Openvvpn client TUN/TAP error

Installing and Using OpenWrt
1

I run openvpn client with led 17.01.5 with no problemss

With openwrt 18.06.0 I get this error

Any Idea's why?

type or paste code here


Sun Aug  5 13:54:05 2018 OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sun Aug  5 13:54:05 2018 library versions: OpenSSL 1.0.2o  27 Mar 2018, LZO 2.10
Sun Aug  5 13:54:05 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Aug  5 13:54:05 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Aug  5 13:54:05 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Aug  5 13:54:05 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]46.246.43.130:1194
Sun Aug  5 13:54:05 2018 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Aug  5 13:54:05 2018 UDP link local: (not bound)
Sun Aug  5 13:54:05 2018 UDP link remote: [AF_INET]46.246.43.130:1194
Sun Aug  5 13:54:07 2018 TLS: Initial packet from [AF_INET]46.246.43.130:1194, sid=90a3da12 c42b2ccf
Sun Aug  5 13:54:07 2018 VERIFY OK: depth=1, C=SE, ST=Bryggland, L=Oeldal, O=Royal Swedish Beer Squadron, OU=Internetz, CN=Royal Swedish Beer Squadron CA, emailAddress=hostmaster@ipredator.se
Sun Aug  5 13:54:07 2018 VERIFY KU OK
Sun Aug  5 13:54:07 2018 Validating certificate extended key usage
Sun Aug  5 13:54:07 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Aug  5 13:54:07 2018 VERIFY EKU OK
Sun Aug  5 13:54:07 2018 VERIFY OK: depth=0, C=SE, ST=Bryggland, L=Oeldal, O=Royal Swedish Beer Squadron, CN=uothuphaekat.openvpn.ipredator.se, emailAddress=hostmaster@ipredator.se
Sun Aug  5 13:54:08 2018 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
Sun Aug  5 13:54:08 2018 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Sun Aug  5 13:54:08 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 3583 bit RSA
Sun Aug  5 13:54:08 2018 [uothuphaekat.openvpn.ipredator.se] Peer Connection Initiated with [AF_INET]46.246.43.130:1194
Sun Aug  5 13:54:09 2018 SENT CONTROL [uothuphaekat.openvpn.ipredator.se]: 'PUSH_REQUEST' (status=1)
Sun Aug  5 13:54:09 2018 PUSH: Received control message: 'PUSH_REPLY,route-gateway 46.246.43.1,redirect-gateway def1,topology subnet,dhcp-option DOMAIN ipredator.se,dhcp-option DNS 46.246.46.46,dhcp-option DNS 194.132.32.23,ip-win32 dynamic,ping 10,ping-restart 60,explicit-exit-notify 3,sndbuf 0,rcvbuf 0,ifconfig 46.246.43.184 255.255.255.0,peer-id 15,cipher AES-256-GCM'
Sun Aug  5 13:54:09 2018 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: ip-win32 (2.4.5)
Sun Aug  5 13:54:09 2018 OPTIONS IMPORT: timers and/or timeouts modified
Sun Aug  5 13:54:09 2018 OPTIONS IMPORT: explicit notify parm(s) modified
Sun Aug  5 13:54:09 2018 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sun Aug  5 13:54:09 2018 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Aug  5 13:54:09 2018 OPTIONS IMPORT: --ifconfig/up options modified
Sun Aug  5 13:54:09 2018 OPTIONS IMPORT: route options modified
Sun Aug  5 13:54:09 2018 OPTIONS IMPORT: route-related options modified
Sun Aug  5 13:54:09 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Aug  5 13:54:09 2018 OPTIONS IMPORT: peer-id set
Sun Aug  5 13:54:09 2018 OPTIONS IMPORT: adjusting link_mtu to 1624
Sun Aug  5 13:54:09 2018 OPTIONS IMPORT: data channel crypto options modified
Sun Aug  5 13:54:09 2018 Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Aug  5 13:54:09 2018 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Aug  5 13:54:09 2018 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Aug  5 13:54:09 2018 TUN/TAP device tun1337 opened
Sun Aug  5 13:54:09 2018 TUN/TAP TX queue length set to 100
Sun Aug  5 13:54:09 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Aug  5 13:54:09 2018 /sbin/ifconfig tun1337 46.246.43.184 netmask 255.255.255.0 mtu 1500 broadcast 46.246.43.255
Sun Aug  5 13:54:09 2018 /etc/openvpn/set-client_iptables tun1337 1500 1552 46.246.43.184 255.255.255.0 init
Warning: Section @redirect[1] (WRT5800acm Slsve) has no target specified, defaulting to DNAT
