Aead decrypt error cipher final failed openvpn - Исправление ошибок и поиск оптимальных решений проблем

dnguyen76: OpenVpn Newbie; Posts: 2; Joined: Wed Dec 05, 2018 4:14 pm

AEAD Decrypt error: cipher final failed

I am running an OpenVPN 2.4.0 network with TCP protocol and 443 port to mimic https stream (server software installation in a Raspberry pi3 has been done using pivpn )

After connection, I have random «AEAD Decrypt error: cipher final failed» message every 5 ti 10 minutes when receiving from Raspbian openvpn client thru a firewall . After each software reset the Raspbian client succeed to reconnect but again 5 to 10 minutes later another «AEAD Decrypt error: cipher final failed» .

( The openvpn server is running in a Raspberry 3 and working well with others clients ( Windows, Android) but another network without firewall in this case)

Is anybody an idea how to correct these random «AEAD Decrypt error: cipher final failed» ?

Daniel

Jan 13 08:37:11 raspberrypi ovpn-server[395]: E/xx.xx.xx.xx.:13885 AEAD Decrypt error: cipher final failed
Jan 13 08:37:11 raspberrypi ovpn-server[395]: E/xx.xx.xx.xx:13885 Fatal decryption error (process_incoming_link), restarting
Jan 13 08:37:11 raspberrypi ovpn-server[395]: E/xx.xx.xx.xx:13885 SIGUSR1[soft,decryption-error] received, client-instance restarting

inixi: OpenVpn Newbie; Posts: 2; Joined: Wed Apr 17, 2019 1:13 pm

Re: AEAD Decrypt error: cipher final failed

Post

by inixi » Wed Apr 17, 2019 1:44 pm

Hello,
I have the same issue. In server logs there are plenty of ERRORS like:

Code: Select all

ovpn-vpn-udp[11613]: some.guy/123.231.132.33:2371 AEAD Decrypt error: cipher final failed

Restarting server works for quite some time, but after this time a client attempts to connect and I still receive those errors.

My configuration:
System: Debian 4.9.0-3-amd64 #1 SMP
OpenVPN version: 2.4.0-6
server configuration:

Code: Select all

port 3434
proto udp
dev udp-tun
dev-type tun
topology subnet
persist-tun
persist-key
user nobody
group nogroup
server 172.17.1.0 255.255.255
ca ca_file.pem
cert cert_file.pem
key key_file.pem
dh dh.pem
crl-verify crl_file.pem
tls-auth ta.key 0
client-config-dir udp-tun.d
ifconfig-pool-persist udp-tun.pool
keepalive 10 120
compress lzo
log-append /var/log/openvpn/udp-tun.log
verb 3
auth SHA1

push "dhcp-option DNS 172.17.1.2"
push "route 172.17.1.0 255.255.0.0"
push "route 172.17.2.0 255.255.0.0"
push "route 172.17.3.0 255.255.0.0"

Client configuration

Code: Select all

client
dev tun
proto udp
remote my.remote.server.com 3434
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
auth-nocache
comp-lzo                                           
keepalive 10 120
verb 4

This happens randomly and only after some time (more than 10 hours of uptime) and when 20 or more clients are connected.

inixi: OpenVpn Newbie; Posts: 2; Joined: Wed Apr 17, 2019 1:13 pm

Re: AEAD Decrypt error: cipher final failed

Post

by inixi » Tue Apr 30, 2019 3:25 pm

Thanks for the reply!
I just commented out those options from server configuration only. Why?
In my case changing configuration for clients is a bit of trouble since not all users or endpoints can adapt to changes…

TinCanTech: OpenVPN Protagonist; Posts: 11142; Joined: Fri Jun 03, 2016 1:17 pm

Re: AEAD Decrypt error: cipher final failed

Post

by TinCanTech » Tue Apr 30, 2019 3:29 pm

inixi wrote: ↑

Tue Apr 30, 2019 3:25 pm

I just commented out those options from server configuration only

So you just did the opposite of what I recommend and have now broken your server config.

Источник

http://habrahabr.ru/sandbox/58689/ — по сути краткая шпаргалка по заведению openVPN на windows. полезна в том случае если подробный разбор вы уже изучили, но подзабыли отдельные детали процесса.А вот на это я бы обратил внимание:

— Далее во избежание проблем с созданием сертификата клиента очищаем index.txt папке ssl

OpenVPN и роутеры

Сети связывать лучше посредством специальных устройств, нежели выделять для этого дела отдельный компьютер. Хорошая новость — есть огромное количество роутеров которые со спец прошивкой — поддерживают OpenVPN, если у вас возник вопрос «Какой роутер поддерживает OpenVPN» то поискать ответ можно тут:

Для себя, опытным путем, я выбрал роутер Asus RT-N10U, и настроил его под свой конфиг. Главное преимущество — возможность перепрошить его прямо в окне браузера. А дальше читайте в статье.

Конфиг OpenVPN Сервера, на Windows 7:

Ну и собственно мой конфиг. Он прямо скажем не идеален, но вполне годен.

Настройка Клиента IRZ RUH2:

В нашем случае это GSM router IRZ RUH2, здесь я не даю подробной инструкции, просто конфиг, который у меня отлично работает. Ключи на модем я добавлял через upload в администрировании.

Некоторые ошибки при настройке OpenVPN

Authenticate/Decrypt packet error: packet HMAC authentication failed

В моем случае эта ошибка разрешилась с помощью изменения Hash Algorithm на SHA1 у клиента, т.е. приведение к тому же значению что и на сервере.

Authenticate/Decrypt packet error: cipher final failed

— ошибка алгоритма шифрования. вероятно в настройках клиента и сервера указаны разные варианты cipher. Как вариант можно не указывать его вообще, тогда будет взят вариант по умолчанию (bf-cbc)

Не возможно подключиться к интерфейсу, если служба уже запущена

Идем в службы и выключаем её

При запуске сервера OpenVPN ошибкa: не возможно добавить маршрут в таблицу маршрутизации

Решение: Не хватает прав доступа, необходимо запустить сервер от имени администратора.

Клиент находит сервер, подключается, но не пингуется, или не может подключиться.

— Необходимо на сервере внести в правила фаервола исключение для нашего сервиса.

Клиент находит сервер, но не пингуется.

— Необходимо настроить маршрутизацию т.е. запустить запросы в нашу vpn сеть через наш tap интерфейс. В нашем случае мы можем запустить консоль Windows от имени админиcтратора и там вручную добавить маршрут к примеру:
route -p add 10.8.0.0 mask 255.255.255.0 10.8.0.1
-p — добавляем маршрут на постоянной основе, без этого аргумента при перезагрузки маршрут исчезнет.
10.8.0.0 mask 255.255.255.0 — задаем диапазон адресов для которых будет действовать маршрут, все пакеты идущие на адреса с 10.8.0.1 до 10.8.0.255.
10.8.0.1 — шлюз, gateway, на который будем слать пакеты. В нашем случае это сервер VPN соединения.

Ошибка: Initialization Sequence Completed With Errors ( see http://openvpn.net/f…#dhcpclientserv )

вылечилось добавлением openVPN в исключения фаервола.

Соответственно, для Windows систем, от XP до 7ки это можно сделать, выполнив в консоли следующую команду от имени администратора:

Источник

Matt’s Blog

Fixing OpenVPN «Authenticate/Decrypt packet error: cipher final failed»

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

When connecting to a VPN I was constant getting the error

Mar 8 09:29:27 openvpn[1696]: Authenticate/Decrypt packet error: cipher final failed

I had imported the supplied ovpn file and had followed all the other configuration steps, so this was quite frustrating. Then I saw this in the logs:

Mar 8 09:31:07 openvpn[1790]: WARNING: ‘cipher’ is used inconsistently, local=’cipher BF-CBC’, remote=’cipher AES-256-CBC’

Changing my client to use «cipher AES-256-CBC» instead of the default (which apparently was cipher BF-CBC) fixed the issue.

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

MinHash for dummies

ullman/mmds/ch3.pdf . That document goes into a lot of theory, and was ultimately where my understanding on MinHash came from. Unfortunately it approaches the algorithm from a theoretical standpoint, but if I gloss over some aspect of the MinHash algorithm here, you will almost certainly find a fuller explanation in the PDF. I’ll also be using pseudo Java in these examples instead of traditional math. This means when I use terms like Set, I am referring to the gr

Источник

Quick links
- Unanswered topics
- Active topics
- Search

TLS Errors and AEAD Decrypt errors

Posts: 11 Joined: Fri Dec 18, 2020 10:55 pm

When I upgraded my computer with new motherboard (Asus ROG Z490) and the new Intel I225 chip I started to get strange errors from Viscosity and sometimes the VPN tunnels works and sometime is does not. I cannot start the tunnel at all at sometimes too. If I run Hypervisor with a Ubuntu going throug the samt ethernet controller it works like a charm.

The errors from the log is:
==================
dec 18 12:44:18 : AEAD Decrypt error: cipher final failed
dec 18 12:44:18 : TLS Error: Unroutable control packet received from [AF_INET]xx.xx.xx.xx:1194 (si=3 op=P_ACK_V1)
dec 18 12:44:21 : AEAD Decrypt error: cipher final failed
dec 18 12:44:21 : TLS Error: client->client or server->server connection attempted from [AF_INET]xx.xx.xx.xx:1194
dec 18 12:44:22 : AEAD Decrypt error: cipher final failed
dec 18 12:44:22 : TLS Error: local/remote TLS keys are out of sync: [AF_INET]xx.xx.xx.xx:1194 [3]
dec 18 12:53:49 : TLS Error: Unroutable control packet received from [AF_INET]xx.xx.xx.xx:1194 (si=3 op=P_CONTROL_SOFT_RESET_V1)

Client config:
=========
client
dev tun
proto udp
remote server 1194
remote server 1194
remote server 1194
cipher AES-256-CBC
auth SHA256
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verb 5
key-direction 1
tls-client

——BEGIN CERTIFICATE——
——END PRIVATE KEY——

——BEGIN CERTIFICATE——
——END CERTIFICATE——

——BEGIN PRIVATE KEY——
——END PRIVATE KEY——

#
# 2048 bit OpenVPN static key
#
——BEGIN OpenVPN Static key V1——

——END OpenVPN Static key V1——

Server Config
==========
proto udp
port 1194
dev tun
topology subnet
server xx.xx.xx.xx 255.255.0.0
ifconfig-pool-persist ipp.txt
route xx.xx.xx.xx 255.255.0.0
route xx.xx.xx.xx 255.255.0.0

# Push routes for all clients
push «route xx.xx.xx.xx 255.255.255.0 xx.xx.xx.xx»

ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/server.crt
key /etc/openvpn/pki/private/server.key
dh /etc/openvpn/keys/dh2048.pem
tls-auth /etc/openvpn/keys/ta.key 0
crl-verify /etc/openvpn/pki/crl.pem
cipher AES-256-CBC
auth SHA256
verb 3
client-config-dir /etc/openvpn/server/clients
persist-key
persist-tun
keepalive 10 60
user openvpn
group openvpn
daemon
log-append /var/log/openvpn.log
syslog
explicit-exit-notify 1
management localhost 7504
script-security 2

Client Config on Server:
========================
push «route 172.18.0.0 255.255.0.0»
push «route xx.xx.xx.xx 255.255.255.255»
push «dhcp-option DNS 10.211.1.94»
push «dhcp-option DNS 10.211.1.244»
push «dhcp-option DOMAIN dns-domain-1»
push «dhcp-option DOMAIN dns-domain-2»
push «dhcp-option DOMAIN dns-domain-3»

As you have only posted a snippet on your log I’m afraid we can’t provide anything specific, however I can give you a few general reasons why this might occur.

The error, unintuitively, means essentially that the control packet that was received is an OpenVPN packet, however it does not belong to the connection it was received on. This can mean any of the following in the most common cases:

— If you have multiple VPN connections active, you may have a routing issue which is causing packets to be sent the wrong way
— You have multiple VPN connections active on the same subnet which are causing some cross talk locally
— Your time and date on either the server or local PC is wrong
— You have imported the wrong tls-auth file for the connection
— A disruption in traffic has caused the server to timeout your connection, but the client has not acknowledged it yet due to misconfigured

If this is happening after a reconnect or ping-restart, please try disabling persist-tun and persist-key while troubleshooting.

Eric Thorpe
Viscosity Developer

Posts: 11 Joined: Fri Dec 18, 2020 10:55 pm

I will attach a complete log here.
In this log, I get a connection, but when I start using the connection, everything takes a very long time.
For example when I access a resource with chrome browser, it can take up to 5 minutes before I even see that it starts loading content, and even then the content is from time to time mangled.

Sometimes it works, and sometimes it does not, and sometimes I do not get a connection at all.

I do not have any othter VPN running in my computer.
If I start up a OpenVPN connection in my PC I get the same errors.
If I start up a OpenVPN connection in a HyperV Ubuntu inside my PC, it WORKS.

Could you please post a copy of your route table and ipconfig -all after connecting as well?

