Hey guys,
since a few days I am unable to connect to my OpenWrt router using OpenVPN.
One week ago everything was working just fine and I didn't change any configuration files at all.
client_log
2019-10-17 08:09:47 offizielle Version 0.7.8 läuft auf OnePlus GM1903 (msmnile), Android 9 (PKQ1.190110.001) API 28, ABI arm64-v8a, (OnePlus/OnePlus7_EEA/OnePlus7:9/PKQ1.190110.001/1907280700:user/release-keys)
2019-10-17 08:09:47 Generiere OpenVPN-Konfiguration…
2019-10-17 08:09:47 started Socket Thread
2019-10-17 08:09:47 Netzwerkstatus: CONNECTED to WIFI
2019-10-17 08:09:47 Debug state info: CONNECTED to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2019-10-17 08:09:47 Debug state info: CONNECTED to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2019-10-17 08:09:47 Current Parameter Settings:
2019-10-17 08:09:47 Warte 0s Sekunden zwischen zwei Verbindungsversuchen
2019-10-17 08:09:47 config = '/data/user/0/de.blinkt.openvpn/cache/android.conf'
2019-10-17 08:09:47 mode = 0
2019-10-17 08:09:47 show_ciphers = DISABLED
2019-10-17 08:09:47 show_digests = DISABLED
2019-10-17 08:09:47 show_engines = DISABLED
2019-10-17 08:09:47 genkey = DISABLED
2019-10-17 08:09:47 key_pass_file = '[UNDEF]'
2019-10-17 08:09:47 show_tls_ciphers = DISABLED
2019-10-17 08:09:47 connect_retry_max = 0
2019-10-17 08:09:47 Connection profiles [0]:
2019-10-17 08:09:47 proto = udp
2019-10-17 08:09:47 local = '[UNDEF]'
2019-10-17 08:09:47 local_port = '[UNDEF]'
2019-10-17 08:09:47 remote = 'xxxxxxx.goip.de'
2019-10-17 08:09:47 remote_port = '1194'
2019-10-17 08:09:47 remote_float = DISABLED
2019-10-17 08:09:47 bind_defined = DISABLED
2019-10-17 08:09:47 bind_local = DISABLED
2019-10-17 08:09:47 bind_ipv6_only = DISABLED
2019-10-17 08:09:47 connect_retry_seconds = 2
2019-10-17 08:09:47 connect_timeout = 120
2019-10-17 08:09:47 socks_proxy_server = '[UNDEF]'
2019-10-17 08:09:47 socks_proxy_port = '[UNDEF]'
2019-10-17 08:09:47 tun_mtu = 1500
2019-10-17 08:09:47 tun_mtu_defined = ENABLED
2019-10-17 08:09:47 link_mtu = 1500
2019-10-17 08:09:47 link_mtu_defined = DISABLED
2019-10-17 08:09:47 tun_mtu_extra = 0
2019-10-17 08:09:47 tun_mtu_extra_defined = DISABLED
2019-10-17 08:09:47 mtu_discover_type = -1
2019-10-17 08:09:47 fragment = 0
2019-10-17 08:09:47 mssfix = 1450
2019-10-17 08:09:47 explicit_exit_notification = 0
2019-10-17 08:09:47 tls_auth_file = '[UNDEF]'
2019-10-17 08:09:47 key_direction = not set
2019-10-17 08:09:47 tls_crypt_file = '[[INLINE]]'
2019-10-17 08:09:47 tls_crypt_v2_file = '[UNDEF]'
2019-10-17 08:09:47 Connection profiles END
2019-10-17 08:09:47 remote_random = DISABLED
2019-10-17 08:09:47 ipchange = '[UNDEF]'
2019-10-17 08:09:47 dev = 'tun'
2019-10-17 08:09:47 dev_type = '[UNDEF]'
2019-10-17 08:09:47 dev_node = '[UNDEF]'
2019-10-17 08:09:47 lladdr = '[UNDEF]'
2019-10-17 08:09:47 topology = 1
2019-10-17 08:09:47 ifconfig_local = '[UNDEF]'
2019-10-17 08:09:47 ifconfig_remote_netmask = '[UNDEF]'