Warning: Section @redirect[2] (WRT1900ac Slave) has no target specified, defaulting to DNAT
Warning: Section @redirect[3] (WRT1900ac Web server) has no target specified, defaulting to DNAT
Warning: Section @redirect[4] (WRT54GL Switch) has no target specified, defaulting to DNAT
 * Flushing IPv4 filter table
 * Flushing IPv4 nat table
 * Flushing IPv4 mangle table
 * Flushing IPv6 filter table
 * Flushing IPv6 mangle table
 * Flushing conntrack table ...
 * Populating IPv4 filter table
   * Rule 'Allow-OpenSSH'
   * Rule 'Allow-DHCP-Renew'
   * Rule 'Allow-Ping'
   * Rule 'Allow-IGMP'
   * Rule 'Allow-ESP-Forward'
   * Rule 'Allow-L2TP/IPSec-Forward'
   * Redirect 'BINKp'
   * Redirect 'WRT5800acm Slsve'
   * Redirect 'WRT1900ac Slave'
   * Redirect 'WRT1900ac Web server'
   * Redirect 'WRT54GL Switch'
   * Forward 'lan' -> 'ipr'
   * Forward 'lan' -> 'wan'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
 * Populating IPv4 nat table
   * Redirect 'BINKp'
   * Redirect 'WRT5800acm Slsve'
   * Redirect 'WRT1900ac Slave'
   * Redirect 'WRT1900ac Web server'
   * Redirect 'WRT54GL Switch'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
 * Populating IPv4 mangle table
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
 * Populating IPv6 filter table
   * Rule 'Allow-DHCPv6'
   * Rule 'Allow-MLD'
   * Rule 'Allow-ICMPv6-Input'
   * Rule 'Allow-ICMPv6-Forward'
   * Rule 'Allow-ESP-Forward'
   * Rule 'Allow-L2TP/IPSec-Forward'
   * Forward 'lan' -> 'ipr'
   * Forward 'lan' -> 'wan'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
 * Populating IPv6 mangle table
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
 * Set tcp_ecn to off
 * Set tcp_syncookies to on
 * Set tcp_window_scaling to on
 * Running script '/etc/firewall.user'
Sun Aug  5 13:54:20 2018 /sbin/route add -net 46.246.43.130 netmask 255.255.255.255 gw 68.146.248.1
Sun Aug  5 13:54:20 2018 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 46.246.43.1
Sun Aug  5 13:54:20 2018 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 46.246.43.1
Sun Aug  5 13:54:20 2018 Initialization Sequence Completed
Sun Aug  5 13:54:20 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:54:20 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:54:20 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:54:20 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:54:20 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:54:20 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:54:20 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:54:20 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:54:20 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:54:20 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:54:20 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:54:20 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:54:20 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:54:20 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:54:20 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:54:20 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:54:20 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:54:20 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:54:20 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:54:20 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:54:20 2018 NOTE: --mute triggered...
Sun Aug  5 13:55:50 2018 559 variation(s) on previous 20 message(s) suppressed by --mute
Sun Aug  5 13:55:50 2018 [uothuphaekat.openvpn.ipredator.se] Inactivity timeout (--ping-restart), restarting
Sun Aug  5 13:55:50 2018 SIGUSR1[soft,ping-restart] received, process restarting
Sun Aug  5 13:55:50 2018 Restart pause, 5 second(s)
Sun Aug  5 13:55:55 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Aug  5 13:55:55 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]46.246.43.130:1194
Sun Aug  5 13:55:55 2018 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Aug  5 13:55:55 2018 UDP link local: (not bound)
Sun Aug  5 13:55:55 2018 UDP link remote: [AF_INET]46.246.43.130:1194