To do this, open a command prompt and type in the following commands one after another:
route print
ipconfig -all

Eric Thorpe
Viscosity Developer

Posts: 11 Joined: Fri Dec 18, 2020 10:55 pm

Windows IP Configuration

Host Name . . . . . . . . . . . . : Cray-4
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : bahnhof.se
vpn.entiros.io
private.entiros.io
idm.entiros.io

Unknown adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9 for OpenVPN Connect
Physical Address. . . . . . . . . : 00-FF-0C-A1-4F-9E
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . : bahnhof.se
Description . . . . . . . . . . . : Intel(R) Ethernet Controller (2) I225-V
Physical Address. . . . . . . . . : 3C-7C-3F-D4-C1-56
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.242(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Lease Obtained. . . . . . . . . . : den 8 januari 2021 09:13:40
Lease Expires . . . . . . . . . . : den 9 januari 2021 09:17:10
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 127.56.49.53
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter 000int-miknyb (Cray-4):

Connection-specific DNS Suffix . : vpn.entiros.io
Description . . . . . . . . . . . : Viscosity Virtual Adapter V9.1
Physical Address. . . . . . . . . : 00-FF-D1-E8-E2-55
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.234.0.11(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : den 8 januari 2021 09:17:13
Lease Expires . . . . . . . . . . : den 8 januari 2022 09:17:12
Default Gateway . . . . . . . . . : 10.234.0.1
DHCP Server . . . . . . . . . . . : 10.234.0.254
DNS Servers . . . . . . . . . . . : 127.56.49.53
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
vpn.entiros.io
private.entiros.io
idm.entiros.io

Ethernet adapter Npcap Loopback Adapter:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Npcap Loopback Adapter
Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e5d35af4:92c9%6(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.146.201(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 805437516
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-27-55-5D-85-3C-7C-3F-D4-C1-56
DNS Servers . . . . . . . . . . . : fd53:7061:726b:4c61:6273:5669:7344:4e53
127.56.49.53
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter vEthernet (Internet):

Connection-specific DNS Suffix . : bahnhof.se
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
Physical Address. . . . . . . . . : 3C-7C-3F-D4-C1-56
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f9ac:6384:88e6:9442%24(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.148.66(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 305953855
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-27-55-5D-85-3C-7C-3F-D4-C1-56
DNS Servers . . . . . . . . . . . : fd53:7061:726b:4c61:6273:5669:7344:4e53
127.56.49.53
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
bahnhof.se

Ethernet adapter vEthernet (Default Switch):

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
Physical Address. . . . . . . . . : 00-15-5D-40-3F-A5
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b838:6e5d9cf2%25(Preferred)
IPv4 Address. . . . . . . . . . . : 172.18.137.225(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 419435869
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-27-55-5D-85-3C-7C-3F-D4-C1-56
DNS Servers . . . . . . . . . . . : fd53:7061:726b:4c61:6273:5669:7344:4e53
127.56.49.53
NetBIOS over Tcpip. . . . . . . . : Enabled

Источник

OpenVPN gives the error AEAD Decrypt error: cipher final failed at random times.

This should be investigated.

docker exec -it vpn echo $TZ

is blanc, no timezone is given.

In my docker-compose file I set TZ=Europe/Amsterdam.

Are you sure? It should definitely be set 😕
That must be the TLS sync issue error, 99% certain 😉

For the AEAD Decrypt error, I don’t know yet though.

Are you sure? It should definitely be set 😕
That must be the TLS sync issue error, 99% certain 😉

For the AEAD Decrypt error, I don’t know yet though.

Yes,

docker exec -it vpn echo $TZ

returns in a empty line 😢

and my docker-compose.yml:

version: "3.7"
services:
  vpn:
    image: qmcgaw/private-internet-access:windscribe
    container_name: vpn
    cap_add:
      - NET_ADMIN
    # devices:
    network_mode: bridge
    init: true
    ports:
      - 8888:8888/tcp #tinyproxy
      - 8388:8388/tcp #shadowsocks
      - 8388:8388/udp #shadowsocks
      - 9501:8080/tcp #sabnzbd
      - 9502:5076/tcp #hydra2
      - 9503:9503/tcp #qbittorrent
      - 9504:5800/tcp #firefox
    # command:
    environment:
      - VPNSP=windscribe
      - USER=
      - PROTOCOL=UDP
      - OPENVPN_VERBOSITY=1
      - OPENVPN_ROOT=no
      - OPENVPN_TARGET_IP=
      - TZ=Europe/Amsterdam

      # PIA & Windscribe only
      - REGION=Netherlands
      - PASSWORD=
      - ENCRYPTION=strong
      - PORT_FORWARDING=off
      - PORT_FORWARDING_STATUS_FILE=/srv/dev-disk-by-label-NASinternalUSB1/vpn
      - OPENVPN_CIPHER=AES-256-GCM

      # Mullvad only
      - COUNTRY=Sweden
      - CITY=
      - ISP=

      # Mullvad & Windscribe only
      - PORT=54783

      # DNS over TLS
      - DOT=on
      - DOT_CACHING=on
      - DOT_IPV6=off
      - DOT_PROVIDERS=cloudflare,quad9
      - DOT_VERBOSITY=1
      - DOT_VERBOSITY_DETAILS=0
      - DOT_VALIDATION_LOGLEVEL=0
      - BLOCK_MALICIOUS=on
      - BLOCK_SURVEILLANCE=on
      - BLOCK_ADS=on
      - UNBLOCK=
      # Firewall
      - EXTRA_SUBNETS=10.54.1.0/24
      # Shadowsocks
      - SHADOWSOCKS=on
      - SHADOWSOCKS_LOG=off
      - SHADOWSOCKS_PORT=8388
      - SHADOWSOCKS_PASSWORD=
      #Tinyproxy
      - TINYPROXY=off
      - TINYPROXY_LOG=Info
      - TINYPROXY_PORT=8888
      - TINYPROXY_USER=
      - TINYPROXY_PASSWORD=

    restart: always

  sabnzbd:
    image: linuxserver/sabnzbd:latest
    container_name: sabnzbd
    network_mode: "service:vpn"
    environment:
      - PUID=1000
      - PGID=100
      - TZ=Europe/Amsterdam
    volumes:
      - /srv/dev-disk-by-label-NASinternalUSB1/sabnzbd:/config
      - /srv/dev-disk-by-label-BarraCuda/sabnzbd/downloads:/downloads
      - /srv/dev-disk-by-label-BarraCuda/sabnzbd/incomplete-downloads:/incomplete-downloads
    restart: always

  hydra2:
    image: linuxserver/hydra2:latest
    container_name: hydra2
    network_mode: "service:vpn"
    environment:
      - PUID=1000
      - PGID=100
      - TZ=Europe/Amsterdam
    volumes:
      - /srv/dev-disk-by-label-NASinternalUSB1/hydra:/config
      - /srv/dev-disk-by-label-BarraCuda/hydra/downloads:/downloads
    restart: always

  qbittorrent:
    image: linuxserver/qbittorrent:latest
    container_name: qbittorrent
    network_mode: "service:vpn"
    environment:
      - PUID=1000
      - PGID=100
      - TZ=Europe/Amsterdam
      - UMASK_SET=022
      - WEBUI_PORT=9503
    volumes:
      - /srv/dev-disk-by-label-NASinternalUSB1/qbittorrent:/config
      - /srv/dev-disk-by-label-BarraCuda/qbittorrent/downloads:/downloads
    restart: always

  firefox:
    image: jlesage/firefox:latest
    container_name: firefox
    network_mode: "service:vpn"
    volumes:
      - /srv/dev-disk-by-label-NASinternalUSB1/firefox:/config:rw
      - /dev/shm:/dev/shm
    restart: always

Can you try with the latest Docker image (build)? It should show the Timezone at start in the logs, from the environment variable TZ.

Here’s a part of the log:

System settings:
|--User ID: 1000
|--Group ID: 1000
|--Timezone: europe/amsterdam

And you’re sure if you run docker exec -it vpn echo "$TZ" it returns nothing? That’s just very bizarre

Yeah sure, see your whatsapp.

Oddly I don’t have neither of the error messages in my log anymore. I only have, every hour:

2020-03-30T15:39:32.302Z        INFO    openvpn: Mon Mar 30 15:39:32 2020 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA
2020-03-30T15:39:32.305Z        INFO    openvpn: Mon Mar 30 15:39:32 2020 VERIFY KU OK
2020-03-30T15:39:32.305Z        INFO    openvpn: Mon Mar 30 15:39:32 2020 Validating certificate extended key usage
2020-03-30T15:39:32.305Z        INFO    openvpn: Mon Mar 30 15:39:32 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2020-03-30T15:39:32.305Z        INFO    openvpn: Mon Mar 30 15:39:32 2020 VERIFY EKU OK
2020-03-30T15:39:32.305Z        INFO    openvpn: Mon Mar 30 15:39:32 2020 VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
2020-03-30T15:39:32.504Z        INFO    openvpn: Mon Mar 30 15:39:32 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2020-03-30T15:39:32.504Z        INFO    openvpn: Mon Mar 30 15:39:32 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2020-03-30T15:39:32.505Z        INFO    openvpn: Mon Mar 30 15:39:32 2020 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA

Here’s my log:

2020-03-31T14:15:45.152+0200	INFO	openvpn: Tue Mar 31 14:15:45 2020 Initialization Sequence Completed
2020-03-31T16:35:38.563+0200	INFO	openvpn: Tue Mar 31 16:35:38 2020 TLS Error: local/remote TLS keys are out of sync: [AF_INET]46.166.143.98:54783 [0]
2020-03-31T16:37:11.282+0200	INFO	openvpn: Tue Mar 31 16:37:11 2020 TLS Error: local/remote TLS keys are out of sync: [AF_INET]46.166.143.98:54783 [0]
2020-03-31T16:37:37.776+0200	INFO	openvpn: Tue Mar 31 16:37:37 2020 AEAD Decrypt error: cipher final failed
2020-03-31T16:46:08.468+0200	INFO	unbound: [1585665968] unbound[21:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
2020-03-31T16:46:42.431+0200	INFO	openvpn: Tue Mar 31 16:46:42 2020 AEAD Decrypt error: cipher final failed
2020-03-31T16:46:45.236+0200	INFO	openvpn: Tue Mar 31 16:46:45 2020 TLS Error: local/remote TLS keys are out of sync: [AF_INET]46.166.143.98:54783 [0]
2020-03-31T16:47:08.613+0200	INFO	openvpn: Tue Mar 31 16:47:08 2020 TLS Error: local/remote TLS keys are out of sync: [AF_INET]46.166.143.98:54783 [0]
2020-03-31T16:48:04.489+0200	INFO	openvpn: Tue Mar 31 16:48:04 2020 AEAD Decrypt error: cipher final failed
2020-03-31T16:48:29.052+0200	INFO	openvpn: Tue Mar 31 16:48:29 2020 TLS Error: local/remote TLS keys are out of sync: [AF_INET]46.166.143.98:54783 [0]
2020-03-31T16:48:39.405+0200	INFO	openvpn: Tue Mar 31 16:48:39 2020 TLS Error: local/remote TLS keys are out of sync: [AF_INET]46.166.143.98:54783 [0]
2020-03-31T16:48:53.703+0200	INFO	openvpn: Tue Mar 31 16:48:53 2020 TLS Error: local/remote TLS keys are out of sync: [AF_INET]46.166.143.98:54783 [0]
2020-03-31T16:49:41.692+0200	INFO	openvpn: Tue Mar 31 16:49:41 2020 TLS Error: local/remote TLS keys are out of sync: [AF_INET]46.166.143.98:54783 [0]
2020-03-31T16:50:37.409+0200	INFO	openvpn: Tue Mar 31 16:50:37 2020 AEAD Decrypt error: cipher final failed
2020-03-31T16:50:48.360+0200	INFO	openvpn: Tue Mar 31 16:50:48 2020 TLS Error: local/remote TLS keys are out of sync: [AF_INET]46.166.143.98:54783 [0]
2020-03-31T16:52:00.030+0200	INFO	openvpn: Tue Mar 31 16:52:00 2020 AEAD Decrypt error: cipher final failed
2020-03-31T16:53:02.030+0200	INFO	openvpn: Tue Mar 31 16:53:02 2020 TLS Error: local/remote TLS keys are out of sync: [AF_INET]46.166.143.98:54783 [0]
2020-03-31T16:53:24.509+0200	INFO	openvpn: Tue Mar 31 16:53:24 2020 TLS Error: local/remote TLS keys are out of sync: [AF_INET]46.166.143.98:54783 [0]
2020-03-31T16:53:41.796+0200	INFO	openvpn: Tue Mar 31 16:53:41 2020 AEAD Decrypt error: cipher final failed
2020-03-31T16:53:55.071+0200	INFO	openvpn: Tue Mar 31 16:53:55 2020 TLS Error: local/remote TLS keys are out of sync: [AF_INET]46.166.143.98:54783 [6]
2020-03-31T16:55:52.536+0200	INFO	openvpn: Tue Mar 31 16:55:52 2020 TLS Error: local/remote TLS keys are out of sync: [AF_INET]46.166.143.98:54783 [0]
2020-03-31T16:56:11.692+0200	INFO	openvpn: Tue Mar 31 16:56:11 2020 TLS Error: local/remote TLS keys are out of sync: [AF_INET]46.166.143.98:54783 [0]
2020-03-31T19:16:58.825+0200	INFO	unbound: [1585675018] unbound[21:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
2020-03-31T19:39:44.306+0200	INFO	openvpn: Tue Mar 31 19:39:44 2020 TLS Error: local/remote TLS keys are out of sync: [AF_INET]46.166.143.98:54783 [0]

