1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
7: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 10.1.0.41/24 brd 10.1.0.255 scope global eth0.2
valid_lft forever preferred_lft forever
12: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.82.254/24 brd 192.168.82.255 scope global br-lan
valid_lft forever preferred_lft forever
16: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 100
inet 192.168.8.1/24 brd 192.168.8.255 scope global tun0
valid_lft forever preferred_lft forever
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
default via 10.1.0.254 dev eth0.2 src 10.1.0.41
10.1.0.0/24 dev eth0.2 scope link src 10.1.0.41
192.168.8.0/24 dev tun0 scope link src 192.168.8.1
192.168.82.0/24 dev br-lan scope link src 192.168.82.254
Fri Jan 17 08:25:01 2020 daemon.notice openvpn(server)[31839]: OpenVPN 2.4.5 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Fri Jan 17 08:25:01 2020 daemon.notice openvpn(server)[31839]: library versions: OpenSSL 1.0.2u 20 Dec 2019, LZO 2.10
Fri Jan 17 08:25:02 2020 daemon.notice openvpn(server)[31839]: Diffie-Hellman initialized with 2048 bit key
Fri Jan 17 08:25:02 2020 daemon.notice openvpn(server)[31839]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri Jan 17 08:25:02 2020 daemon.notice openvpn(server)[31839]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Jan 17 08:25:02 2020 daemon.notice openvpn(server)[31839]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Fri Jan 17 08:25:02 2020 daemon.notice openvpn(server)[31839]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Fri Jan 17 08:25:02 2020 daemon.notice openvpn(server)[31839]: TUN/TAP device tun0 opened
Fri Jan 17 08:25:02 2020 daemon.notice openvpn(server)[31839]: TUN/TAP TX queue length set to 100
Fri Jan 17 08:25:02 2020 daemon.notice openvpn(server)[31839]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri Jan 17 08:25:02 2020 daemon.notice openvpn(server)[31839]: /sbin/ifconfig tun0 192.168.8.1 netmask 255.255.255.0 mtu 1500 broadcast 192.168.8.255
Fri Jan 17 08:25:02 2020 daemon.warn openvpn(server)[31839]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Fri Jan 17 08:25:02 2020 daemon.notice openvpn(server)[31839]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Fri Jan 17 08:25:02 2020 daemon.notice openvpn(server)[31839]: UDPv4 link local (bound): [AF_INET][undef]:1194
Fri Jan 17 08:25:02 2020 daemon.notice openvpn(server)[31839]: UDPv4 link remote: [AF_UNSPEC]
Fri Jan 17 08:25:02 2020 daemon.notice openvpn(server)[31839]: GID set to nogroup
Fri Jan 17 08:25:02 2020 daemon.notice openvpn(server)[31839]: UID set to nobody
Fri Jan 17 08:25:02 2020 daemon.notice openvpn(server)[31839]: MULTI: multi_init called, r=256 v=256
Fri Jan 17 08:25:02 2020 daemon.notice openvpn(server)[31839]: IFCONFIG POOL: base=192.168.8.2 size=252, ipv6=0
Fri Jan 17 08:25:02 2020 daemon.notice openvpn(server)[31839]: Initialization Sequence Completed
Fri Jan 17 08:32:33 2020 daemon.err openvpn(server)[31839]: tls-crypt unwrap error: packet authentication failed
Fri Jan 17 08:32:33 2020 daemon.err openvpn(server)[31839]: TLS Error: tls-crypt unwrapping failed from [AF_INET]10.1.0.61:58526
Fri Jan 17 08:32:36 2020 daemon.err openvpn(server)[31839]: tls-crypt unwrap error: packet authentication failed
Fri Jan 17 08:32:36 2020 daemon.err openvpn(server)[31839]: TLS Error: tls-crypt unwrapping failed from [AF_INET]10.1.0.61:58526
Fri Jan 17 08:32:39 2020 daemon.err openvpn(server)[31839]: tls-crypt unwrap error: packet authentication failed
Fri Jan 17 08:32:39 2020 daemon.err openvpn(server)[31839]: TLS Error: tls-crypt unwrapping failed from [AF_INET]10.1.0.61:58526
Fri Jan 17 08:32:47 2020 daemon.err openvpn(server)[31839]: tls-crypt unwrap error: packet authentication failed
Fri Jan 17 08:32:47 2020 daemon.err openvpn(server)[31839]: TLS Error: tls-crypt unwrapping failed from [AF_INET]10.1.0.61:58526
Fri Jan 17 08:33:03 2020 daemon.err openvpn(server)[31839]: tls-crypt unwrap error: packet authentication failed
Fri Jan 17 08:33:03 2020 daemon.err openvpn(server)[31839]: TLS Error: tls-crypt unwrapping failed from [AF_INET]10.1.0.61:58526
Fri Jan 17 08:33:39 2020 daemon.err openvpn(server)[31839]: tls-crypt unwrap error: packet authentication failed
Fri Jan 17 08:33:39 2020 daemon.err openvpn(server)[31839]: TLS Error: tls-crypt unwrapping failed from [AF_INET]10.1.0.61:62745
Fri Jan 17 08:33:41 2020 daemon.err openvpn(server)[31839]: tls-crypt unwrap error: packet authentication failed
Fri Jan 17 08:33:41 2020 daemon.err openvpn(server)[31839]: TLS Error: tls-crypt unwrapping failed from [AF_INET]10.1.0.61:62745
Fri Jan 17 08:33:46 2020 daemon.err openvpn(server)[31839]: tls-crypt unwrap error: packet authentication failed
Fri Jan 17 08:33:46 2020 daemon.err openvpn(server)[31839]: TLS Error: tls-crypt unwrapping failed from [AF_INET]10.1.0.61:62745
Fri Jan 17 08:33:54 2020 daemon.err openvpn(server)[31839]: tls-crypt unwrap error: packet authentication failed