Sun Aug  5 13:55:55 2018 TLS: Initial packet from [AF_INET]46.246.43.130:1194, sid=2d386670 b582aa42
Sun Aug  5 13:55:55 2018 VERIFY OK: depth=1, C=SE, ST=Bryggland, L=Oeldal, O=Royal Swedish Beer Squadron, OU=Internetz, CN=Royal Swedish Beer Squadron CA, emailAddress=hostmaster@ipredator.se
Sun Aug  5 13:55:55 2018 VERIFY KU OK
Sun Aug  5 13:55:55 2018 Validating certificate extended key usage
Sun Aug  5 13:55:55 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Aug  5 13:55:55 2018 VERIFY EKU OK
Sun Aug  5 13:55:55 2018 VERIFY OK: depth=0, C=SE, ST=Bryggland, L=Oeldal, O=Royal Swedish Beer Squadron, CN=uothuphaekat.openvpn.ipredator.se, emailAddress=hostmaster@ipredator.se
Sun Aug  5 13:55:56 2018 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
Sun Aug  5 13:55:56 2018 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Sun Aug  5 13:55:56 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 3583 bit RSA
Sun Aug  5 13:55:56 2018 [uothuphaekat.openvpn.ipredator.se] Peer Connection Initiated with [AF_INET]46.246.43.130:1194
Sun Aug  5 13:55:57 2018 SENT CONTROL [uothuphaekat.openvpn.ipredator.se]: 'PUSH_REQUEST' (status=1)
Sun Aug  5 13:55:57 2018 PUSH: Received control message: 'PUSH_REPLY,route-gateway 46.246.43.1,redirect-gateway def1,topology subnet,dhcp-option DOMAIN ipredator.se,dhcp-option DNS 46.246.46.46,dhcp-option DNS 194.132.32.23,ip-win32 dynamic,ping 10,ping-restart 60,explicit-exit-notify 3,sndbuf 0,rcvbuf 0,ifconfig 46.246.43.184 255.255.255.0,peer-id 15,cipher AES-256-GCM'
Sun Aug  5 13:55:57 2018 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: ip-win32 (2.4.5)
Sun Aug  5 13:55:57 2018 OPTIONS IMPORT: timers and/or timeouts modified
Sun Aug  5 13:55:57 2018 OPTIONS IMPORT: explicit notify parm(s) modified
Sun Aug  5 13:55:57 2018 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sun Aug  5 13:55:57 2018 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Aug  5 13:55:57 2018 OPTIONS IMPORT: --ifconfig/up options modified
Sun Aug  5 13:55:57 2018 OPTIONS IMPORT: route options modified
Sun Aug  5 13:55:57 2018 OPTIONS IMPORT: route-related options modified
Sun Aug  5 13:55:57 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Aug  5 13:55:57 2018 OPTIONS IMPORT: peer-id set
Sun Aug  5 13:55:57 2018 OPTIONS IMPORT: adjusting link_mtu to 1624
Sun Aug  5 13:55:57 2018 OPTIONS IMPORT: data channel crypto options modified
Sun Aug  5 13:55:57 2018 Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Aug  5 13:55:57 2018 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Aug  5 13:55:57 2018 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Aug  5 13:55:57 2018 Preserving previous TUN/TAP instance: tun1337
Sun Aug  5 13:55:57 2018 Initialization Sequence Completed
Sun Aug  5 13:55:57 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:55:57 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:55:57 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:55:57 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:55:57 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:55:57 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:55:57 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:55:57 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:55:57 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:55:57 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:55:57 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:55:58 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:55:58 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:55:58 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:55:58 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:55:58 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:55:58 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:55:58 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:55:58 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:55:58 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 13:55:59 2018 NOTE: --mute triggered...
2

