here is the output while connected to the vpn.
uci export network; \
> uci export dhcp; uci export firewall; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
> ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; \
> logread -e openvpn
{
"kernel": "5.10.146",
"hostname": "OpenWrt",
"system": "ARMv7 Processor rev 1 (v7l)",
"model": "Linksys WRT3200ACM",
"board_name": "linksys,wrt3200acm",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "22.03.2",
"revision": "r19803-9a599fee93",
"target": "mvebu/cortexa9",
"description": "OpenWrt 22.03.2 r19803-9a599fee93"
}
}
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
list ipaddr '192.168.1.254/24'
option ipv6 '0'
option delegate '0'
config device
option name 'wan'
option macaddr '62:38:e0:c5:36:18'
config interface 'wan'
option proto 'dhcp'
option ipv6 '0'
option device 'wan.1081'
config interface 'wan6'
option proto 'dhcpv6'
option device 'wan.1081'
option reqaddress 'try'
option reqprefix 'auto'
config device
option type '8021q'
option ifname 'wan'
option vid '1081'
option name 'wan.1081'
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option dhcpv6 'disabled'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
package firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list device 'tun0'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
11: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.1.254/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
12: wan.1081@wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet x.x.x.203/24 brd x.x.x.255 scope global wan.1081
valid_lft forever preferred_lft forever
16: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 500
inet 10.24.0.2/16 scope global tun0
valid_lft forever preferred_lft forever
0.0.0.0/1 via 10.24.0.1 dev tun0
default via x.x.x.254 dev wan.1081 src x.x.x.203
10.24.0.0/16 dev tun0 scope link src 10.24.0.2
69.10.63.242 via x.x.x.254 dev wan.1081
x.x.x.0/24 dev wan.1081 scope link src x.x.x.203
128.0.0.0/1 via 10.24.0.1 dev tun0
192.168.1.0/24 dev br-lan scope link src 192.168.1.254
broadcast 10.24.0.0 dev tun0 table local scope link src 10.24.0.2
local 10.24.0.2 dev tun0 table local scope host src 10.24.0.2
broadcast 10.24.255.255 dev tun0 table local scope link src 10.24.0.2
broadcast x.x.x.0 dev wan.1081 table local scope link src x.x.x.203
local x.x.x.203 dev wan.1081 table local scope host src x.x.x.203
broadcast x.x.x.255 dev wan.1081 table local scope link src x.x.x.203
broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
local 127.0.0.1 dev lo table local scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
broadcast 192.168.1.0 dev br-lan table local scope link src 192.168.1.254
local 192.168.1.254 dev br-lan table local scope host src 192.168.1.254
broadcast 192.168.1.255 dev br-lan table local scope link src 192.168.1.254
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
lrwxrwxrwx 1 root root 16 Oct 14 22:44 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 47 Feb 20 20:48 /tmp/resolv.conf
-rw-r--r-- 1 root root 141 Feb 21 00:15 /tmp/resolv.conf.d/resolv.conf.auto
/tmp/resolv.conf.d:
-rw-r--r-- 1 root root 141 Feb 21 00:15 resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error
==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface wan
nameserver x.x.x.x
nameserver y.y.y.y
# Interface wan6
nameserver
nameserver
Tue Feb 21 15:37:29 2023 daemon.warn openvpn(nj)[22626]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: OpenVPN 2.5.7 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10
Tue Feb 21 15:37:29 2023 daemon.warn openvpn(nj)[22626]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: TCP/UDP: Preserving recently used remote address: [AF_INET]69.10.63.242:1194
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: UDP link local: (not bound)
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: UDP link remote: [AF_INET]69.10.63.242:1194
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: TLS: Initial packet from [AF_INET]69.10.63.242:1194, sid=c9339168 c209e949
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: VERIFY OK: depth=2, C=CH, O=ProtonVPN AG, CN=ProtonVPN Root CA
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: VERIFY OK: depth=1, C=CH, O=ProtonVPN AG, CN=ProtonVPN Intermediate CA 1
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: VERIFY KU OK
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: Validating certificate extended key usage
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Server Authentication
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: ++ Certificate has EKU (oid) 1.3.6.1.5.5.7.3.2, expects TLS Web Server Authentication
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: ++ Certificate has EKU (str) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: ++ Certificate has EKU (oid) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: VERIFY EKU OK
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: VERIFY OK: depth=0, CN=node-us-31.protonvpn.net