Fri Jan 17 08:33:54 2020 daemon.err openvpn(server)[31839]: TLS Error: tls-crypt unwrapping failed from [AF_INET]10.1.0.61:62745
Fri Jan 17 08:34:10 2020 daemon.err openvpn(server)[31839]: tls-crypt unwrap error: packet authentication failed
Fri Jan 17 08:34:10 2020 daemon.err openvpn(server)[31839]: TLS Error: tls-crypt unwrapping failed from [AF_INET]10.1.0.61:62745
Fri Jan 17 08:34:44 2020 daemon.err openvpn(server)[31839]: tls-crypt unwrap error: packet authentication failed
Fri Jan 17 08:34:44 2020 daemon.err openvpn(server)[31839]: TLS Error: tls-crypt unwrapping failed from [AF_INET]10.1.0.61:58122
Fri Jan 17 08:34:45 2020 daemon.err openvpn(server)[31839]: tls-crypt unwrap error: packet authentication failed
Fri Jan 17 08:34:45 2020 daemon.err openvpn(server)[31839]: TLS Error: tls-crypt unwrapping failed from [AF_INET]10.1.0.61:58122
Fri Jan 17 08:34:50 2020 daemon.err openvpn(server)[31839]: tls-crypt unwrap error: packet authentication failed
Fri Jan 17 08:34:50 2020 daemon.err openvpn(server)[31839]: TLS Error: tls-crypt unwrapping failed from [AF_INET]10.1.0.61:58122
Fri Jan 17 08:34:58 2020 daemon.err openvpn(server)[31839]: tls-crypt unwrap error: packet authentication failed
Fri Jan 17 08:34:58 2020 daemon.err openvpn(server)[31839]: TLS Error: tls-crypt unwrapping failed from [AF_INET]10.1.0.61:58122
Fri Jan 17 08:35:14 2020 daemon.err openvpn(server)[31839]: tls-crypt unwrap error: packet authentication failed
Fri Jan 17 08:35:14 2020 daemon.err openvpn(server)[31839]: TLS Error: tls-crypt unwrapping failed from [AF_INET]10.1.0.61:58122
Fri Jan 17 08:36:18 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:49177 TLS: Initial packet from [AF_INET]10.1.0.61:49177, sid=8e39ff75 888d4ca9
Fri Jan 17 08:36:18 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:49177 VERIFY OK: depth=1, CN=ovpnca
Fri Jan 17 08:36:18 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:49177 VERIFY OK: depth=0, CN=client
Fri Jan 17 08:36:18 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:49177 peer info: IV_VER=2.4.8
Fri Jan 17 08:36:18 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:49177 peer info: IV_PLAT=win
Fri Jan 17 08:36:18 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:49177 peer info: IV_PROTO=2
Fri Jan 17 08:36:18 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:49177 peer info: IV_NCP=2
Fri Jan 17 08:36:18 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:49177 peer info: IV_LZ4=1
Fri Jan 17 08:36:18 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:49177 peer info: IV_LZ4v2=1
Fri Jan 17 08:36:18 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:49177 peer info: IV_LZO=1
Fri Jan 17 08:36:18 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:49177 peer info: IV_COMP_STUB=1
Fri Jan 17 08:36:18 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:49177 peer info: IV_COMP_STUBv2=1
Fri Jan 17 08:36:18 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:49177 peer info: IV_TCPNL=1
Fri Jan 17 08:36:18 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:49177 peer info: IV_GUI_VER=OpenVPN_GUI_11
Fri Jan 17 08:36:18 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:49177 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Fri Jan 17 08:36:18 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:49177 [client] Peer Connection Initiated with [AF_INET]10.1.0.61:49177
Fri Jan 17 08:36:18 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:49177 MULTI_sva: pool returned IPv4=192.168.8.2, IPv6=(Not enabled)
Fri Jan 17 08:36:18 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:49177 MULTI: Learn: 192.168.8.2 -> client/10.1.0.61:49177
Fri Jan 17 08:36:18 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:49177 MULTI: primary virtual IP for client/10.1.0.61:49177: 192.168.8.2
Fri Jan 17 08:36:20 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:49177 PUSH: Received control message: 'PUSH_REQUEST'
Fri Jan 17 08:36:20 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:49177 SENT CONTROL [client]: 'PUSH_REPLY,dhcp-option DNS 192.168.8.1,dhcp-option DOMAIN lan,redirect-gateway def1,persist-tun,persist-key,route-gateway 192.168.8.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.8.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Fri Jan 17 08:36:20 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:49177 Data Channel: using negotiated cipher 'AES-256-GCM'
Fri Jan 17 08:36:20 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:49177 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Jan 17 08:36:20 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:49177 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Jan 17 08:40:24 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:49177 [client] Inactivity timeout (--ping-restart), restarting
Fri Jan 17 08:40:24 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:49177 SIGUSR1[soft,ping-restart] received, client-instance restarting