Back to pia, I 🔥 allmost all my windscribe data 😄

Hey Frepke! Do you still get this error 🤔 My hand is 🔥 to close the issue 😄

Hey Frepke! Do you still get this error 🤔 My hand is 🔥 to close the issue 😄

Hey Quentin, I don’t have this error anymore because I switched to another provider 😁

Please close the issue.

yes they still exist

2021-01-16T21:48:44.111+0100 INFO openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]217.138.194.115:54783 [4]
2021-01-16T21:48:02.110+0100 INFO openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]217.138.194.115:54783 [0]
2021-01-16T21:46:41.765+0100 INFO openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]217.138.194.115:54783 [0]
2021-01-16T21:45:54.502+0100 INFO openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]217.138.194.115:54783 [0]
2021-01-16T21:40:42.742+0100 INFO openvpn: AEAD Decrypt error: cipher final failed
2021-01-16T21:31:55.881+0100 INFO openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]217.138.194.115:54783 [0]
2021-01-16T21:30:42.425+0100 INFO openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]217.138.194.115:54783 [0]
2021-01-16T21:30:14.600+0100 INFO openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]217.138.194.115:54783 [0]
2021-01-16T21:19:38.204+0100 INFO openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]217.138.194.115:54783 [0]
2021-01-16T21:07:25.719+0100 INFO openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]217.138.194.115:54783 [2]
2021-01-16T21:00:23.062+0100 INFO openvpn: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2021-01-16T21:00:23.062+0100 INFO openvpn: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-16T21:00:23.061+0100 INFO openvpn: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-16T21:00:23.030+0100 INFO openvpn: VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
2021-01-16T21:00:23.030+0100 INFO openvpn: VERIFY EKU OK
2021-01-16T21:00:23.030+0100 INFO openvpn: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-16T21:00:23.030+0100 INFO openvpn: Validating certificate extended key usage
2021-01-16T21:00:23.030+0100 INFO openvpn: VERIFY KU OK
2021-01-16T21:00:23.029+0100 INFO openvpn: VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA

So nothing came today, I keep watching

2021-01-17T16:01:32.420+0100 INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-17T16:01:22.351+0100 INFO openvpn: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2021-01-17T16:01:22.351+0100 INFO openvpn: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-17T16:01:22.350+0100 INFO openvpn: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-17T16:01:22.321+0100 INFO openvpn: VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
2021-01-17T16:01:22.321+0100 INFO openvpn: VERIFY EKU OK
2021-01-17T16:01:22.321+0100 INFO openvpn: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-17T16:01:22.320+0100 INFO openvpn: Validating certificate extended key usage
2021-01-17T16:01:22.320+0100 INFO openvpn: VERIFY KU OK
2021-01-17T16:01:22.319+0100 INFO openvpn: VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA
2021-01-17T15:01:22.547+0100 INFO openvpn: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2021-01-17T15:01:22.546+0100 INFO openvpn: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-17T15:01:22.546+0100 INFO openvpn: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-17T15:01:22.517+0100 INFO openvpn: VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
2021-01-17T15:01:22.517+0100 INFO openvpn: VERIFY EKU OK
2021-01-17T15:01:22.516+0100 INFO openvpn: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-17T15:01:22.516+0100 INFO openvpn: Validating certificate extended key usage
2021-01-17T15:01:22.516+0100 INFO openvpn: VERIFY KU OK
2021-01-17T15:01:22.515+0100 INFO openvpn: VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA
2021-01-17T14:01:22.997+0100 INFO openvpn: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2021-01-17T14:01:22.997+0100 INFO openvpn: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-17T14:01:22.997+0100 INFO openvpn: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-17T14:01:22.968+0100 INFO openvpn: VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
2021-01-17T14:01:22.968+0100 INFO openvpn: VERIFY EKU OK
2021-01-17T14:01:22.967+0100 INFO openvpn: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-17T14:01:22.967+0100 INFO openvpn: Validating certificate extended key usage
2021-01-17T14:01:22.967+0100 INFO openvpn: VERIFY KU OK

=========================================
================ Gluetun ================
=========================================
==== A mix of OpenVPN, DNS over TLS, ====
======= Shadowsocks and HTTP proxy ======
========= all glued up with Go ==========
=========================================
=========== For tunneling to ============
======== your favorite VPN server =======
=========================================
=== Made with ❤️  by github.com/qdm12 ====
=========================================
 
Running version windscribe-tls-sync built on 2021-01-22T13:34:05Z (commit 379038a)
 
 
🔧  Need help? https://github.com/qdm12/gluetun/issues/new
💻  Email? quentin.mcgaw@gmail.com
☕  Slack? Join from the Slack button on Github
💸  Help me? https://github.com/sponsors/qdm12
2021-01-22T16:16:49.904+0100 INFO Unbound version: 1.10.1
2021-01-22T16:16:49.948+0100 INFO IPtables version: v1.8.4
2021-01-22T16:16:50.003+0100 INFO OpenVPN version: 2.4.10
2021-01-22T16:16:50.003+0100 WARN You are using the old environment variable USER, please consider changing it to OPENVPN_USER
2021-01-22T16:16:50.003+0100 WARN You are using the old environment variable PASSWORD, please consider changing it to OPENVPN_PASSWORD
2021-01-22T16:16:50.003+0100 WARN You are using the old environment variable HOSTNAME, please consider changing it to SERVER_HOSTNAME
2021-01-22T16:16:50.004+0100 INFO Settings summary below:
OpenVPN settings:
|--User: [redacted]
|--Password: [redacted]
|--Verbosity level: 2
|--Run as root: no
|--Windscribe settings:
|--Network protocol: udp
|--Regions: switzerland, netherlands
|--Custom port: 54783
|--Custom cipher: aes-256-gcm
|--Custom auth algorithm: sha512
System settings:
|--Process user ID: 1000
|--Process group ID: 1000
|--Timezone: europe/berlin
DNS settings:
|--Unbound:
|--DNS over TLS provider:
|--cloudflare
|--Listening port: 53
|--Access control:
|--Allowed:
|--    |--0.0.0.0/0
|--    |--::/0
|--Caching: enabled
|--IPv4 resolution: enabled
|--IPv6 resolution: disabled
|--Verbosity level: 1/5
|--Verbosity details level: 0/4
|--Validation log level: 0/2
|--Blocked hostnames:
|--Blocked IP addresses:
|--127.0.0.1/8
|--10.0.0.0/8
|--172.16.0.0/12
|--192.168.0.0/16
|--169.254.0.0/16
|--::1/128
|--fc00::/7
|--fe80::/10
|--::ffff:0:0/96
|--Allowed hostnames:
|--Block malicious: enabled
|--Block ads: disabled
|--Block surveillance: disabled
|--Update: every 24h0m0s
|--Keep nameserver (disabled blocking): no
Firewall settings:
|--VPN input ports:
|--Input ports:
|--Outbound subnets:
HTTP Proxy settings: disabled
ShadowSocks settings: disabled
HTTP Control server:
|--Listening port: 8000
|--Logging: true
Server updater settings: disabled
Public IP getter settings:
|--Period: 1h0m0s
|--IP file: /tmp/gluetun/ip
Version information: enabled
 
2021-01-22T16:16:50.260+0100 INFO storage: merging by most recent 6448 hardcoded servers and 6448 servers read from /gluetun/servers.json
2021-01-22T16:16:50.315+0100 INFO routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-22T16:16:50.315+0100 INFO routing: local subnet found: 172.17.0.0/16
2021-01-22T16:16:50.317+0100 INFO routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-22T16:16:50.317+0100 INFO routing: adding route for 0.0.0.0/0
2021-01-22T16:16:50.318+0100 INFO firewall: firewall disabled, only updating allowed subnets internal list
2021-01-22T16:16:50.318+0100 INFO routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-22T16:16:50.318+0100 INFO openvpn configurator: checking for device /dev/net/tun
2021-01-22T16:16:50.318+0100 INFO firewall: enabling...
2021-01-22T16:16:50.435+0100 INFO firewall: enabled successfully
2021-01-22T16:16:50.435+0100 INFO Launching standard output merger
2021-01-22T16:16:50.436+0100 INFO dns over tls: using plaintext DNS at address 1.1.1.1
2021-01-22T16:16:50.437+0100 INFO healthcheck: listening on 127.0.0.1:9999
2021-01-22T16:16:50.437+0100 INFO http server: listening on 0.0.0.0:8000
2021-01-22T16:16:50.437+0100 INFO firewall: setting VPN connection through firewall...
2021-01-22T16:16:50.438+0100 INFO openvpn configurator: starting openvpn
2021-01-22T16:16:50.440+0100 ERROR openvpn: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/target.ovpn:20: proto (2.4.10)
2021-01-22T16:16:50.440+0100 INFO openvpn: Use --help for more information.
2021-01-22T16:16:50.441+0100 ERROR openvpn: exit status 1
2021-01-22T16:16:50.441+0100 INFO openvpn: retrying in 15s
2021-01-22T16:16:50.441+0100 WARN close |0: file already closed
2021-01-22T16:16:54.783+0100 ERROR healthcheck: lookup github.com on 192.168.178.52:53: write udp 172.17.0.6:60891->1.1.1.1:53: write: operation not permitted
2021-01-22T16:17:00.134+0100 ERROR healthcheck: lookup github.com on 192.168.178.52:53: write udp 172.17.0.6:48594->1.1.1.1:53: write: operation not permitted
2021-01-22T16:17:05.442+0100 INFO firewall: setting VPN connection through firewall...
2021-01-22T16:17:05.442+0100 INFO openvpn configurator: starting openvpn
2021-01-22T16:17:05.445+0100 ERROR openvpn: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/target.ovpn:20: proto (2.4.10)
2021-01-22T16:17:05.445+0100 INFO openvpn: Use --help for more information.
2021-01-22T16:17:05.445+0100 WARN close |0: file already closed
2021-01-22T16:17:05.445+0100 ERROR openvpn: exit status 1
2021-01-22T16:17:05.445+0100 INFO openvpn: retrying in 15s
2021-01-22T16:17:05.884+0100 ERROR healthcheck: lookup github.com on 192.168.178.52:53: write udp 172.17.0.6:36713->1.1.1.1:53: write: operation not permitted
2021-01-22T16:17:11.772+0100 ERROR healthcheck: lookup github.com on 192.168.178.52:53: write udp 172.17.0.6:52498->1.1.1.1:53: write: operation not permitted
2021-01-22T16:17:18.046+0100 ERROR healthcheck: lookup github.com on 192.168.178.52:53: write udp 172.17.0.6:33215->1.1.1.1:53: write: operation not permitted
2021-01-22T16:17:20.446+0100 INFO firewall: setting VPN connection through firewall...
2021-01-22T16:17:20.505+0100 INFO openvpn configurator: starting openvpn
2021-01-22T16:17:20.508+0100 INFO openvpn: OpenVPN 2.4.10 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan  4 2021
2021-01-22T16:17:20.508+0100 INFO openvpn: library versions: OpenSSL 1.1.1i  8 Dec 2020, LZO 2.10
2021-01-22T16:17:20.544+0100 INFO openvpn: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-01-22T16:17:20.544+0100 INFO openvpn: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-01-22T16:17:20.545+0100 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]185.212.171.131:54783
2021-01-22T16:17:20.545+0100 INFO openvpn: UDP link local: (not bound)
2021-01-22T16:17:20.545+0100 INFO openvpn: UDP link remote: [AF_INET]185.212.171.131:54783
2021-01-22T16:17:20.582+0100 INFO openvpn: VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA
2021-01-22T16:17:20.583+0100 INFO openvpn: VERIFY KU OK
2021-01-22T16:17:20.583+0100 INFO openvpn: Validating certificate extended key usage
2021-01-22T16:17:20.583+0100 INFO openvpn: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-22T16:17:20.584+0100 INFO openvpn: VERIFY EKU OK
2021-01-22T16:17:20.584+0100 INFO openvpn: VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
2021-01-22T16:17:20.622+0100 INFO openvpn: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2021-01-22T16:17:20.622+0100 INFO openvpn: [Windscribe Node Server 4096] Peer Connection Initiated with [AF_INET]185.212.171.131:54783
2021-01-22T16:17:23.563+0100 ERROR healthcheck: lookup github.com on 192.168.178.52:53: write udp 172.17.0.6:38946->1.1.1.1:53: write: operation not permitted
2021-01-22T16:17:27.181+0100 INFO openvpn: Data Channel: using negotiated cipher 'AES-256-GCM'
2021-01-22T16:17:27.181+0100 INFO openvpn: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-22T16:17:27.181+0100 INFO openvpn: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-22T16:17:27.181+0100 INFO openvpn: TUN/TAP device tun0 opened
2021-01-22T16:17:27.181+0100 INFO openvpn: /sbin/ip link set dev tun0 up mtu 1500
2021-01-22T16:17:27.309+0100 INFO openvpn: /sbin/ip addr add dev tun0 10.114.126.12/23 broadcast 10.114.127.255
2021-01-22T16:17:27.315+0100 INFO openvpn: UID set to nonrootuser
2021-01-22T16:17:27.315+0100 INFO openvpn: Initialization Sequence Completed
2021-01-22T16:17:27.315+0100 INFO dns over tls: downloading DNS over TLS cryptographic files
2021-01-22T16:17:27.514+0100 INFO healthcheck: passed
2021-01-22T16:17:28.828+0100 INFO dns over tls: downloading hostnames and IP block lists
2021-01-22T16:17:29.896+0100 INFO unbound: init module 0: validator
2021-01-22T16:17:29.897+0100 INFO unbound: init module 1: iterator
2021-01-22T16:17:29.932+0100 INFO unbound: start of service (unbound 1.10.1).
2021-01-22T16:17:30.005+0100 INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-22T16:17:30.309+0100 INFO dns over tls: ready
2021-01-22T16:17:30.309+0100 INFO VPN routing IP address: 185.212.171.131
2021-01-22T16:17:30.655+0100 INFO There is a new release v3.10.3 (v3.10.3 Fix DNS_KEEP_NAMESERVER behavior) created 15 days ago
2021-01-22T16:17:30.945+0100 INFO ip getter: Public IP address is 185.212.171.137
2021-01-22T16:28:47.069+0100 INFO openvpn: AEAD Decrypt error: cipher final failed
2021-01-22T16:36:51.739+0100 INFO openvpn: AEAD Decrypt error: cipher final failed
2021-01-22T16:38:32.240+0100 INFO openvpn: AEAD Decrypt error: cipher final failed
2021-01-22T16:43:45.353+0100 INFO openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [3]
2021-01-22T16:47:25.290+0100 INFO openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [3]
2021-01-22T16:49:03.218+0100 INFO openvpn: AEAD Decrypt error: cipher final failed