Tue Feb 21 15:37:29 2023 daemon.warn openvpn(nj)[22626]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1634'
Tue Feb 21 15:37:29 2023 daemon.warn openvpn(nj)[22626]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
Tue Feb 21 15:37:29 2023 daemon.notice openvpn(nj)[22626]: [node-us-31.protonvpn.net] Peer Connection Initiated with [AF_INET]69.10.63.242:1194
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: SENT CONTROL [node-us-31.protonvpn.net]: 'PUSH_REQUEST' (status=1)
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.31.0.1,sndbuf 524288,rcvbuf 524288,redirect-gateway def1,explicit-exit-notify,comp-lzo no,route-gateway 10.31.0.1,topology subnet,ping 10,ping-restart 60,socket-flags TCP_NODELAY,ifconfig 10.31.0.4 255.255.0.0,peer-id 983042,cipher AES-256-GCM'
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: OPTIONS IMPORT: timers and/or timeouts modified
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: OPTIONS IMPORT: explicit notify parm(s) modified
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: OPTIONS IMPORT: compression parms modified
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: Socket Buffers: R=[180224->360448] S=[180224->360448]
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: OPTIONS IMPORT: --socket-flags option modified
Tue Feb 21 15:37:30 2023 daemon.warn openvpn(nj)[22626]: NOTE: setsockopt TCP_NODELAY=1 failed
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: OPTIONS IMPORT: --ifconfig/up options modified
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: OPTIONS IMPORT: route options modified
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: OPTIONS IMPORT: route-related options modified
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: OPTIONS IMPORT: peer-id set
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: OPTIONS IMPORT: adjusting link_mtu to 1656
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: OPTIONS IMPORT: data channel crypto options modified
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: net_route_v4_best_gw query: dst 0.0.0.0
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: net_route_v4_best_gw result: via x.x.x.254 dev wan.1081
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: TUN/TAP device tun0 opened
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: net_iface_mtu_set: mtu 1500 for tun0
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: net_iface_up: set tun0 up
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: net_addr_v4_add: 10.31.0.4/16 dev tun0
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: /usr/libexec/openvpn-hotplug up nj tun0 1500 1584 10.31.0.4 255.255.0.0 init
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: net_route_v4_add: 69.10.63.242/32 via x.x.x.254 dev [NULL] table 0 metric -1
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: net_route_v4_add: 0.0.0.0/1 via 10.31.0.1 dev [NULL] table 0 metric -1
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: net_route_v4_add: 128.0.0.0/1 via 10.31.0.1 dev [NULL] table 0 metric -1
Tue Feb 21 15:37:30 2023 daemon.warn openvpn(nj)[22626]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Feb 21 15:37:30 2023 daemon.notice openvpn(nj)[22626]: Initialization Sequence Completed
Tue Feb 21 15:53:40 2023 daemon.err openvpn(nj)[22626]: event_wait : Interrupted system call (code=4)
Tue Feb 21 15:53:40 2023 daemon.notice openvpn(nj)[22626]: SIGTERM received, sending exit notification to peer
Tue Feb 21 15:53:41 2023 daemon.notice openvpn(nj)[22626]: net_route_v4_del: 69.10.63.242/32 via x.x.x.254 dev [NULL] table 0 metric -1
Tue Feb 21 15:53:41 2023 daemon.notice openvpn(nj)[22626]: net_route_v4_del: 0.0.0.0/1 via 10.31.0.1 dev [NULL] table 0 metric -1
Tue Feb 21 15:53:41 2023 daemon.notice openvpn(nj)[22626]: net_route_v4_del: 128.0.0.0/1 via 10.31.0.1 dev [NULL] table 0 metric -1
Tue Feb 21 15:53:41 2023 daemon.notice openvpn(nj)[22626]: Closing TUN/TAP interface
Tue Feb 21 15:53:41 2023 daemon.notice openvpn(nj)[22626]: net_addr_v4_del: 10.31.0.4 dev tun0
Tue Feb 21 15:53:42 2023 daemon.notice openvpn(nj)[22626]: /usr/libexec/openvpn-hotplug down nj tun0 1500 1584 10.31.0.4 255.255.0.0 init
Tue Feb 21 15:53:42 2023 daemon.notice openvpn(nj)[22626]: SIGTERM[soft,exit-with-notification] received, process exiting
Tue Feb 21 16:49:09 2023 daemon.warn openvpn(nj)[473]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Tue Feb 21 16:49:09 2023 daemon.notice openvpn(nj)[473]: OpenVPN 2.5.7 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Tue Feb 21 16:49:09 2023 daemon.notice openvpn(nj)[473]: library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10
Tue Feb 21 16:49:09 2023 daemon.warn openvpn(nj)[473]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Feb 21 16:49:09 2023 daemon.notice openvpn(nj)[473]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Feb 21 16:49:09 2023 daemon.notice openvpn(nj)[473]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Feb 21 16:49:09 2023 daemon.notice openvpn(nj)[473]: TCP/UDP: Preserving recently used remote address: [AF_INET]69.10.63.242:5060