Hi!

See in your log:

Check on both client and server:

  • Has identical ta.key file
  • Config has parameter dev-type tun
  • check system date
  • remove link-mtu parameter

And for test remove from client comp-lzo

comp-lzo in new version of openVPN 2.4.x is DEPRECATED

Use compress lzo instead

Open VPN 2.4.x manual

3

Hi

ta key is the same, time is ok

config openvpn 'IPredator'
	option port '4333'
	option client '1'
	option dev 'tun1337'
	list auth_user_pass '/etc/openvpn/IPredator.auth'
	option resolv_retry 'infinite'
	option script_security '2'
	option float '1'
	option nobind '1'
	option persist_key '1'
	option persist_tun '1'
	option ca '/etc/openvpn/IPredator.se.ca.crt'
	list tls_auth '/etc/openvpn/IPredator.se.ta.key'
	option tls_cipher 

but still

```Sun Aug  5 15:35:18 2018 OpenVPN 2.4.5 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sun Aug  5 15:35:18 2018 library versions: OpenSSL 1.0.2o  27 Mar 2018, LZO 2.10
Sun Aug  5 15:35:18 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Aug  5 15:35:18 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Aug  5 15:35:18 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Aug  5 15:35:19 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]46.246.41.2:1194
Sun Aug  5 15:35:19 2018 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Aug  5 15:35:19 2018 UDP link local: (not bound)
Sun Aug  5 15:35:19 2018 UDP link remote: [AF_INET]46.246.41.2:1194
Sun Aug  5 15:35:20 2018 TLS: Initial packet from [AF_INET]46.246.41.2:1194, sid=dd480803 c0b7072c
Sun Aug  5 15:35:20 2018 VERIFY OK: depth=1, C=SE, ST=Bryggland, L=Oeldal, O=Royal Swedish Beer Squadron, OU=Internetz, CN=Royal Swedish Beer Squadron CA, emailAddress=hostmaster@ipredator.se
Sun Aug  5 15:35:20 2018 VERIFY KU OK
Sun Aug  5 15:35:20 2018 Validating certificate extended key usage
Sun Aug  5 15:35:20 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Aug  5 15:35:20 2018 VERIFY EKU OK
Sun Aug  5 15:35:20 2018 VERIFY OK: depth=0, C=SE, ST=Bryggland, L=Oeldal, O=Royal Swedish Beer Squadron, CN=oobohbooheer.openvpn.ipredator.se, emailAddress=hostmaster@ipredator.se
Sun Aug  5 15:35:20 2018 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
Sun Aug  5 15:35:20 2018 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Sun Aug  5 15:35:20 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2971 bit RSA
Sun Aug  5 15:35:20 2018 [oobohbooheer.openvpn.ipredator.se] Peer Connection Initiated with [AF_INET]46.246.41.2:1194
Sun Aug  5 15:35:21 2018 SENT CONTROL [oobohbooheer.openvpn.ipredator.se]: 'PUSH_REQUEST' (status=1)
Sun Aug  5 15:35:22 2018 PUSH: Received control message: 'PUSH_REPLY,route 46.246.41.2 255.255.255.255 net_gateway,route-gateway 46.246.41.1,redirect-gateway def1,topology subnet,dhcp-option DOMAIN ipredator.se,dhcp-option DNS 46.246.46.46,dhcp-option DNS 194.132.32.23,ip-win32 dynamic,ping 10,ping-restart 60,explicit-exit-notify 3,sndbuf 0,rcvbuf 0,peer-id 15,cipher AES-256-CBC,ifconfig 46.246.41.26 255.255.255.0'
Sun Aug  5 15:35:22 2018 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:8: ip-win32 (2.4.5)
Sun Aug  5 15:35:22 2018 OPTIONS IMPORT: timers and/or timeouts modified
Sun Aug  5 15:35:22 2018 OPTIONS IMPORT: explicit notify parm(s) modified
Sun Aug  5 15:35:22 2018 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sun Aug  5 15:35:22 2018 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Aug  5 15:35:22 2018 OPTIONS IMPORT: --ifconfig/up options modified
Sun Aug  5 15:35:22 2018 OPTIONS IMPORT: route options modified
Sun Aug  5 15:35:22 2018 OPTIONS IMPORT: route-related options modified