strange that it started yesterday evening (the connection was not disconnected), at 06:00 it was restarted and then nothing worked

it always starts shortly before the weekend

I’ll try with

-v /etc/localtime:/etc/localtime:ro

and what is this here?

2021-01-22T16:16:50.440+0100 ERROR openvpn: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/target.ovpn:20: proto (2.4.10)

=========================================
================ Gluetun ================
=========================================
==== A mix of OpenVPN, DNS over TLS, ====
======= Shadowsocks and HTTP proxy ======
========= all glued up with Go ==========
=========================================
=========== For tunneling to ============
======== your favorite VPN server =======
=========================================
=== Made with ❤️  by github.com/qdm12 ====
=========================================
,
Running version windscribe-tls-sync built on 2021-01-22T13:34:05Z (commit 379038a)
,
,
🔧  Need help? https://github.com/qdm12/gluetun/issues/new
💻  Email? quentin.mcgaw@gmail.com
☕  Slack? Join from the Slack button on Github
💸  Help me? https://github.com/sponsors/qdm12
2021-01-23T05:00:20.858Z	INFO	OpenVPN version: 2.4.10
2021-01-23T05:00:20.910Z	INFO	Unbound version: 1.10.1
2021-01-23T05:00:20.997Z	INFO	IPtables version: v1.8.4
"2021-01-23T05:00:20.997Z	WARN	You are using the old environment variable USER, please consider changing it to OPENVPN_USER
"2021-01-23T05:00:20.997Z	WARN	You are using the old environment variable PASSWORD, please consider changing it to OPENVPN_PASSWORD
"2021-01-23T05:00:20.998Z	WARN	You are using the old environment variable HOSTNAME, please consider changing it to SERVER_HOSTNAME
2021-01-23T05:00:20.998Z	INFO	Settings summary below:
OpenVPN settings:
|--User: [redacted]
|--Password: [redacted]
|--Verbosity level: 2
|--Run as root: no
|--Windscribe settings:
 |--Network protocol: udp
" |--Regions: switzerland, netherlands
 |--Custom port: 54783
|--Custom cipher: aes-256-gcm
|--Custom auth algorithm: sha512
System settings:
|--Process user ID: 1000
|--Process group ID: 1000
|--Timezone: 
DNS settings:
 |--Unbound:
    |--DNS over TLS provider:
       |--cloudflare
    |--Listening port: 53
    |--Access control:
       |--Allowed:
    |--    |--0.0.0.0/0
    |--    |--::/0
    |--Caching: enabled
    |--IPv4 resolution: enabled
    |--IPv6 resolution: disabled
    |--Verbosity level: 1/5
    |--Verbosity details level: 0/4
    |--Validation log level: 0/2
    |--Blocked hostnames:
    |--Blocked IP addresses:
       |--127.0.0.1/8
       |--10.0.0.0/8
       |--172.16.0.0/12
       |--192.168.0.0/16
       |--169.254.0.0/16
       |--::1/128
       |--fc00::/7
       |--fe80::/10
       |--::ffff:0:0/96
    |--Allowed hostnames:
 |--Block malicious: enabled
 |--Block ads: disabled
 |--Block surveillance: disabled
 |--Update: every 24h0m0s
 |--Keep nameserver (disabled blocking): no
Firewall settings:
 |--VPN input ports: 
 |--Input ports: 
 |--Outbound subnets: 
HTTP Proxy settings: disabled
ShadowSocks settings: disabled
HTTP Control server:
 |--Listening port: 8000
 |--Logging: true
Server updater settings: disabled
Public IP getter settings:
|--Period: 1h0m0s
|--IP file: /tmp/gluetun/ip
Version information: enabled
,
2021-01-23T05:00:21.187Z	INFO	storage: merging by most recent 6448 hardcoded servers and 6448 servers read from /gluetun/servers.json
"2021-01-23T05:00:21.282Z	INFO	routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-23T05:00:21.283Z	INFO	routing: local subnet found: 172.17.0.0/16
"2021-01-23T05:00:21.284Z	INFO	routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-23T05:00:21.284Z	INFO	routing: adding route for 0.0.0.0/0
"2021-01-23T05:00:21.285Z	INFO	firewall: firewall disabled, only updating allowed subnets internal list
"2021-01-23T05:00:21.285Z	INFO	routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-23T05:00:21.285Z	INFO	openvpn configurator: checking for device /dev/net/tun
2021-01-23T05:00:21.285Z	INFO	firewall: enabling...
2021-01-23T05:00:21.492Z	INFO	firewall: enabled successfully
2021-01-23T05:00:21.492Z	INFO	healthcheck: listening on 127.0.0.1:9999
2021-01-23T05:00:21.492Z	INFO	Launching standard output merger
2021-01-23T05:00:21.492Z	INFO	http server: listening on 0.0.0.0:8000
2021-01-23T05:00:21.492Z	INFO	dns over tls: using plaintext DNS at address 1.1.1.1
2021-01-23T05:00:21.493Z	INFO	firewall: setting VPN connection through firewall...
2021-01-23T05:00:21.493Z	INFO	openvpn configurator: starting openvpn
2021-01-23T05:00:21.496Z	ERROR	openvpn: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/target.ovpn:20: proto (2.4.10)
2021-01-23T05:00:21.496Z	INFO	openvpn: Use --help for more information.
2021-01-23T05:00:21.497Z	ERROR	openvpn: exit status 1
2021-01-23T05:00:21.497Z	INFO	openvpn: retrying in 15s
2021-01-23T05:00:21.497Z	WARN	close |0: file already closed
2021-01-23T05:00:25.855Z	ERROR	healthcheck: lookup github.com on 192.168.178.52:53: write udp 172.17.0.6:33831->1.1.1.1:53: write: operation not permitted
2021-01-23T05:00:32.151Z	ERROR	healthcheck: lookup github.com on 192.168.178.52:53: write udp 172.17.0.6:46735->1.1.1.1:53: write: operation not permitted
2021-01-23T05:00:36.690Z	INFO	firewall: setting VPN connection through firewall...
2021-01-23T05:00:37.040Z	INFO	openvpn configurator: starting openvpn
2021-01-23T05:00:37.043Z	INFO	openvpn: OpenVPN 2.4.10 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan  4 2021
"2021-01-23T05:00:37.043Z	INFO	openvpn: library versions: OpenSSL 1.1.1i  8 Dec 2020, LZO 2.10
2021-01-23T05:00:37.288Z	INFO	openvpn: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-01-23T05:00:37.288Z	INFO	openvpn: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-01-23T05:00:37.288Z	INFO	openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]185.212.171.131:54783
2021-01-23T05:00:37.288Z	INFO	openvpn: UDP link local: (not bound)
2021-01-23T05:00:37.288Z	INFO	openvpn: UDP link remote: [AF_INET]185.212.171.131:54783
"2021-01-23T05:00:37.325Z	INFO	openvpn: VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA
2021-01-23T05:00:37.326Z	INFO	openvpn: VERIFY KU OK
2021-01-23T05:00:37.326Z	INFO	openvpn: Validating certificate extended key usage
"2021-01-23T05:00:37.326Z	INFO	openvpn: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-23T05:00:37.326Z	INFO	openvpn: VERIFY EKU OK
"2021-01-23T05:00:37.326Z	INFO	openvpn: VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
"2021-01-23T05:00:37.366Z	INFO	openvpn: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2021-01-23T05:00:37.366Z	INFO	openvpn: [Windscribe Node Server 4096] Peer Connection Initiated with [AF_INET]185.212.171.131:54783
2021-01-23T05:00:38.616Z	INFO	openvpn: Data Channel: using negotiated cipher 'AES-256-GCM'
2021-01-23T05:00:38.616Z	INFO	openvpn: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-23T05:00:38.617Z	INFO	openvpn: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-23T05:00:38.617Z	INFO	openvpn: TUN/TAP device tun0 opened
2021-01-23T05:00:38.618Z	INFO	openvpn: /sbin/ip link set dev tun0 up mtu 1500
2021-01-23T05:00:38.811Z	INFO	openvpn: /sbin/ip addr add dev tun0 10.114.126.16/23 broadcast 10.114.127.255
2021-01-23T05:00:38.818Z	INFO	openvpn: UID set to nonrootuser
2021-01-23T05:00:38.818Z	INFO	openvpn: Initialization Sequence Completed
2021-01-23T05:00:38.818Z	INFO	dns over tls: downloading DNS over TLS cryptographic files
2021-01-23T05:00:39.535Z	INFO	healthcheck: passed
2021-01-23T05:00:40.631Z	INFO	dns over tls: downloading hostnames and IP block lists
2021-01-23T05:00:41.516Z	INFO	unbound: init module 0: validator
2021-01-23T05:00:41.516Z	INFO	unbound: init module 1: iterator
2021-01-23T05:00:41.546Z	INFO	unbound: start of service (unbound 1.10.1).
2021-01-23T05:00:41.619Z	INFO	unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-23T05:00:41.913Z	INFO	dns over tls: ready
2021-01-23T05:00:41.913Z	INFO	VPN routing IP address: 185.212.171.131
2021-01-23T05:00:42.222Z	INFO	There is a new release v3.10.3 (v3.10.3 Fix DNS_KEEP_NAMESERVER behavior) created 16 days ago
2021-01-23T05:00:42.457Z	INFO	ip getter: Public IP address is 185.212.171.138
2021-01-23T05:03:51.583Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T05:13:17.071Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T05:50:20.134Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [1]
2021-01-23T05:50:51.458Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T05:54:34.990Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [1]
2021-01-23T05:55:27.333Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [2]
2021-01-23T05:55:32.539Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T05:56:48.638Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [2]
2021-01-23T06:00:21.492Z	INFO	ip getter: starting
2021-01-23T06:03:17.832Z	INFO	unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-23T06:08:39.428Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [1]
2021-01-23T06:10:20.162Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [3]
2021-01-23T06:15:08.145Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T06:23:37.379Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [3]
2021-01-23T06:25:39.328Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T06:30:52.108Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [2]
2021-01-23T06:30:53.531Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T06:36:23.617Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T06:41:17.422Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [5]
2021-01-23T07:15:10.707Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [4]
2021-01-23T07:15:13.142Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T07:16:29.273Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [3]
2021-01-23T07:16:49.262Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T07:17:20.533Z	INFO	unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-23T07:17:21.049Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T07:17:31.736Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T07:18:10.985Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [5]
2021-01-23T07:19:03.630Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T07:19:37.531Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [1]
2021-01-23T07:29:35.778Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T07:30:09.361Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T07:40:06.372Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T07:40:53.369Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T07:43:23.001Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [2]
2021-01-23T07:46:12.018Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [1]
2021-01-23T07:52:12.098Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [6]
2021-01-23T07:52:17.884Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [5]
2021-01-23T07:52:26.442Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [1]
2021-01-23T08:06:19.893Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T08:21:28.264Z	INFO	unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-23T09:02:17.460Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [2]
2021-01-23T09:10:32.455Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [2]
2021-01-23T09:13:26.819Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T09:16:38.175Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T09:20:49.005Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [7]
2021-01-23T09:22:50.194Z	INFO	unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-23T09:36:49.528Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [7]
2021-01-23T09:43:24.095Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T09:50:14.742Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [2]
2021-01-23T10:32:38.565Z	INFO	unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-23T11:05:49.612Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T11:11:50.972Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T11:12:40.118Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [3]
2021-01-23T11:12:40.286Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [6]
2021-01-23T11:13:41.454Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [7]
2021-01-23T11:15:21.301Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T11:15:42.167Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T11:41:39.495Z	INFO	unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-23T11:45:16.278Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T11:45:17.127Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T12:01:00.631Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [4]
2021-01-23T12:04:37.744Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T12:53:20.508Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [1]
2021-01-23T12:53:39.521Z	INFO	unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-23T13:00:39.597Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T13:09:33.029Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T13:10:32.632Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T13:55:07.915Z	INFO	unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-23T14:18:20.081Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T14:20:38.189Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [1]
2021-01-23T14:53:12.495Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T14:53:26.262Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [5]
2021-01-23T14:55:08.274Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T14:56:33.954Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T15:00:39.675Z	INFO	unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-23T15:00:39.675Z	INFO	unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-23T15:03:14.990Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T15:06:04.563Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T15:15:34.066Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T15:15:45.833Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T15:30:42.414Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [4]
2021-01-23T15:31:49.592Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T15:35:32.558Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T15:41:29.113Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T16:06:26.564Z	INFO	unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-23T16:06:50.261Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T16:29:37.560Z	INFO	openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]185.212.171.131:54783 [3]
2021-01-23T16:29:51.887Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T16:36:21.535Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T16:43:57.104Z	INFO	openvpn: AEAD Decrypt error: cipher final failed
2021-01-23T17:00:43.941Z	INFO	openvpn: AEAD Decrypt error: cipher final failed

For

ERROR openvpn: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/target.ovpn:20: proto (2.4.10)

I added some debug logs in the image (re-pull it), please let me know what you get.