Tue Feb 21 16:49:09 2023 daemon.notice openvpn(nj)[473]: Socket Buffers: R=[180224->180224] S=[180224->180224]
Tue Feb 21 16:49:09 2023 daemon.notice openvpn(nj)[473]: UDP link local: (not bound)
Tue Feb 21 16:49:09 2023 daemon.notice openvpn(nj)[473]: UDP link remote: [AF_INET]69.10.63.242:5060
Tue Feb 21 16:49:09 2023 daemon.notice openvpn(nj)[473]: TLS: Initial packet from [AF_INET]69.10.63.242:5060, sid=644be1c4 975e588c
Tue Feb 21 16:49:09 2023 daemon.notice openvpn(nj)[473]: VERIFY OK: depth=2, C=CH, O=ProtonVPN AG, CN=ProtonVPN Root CA
Tue Feb 21 16:49:09 2023 daemon.notice openvpn(nj)[473]: VERIFY OK: depth=1, C=CH, O=ProtonVPN AG, CN=ProtonVPN Intermediate CA 1
Tue Feb 21 16:49:09 2023 daemon.notice openvpn(nj)[473]: VERIFY KU OK
Tue Feb 21 16:49:09 2023 daemon.notice openvpn(nj)[473]: Validating certificate extended key usage
Tue Feb 21 16:49:09 2023 daemon.notice openvpn(nj)[473]: ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Server Authentication
Tue Feb 21 16:49:09 2023 daemon.notice openvpn(nj)[473]: ++ Certificate has EKU (oid) 1.3.6.1.5.5.7.3.2, expects TLS Web Server Authentication
Tue Feb 21 16:49:09 2023 daemon.notice openvpn(nj)[473]: ++ Certificate has EKU (str) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
Tue Feb 21 16:49:09 2023 daemon.notice openvpn(nj)[473]: ++ Certificate has EKU (oid) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
Tue Feb 21 16:49:09 2023 daemon.notice openvpn(nj)[473]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Feb 21 16:49:09 2023 daemon.notice openvpn(nj)[473]: VERIFY EKU OK
Tue Feb 21 16:49:09 2023 daemon.notice openvpn(nj)[473]: VERIFY OK: depth=0, CN=node-us-31.protonvpn.net
Tue Feb 21 16:49:10 2023 daemon.warn openvpn(nj)[473]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1634'
Tue Feb 21 16:49:10 2023 daemon.warn openvpn(nj)[473]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Tue Feb 21 16:49:10 2023 daemon.notice openvpn(nj)[473]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
Tue Feb 21 16:49:10 2023 daemon.notice openvpn(nj)[473]: [node-us-31.protonvpn.net] Peer Connection Initiated with [AF_INET]69.10.63.242:5060
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: SENT CONTROL [node-us-31.protonvpn.net]: 'PUSH_REQUEST' (status=1)
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.24.0.1,sndbuf 524288,rcvbuf 524288,redirect-gateway def1,explicit-exit-notify,comp-lzo no,route-gateway 10.24.0.1,topology subnet,ping 10,ping-restart 60,socket-flags TCP_NODELAY,ifconfig 10.24.0.2 255.255.0.0,peer-id 524288,cipher AES-256-GCM'
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: OPTIONS IMPORT: timers and/or timeouts modified
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: OPTIONS IMPORT: explicit notify parm(s) modified
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: OPTIONS IMPORT: compression parms modified
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: Socket Buffers: R=[180224->360448] S=[180224->360448]
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: OPTIONS IMPORT: --socket-flags option modified
Tue Feb 21 16:49:11 2023 daemon.warn openvpn(nj)[473]: NOTE: setsockopt TCP_NODELAY=1 failed
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: OPTIONS IMPORT: --ifconfig/up options modified
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: OPTIONS IMPORT: route options modified
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: OPTIONS IMPORT: route-related options modified
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: OPTIONS IMPORT: peer-id set
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: OPTIONS IMPORT: adjusting link_mtu to 1656
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: OPTIONS IMPORT: data channel crypto options modified
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: net_route_v4_best_gw query: dst 0.0.0.0
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: net_route_v4_best_gw result: via x.x.x.254 dev wan.1081
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: TUN/TAP device tun0 opened
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: net_iface_mtu_set: mtu 1500 for tun0
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: net_iface_up: set tun0 up
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: net_addr_v4_add: 10.24.0.2/16 dev tun0
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: /usr/libexec/openvpn-hotplug up nj tun0 1500 1584 10.24.0.2 255.255.0.0 init
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: net_route_v4_add: 69.10.63.242/32 via x.x.x.254 dev [NULL] table 0 metric -1
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: net_route_v4_add: 0.0.0.0/1 via 10.24.0.1 dev [NULL] table 0 metric -1
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: net_route_v4_add: 128.0.0.0/1 via 10.24.0.1 dev [NULL] table 0 metric -1
Tue Feb 21 16:49:11 2023 daemon.warn openvpn(nj)[473]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Feb 21 16:49:11 2023 daemon.notice openvpn(nj)[473]: Initialization Sequence Completed