Wed Jan 22 08:36:22 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:53423 TLS: Initial packet from [AF_INET]10.1.0.61:53423, sid=30c63b8f 64e5bdd9
Wed Jan 22 08:36:23 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:53423 VERIFY OK: depth=1, CN=ovpnca
Wed Jan 22 08:36:23 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:53423 VERIFY OK: depth=0, CN=client
Wed Jan 22 08:36:23 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:53423 peer info: IV_VER=2.4.8
Wed Jan 22 08:36:23 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:53423 peer info: IV_PLAT=win
Wed Jan 22 08:36:23 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:53423 peer info: IV_PROTO=2
Wed Jan 22 08:36:23 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:53423 peer info: IV_NCP=2
Wed Jan 22 08:36:23 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:53423 peer info: IV_LZ4=1
Wed Jan 22 08:36:23 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:53423 peer info: IV_LZ4v2=1
Wed Jan 22 08:36:23 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:53423 peer info: IV_LZO=1
Wed Jan 22 08:36:23 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:53423 peer info: IV_COMP_STUB=1
Wed Jan 22 08:36:23 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:53423 peer info: IV_COMP_STUBv2=1
Wed Jan 22 08:36:23 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:53423 peer info: IV_TCPNL=1
Wed Jan 22 08:36:23 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:53423 peer info: IV_GUI_VER=OpenVPN_GUI_11
Wed Jan 22 08:36:23 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:53423 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Jan 22 08:36:23 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:53423 [client] Peer Connection Initiated with [AF_INET]10.1.0.61:53423
Wed Jan 22 08:36:23 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:53423 MULTI_sva: pool returned IPv4=192.168.8.2, IPv6=(Not enabled)
Wed Jan 22 08:36:23 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:53423 MULTI: Learn: 192.168.8.2 -> client/10.1.0.61:53423
Wed Jan 22 08:36:23 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:53423 MULTI: primary virtual IP for client/10.1.0.61:53423: 192.168.8.2
Wed Jan 22 08:36:24 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:53423 PUSH: Received control message: 'PUSH_REQUEST'
Wed Jan 22 08:36:24 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:53423 SENT CONTROL [client]: 'PUSH_REPLY,dhcp-option DNS 192.168.8.1,dhcp-option DOMAIN lan,redirect-gateway def1,persist-tun,persist-key,route-gateway 192.168.8.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.8.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Wed Jan 22 08:36:24 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:53423 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Jan 22 08:36:24 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:53423 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Jan 22 08:36:24 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:53423 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Jan 22 08:38:36 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:54122 TLS: Initial packet from [AF_INET]10.1.0.61:54122, sid=f9baa00e 3070b859
Wed Jan 22 08:38:36 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:54122 VERIFY OK: depth=1, CN=ovpnca
Wed Jan 22 08:38:36 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:54122 VERIFY OK: depth=0, CN=client
Wed Jan 22 08:38:36 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:54122 peer info: IV_VER=2.4.8
Wed Jan 22 08:38:36 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:54122 peer info: IV_PLAT=win
Wed Jan 22 08:38:36 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:54122 peer info: IV_PROTO=2
Wed Jan 22 08:38:36 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:54122 peer info: IV_NCP=2
Wed Jan 22 08:38:36 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:54122 peer info: IV_LZ4=1
Wed Jan 22 08:38:36 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:54122 peer info: IV_LZ4v2=1
Wed Jan 22 08:38:36 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:54122 peer info: IV_LZO=1
Wed Jan 22 08:38:36 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:54122 peer info: IV_COMP_STUB=1
Wed Jan 22 08:38:36 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:54122 peer info: IV_COMP_STUBv2=1
Wed Jan 22 08:38:36 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:54122 peer info: IV_TCPNL=1
Wed Jan 22 08:38:36 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:54122 peer info: IV_GUI_VER=OpenVPN_GUI_11
Wed Jan 22 08:38:36 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:54122 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Jan 22 08:38:36 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:54122 [client] Peer Connection Initiated with [AF_INET]10.1.0.61:54122
Wed Jan 22 08:38:36 2020 daemon.notice openvpn(server)[31839]: MULTI: new connection by client 'client' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Wed Jan 22 08:38:36 2020 daemon.notice openvpn(server)[31839]: MULTI_sva: pool returned IPv4=192.168.8.2, IPv6=(Not enabled)