I also added ncp-disable which may help the AEAD Decrypt error: cipher final failed error.

Regarding the TLS issues, can someone send an example of an openvpn configuration for Windscribe (don’t have a Pro account anymore with them). Maybe they have changed their configuration/certificates since the last time. Although that makes little sense as it seems to work for some time, but who knows!

Thanks!

when inserting some characters are gone

client
dev tun
proto udp
remote adl-354.whiskergalaxy.com 54783
nobind
auth-user-pass
resolv-retry infinite
auth SHA512
cipher AES-256-CBC
comp-lzo
verb 2
mute-replay-warnings
remote-cert-tls server
persist-key
persist-tun
key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
MIIF3DCCA8SgAwIBAgIJAMsOivWTmu9fMA0GCSqGSIb3DQEBCwUAMHsxCzAJBgNV
BAYTAkNBMQswCQYDVQQIDAJPTjEQMA4GA1UEBwwHVG9yb250bzEbMBkGA1UECgwS
V2luZHNjcmliZSBMaW1pdGVkMRMwEQYDVQQLDApPcGVyYXRpb25zMRswGQYDVQQD
DBJXaW5kc2NyaWJlIE5vZGUgQ0EwHhcNMTYwMzA5MDMyNjIwWhcNNDAxMDI5MDMy
NjIwWjB7MQswCQYDVQQGEwJDQTELMAkGA1UECAwCT04xEDAOBgNVBAcMB1Rvcm9u
dG8xGzAZBgNVBAoMEldpbmRzY3JpYmUgTGltaXRlZDETMBEGA1UECwwKT3BlcmF0
aW9uczEbMBkGA1UEAwwSV2luZHNjcmliZSBOb2RlIENBMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAruBtLR1Vufd71LeQEqChgHS4AQJ0fSRner0gmZPE
r2TL5uWboOEWXFFoEUTthF+P/N8yy3xRZ8HhG/zKlmJ1xw+7KZRbTADD6shJPj3/
uvTIO80sU+9LmsyKSWuPhQ1NkgNA7rrMTfz9eHJ2MVDs4XCpYWyX9iuAQrHSY6aP
q+4TpCbUgprkM3Gwjh9RSt9IoDoc4CF2bWSaVepUcL9yz/SXLPzFx2OT9rFrDhL3
ryHRzJQ/tA+VD8A7lo8bhOcDqiXgEFmVOZNMLw+r167Qq1Ck7X86yr2mnW/6HK2g
JOvY0/SPKukfGJAiYZKdG+fe4ekyYcAVhDfPJg7rF9wUqPwUzejJyAs1K18JwX94
Y8fnD6vQobjpC3qfHtwQP7Uj2AcI6QC8ytWDegV6UIkHXAMXBQSX5suSQoE11deG
32cy7nyp5vhgy31rTyNoopqlcCAhPm6k0jVVQbvXhLcpTSL8iCCoMdrP28i/xsfv
ktBAkl5giHMdK6hxqWgPI+Bx9uPIhRp3fJ2z8AgFm8g1ARB2ZzQ+OZZ2RUIkJuUK
hi2kUhgKSAQ+eF89aoqDjp/J1miZqGRzt4DovSZfQOeL01RkKHEibAPYCfgHG2ZS
woLoeaxE2vNZiX4dpXiOQYTOIXOwEPZzPvfTQf9T4Kxvx3jzQnt3PzjlMCqKk3Ai
pm8CAwEAAaNjMGEwHQYDVR0OBBYEFEH2v9F2z938Ebngsj9RkVSSgs45MB8GA1Ud
IwQYMBaAFEH2v9F2z938Ebngsj9RkVSSgs45MA8GA1UdEwEB/wQFMAMBAf8wDgYD
VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQAgI6NgYkVo5rB6yKStgHjj
ZsINsgEvoMuHwkM0YaV22XtKNiHdsiOmY/PGCRemFobTEHk5XHcvcOTWv/D1qVf8
fI21WAoNQVH7h8KEsr4uMGKCB6Lu8l6xALXRMjo1xb6JKBWXwIAzUu691rUD2exT
1E+A5t+xw+gzqV8rWTMIoUaH7O1EKjN6ryGW71Khiik8/ETrP3YT32ZbS2P902iM
Kw9rpmuS0wWhnO5k/iO/6YNA1ZMV5JG5oZvZQYEDk7enLD9HvqazofMuy/Sz/n62
ZCDdQsnabzxl04wwv5Y3JZbV/6bOM520GgdJEoDxviY05ax2Mz05otyBzrAVjFw9
RZt/Ls8ATifu9BusZ2ootvscdIuE3x+ZCl5lvANcFEnvgGw0qpCeASLpsfxwq1dR
gIn7BOiTauFv4eoeFAQvCD+l+EKGWKu3M2y19DgYX94N2+Xs2bwChroaO5e4iFem
MLMuWKZvYgnqS9OAtRSYWbNX/wliiPz7u13yj+qSWgMfu8WPYNQlMZJXuGWUvKLE
XCUExlu7/o8D4HpsVs30E0pUdaqN0vExB1KegxPWWrmLcYnPG3knXpkC3ZBZ5P/e
l/2eyhZRy9ydiITF8gM3L08E8aeqvzZMw2FDSmousydIzlXgeS5VuEf+lUFA2h8o
ZYGQgrLt+ot8MbLhJlkp4Q==
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
5801926a57ac2ce27e3dfd1dd6ef8204
2d82bd4f3f0021296f57734f6f1ea714
a6623845541c4b0c3dea0a050fe6746c
b66dfab14cda27e5ae09d7c155aa554f
399fa4a863f0e8c1af787e5c602a801d
3a2ec41e395a978d56729457fe6102d7
d9e9119aa83643210b33c678f9d4109e
3154ac9c759e490cb309b319cf708cae
83ddadc3060a7a26564d1a24411cd552
fe6620ea16b755697a4fc5e6e9d0cfc0
c5c4a1874685429046a424c026db672e
4c2c492898052ba59128d46200b40f88
0027a8b6610a4d559bdc9346d33a0a6b
08e75c7fd43192b162bfd0aef0c716b3
1584827693f676f9a5047123466f0654
eade34972586b31c6ce7e395f4b478cb
-----END OpenVPN Static key V1-----
</tls-auth>

=========================================
================ Gluetun ================
=========================================
==== A mix of OpenVPN, DNS over TLS, ====
======= Shadowsocks and HTTP proxy ======
========= all glued up with Go ==========
=========================================
=========== For tunneling to ============
======== your favorite VPN server =======
=========================================
=== Made with ❤️  by github.com/qdm12 ====
=========================================
 
Running version windscribe-tls-sync built on 2021-01-23T17:43:42Z (commit 7a0d68a)
 
 
🔧  Need help? https://github.com/qdm12/gluetun/issues/new
💻  Email? quentin.mcgaw@gmail.com
☕  Slack? Join from the Slack button on Github
💸  Help me? https://github.com/sponsors/qdm12
2021-01-24T05:00:31.481Z INFO OpenVPN version: 2.5.0
2021-01-24T05:00:32.597Z INFO Unbound version: 1.13.0
2021-01-24T05:00:32.913Z INFO IPtables version: v1.8.6
2021-01-24T05:00:32.913Z WARN You are using the old environment variable USER, please consider changing it to OPENVPN_USER
2021-01-24T05:00:32.913Z WARN You are using the old environment variable PASSWORD, please consider changing it to OPENVPN_PASSWORD
2021-01-24T05:00:32.913Z WARN You are using the old environment variable HOSTNAME, please consider changing it to SERVER_HOSTNAME
2021-01-24T05:00:32.914Z INFO Settings summary below:
OpenVPN settings:
|--User: [redacted]
|--Password: [redacted]
|--Verbosity level: 2
|--Run as root: no
|--Windscribe settings:
|--Network protocol: udp
|--Regions: switzerland, netherlands
|--Custom port: 54783
|--Custom cipher: aes-256-gcm
|--Custom auth algorithm: sha512
System settings:
|--Process user ID: 1000
|--Process group ID: 1000
|--Timezone:
DNS settings:
|--Unbound:
|--DNS over TLS provider:
|--cloudflare
|--Listening port: 53
|--Access control:
|--Allowed:
|--    |--0.0.0.0/0
|--    |--::/0
|--Caching: enabled
|--IPv4 resolution: enabled
|--IPv6 resolution: disabled
|--Verbosity level: 1/5
|--Verbosity details level: 0/4
|--Validation log level: 0/2
|--Blocked hostnames:
|--Blocked IP addresses:
|--127.0.0.1/8
|--10.0.0.0/8
|--172.16.0.0/12
|--192.168.0.0/16
|--169.254.0.0/16
|--::1/128
|--fc00::/7
|--fe80::/10
|--::ffff:0:0/96
|--Allowed hostnames:
|--Block malicious: enabled
|--Block ads: disabled
|--Block surveillance: disabled
|--Update: every 24h0m0s
|--Keep nameserver (disabled blocking): no
Firewall settings:
|--VPN input ports:
|--Input ports:
|--Outbound subnets:
HTTP Proxy settings: disabled
ShadowSocks settings: disabled
HTTP Control server:
|--Listening port: 8000
|--Logging: true
Server updater settings: disabled
Public IP getter settings:
|--Period: 1h0m0s
|--IP file: /tmp/gluetun/ip
Version information: enabled
 