Sun Aug  5 15:35:22 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Aug  5 15:35:22 2018 OPTIONS IMPORT: peer-id set
Sun Aug  5 15:35:22 2018 OPTIONS IMPORT: adjusting link_mtu to 1624
Sun Aug  5 15:35:22 2018 OPTIONS IMPORT: data channel crypto options modified
Sun Aug  5 15:35:22 2018 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Aug  5 15:35:22 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Aug  5 15:35:22 2018 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Aug  5 15:35:22 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Aug  5 15:35:22 2018 TUN/TAP device tun1337 opened
Sun Aug  5 15:35:22 2018 TUN/TAP TX queue length set to 100
Sun Aug  5 15:35:22 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Aug  5 15:35:22 2018 /sbin/ifconfig tun1337 46.246.41.26 netmask 255.255.255.0 mtu 1500 broadcast 46.246.41.255
Sun Aug  5 15:35:22 2018 /etc/openvpn/set-client_iptables tun1337 1500 1560 46.246.41.26 255.255.255.0 init
Warning: Section @redirect[1] (WRT5800acm Slsve) has no target specified, defaulting to DNAT
Warning: Section @redirect[2] (WRT1900ac Slave) has no target specified, defaulting to DNAT
Warning: Section @redirect[3] (WRT1900ac Web server) has no target specified, defaulting to DNAT
Warning: Section @redirect[4] (WRT54GL Switch) has no target specified, defaulting to DNAT
 * Flushing IPv4 filter table
 * Flushing IPv4 nat table
 * Flushing IPv4 mangle table
 * Flushing IPv6 filter table
 * Flushing IPv6 mangle table
 * Flushing conntrack table ...
 * Populating IPv4 filter table
   * Rule 'Allow-OpenSSH'
   * Rule 'Allow-DHCP-Renew'
   * Rule 'Allow-Ping'
   * Rule 'Allow-IGMP'
   * Rule 'Allow-ESP-Forward'
   * Rule 'Allow-L2TP/IPSec-Forward'
   * Redirect 'BINKp'
   * Redirect 'WRT5800acm Slsve'
   * Redirect 'WRT1900ac Slave'
   * Redirect 'WRT1900ac Web server'
   * Redirect 'WRT54GL Switch'
   * Forward 'lan' -> 'ipr'
   * Forward 'lan' -> 'wan'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
 * Populating IPv4 nat table
   * Redirect 'BINKp'
   * Redirect 'WRT5800acm Slsve'
   * Redirect 'WRT1900ac Slave'
   * Redirect 'WRT1900ac Web server'
   * Redirect 'WRT54GL Switch'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
 * Populating IPv4 mangle table
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
 * Populating IPv6 filter table
   * Rule 'Allow-DHCPv6'
   * Rule 'Allow-MLD'
   * Rule 'Allow-ICMPv6-Input'
   * Rule 'Allow-ICMPv6-Forward'
   * Rule 'Allow-ESP-Forward'
   * Rule 'Allow-L2TP/IPSec-Forward'
   * Forward 'lan' -> 'ipr'
   * Forward 'lan' -> 'wan'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
 * Populating IPv6 mangle table
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
 * Set tcp_ecn to off
 * Set tcp_syncookies to on
 * Set tcp_window_scaling to on
 * Running script '/etc/firewall.user'
Sun Aug  5 15:35:32 2018 /sbin/route add -net 46.246.41.2 netmask 255.255.255.255 gw 68.146.248.1
Sun Aug  5 15:35:32 2018 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 46.246.41.1
Sun Aug  5 15:35:32 2018 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 46.246.41.1
Sun Aug  5 15:35:32 2018 /sbin/route add -net 46.246.41.2 netmask 255.255.255.255 gw 68.146.248.1
route: SIOCADDRT: File exists
Sun Aug  5 15:35:32 2018 ERROR: Linux route add command failed: external program exited with error status: 1
Sun Aug  5 15:35:32 2018 Initialization Sequence Completed
Sun Aug  5 15:35:38 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 15:35:48 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 15:35:58 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 15:36:58 2018 [oobohbooheer.openvpn.ipredator.se] Inactivity timeout (--ping-restart), restarting