Wed Jan 22 08:38:36 2020 daemon.notice openvpn(server)[31839]: MULTI: Learn: 192.168.8.2 -> client/10.1.0.61:54122
Wed Jan 22 08:38:36 2020 daemon.notice openvpn(server)[31839]: MULTI: primary virtual IP for client/10.1.0.61:54122: 192.168.8.2
Wed Jan 22 08:38:37 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:54122 PUSH: Received control message: 'PUSH_REQUEST'
Wed Jan 22 08:38:37 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:54122 SENT CONTROL [client]: 'PUSH_REPLY,dhcp-option DNS 192.168.8.1,dhcp-option DOMAIN lan,redirect-gateway def1,persist-tun,persist-key,route-gateway 192.168.8.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.8.2 255.255.255.0,peer-id 1,cipher AES-256-GCM' (status=1)
Wed Jan 22 08:38:37 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:54122 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Jan 22 08:38:37 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:54122 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Jan 22 08:38:37 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:54122 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Jan 22 08:40:10 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:62663 TLS: Initial packet from [AF_INET]10.1.0.61:62663, sid=af57b522 861370cc
Wed Jan 22 08:40:10 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:62663 VERIFY OK: depth=1, CN=ovpnca
Wed Jan 22 08:40:10 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:62663 VERIFY OK: depth=0, CN=client
Wed Jan 22 08:40:10 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:62663 peer info: IV_VER=2.4.8
Wed Jan 22 08:40:10 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:62663 peer info: IV_PLAT=win
Wed Jan 22 08:40:10 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:62663 peer info: IV_PROTO=2
Wed Jan 22 08:40:10 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:62663 peer info: IV_NCP=2
Wed Jan 22 08:40:10 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:62663 peer info: IV_LZ4=1
Wed Jan 22 08:40:10 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:62663 peer info: IV_LZ4v2=1
Wed Jan 22 08:40:10 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:62663 peer info: IV_LZO=1
Wed Jan 22 08:40:10 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:62663 peer info: IV_COMP_STUB=1
Wed Jan 22 08:40:10 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:62663 peer info: IV_COMP_STUBv2=1
Wed Jan 22 08:40:10 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:62663 peer info: IV_TCPNL=1
Wed Jan 22 08:40:10 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:62663 peer info: IV_GUI_VER=OpenVPN_GUI_11
Wed Jan 22 08:40:10 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:62663 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Jan 22 08:40:10 2020 daemon.notice openvpn(server)[31839]: 10.1.0.61:62663 [client] Peer Connection Initiated with [AF_INET]10.1.0.61:62663
Wed Jan 22 08:40:10 2020 daemon.notice openvpn(server)[31839]: MULTI: new connection by client 'client' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Wed Jan 22 08:40:10 2020 daemon.notice openvpn(server)[31839]: MULTI_sva: pool returned IPv4=192.168.8.2, IPv6=(Not enabled)
Wed Jan 22 08:40:10 2020 daemon.notice openvpn(server)[31839]: MULTI: Learn: 192.168.8.2 -> client/10.1.0.61:62663
Wed Jan 22 08:40:10 2020 daemon.notice openvpn(server)[31839]: MULTI: primary virtual IP for client/10.1.0.61:62663: 192.168.8.2
Wed Jan 22 08:40:11 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:62663 PUSH: Received control message: 'PUSH_REQUEST'
Wed Jan 22 08:40:11 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:62663 SENT CONTROL [client]: 'PUSH_REPLY,dhcp-option DNS 192.168.8.1,dhcp-option DOMAIN lan,redirect-gateway def1,persist-tun,persist-key,route-gateway 192.168.8.1,topology subnet,ping 10,ping-restart 120,ifconfig 192.168.8.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Wed Jan 22 08:40:11 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:62663 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Jan 22 08:40:11 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:62663 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Jan 22 08:40:11 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:62663 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Jan 22 08:44:15 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:62663 [client] Inactivity timeout (--ping-restart), restarting
Wed Jan 22 08:44:15 2020 daemon.notice openvpn(server)[31839]: client/10.1.0.61:62663 SIGUSR1[soft,ping-restart] received, client-instance restarting
udp 0 0 0.0.0.0:1194 0.0.0.0:* 31839/openvpn
31839 /usr/sbin/openvpn --syslog openvpn(server) --status /var/run/openvpn.server.status --cd /etc/openvpn --config /etc/openvpn/server.conf
# Generated by iptables-save v1.6.2 on Wed Jan 22 10:32:41 2020
*nat
:PREROUTING ACCEPT [709337:169595084]
:INPUT ACCEPT [10018:737325]