2021-01-24T05:00:33.079Z INFO storage: merging by most recent 6448 hardcoded servers and 6448 servers read from /gluetun/servers.json
2021-01-24T05:00:33.787Z INFO routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-24T05:00:33.787Z INFO routing: local subnet found: 172.17.0.0/16
2021-01-24T05:00:33.788Z INFO routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-24T05:00:33.788Z INFO routing: adding route for 0.0.0.0/0
2021-01-24T05:00:33.789Z INFO firewall: firewall disabled, only updating allowed subnets internal list
2021-01-24T05:00:33.789Z INFO routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-24T05:00:33.789Z INFO openvpn configurator: checking for device /dev/net/tun
2021-01-24T05:00:33.789Z INFO firewall: enabling...
2021-01-24T05:00:34.622Z INFO firewall: enabled successfully
2021-01-24T05:00:34.622Z INFO healthcheck: listening on 127.0.0.1:9999
2021-01-24T05:00:34.622Z INFO Launching standard output merger
==========> DEBUG: Protocol selected is: udp
2021-01-24T05:00:34.622Z INFO http server: listening on 0.0.0.0:8000
2021-01-24T05:00:34.623Z INFO dns over tls: using plaintext DNS at address 1.1.1.1
==========> DEBUG: connection picked is: {72.11.157.67 54783 udp }
==========> DEBUG: connection to use in BuildConf is: {72.11.157.67 54783 udp }
2021-01-24T05:00:34.624Z INFO firewall: setting VPN connection through firewall...
2021-01-24T05:00:34.690Z INFO openvpn configurator: starting openvpn
2021-01-24T05:00:34.695Z INFO openvpn: 2021-01-24 05:00:34 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2021-01-24T05:00:34.695Z INFO openvpn: 2021-01-24 05:00:34 DEPRECATED OPTION: ncp-disable. Disabling cipher negotiation is a deprecated debug feature that will be removed in OpenVPN 2.6
2021-01-24T05:00:34.695Z INFO openvpn: Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).
2021-01-24T05:00:34.696Z INFO openvpn: DEPRECATED OPTION: --cipher set to 'aes-256-gcm' but missing in --data-ciphers (AES-256-GCM:AES-256-CBC:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-256-gcm' to --data-ciphers or change --cipher 'aes-256-gcm' to --data-ciphers-fallback 'aes-256-gcm' to silence this warning.
2021-01-24T05:00:34.696Z INFO openvpn: OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
2021-01-24T05:00:34.696Z INFO openvpn: library versions: OpenSSL 1.1.1i  8 Dec 2020, LZO 2.10
2021-01-24T05:00:34.697Z INFO openvpn: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-01-24T05:00:34.697Z INFO openvpn: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-01-24T05:00:34.698Z INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]72.11.157.67:54783
2021-01-24T05:00:34.698Z INFO openvpn: UDP link local: (not bound)
2021-01-24T05:00:34.698Z INFO openvpn: UDP link remote: [AF_INET]72.11.157.67:54783
2021-01-24T05:00:34.749Z INFO openvpn: VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA
2021-01-24T05:00:34.750Z INFO openvpn: VERIFY KU OK
2021-01-24T05:00:34.750Z INFO openvpn: Validating certificate extended key usage
2021-01-24T05:00:34.750Z INFO openvpn: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-24T05:00:34.750Z INFO openvpn: VERIFY EKU OK
2021-01-24T05:00:34.750Z INFO openvpn: VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
2021-01-24T05:00:34.792Z INFO openvpn: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2021-01-24T05:00:34.792Z INFO openvpn: [Windscribe Node Server 4096] Peer Connection Initiated with [AF_INET]72.11.157.67:54783
2021-01-24T05:00:35.937Z INFO openvpn: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-24T05:00:35.937Z INFO openvpn: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-24T05:00:35.938Z INFO openvpn: TUN/TAP device tun0 opened
2021-01-24T05:00:35.938Z INFO openvpn: /sbin/ip link set dev tun0 up mtu 1500
2021-01-24T05:00:36.418Z INFO openvpn: /sbin/ip link set dev tun0 up
2021-01-24T05:00:36.421Z INFO openvpn: /sbin/ip addr add dev tun0 10.121.18.19/23
2021-01-24T05:00:36.427Z ERROR healthcheck: lookup github.com on 192.168.178.52:53: write udp 172.17.0.6:42943->1.1.1.1:53: write: operation not permitted
2021-01-24T05:00:36.435Z INFO openvpn: UID set to nonrootuser
2021-01-24T05:00:36.436Z INFO openvpn: Initialization Sequence Completed
2021-01-24T05:00:36.436Z INFO dns over tls: downloading DNS over TLS cryptographic files
2021-01-24T05:00:36.647Z INFO healthcheck: passed
2021-01-24T05:00:40.422Z INFO dns over tls: downloading hostnames and IP block lists
2021-01-24T05:00:41.300Z INFO unbound: init module 0: validator
2021-01-24T05:00:41.301Z INFO unbound: init module 1: iterator
2021-01-24T05:00:41.351Z INFO unbound: start of service (unbound 1.13.0).
2021-01-24T05:00:41.421Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-24T05:00:41.546Z INFO dns over tls: ready
2021-01-24T05:00:41.546Z INFO VPN routing IP address: 72.11.157.67
2021-01-24T05:00:41.803Z INFO ip getter: Public IP address is 72.11.157.74
2021-01-24T05:00:41.837Z INFO There is a new release v3.12.0 (v3.12.0 Upgrade to Alpine 3.13 and Openvpn ping fixes) created 11 hours ago
2021-01-24T06:00:34.673Z INFO ip getter: starting
2021-01-24T06:06:11.412Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-24T07:12:04.945Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-24T07:55:58.866Z INFO openvpn: [Windscribe Node Server 4096] Inactivity timeout (--ping-restart), restarting
2021-01-24T07:55:58.881Z INFO openvpn: ERROR: Linux route delete command failed: external program exited with error status: 2
2021-01-24T07:55:58.881Z INFO openvpn: ERROR: Linux route delete command failed: external program exited with error status: 2
2021-01-24T07:55:58.881Z INFO openvpn: ERROR: Linux route delete command failed: external program exited with error status: 2
2021-01-24T07:55:58.882Z INFO openvpn: Closing TUN/TAP interface
2021-01-24T07:55:58.882Z INFO openvpn: /sbin/ip addr del dev tun0 10.121.18.19/23
2021-01-24T07:55:58.882Z INFO openvpn: Linux ip addr del failed: external program exited with error status: 2
2021-01-24T07:55:58.882Z INFO openvpn: SIGUSR1[soft,ping-restart] received, process restarting
2021-01-24T07:56:08.842Z INFO openvpn: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-01-24T07:56:08.843Z INFO openvpn: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-01-24T07:56:08.910Z INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]72.11.157.67:54783
2021-01-24T07:56:08.910Z INFO openvpn: UDP link local: (not bound)
2021-01-24T07:56:08.910Z INFO openvpn: UDP link remote: [AF_INET]72.11.157.67:54783
2021-01-24T07:57:08.730Z INFO openvpn: [UNDEF] Inactivity timeout (--ping-restart), restarting
2021-01-24T07:57:08.731Z INFO openvpn: SIGUSR1[soft,ping-restart] received, process restarting
2021-01-24T07:57:18.730Z INFO openvpn: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-01-24T07:57:18.730Z INFO openvpn: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-01-24T07:57:18.731Z INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]72.11.157.67:54783
2021-01-24T07:57:18.731Z INFO openvpn: UDP link local: (not bound)
2021-01-24T07:57:18.731Z INFO openvpn: UDP link remote: [AF_INET]72.11.157.67:54783
2021-01-24T07:58:18.576Z INFO openvpn: [UNDEF] Inactivity timeout (--ping-restart), restarting
2021-01-24T07:58:18.576Z INFO openvpn: SIGUSR1[soft,ping-restart] received, process restarting
2021-01-24T07:58:28.577Z INFO openvpn: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-01-24T07:58:28.577Z INFO openvpn: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-01-24T07:58:28.578Z INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]72.11.157.67:54783
2021-01-24T07:58:28.578Z INFO openvpn: UDP link local: (not bound)
2021-01-24T07:58:28.578Z INFO openvpn: UDP link remote: [AF_INET]72.11.157.67:54783
2021-01-24T07:58:30.821Z INFO openvpn: VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA
2021-01-24T07:58:30.824Z INFO openvpn: VERIFY KU OK
2021-01-24T07:58:30.824Z INFO openvpn: Validating certificate extended key usage
2021-01-24T07:58:30.824Z INFO openvpn: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-24T07:58:30.826Z INFO openvpn: VERIFY EKU OK
2021-01-24T07:58:30.826Z INFO openvpn: VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
2021-01-24T07:58:30.891Z INFO openvpn: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2021-01-24T07:58:30.892Z INFO openvpn: [Windscribe Node Server 4096] Peer Connection Initiated with [AF_INET]72.11.157.67:54783
2021-01-24T07:58:36.520Z INFO openvpn: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-24T07:58:36.521Z INFO openvpn: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-24T07:58:36.521Z INFO openvpn: ERROR: Cannot open TUN/TAP dev /dev/net/tun: Permission denied (errno=13)
2021-01-24T07:58:36.522Z INFO openvpn: Exiting due to fatal error
2021-01-24T07:58:36.564Z WARN close |0: file already closed
2021-01-24T07:58:36.564Z ERROR openvpn: exit status 1
2021-01-24T07:58:36.575Z INFO openvpn: retrying in 15s
==========> DEBUG: Protocol selected is: udp
==========> DEBUG: connection picked is: {46.166.143.98 54783 udp }
==========> DEBUG: connection to use in BuildConf is: {46.166.143.98 54783 udp }
2021-01-24T07:58:51.577Z INFO firewall: setting VPN connection through firewall...
2021-01-24T07:58:51.786Z INFO openvpn configurator: starting openvpn
2021-01-24T07:58:51.848Z INFO openvpn: 2021-01-24 07:58:51 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2021-01-24T07:58:51.848Z INFO openvpn: 2021-01-24 07:58:51 DEPRECATED OPTION: ncp-disable. Disabling cipher negotiation is a deprecated debug feature that will be removed in OpenVPN 2.6
2021-01-24T07:58:51.848Z INFO openvpn: Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).
2021-01-24T07:58:51.848Z INFO openvpn: DEPRECATED OPTION: --cipher set to 'aes-256-gcm' but missing in --data-ciphers (AES-256-GCM:AES-256-CBC:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-256-gcm' to --data-ciphers or change --cipher 'aes-256-gcm' to --data-ciphers-fallback 'aes-256-gcm' to silence this warning.
2021-01-24T07:58:51.848Z INFO openvpn: OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
2021-01-24T07:58:51.849Z INFO openvpn: library versions: OpenSSL 1.1.1i  8 Dec 2020, LZO 2.10
2021-01-24T07:58:51.851Z INFO openvpn: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-01-24T07:58:51.851Z INFO openvpn: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-01-24T07:58:51.853Z INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]46.166.143.98:54783
2021-01-24T07:58:51.853Z INFO openvpn: UDP link local: (not bound)
2021-01-24T07:58:51.853Z INFO openvpn: UDP link remote: [AF_INET]46.166.143.98:54783
2021-01-24T07:58:51.896Z INFO openvpn: VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA
2021-01-24T07:58:51.898Z INFO openvpn: VERIFY KU OK
2021-01-24T07:58:51.898Z INFO openvpn: Validating certificate extended key usage
2021-01-24T07:58:51.898Z INFO openvpn: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-24T07:58:51.898Z INFO openvpn: VERIFY EKU OK
2021-01-24T07:58:51.898Z INFO openvpn: VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
2021-01-24T07:58:51.940Z INFO openvpn: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2021-01-24T07:58:51.940Z INFO openvpn: [Windscribe Node Server 4096] Peer Connection Initiated with [AF_INET]46.166.143.98:54783
2021-01-24T07:58:53.302Z INFO openvpn: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-24T07:58:53.302Z INFO openvpn: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-24T07:58:53.303Z INFO openvpn: TUN/TAP device tun0 opened
2021-01-24T07:58:53.303Z INFO openvpn: /sbin/ip link set dev tun0 up mtu 1500
2021-01-24T07:58:53.305Z INFO openvpn: /sbin/ip link set dev tun0 up
2021-01-24T07:58:53.306Z INFO openvpn: /sbin/ip addr add dev tun0 10.116.50.68/23
2021-01-24T07:58:53.313Z INFO openvpn: UID set to nonrootuser
2021-01-24T07:58:53.313Z INFO openvpn: Initialization Sequence Completed
2021-01-24T07:58:53.314Z INFO VPN routing IP address: 46.166.143.98
2021-01-24T08:19:09.899Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]46.166.143.98:54783 op=30
2021-01-24T08:29:21.905Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-24T09:33:51.016Z INFO openvpn: TLS Error: client->client or server->server connection attempted from [AF_INET]46.166.143.98:54783
2021-01-24T09:39:38.984Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-24T09:44:03.602Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]46.166.143.98:54783 op=16
2021-01-24T10:10:42.619Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]46.166.143.98:54783 op=22
2021-01-24T10:41:35.626Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]46.166.143.98:54783 op=11
2021-01-24T10:48:18.500Z INFO openvpn: TLS Error: Unroutable control packet received from [AF_INET]46.166.143.98:54783 (si=3 op=P_CONTROL_V1)
2021-01-24T10:54:52.933Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]46.166.143.98:54783 op=27
2021-01-24T10:55:52.756Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-24T10:57:48.251Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]46.166.143.98:54783 op=26
2021-01-24T10:59:20.261Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]46.166.143.98:54783 op=20
2021-01-24T11:08:07.398Z INFO openvpn: TLS Error: Unroutable control packet received from [AF_INET]46.166.143.98:54783 (si=3 op=P_CONTROL_SOFT_RESET_V1)
2021-01-24T11:20:56.833Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]46.166.143.98:54783 op=16
2021-01-24T11:21:34.220Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]46.166.143.98:54783 op=11
2021-01-24T11:23:12.379Z INFO openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]46.166.143.98:54783 [3]
2021-01-24T11:28:47.918Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]46.166.143.98:54783 op=0
2021-01-24T11:38:47.760Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]46.166.143.98:54783 op=23
2021-01-24T11:55:36.078Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]46.166.143.98:54783 op=16
2021-01-24T12:06:52.314Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-24T12:16:34.322Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]46.166.143.98:54783 op=17
2021-01-24T12:23:03.089Z INFO openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]46.166.143.98:54783 [4]
2021-01-24T12:25:19.989Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]46.166.143.98:54783 op=16
2021-01-24T13:23:20.102Z INFO openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]46.166.143.98:54783 [7]
2021-01-24T13:29:24.791Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-24T13:39:18.701Z INFO openvpn: Peer tried unsupported key-method 1
2021-01-24T13:39:18.702Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]46.166.143.98:54783 op=2
2021-01-24T15:07:16.751Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-24T16:10:20.532Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-24T16:13:31.187Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]46.166.143.98:54783 op=20
2021-01-24T17:35:13.064Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-24T18:48:28.008Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN

so the weekend is over !!! and everything runs again without problems

=========================================
================ Gluetun ================
=========================================
==== A mix of OpenVPN, DNS over TLS, ====
======= Shadowsocks and HTTP proxy ======
========= all glued up with Go ==========
=========================================
=========== For tunneling to ============
======== your favorite VPN server =======
=========================================
=== Made with ❤️  by github.com/qdm12 ====
=========================================
 
Running version windscribe-tls-sync built on 2021-01-23T17:43:42Z (commit 7a0d68a)
 