2019-10-17 08:09:47 ifconfig_noexec = DISABLED
2019-10-17 08:09:47 ifconfig_nowarn = ENABLED
2019-10-17 08:09:47 ifconfig_ipv6_local = '[UNDEF]'
2019-10-17 08:09:47 ifconfig_ipv6_netbits = 0
2019-10-17 08:09:47 ifconfig_ipv6_remote = '[UNDEF]'
2019-10-17 08:09:47 shaper = 0
2019-10-17 08:09:47 mtu_test = 0
2019-10-17 08:09:47 mlock = DISABLED
2019-10-17 08:09:47 keepalive_ping = 0
2019-10-17 08:09:47 keepalive_timeout = 0
2019-10-17 08:09:47 inactivity_timeout = 0
2019-10-17 08:09:47 ping_send_timeout = 0
2019-10-17 08:09:47 ping_rec_timeout = 0
2019-10-17 08:09:47 ping_rec_timeout_action = 0
2019-10-17 08:09:47 ping_timer_remote = DISABLED
2019-10-17 08:09:47 remap_sigusr1 = 0
2019-10-17 08:09:47 persist_tun = ENABLED
2019-10-17 08:09:47 persist_local_ip = DISABLED
2019-10-17 08:09:47 persist_remote_ip = DISABLED
2019-10-17 08:09:47 persist_key = DISABLED
2019-10-17 08:09:47 passtos = DISABLED
2019-10-17 08:09:47 resolve_retry_seconds = 1000000000
2019-10-17 08:09:47 resolve_in_advance = ENABLED
2019-10-17 08:09:47 username = '[UNDEF]'
2019-10-17 08:09:47 groupname = '[UNDEF]'
2019-10-17 08:09:47 chroot_dir = '[UNDEF]'
2019-10-17 08:09:47 cd_dir = '[UNDEF]'
2019-10-17 08:09:47 writepid = '[UNDEF]'
2019-10-17 08:09:47 up_script = '[UNDEF]'
2019-10-17 08:09:47 down_script = '[UNDEF]'
2019-10-17 08:09:47 down_pre = DISABLED
2019-10-17 08:09:47 up_restart = DISABLED
2019-10-17 08:09:47 up_delay = DISABLED
2019-10-17 08:09:47 daemon = DISABLED
2019-10-17 08:09:47 inetd = 0
2019-10-17 08:09:47 log = DISABLED
2019-10-17 08:09:47 suppress_timestamps = DISABLED
2019-10-17 08:09:47 machine_readable_output = ENABLED
2019-10-17 08:09:47 nice = 0
2019-10-17 08:09:47 verbosity = 4
2019-10-17 08:09:47 mute = 0
2019-10-17 08:09:47 gremlin = 0
2019-10-17 08:09:47 status_file = '[UNDEF]'
2019-10-17 08:09:47 status_file_version = 1
2019-10-17 08:09:47 status_file_update_freq = 60
2019-10-17 08:09:47 occ = ENABLED
2019-10-17 08:09:47 rcvbuf = 0
2019-10-17 08:09:47 sndbuf = 0
2019-10-17 08:09:47 sockflags = 0
2019-10-17 08:09:47 fast_io = DISABLED
2019-10-17 08:09:47 comp.alg = 0
2019-10-17 08:09:47 comp.flags = 0
2019-10-17 08:09:47 route_script = '[UNDEF]'
2019-10-17 08:09:47 route_default_gateway = '[UNDEF]'
2019-10-17 08:09:47 route_default_metric = 0
2019-10-17 08:09:47 route_noexec = DISABLED
2019-10-17 08:09:47 route_delay = 0
2019-10-17 08:09:47 route_delay_window = 30
2019-10-17 08:09:47 route_delay_defined = DISABLED
2019-10-17 08:09:47 route_nopull = DISABLED
2019-10-17 08:09:47 route_gateway_via_dhcp = DISABLED
2019-10-17 08:09:47 allow_pull_fqdn = DISABLED
2019-10-17 08:09:47 management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
2019-10-17 08:09:47 management_port = 'unix'
2019-10-17 08:09:47 management_user_pass = '[UNDEF]'
2019-10-17 08:09:47 management_log_history_cache = 250
2019-10-17 08:09:47 management_echo_buffer_size = 100