Sun Aug  5 15:36:58 2018 SIGUSR1[soft,ping-restart] received, process restarting
Sun Aug  5 15:36:58 2018 Restart pause, 5 second(s)
Sun Aug  5 15:37:03 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Aug  5 15:37:03 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]46.246.41.2:1194
Sun Aug  5 15:37:03 2018 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Aug  5 15:37:03 2018 UDP link local: (not bound)
Sun Aug  5 15:37:03 2018 UDP link remote: [AF_INET]46.246.41.2:1194
Sun Aug  5 15:37:03 2018 TLS: Initial packet from [AF_INET]46.246.41.2:1194, sid=752ec78a 0fb32132
Sun Aug  5 15:37:03 2018 VERIFY OK: depth=1, C=SE, ST=Bryggland, L=Oeldal, O=Royal Swedish Beer Squadron, OU=Internetz, CN=Royal Swedish Beer Squadron CA, emailAddress=hostmaster@ipredator.se
Sun Aug  5 15:37:03 2018 VERIFY KU OK
Sun Aug  5 15:37:03 2018 Validating certificate extended key usage
Sun Aug  5 15:37:03 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Aug  5 15:37:03 2018 VERIFY EKU OK
Sun Aug  5 15:37:03 2018 VERIFY OK: depth=0, C=SE, ST=Bryggland, L=Oeldal, O=Royal Swedish Beer Squadron, CN=woupoapuufuo.openvpn.ipredator.se, emailAddress=hostmaster@ipredator.se
Sun Aug  5 15:37:04 2018 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
Sun Aug  5 15:37:04 2018 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Sun Aug  5 15:37:04 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2087 bit RSA
Sun Aug  5 15:37:04 2018 [woupoapuufuo.openvpn.ipredator.se] Peer Connection Initiated with [AF_INET]46.246.41.2:1194
Sun Aug  5 15:37:05 2018 SENT CONTROL [woupoapuufuo.openvpn.ipredator.se]: 'PUSH_REQUEST' (status=1)
Sun Aug  5 15:37:05 2018 PUSH: Received control message: 'PUSH_REPLY,route 46.246.41.2 255.255.255.255 net_gateway,route-gateway 46.246.41.1,redirect-gateway def1,topology subnet,dhcp-option DOMAIN ipredator.se,dhcp-option DNS 46.246.46.46,dhcp-option DNS 194.132.32.23,ip-win32 dynamic,ping 10,ping-restart 60,explicit-exit-notify 3,sndbuf 0,rcvbuf 0,peer-id 1,cipher AES-256-CBC,ifconfig 46.246.41.107 255.255.255.0'
Sun Aug  5 15:37:05 2018 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:8: ip-win32 (2.4.5)
Sun Aug  5 15:37:05 2018 OPTIONS IMPORT: timers and/or timeouts modified
Sun Aug  5 15:37:05 2018 OPTIONS IMPORT: explicit notify parm(s) modified
Sun Aug  5 15:37:05 2018 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sun Aug  5 15:37:05 2018 Socket Buffers: R=[163840->163840] S=[163840->163840]
Sun Aug  5 15:37:05 2018 OPTIONS IMPORT: --ifconfig/up options modified
Sun Aug  5 15:37:05 2018 OPTIONS IMPORT: route options modified
Sun Aug  5 15:37:05 2018 OPTIONS IMPORT: route-related options modified
Sun Aug  5 15:37:05 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Aug  5 15:37:05 2018 OPTIONS IMPORT: peer-id set
Sun Aug  5 15:37:05 2018 OPTIONS IMPORT: adjusting link_mtu to 1624
Sun Aug  5 15:37:05 2018 OPTIONS IMPORT: data channel crypto options modified
Sun Aug  5 15:37:05 2018 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Aug  5 15:37:05 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Aug  5 15:37:05 2018 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Aug  5 15:37:05 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Aug  5 15:37:05 2018 Preserving previous TUN/TAP instance: tun1337
Sun Aug  5 15:37:05 2018 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Sun Aug  5 15:37:05 2018 /sbin/route del -net 46.246.41.2 netmask 255.255.255.255
Sun Aug  5 15:37:05 2018 /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Sun Aug  5 15:37:05 2018 /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Sun Aug  5 15:37:05 2018 Closing TUN/TAP interface