 
🔧  Need help? https://github.com/qdm12/gluetun/issues/new
💻  Email? quentin.mcgaw@gmail.com
☕  Slack? Join from the Slack button on Github
💸  Help me? https://github.com/sponsors/qdm12
2021-01-25T05:00:36.334Z INFO IPtables version: v1.8.6
2021-01-25T05:00:37.124Z INFO OpenVPN version: 2.5.0
2021-01-25T05:00:37.365Z INFO Unbound version: 1.13.0
2021-01-25T05:00:37.365Z WARN You are using the old environment variable USER, please consider changing it to OPENVPN_USER
2021-01-25T05:00:37.365Z WARN You are using the old environment variable PASSWORD, please consider changing it to OPENVPN_PASSWORD
2021-01-25T05:00:37.366Z WARN You are using the old environment variable HOSTNAME, please consider changing it to SERVER_HOSTNAME
2021-01-25T05:00:37.366Z INFO Settings summary below:
OpenVPN settings:
|--User: [redacted]
|--Password: [redacted]
|--Verbosity level: 2
|--Run as root: no
|--Windscribe settings:
|--Network protocol: udp
|--Regions: switzerland, netherlands
|--Custom port: 54783
|--Custom cipher: aes-256-gcm
|--Custom auth algorithm: sha512
System settings:
|--Process user ID: 1000
|--Process group ID: 1000
|--Timezone:
DNS settings:
|--Unbound:
|--DNS over TLS provider:
|--cloudflare
|--Listening port: 53
|--Access control:
|--Allowed:
|--    |--0.0.0.0/0
|--    |--::/0
|--Caching: enabled
|--IPv4 resolution: enabled
|--IPv6 resolution: disabled
|--Verbosity level: 1/5
|--Verbosity details level: 0/4
|--Validation log level: 0/2
|--Blocked hostnames:
|--Blocked IP addresses:
|--127.0.0.1/8
|--10.0.0.0/8
|--172.16.0.0/12
|--192.168.0.0/16
|--169.254.0.0/16
|--::1/128
|--fc00::/7
|--fe80::/10
|--::ffff:0:0/96
|--Allowed hostnames:
|--Block malicious: enabled
|--Block ads: disabled
|--Block surveillance: disabled
|--Update: every 24h0m0s
|--Keep nameserver (disabled blocking): no
Firewall settings:
|--VPN input ports:
|--Input ports:
|--Outbound subnets:
HTTP Proxy settings: disabled
ShadowSocks settings: disabled
HTTP Control server:
|--Listening port: 8000
|--Logging: true
Server updater settings: disabled
Public IP getter settings:
|--Period: 1h0m0s
|--IP file: /tmp/gluetun/ip
Version information: enabled
 
2021-01-25T05:00:37.573Z INFO storage: merging by most recent 6448 hardcoded servers and 6448 servers read from /gluetun/servers.json
2021-01-25T05:00:37.659Z INFO routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-25T05:00:37.659Z INFO routing: local subnet found: 172.17.0.0/16
2021-01-25T05:00:37.660Z INFO routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-25T05:00:37.660Z INFO routing: adding route for 0.0.0.0/0
2021-01-25T05:00:37.661Z INFO firewall: firewall disabled, only updating allowed subnets internal list
2021-01-25T05:00:37.661Z INFO routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-25T05:00:37.661Z INFO openvpn configurator: checking for device /dev/net/tun
2021-01-25T05:00:37.661Z INFO firewall: enabling...
2021-01-25T05:00:38.286Z INFO firewall: enabled successfully
2021-01-25T05:00:38.287Z INFO Launching standard output merger
2021-01-25T05:00:38.287Z INFO dns over tls: using plaintext DNS at address 1.1.1.1
2021-01-25T05:00:38.287Z INFO http server: listening on 0.0.0.0:8000
==========> DEBUG: Protocol selected is: udp
==========> DEBUG: connection picked is: {31.7.57.242 54783 udp }
==========> DEBUG: connection to use in BuildConf is: {31.7.57.242 54783 udp }
2021-01-25T05:00:38.287Z INFO healthcheck: listening on 127.0.0.1:9999
2021-01-25T05:00:38.291Z INFO firewall: setting VPN connection through firewall...
2021-01-25T05:00:38.327Z INFO openvpn configurator: starting openvpn
2021-01-25T05:00:38.332Z INFO openvpn: 2021-01-25 05:00:38 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2021-01-25T05:00:38.332Z INFO openvpn: 2021-01-25 05:00:38 DEPRECATED OPTION: ncp-disable. Disabling cipher negotiation is a deprecated debug feature that will be removed in OpenVPN 2.6
2021-01-25T05:00:38.332Z INFO openvpn: Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).
2021-01-25T05:00:38.332Z INFO openvpn: DEPRECATED OPTION: --cipher set to 'aes-256-gcm' but missing in --data-ciphers (AES-256-GCM:AES-256-CBC:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-256-gcm' to --data-ciphers or change --cipher 'aes-256-gcm' to --data-ciphers-fallback 'aes-256-gcm' to silence this warning.
2021-01-25T05:00:38.333Z INFO openvpn: OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
2021-01-25T05:00:38.333Z INFO openvpn: library versions: OpenSSL 1.1.1i  8 Dec 2020, LZO 2.10
2021-01-25T05:00:38.335Z INFO openvpn: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-01-25T05:00:38.335Z INFO openvpn: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-01-25T05:00:38.335Z INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]31.7.57.242:54783
2021-01-25T05:00:38.336Z INFO openvpn: UDP link local: (not bound)
2021-01-25T05:00:38.336Z INFO openvpn: UDP link remote: [AF_INET]31.7.57.242:54783
2021-01-25T05:00:38.396Z INFO openvpn: VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA
2021-01-25T05:00:38.398Z INFO openvpn: VERIFY KU OK
2021-01-25T05:00:38.398Z INFO openvpn: Validating certificate extended key usage
2021-01-25T05:00:38.398Z INFO openvpn: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-25T05:00:38.398Z INFO openvpn: VERIFY EKU OK
2021-01-25T05:00:38.398Z INFO openvpn: VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
2021-01-25T05:00:38.448Z INFO openvpn: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2021-01-25T05:00:38.448Z INFO openvpn: [Windscribe Node Server 4096] Peer Connection Initiated with [AF_INET]31.7.57.242:54783
2021-01-25T05:00:41.199Z ERROR healthcheck: lookup github.com on 192.168.178.52:53: write udp 172.17.0.4:54665->1.1.1.1:53: write: operation not permitted
2021-01-25T05:00:41.973Z INFO openvpn: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-25T05:00:41.973Z INFO openvpn: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-25T05:00:41.973Z INFO openvpn: TUN/TAP device tun0 opened
2021-01-25T05:00:41.973Z INFO openvpn: /sbin/ip link set dev tun0 up mtu 1500
2021-01-25T05:00:42.015Z INFO openvpn: /sbin/ip link set dev tun0 up
2021-01-25T05:00:42.017Z INFO openvpn: /sbin/ip addr add dev tun0 10.117.62.18/23
2021-01-25T05:00:42.023Z INFO openvpn: UID set to nonrootuser
2021-01-25T05:00:42.023Z INFO openvpn: Initialization Sequence Completed
2021-01-25T05:00:42.023Z INFO dns over tls: downloading DNS over TLS cryptographic files
2021-01-25T05:00:42.322Z INFO healthcheck: passed
2021-01-25T05:00:43.653Z INFO dns over tls: downloading hostnames and IP block lists
2021-01-25T05:00:44.826Z INFO unbound: init module 0: validator
2021-01-25T05:00:44.827Z INFO unbound: init module 1: iterator
2021-01-25T05:00:44.866Z INFO unbound: start of service (unbound 1.13.0).
2021-01-25T05:00:44.995Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-25T05:00:44.995Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-25T05:00:45.244Z INFO dns over tls: ready
2021-01-25T05:00:45.245Z INFO VPN routing IP address: 31.7.57.242
2021-01-25T05:00:45.542Z INFO There is a new release v3.12.0 (v3.12.0 Upgrade to Alpine 3.13 and Openvpn ping fixes) created 35 hours ago
2021-01-25T05:00:46.215Z INFO ip getter: Public IP address is 31.7.57.249
2021-01-25T06:00:38.287Z INFO ip getter: starting
2021-01-25T06:01:55.696Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-25T07:29:40.094Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-25T08:32:51.855Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-25T09:40:44.441Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-25T10:47:54.413Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-25T12:03:59.806Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-25T13:17:28.444Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-25T15:00:44.100Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-25T15:00:44.100Z INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN

happy too early

=========================================
================ Gluetun ================
=========================================
==== A mix of OpenVPN, DNS over TLS, ====
======= Shadowsocks and HTTP proxy ======
========= all glued up with Go ==========
=========================================
=========== For tunneling to ============
======== your favorite VPN server =======
=========================================
=== Made with ❤️  by github.com/qdm12 ====
=========================================
 
Running version windscribe-tls-sync built on 2021-01-26T01:13:09Z (commit 3a5d87c)
 
 
🔧  Need help? https://github.com/qdm12/gluetun/issues/new
💻  Email? quentin.mcgaw@gmail.com
☕  Slack? Join from the Slack button on Github
💸  Help me? https://github.com/sponsors/qdm12
2021-01-26T05:00:56.460Z INFO OpenVPN version: 2.5.0
2021-01-26T05:00:56.692Z INFO Unbound version: 1.13.0
2021-01-26T05:00:56.755Z INFO IPtables version: v1.8.6
2021-01-26T05:00:56.755Z WARN You are using the old environment variable USER, please consider changing it to OPENVPN_USER
2021-01-26T05:00:56.755Z WARN You are using the old environment variable PASSWORD, please consider changing it to OPENVPN_PASSWORD
2021-01-26T05:00:56.755Z WARN You are using the old environment variable HOSTNAME, please consider changing it to SERVER_HOSTNAME
2021-01-26T05:00:56.756Z INFO Settings summary below:
OpenVPN settings:
|--User: [redacted]
|--Password: [redacted]
|--Verbosity level: 2
|--Run as root: no
|--Windscribe settings:
|--Network protocol: udp
|--Regions: switzerland, netherlands
|--Custom port: 54783
|--Custom cipher: aes-256-gcm
|--Custom auth algorithm: sha512
System settings:
|--Process user ID: 1000
|--Process group ID: 1000
|--Timezone:
DNS settings:
|--Unbound:
|--DNS over TLS provider:
|--cloudflare
|--Listening port: 53
|--Access control:
|--Allowed:
|--    |--0.0.0.0/0
|--    |--::/0
|--Caching: enabled
|--IPv4 resolution: enabled
|--IPv6 resolution: disabled
|--Verbosity level: 1/5
|--Verbosity details level: 0/4
|--Validation log level: 0/2
|--Blocked hostnames:
|--Blocked IP addresses:
|--127.0.0.1/8
|--10.0.0.0/8
|--172.16.0.0/12
|--192.168.0.0/16
|--169.254.0.0/16
|--::1/128
|--fc00::/7
|--fe80::/10
|--::ffff:0:0/96
|--Allowed hostnames:
|--Block malicious: enabled
|--Block ads: disabled
|--Block surveillance: disabled
|--Update: every 24h0m0s
|--Keep nameserver (disabled blocking): no
Firewall settings:
|--VPN input ports:
|--Input ports:
|--Outbound subnets:
HTTP Proxy settings: disabled
ShadowSocks settings: disabled
HTTP Control server:
|--Listening port: 8000
|--Logging: true
Server updater settings: disabled
Public IP getter settings:
|--Period: 1h0m0s
|--IP file: /tmp/gluetun/ip
Version information: enabled
 