2019-10-17 08:09:47 management_write_peer_info_file = '[UNDEF]'
2019-10-17 08:09:47 management_client_user = '[UNDEF]'
2019-10-17 08:09:47 management_client_group = '[UNDEF]'
2019-10-17 08:09:47 management_flags = 16678
2019-10-17 08:09:47 shared_secret_file = '[UNDEF]'
2019-10-17 08:09:47 key_direction = not set
2019-10-17 08:09:47 ciphername = 'AES-256-CBC'
2019-10-17 08:09:47 ncp_enabled = ENABLED
2019-10-17 08:09:47 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
2019-10-17 08:09:47 authname = 'SHA512'
2019-10-17 08:09:47 prng_hash = 'SHA1'
2019-10-17 08:09:47 prng_nonce_secret_len = 16
2019-10-17 08:09:47 keysize = 0
2019-10-17 08:09:47 engine = DISABLED
2019-10-17 08:09:47 replay = ENABLED
2019-10-17 08:09:47 mute_replay_warnings = DISABLED
2019-10-17 08:09:47 replay_window = 64
2019-10-17 08:09:47 replay_time = 15
2019-10-17 08:09:47 packet_id_file = '[UNDEF]'
2019-10-17 08:09:47 test_crypto = DISABLED
2019-10-17 08:09:47 tls_server = DISABLED
2019-10-17 08:09:47 tls_client = ENABLED
2019-10-17 08:09:47 key_method = 2
2019-10-17 08:09:47 ca_file = '[[INLINE]]'
2019-10-17 08:09:47 ca_path = '[UNDEF]'
2019-10-17 08:09:47 dh_file = '[UNDEF]'
2019-10-17 08:09:47 cert_file = '[[INLINE]]'
2019-10-17 08:09:47 extra_certs_file = '[UNDEF]'
2019-10-17 08:09:47 priv_key_file = '[[INLINE]]'
2019-10-17 08:09:47 pkcs12_file = '[UNDEF]'
2019-10-17 08:09:47 cipher_list = '[UNDEF]'
2019-10-17 08:09:47 cipher_list_tls13 = '[UNDEF]'
2019-10-17 08:09:47 tls_cert_profile = '[UNDEF]'
2019-10-17 08:09:47 tls_verify = '[UNDEF]'
2019-10-17 08:09:47 tls_export_cert = '[UNDEF]'
2019-10-17 08:09:47 verify_x509_type = 0
2019-10-17 08:09:47 verify_x509_name = '[UNDEF]'
2019-10-17 08:09:47 crl_file = '[UNDEF]'
2019-10-17 08:09:47 ns_cert_type = 0
2019-10-17 08:09:47 remote_cert_ku[i] = 65535
2019-10-17 08:09:47 remote_cert_ku[i] = 0
2019-10-17 08:09:47 remote_cert_ku[i] = 0
2019-10-17 08:09:47 remote_cert_ku[i] = 0
2019-10-17 08:09:47 remote_cert_ku[i] = 0
2019-10-17 08:09:47 remote_cert_ku[i] = 0
2019-10-17 08:09:47 remote_cert_ku[i] = 0
2019-10-17 08:09:47 remote_cert_ku[i] = 0
2019-10-17 08:09:47 remote_cert_ku[i] = 0
2019-10-17 08:09:47 remote_cert_ku[i] = 0
2019-10-17 08:09:47 remote_cert_ku[i] = 0
2019-10-17 08:09:47 remote_cert_ku[i] = 0
2019-10-17 08:09:47 remote_cert_ku[i] = 0
2019-10-17 08:09:47 remote_cert_ku[i] = 0
2019-10-17 08:09:47 remote_cert_ku[i] = 0
2019-10-17 08:09:47 remote_cert_ku[i] = 0
2019-10-17 08:09:47 remote_cert_eku = 'TLS Web Server Authentication'
2019-10-17 08:09:47 ssl_flags = 0
2019-10-17 08:09:47 tls_timeout = 2
2019-10-17 08:09:47 renegotiate_bytes = -1
2019-10-17 08:09:47 renegotiate_packets = 0
2019-10-17 08:09:47 renegotiate_seconds = 3600
2019-10-17 08:09:47 handshake_window = 60
2019-10-17 08:09:47 transition_window = 3600
2019-10-17 08:09:47 single_session = DISABLED
2019-10-17 08:09:47 push_peer_info = DISABLED
2019-10-17 08:09:47 tls_exit = DISABLED