Sun Aug  5 15:37:05 2018 /sbin/ifconfig tun1337 0.0.0.0
Sun Aug  5 15:37:05 2018 /etc/openvpn/del-client_iptables tun1337 1500 1560 46.246.41.26 255.255.255.0 init
route: SIOCDELRT: No such process
Warning: Section @redirect[1] (WRT5800acm Slsve) has no target specified, defaulting to DNAT
Warning: Section @redirect[2] (WRT1900ac Slave) has no target specified, defaulting to DNAT
Warning: Section @redirect[3] (WRT1900ac Web server) has no target specified, defaulting to DNAT
Warning: Section @redirect[4] (WRT54GL Switch) has no target specified, defaulting to DNAT
 * Flushing IPv4 filter table
 * Flushing IPv4 nat table
 * Flushing IPv4 mangle table
 * Flushing IPv6 filter table
 * Flushing IPv6 mangle table
 * Flushing conntrack table ...
 * Populating IPv4 filter table
   * Rule 'Allow-OpenSSH'
   * Rule 'Allow-DHCP-Renew'
   * Rule 'Allow-Ping'
   * Rule 'Allow-IGMP'
   * Rule 'Allow-ESP-Forward'
   * Rule 'Allow-L2TP/IPSec-Forward'
   * Redirect 'BINKp'
   * Redirect 'WRT5800acm Slsve'
   * Redirect 'WRT1900ac Slave'
   * Redirect 'WRT1900ac Web server'
   * Redirect 'WRT54GL Switch'
   * Forward 'lan' -> 'ipr'
   * Forward 'lan' -> 'wan'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
 * Populating IPv4 nat table
   * Redirect 'BINKp'
   * Redirect 'WRT5800acm Slsve'
   * Redirect 'WRT1900ac Slave'
   * Redirect 'WRT1900ac Web server'
   * Redirect 'WRT54GL Switch'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
 * Populating IPv4 mangle table
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
 * Populating IPv6 filter table
   * Rule 'Allow-DHCPv6'
   * Rule 'Allow-MLD'
   * Rule 'Allow-ICMPv6-Input'
   * Rule 'Allow-ICMPv6-Forward'
   * Rule 'Allow-ESP-Forward'
   * Rule 'Allow-L2TP/IPSec-Forward'
   * Forward 'lan' -> 'ipr'
   * Forward 'lan' -> 'wan'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
 * Populating IPv6 mangle table
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
 * Flushing conntrack: 46.246.41.26
 * Flushing conntrack: fe80::822b:daf:beff:f4be
 * Set tcp_ecn to off
 * Set tcp_syncookies to on
 * Set tcp_window_scaling to on
 * Running script '/etc/firewall.user'
Sun Aug  5 15:37:16 2018 TUN/TAP device tun1337 opened
Sun Aug  5 15:37:16 2018 TUN/TAP TX queue length set to 100
Sun Aug  5 15:37:16 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Aug  5 15:37:16 2018 /sbin/ifconfig tun1337 46.246.41.107 netmask 255.255.255.0 mtu 1500 broadcast 46.246.41.255
Sun Aug  5 15:37:17 2018 /etc/openvpn/set-client_iptables tun1337 1500 1560 46.246.41.107 255.255.255.0 init
Warning: Section @redirect[1] (WRT5800acm Slsve) has no target specified, defaulting to DNAT
Warning: Section @redirect[2] (WRT1900ac Slave) has no target specified, defaulting to DNAT
Warning: Section @redirect[3] (WRT1900ac Web server) has no target specified, defaulting to DNAT
Warning: Section @redirect[4] (WRT54GL Switch) has no target specified, defaulting to DNAT
 * Flushing IPv4 filter table
 * Flushing IPv4 nat table
 * Flushing IPv4 mangle table
 * Flushing IPv6 filter table
 * Flushing IPv6 mangle table
 * Flushing conntrack table ...
 * Populating IPv4 filter table
   * Rule 'Allow-OpenSSH'
   * Rule 'Allow-DHCP-Renew'
   * Rule 'Allow-Ping'
   * Rule 'Allow-IGMP'
   * Rule 'Allow-ESP-Forward'
   * Rule 'Allow-L2TP/IPSec-Forward'
   * Redirect 'BINKp'
   * Redirect 'WRT5800acm Slsve'
   * Redirect 'WRT1900ac Slave'
   * Redirect 'WRT1900ac Web server'
   * Redirect 'WRT54GL Switch'
   * Forward 'lan' -> 'ipr'
   * Forward 'lan' -> 'wan'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
