the web server operates on, say to 8080 & 10443, then configure a port redirect on the remote router, forwarding all requests to port 8080 and 10443 to the web server's IP on ports 8080 & 10443

You can utilize any subnet that's set aside in RFC1918

  • I personally prefer to have my VPN servers on a completely different subnet block [10.x.x.x] than my LAN [192.168.x.x]
1 Like
22

Yes i think i will configure each client. Easiest way and maybe more secure.
No it's not the only device i have also another computer tv etc... I use the server for public and private use, i want just some service like samba to use with the vpn, not everything.
Maybe a forward of those ports to the vpn ip?

Btw thanks again for helping me, i really appreciate.