2019-10-17 08:09:47 tls_crypt_v2_genkey_type = '[UNDEF]'
2019-10-17 08:09:47 tls_crypt_v2_genkey_file = '[UNDEF]'
2019-10-17 08:09:47 tls_crypt_v2_metadata = '[UNDEF]'
2019-10-17 08:09:47 client = ENABLED
2019-10-17 08:09:47 pull = ENABLED
2019-10-17 08:09:47 auth_user_pass_file = '[UNDEF]'
2019-10-17 08:09:47 OpenVPN 2.5-icsopenvpn [git:icsopenvpn/v0.7.8-0-g168367a5] arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 22 2019
2019-10-17 08:09:47 library versions: OpenSSL 1.1.1a 20 Nov 2018, LZO 2.10
2019-10-17 08:09:47 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
2019-10-17 08:09:47 MANAGEMENT: CMD 'version 3'
2019-10-17 08:09:47 MANAGEMENT: CMD 'hold release'
2019-10-17 08:09:47 MANAGEMENT: CMD 'bytecount 2'
2019-10-17 08:09:47 MANAGEMENT: CMD 'proxy NONE'
2019-10-17 08:09:47 MANAGEMENT: CMD 'state on'
2019-10-17 08:09:48 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2019-10-17 08:09:48 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2019-10-17 08:09:48 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2019-10-17 08:09:48 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2019-10-17 08:09:48 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
2019-10-17 08:09:48 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2019-10-17 08:09:48 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
2019-10-17 08:09:48 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
2019-10-17 08:09:48 TCP/UDP: Preserving recently used remote address: [AF_INET6]::1:1194
2019-10-17 08:09:48 Socket Buffers: R=[229376->229376] S=[229376->229376]
2019-10-17 08:09:48 UDP link local: (not bound)
2019-10-17 08:09:48 UDP link remote: [AF_INET6]::1:1194
2019-10-17 08:09:48 MANAGEMENT: >STATE:1571292588,WAIT,,,,,,
2019-10-17 08:10:48 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2019-10-17 08:10:48 Warte 2s Sekunden zwischen zwei Verbindungsversuchen
2019-10-17 08:10:48 TLS Error: TLS handshake failed
2019-10-17 08:10:48 TCP/UDP: Closing socket
2019-10-17 08:10:48 SIGUSR1[soft,tls-error] received, process restarting
2019-10-17 08:10:48 MANAGEMENT: >STATE:1571292648,RECONNECTING,tls-error,,,,,
2019-10-17 08:10:50 MANAGEMENT: CMD 'hold release'
2019-10-17 08:10:50 MANAGEMENT: CMD 'proxy NONE'
2019-10-17 08:10:50 MANAGEMENT: CMD 'bytecount 2'
2019-10-17 08:10:50 MANAGEMENT: CMD 'state on'
2019-10-17 08:10:51 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2019-10-17 08:10:51 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2019-10-17 08:10:51 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2019-10-17 08:10:51 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2019-10-17 08:10:51 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
2019-10-17 08:10:51 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2019-10-17 08:10:51 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
2019-10-17 08:10:51 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