 * Populating IPv4 nat table
   * Redirect 'BINKp'
   * Redirect 'WRT5800acm Slsve'
   * Redirect 'WRT1900ac Slave'
   * Redirect 'WRT1900ac Web server'
   * Redirect 'WRT54GL Switch'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
 * Populating IPv4 mangle table
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
 * Populating IPv6 filter table
   * Rule 'Allow-DHCPv6'
   * Rule 'Allow-MLD'
   * Rule 'Allow-ICMPv6-Input'
   * Rule 'Allow-ICMPv6-Forward'
   * Rule 'Allow-ESP-Forward'
   * Rule 'Allow-L2TP/IPSec-Forward'
   * Forward 'lan' -> 'ipr'
   * Forward 'lan' -> 'wan'
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
 * Populating IPv6 mangle table
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
 * Set tcp_ecn to off
 * Set tcp_syncookies to on
 * Set tcp_window_scaling to on
 * Running script '/etc/firewall.user'
Sun Aug  5 15:37:27 2018 /sbin/route add -net 46.246.41.2 netmask 255.255.255.255 gw 68.146.248.1
Sun Aug  5 15:37:27 2018 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 46.246.41.1
Sun Aug  5 15:37:27 2018 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 46.246.41.1
Sun Aug  5 15:37:27 2018 /sbin/route add -net 46.246.41.2 netmask 255.255.255.255 gw 68.146.248.1
route: SIOCADDRT: File exists
Sun Aug  5 15:37:27 2018 ERROR: Linux route add command failed: external program exited with error status: 1
Sun Aug  5 15:37:27 2018 Initialization Sequence Completed
Sun Aug  5 15:37:27 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 15:37:27 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 15:37:27 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 15:37:27 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 15:37:27 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 15:37:33 2018 write to TUN/TAP : Invalid argument (code=22)
Sun Aug  5 15:37:42 2018 write to TUN/TAP : Invalid argument (code=22)

type or paste code here
4

Add next options to config file:

	option dev-type 'tun'`
	option dev 'tun1337'

First option sad interface(NIC) type
Second option sad interface(NIC) name

5

If you don't have access to server.
try to add this options to your client

	option dev 'tun1337'
	option dev-type 'tun'
	option link-mtu '1558'
	option compress 'lzo'

OpenVPN manual about --link-mtu n

It's best not to set this parameter unless you know what you're doing.

It's best to remove this option from server and client, but if you have not ability to remove it from server, then add it to client.

6

if wil not come up now

config openvpn 'IPredator'
	option dev_type 'tun'`
	option dev 'tun1337'
	option port '4333'
	option client '1'
	option dev 'tun1337'
	list auth_user_pass '/etc/openvpn/IPredator.auth'
	option resolv_retry 'infinite'
	option script_security '2'
	option float '1'
	option nobind '1'
	option persist_key '1'
	option persist_tun '1'
	option ca '/etc/openvpn/IPredator.se.ca.crt'
	list tls_auth '/etc/openvpn/IPredator.se.ta.key'
	option tls_cipher 'TLSv1:!ADH:!SSLv2:!NULL:!EXPORT:!DES:!LOW:!MEDIUM:@STRENGTH'
	option cipher 'AES-256-CBC'
	option fast_io '1'
	option passtos '1'
	option tls_client '1'
	option remote 'pw.openvpn.ipredator.se 1194'
	option proto 'udp'
	option mute '20'
	option verb '3'
	option remote_cert_tls 'server'
	option ping '5'
	option ping_exit '30'
	option up '/etc/openvpn/set-client_iptables'
	option down '/etc/openvpn/del-client_iptables'
	option auth_nocache '1'
	option log_append '/var/openvpn.log'
7

I don't see:

option compress 'lzo'

But see twice

option dev 'tun1337'
8

BINGO!

This fixed it
option compress 'lzo'

Thanks a bunch :slight_smile:

9

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.