:OUTPUT ACCEPT [22899:1857462]
:POSTROUTING ACCEPT [9017:921760]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
[709337:169595084] -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
[37:2329] -A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_lan_prerouting
[17076:1223284] -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
[692224:168369471] -A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
[30215:2238954] -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
[0:0] -A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_lan_postrouting
[3:725] -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
[21198:1317194] -A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
[3:725] -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
[17113:1225613] -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
[21198:1317194] -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
[21198:1317194] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
[692224:168369471] -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Wed Jan 22 10:32:41 2020
# Generated by iptables-save v1.6.2 on Wed Jan 22 10:32:41 2020
*mangle
:PREROUTING ACCEPT [3163947:1197917339]
:INPUT ACCEPT [988881:113609786]
:FORWARD ACCEPT [1767364:953609290]
:OUTPUT ACCEPT [705530:80188127]
:POSTROUTING ACCEPT [2472757:1033791937]
[7075:367892] -A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Wed Jan 22 10:32:41 2020
# Generated by iptables-save v1.6.2 on Wed Jan 22 10:32:41 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
[570600:62238568] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
[418286:51371418] -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
[119647:12622414] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[6446:335192] -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
[37:2329] -A INPUT -i tun0 -m comment --comment "!fw3" -j zone_lan_input
[9591:555374] -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
[288648:38172425] -A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
[1767364:953609290] -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
[1760018:953193513] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_lan_forward
[7346:415777] -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
[0:0] -A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
[0:0] -A FORWARD -m comment --comment "!fw3" -j reject
[570625:62240568] -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
[134915:17949079] -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
[120979:17009267] -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
[0:0] -A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_lan_output
[4:1074] -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
[13932:938738] -A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
[346:18996] -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
[283940:37755483] -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
[6083:316316] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
[363:18876] -A syn_flood -m comment --comment "!fw3" -j DROP
[0:0] -A zone_lan_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
[4:1074] -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
[7346:415777] -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
[7346:415777] -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
[0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[9628:557703] -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
[0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[9628:557703] -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
[4:1074] -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
[4:1074] -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
[37:2329] -A zone_lan_src_ACCEPT -i tun0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
[9591:555374] -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
[137:5480] -A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
[21141:1349035] -A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
[0:0] -A zone_wan_dest_REJECT -o eth0.2 -m comment --comment "!fw3" -j reject
[0:0] -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
[0:0] -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
[288648:38172425] -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
[822:269616] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
[3:124] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
[3518:126648] -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
[19:1558] -A zone_wan_input -p udp -m udp --dport 1194 -m comment --comment "!fw3: Allow-OpenVPN" -j ACCEPT
[0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
[284286:37774479] -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
[13932:938738] -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
[13932:938738] -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
[284286:37774479] -A zone_wan_src_REJECT -i eth0.2 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Wed Jan 22 10:32:41 2020