2019-10-17 08:10:51 TCP/UDP: Preserving recently used remote address: [AF_INET]server_public_ip:1194
2019-10-17 08:10:51 Socket Buffers: R=[229376->229376] S=[229376->229376]
2019-10-17 08:10:51 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2019-10-17 08:10:51 UDP link local: (not bound)
2019-10-17 08:10:51 UDP link remote: [AF_INET]server_public_ip:1194
2019-10-17 08:10:51 MANAGEMENT: >STATE:1571292651,WAIT,,,,,,
2019-10-17 08:10:51 MANAGEMENT: >STATE:1571292651,AUTH,,,,,,
2019-10-17 08:10:51 TLS: Initial packet from [AF_INET]server_public_ip:1194, sid=447187f9 2a04d9e6
2019-10-17 08:10:52 VERIFY OK: depth=1, CN=ovpnserver_xxxxxxxx
2019-10-17 08:10:52 VERIFY KU OK
2019-10-17 08:10:52 Validating certificate extended key usage
2019-10-17 08:10:52 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2019-10-17 08:10:52 VERIFY EKU OK
2019-10-17 08:10:52 VERIFY OK: depth=0, CN=vpnserver
2019-10-17 08:11:51 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2019-10-17 08:11:51 Warte 2s Sekunden zwischen zwei Verbindungsversuchen
2019-10-17 08:11:51 TLS Error: TLS handshake failed
2019-10-17 08:11:51 TCP/UDP: Closing socket
2019-10-17 08:11:51 SIGUSR1[soft,tls-error] received, process restarting
2019-10-17 08:11:51 MANAGEMENT: >STATE:1571292711,RECONNECTING,tls-error,,,,,
2019-10-17 08:11:53 MANAGEMENT: CMD 'hold release'
2019-10-17 08:11:53 MANAGEMENT: CMD 'proxy NONE'
2019-10-17 08:11:53 MANAGEMENT: CMD 'bytecount 2'
2019-10-17 08:11:53 MANAGEMENT: CMD 'state on'
2019-10-17 08:11:54 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2019-10-17 08:11:54 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2019-10-17 08:11:54 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2019-10-17 08:11:54 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2019-10-17 08:11:54 Control Channel MTU parms [ L:1621 D:1156 EF:94 EB:0 ET:0 EL:3 ]
2019-10-17 08:11:54 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
2019-10-17 08:11:54 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client'
2019-10-17 08:11:54 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1601,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-server'
2019-10-17 08:11:54 TCP/UDP: Preserving recently used remote address: [AF_INET6]::1:1194
2019-10-17 08:11:54 Socket Buffers: R=[229376->229376] S=[229376->229376]
2019-10-17 08:11:54 UDP link local: (not bound)
2019-10-17 08:11:54 UDP link remote: [AF_INET6]::1:1194
2019-10-17 08:11:54 MANAGEMENT: >STATE:1571292714,WAIT,,,,,,
2019-10-17 08:12:21 MANAGEMENT: CMD 'signal SIGINT'
2019-10-17 08:12:21 TCP/UDP: Closing socket
2019-10-17 08:12:21 SIGINT[hard,] received, process exiting
2019-10-17 08:12:21 MANAGEMENT: >STATE:1571292741,EXITING,SIGINT,,,,,
The client has a working internet connection, the public ip also gets resolved correctly.
My other clients/friends have the exact same problem.
I don't know, where OpenVPN for OpenWrt saves the server logs...