2021-01-26T05:00:56.927Z INFO storage: merging by most recent 6448 hardcoded servers and 6448 servers read from /gluetun/servers.json
2021-01-26T05:00:57.423Z INFO routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-26T05:00:57.423Z INFO routing: local subnet found: 172.17.0.0/16
2021-01-26T05:00:57.424Z INFO routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-26T05:00:57.424Z INFO routing: adding route for 0.0.0.0/0
2021-01-26T05:00:57.424Z INFO firewall: firewall disabled, only updating allowed subnets internal list
2021-01-26T05:00:57.424Z INFO routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-26T05:00:57.424Z INFO openvpn configurator: checking for device /dev/net/tun
2021-01-26T05:00:57.425Z INFO firewall: enabling...
2021-01-26T05:00:58.201Z INFO firewall: enabled successfully
2021-01-26T05:00:58.201Z INFO healthcheck: listening on 127.0.0.1:9999
2021-01-26T05:00:58.202Z INFO http server: listening on 0.0.0.0:8000
==========> DEBUG: Protocol selected is: udp
2021-01-26T05:00:58.202Z INFO dns over tls: using plaintext DNS at address 1.1.1.1
==========> DEBUG: connection picked is: {109.201.130.2 54783 udp }
==========> DEBUG: connection to use in BuildConf is: {109.201.130.2 54783 udp }
2021-01-26T05:00:58.203Z INFO firewall: setting VPN connection through firewall...
2021-01-26T05:00:58.428Z INFO openvpn configurator: starting openvpn
2021-01-26T05:00:58.433Z INFO openvpn: 2021-01-26 05:00:58 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2021-01-26T05:00:58.433Z INFO openvpn: 2021-01-26 05:00:58 DEPRECATED OPTION: ncp-disable. Disabling cipher negotiation is a deprecated debug feature that will be removed in OpenVPN 2.6
2021-01-26T05:00:58.434Z INFO openvpn: Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).
2021-01-26T05:00:58.434Z INFO openvpn: DEPRECATED OPTION: --cipher set to 'aes-256-gcm' but missing in --data-ciphers (AES-256-GCM:AES-256-CBC:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-256-gcm' to --data-ciphers or change --cipher 'aes-256-gcm' to --data-ciphers-fallback 'aes-256-gcm' to silence this warning.
2021-01-26T05:00:58.434Z INFO openvpn: OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
2021-01-26T05:00:58.434Z INFO openvpn: library versions: OpenSSL 1.1.1i  8 Dec 2020, LZO 2.10
2021-01-26T05:00:58.436Z INFO openvpn: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-01-26T05:00:58.436Z INFO openvpn: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-01-26T05:00:58.436Z INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]109.201.130.2:54783
2021-01-26T05:00:58.437Z INFO openvpn: UDP link local: (not bound)
2021-01-26T05:00:58.437Z INFO openvpn: UDP link remote: [AF_INET]109.201.130.2:54783
2021-01-26T05:00:58.474Z INFO openvpn: VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA
2021-01-26T05:00:58.475Z INFO openvpn: VERIFY KU OK
2021-01-26T05:00:58.475Z INFO openvpn: Validating certificate extended key usage
2021-01-26T05:00:58.475Z INFO openvpn: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-26T05:00:58.476Z INFO openvpn: VERIFY EKU OK
2021-01-26T05:00:58.476Z INFO openvpn: VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
2021-01-26T05:00:58.516Z INFO openvpn: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2021-01-26T05:00:58.516Z INFO openvpn: [Windscribe Node Server 4096] Peer Connection Initiated with [AF_INET]109.201.130.2:54783
2021-01-26T05:01:01.694Z ERROR healthcheck: lookup github.com on 192.168.178.52:53: write udp 172.17.0.4:56606->1.1.1.1:53: write: operation not permitted
2021-01-26T05:01:04.100Z INFO openvpn: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-26T05:01:04.100Z INFO openvpn: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-01-26T05:01:04.101Z INFO openvpn: TUN/TAP device tun0 opened
2021-01-26T05:01:04.101Z INFO openvpn: /sbin/ip link set dev tun0 up mtu 1500
2021-01-26T05:01:04.185Z INFO openvpn: /sbin/ip link set dev tun0 up
2021-01-26T05:01:04.186Z INFO openvpn: /sbin/ip addr add dev tun0 10.122.154.28/23
2021-01-26T05:01:04.193Z INFO openvpn: UID set to nonrootuser
2021-01-26T05:01:04.193Z INFO openvpn: Initialization Sequence Completed
2021-01-26T05:01:04.193Z INFO dns over tls: downloading DNS over TLS cryptographic files
2021-01-26T05:01:04.239Z INFO healthcheck: passed
2021-01-26T05:01:05.582Z INFO dns over tls: downloading hostnames and IP block lists
2021-01-26T05:01:06.712Z INFO dns over tls: init module 0: validator
2021-01-26T05:01:06.712Z INFO dns over tls: init module 1: iterator
2021-01-26T05:01:06.757Z INFO dns over tls: start of service (unbound 1.13.0).
2021-01-26T05:01:06.859Z INFO dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-26T05:01:06.873Z INFO dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-26T05:01:07.086Z INFO dns over tls: ready
2021-01-26T05:01:07.086Z INFO VPN routing IP address: 109.201.130.2
2021-01-26T05:01:07.422Z INFO There is a new release v3.12.0 (v3.12.0 Upgrade to Alpine 3.13 and Openvpn ping fixes) created 2 days ago
2021-01-26T05:01:07.522Z INFO ip getter: Public IP address is 109.201.130.12
2021-01-26T05:05:31.053Z INFO openvpn: Peer tried unsupported key-method 1
2021-01-26T05:05:31.053Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=1
2021-01-26T05:14:02.175Z INFO openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]109.201.130.2:54783 [5]
2021-01-26T06:00:58.202Z INFO ip getter: starting
2021-01-26T06:02:16.534Z INFO dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-26T06:05:27.844Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=19
2021-01-26T06:57:16.124Z INFO openvpn: AEAD Decrypt error: cipher final failed
2021-01-26T06:59:10.260Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=24
2021-01-26T07:02:29.000Z INFO openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]109.201.130.2:54783 [7]
2021-01-26T07:02:42.015Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=21
2021-01-26T07:06:36.965Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=20
2021-01-26T07:10:51.634Z INFO dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-26T07:11:26.884Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=22
2021-01-26T07:21:57.315Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=28
2021-01-26T07:21:58.852Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=20
2021-01-26T07:24:39.994Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=27
2021-01-26T07:37:23.004Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=21
2021-01-26T08:11:09.025Z INFO openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]109.201.130.2:54783 [1]
2021-01-26T08:12:07.861Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=25
2021-01-26T08:12:24.215Z INFO dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-26T08:41:13.538Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=18
2021-01-26T08:43:06.941Z INFO openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]109.201.130.2:54783 [7]
2021-01-26T08:57:24.983Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=16
2021-01-26T09:12:44.075Z INFO dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-26T09:14:50.273Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=15
2021-01-26T09:16:27.324Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=23
2021-01-26T09:51:59.988Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=20
2021-01-26T09:52:31.313Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=15
2021-01-26T10:00:23.402Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=21
2021-01-26T10:01:54.513Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=26
2021-01-26T10:17:23.556Z INFO dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-26T10:53:57.202Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=28
2021-01-26T11:09:33.582Z INFO openvpn: Peer tried unsupported key-method 1
2021-01-26T11:09:33.582Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=1
2021-01-26T11:12:22.767Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=0
2021-01-26T11:35:52.316Z INFO dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-26T11:49:27.076Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=12
2021-01-26T12:11:44.803Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=22
2021-01-26T12:12:43.703Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=14
2021-01-26T12:13:02.912Z INFO openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
2021-01-26T12:13:02.912Z INFO openvpn: TLS Error: incoming packet authentication failed from [AF_INET]109.201.130.2:54783
2021-01-26T12:30:59.449Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=28
2021-01-26T12:36:57.464Z INFO dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-26T12:39:43.016Z INFO openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
2021-01-26T12:39:43.016Z INFO openvpn: TLS Error: incoming packet authentication failed from [AF_INET]109.201.130.2:54783
2021-01-26T12:51:43.943Z INFO openvpn: Peer tried unsupported key-method 1
2021-01-26T12:51:43.943Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=2
2021-01-26T12:59:36.238Z INFO openvpn: TLS Error: local/remote TLS keys are out of sync: [AF_INET]109.201.130.2:54783 [5]
2021-01-26T13:07:14.339Z INFO openvpn: Peer tried unsupported key-method 1
2021-01-26T13:07:14.339Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=1
2021-01-26T13:13:48.912Z INFO openvpn: TLS Error: Unroutable control packet received from [AF_INET]109.201.130.2:54783 (si=3 op=P_CONTROL_SOFT_RESET_V1)
2021-01-26T13:40:08.568Z INFO dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-26T13:43:34.921Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=30
2021-01-26T13:45:38.014Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=13
2021-01-26T13:58:51.297Z INFO openvpn: TLS Error: Unroutable control packet received from [AF_INET]109.201.130.2:54783 (si=3 op=P_ACK_V1)
2021-01-26T14:43:36.659Z INFO dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-01-26T14:43:37.859Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=26
2021-01-26T15:33:23.404Z INFO openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=26

Repository owner

deleted a comment

Jan 30, 2021

Repository owner

deleted a comment

Jan 30, 2021

Repository owner

deleted a comment

Jan 30, 2021

Repository owner

deleted a comment

Jan 30, 2021

Repository owner

deleted a comment

Jan 30, 2021

Repository owner

deleted a comment from
bozzfozz

Jan 30, 2021

Can you try running the instance with OPENVPN_VERBOSITY=4? Also feel free to re-pull the image, I added some changes made on the master branch (:latest) now (like newer IP addresses for Windscribe).

=========================================
==== A mix of OpenVPN, DNS over TLS, ====
2021-01-31T14:20:21.945+0100	WARN	You are using the old environment variable USER, please consider changing it to OPENVPN_USER
2021-01-31T14:20:21.945+0100	WARN	You are using the old environment variable PASSWORD, please consider changing it to OPENVPN_PASSWORD
2021-01-31T14:20:21.945+0100	WARN	You are using the old environment variable HOSTNAME, please consider changing it to SERVER_HOSTNAME
 |--Regions: switzerland, netherlands
2021-01-31T14:20:22.563+0100	INFO	routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-31T14:20:22.564+0100	INFO	routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-31T14:20:22.564+0100	INFO	firewall: firewall disabled, only updating allowed subnets internal list
2021-01-31T14:20:22.564+0100	INFO	routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-31 13:20:23
  panic: PLEASE CREATE AN ISSUE with this log: https://github.com/qdm12/gluetun/issues
  main.go:268
  created by main._main
  github.com/qdm12/gluetun/internal/openvpn/loop.go:122 +0x13ab
  github.com/qdm12/gluetun/internal/openvpn.(*looper).Run(0xc0000e0000, 0xbb71a0, 0xc000094000, 0xc0003e5690)
2021-01-31T14:20:36.381+0100	WARN	You are using the old environment variable USER, please consider changing it to OPENVPN_USER
2021-01-31T14:20:36.382+0100	WARN	You are using the old environment variable PASSWORD, please consider changing it to OPENVPN_PASSWORD
2021-01-31T14:20:36.382+0100	WARN	You are using the old environment variable HOSTNAME, please consider changing it to SERVER_HOSTNAME
2021-01-31T14:20:36.721+0100	INFO	routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-31T14:20:36.723+0100	INFO	routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-31T14:20:36.724+0100	INFO	firewall: firewall disabled, only updating allowed subnets internal list
2021-01-31T14:20:36.724+0100	INFO	routing: default route found: interface eth0, gateway 172.17.0.1
2021-01-31T14:20:37.660+0100	INFO	openvpn: library versions: OpenSSL 1.1.1i  8 Dec 2020, LZO 2.10
2021-01-31T14:20:37.913+0100	INFO	openvpn: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-client'
2021-01-31T14:20:37.913+0100	INFO	openvpn: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-server'
2021-01-31T14:20:37.932+0100	INFO	openvpn: TLS: Initial packet from [AF_INET]89.187.165.98:54783, sid=f0b5d934 9ddef491
2021-01-31T14:20:37.980+0100	INFO	openvpn: VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA
2021-01-31T14:20:37.981+0100	INFO	openvpn: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-01-31T14:20:37.981+0100	INFO	openvpn: VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
2021-01-31T14:20:38.027+0100	INFO	openvpn: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2021-01-31T14:20:44.290+0100	INFO	openvpn: Key [AF_INET]89.187.165.98:54783 [0] not initialized (yet), dropping packet.
2021-01-31T14:20:44.290+0100	INFO	openvpn: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,rcvbuf 256000,sndbuf 256000,route-gateway 10.119.110.1,topology subnet,ping 5,ping-restart 60,dhcp-option DNS 10.255.255.4,ifconfig 10.119.110.82 255.255.254.0,peer-id 79'
2021-01-31T14:20:44.291+0100	INFO	openvpn: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2021-01-31T14:20:45.910+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [1] [SSL-0] [0_0001111_] 0:10 0:9 t=1612099245[0] r=[-1,64,15,1,1] sl=[54,10,64,528]
2021-01-31T14:20:46.306+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [2] [SSL-0] [0__001111112222_] 0:16 0:14 t=1612099246[0] r=[-2,64,15,2,1] sl=[48,16,64,528]
2021-01-31T14:20:47.387+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [3] [SSL-0] [0___000000000000000000000000000000000000000000000000000000000000] 0:407 0:404 t=1612099247[0] r=[-3,64,15,3,1] sl=[41,64,64,528]
2021-01-31T14:20:48.980+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [5] [SSL-0] [0_____0000000000000000000000000000000000000000000000000000000000] 0:650 0:645 t=1612099248[0] r=[-4,64,15,5,1] sl=[54,64,64,528]
2021-01-31T14:22:03.434+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [7] [SSL-0] [0000____00000000000000000000000000000000000000000000000000000000] 0:3394 0:3387 t=1612099323[0] r=[-4,64,15,7,1] sl=[62,64,64,528]
2021-01-31T14:22:04.005+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [9] [SSL-0] [00________000000000000000000000000000000000000000000000000011111] 0:6266 0:6257 t=1612099324[0] r=[0,64,15,9,1] sl=[41,64,64,528]
2021-01-31T14:22:04.006+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [11] [SSL-0] [0___________0000000000000000000000000000000000000000000000000000] 0:6293 0:6282 t=1612099324[0] r=[0,64,15,11,1] sl=[14,64,64,528]
2021-01-31T14:22:13.940+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [16] [SSL-0] [000_____________________________________________________________] 0:47072 0:47056 t=1612099333[0] r=[-4,64,15,16,1] sl=[62,64,64,528]
2021-01-31T14:22:50.608+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [17] [SSL-0] [0_________________000000000000000000000000000000000_________0000] 0:195077 0:195060 t=1612099370[0] r=[-1,64,15,17,1] sl=[28,64,64,528]
2021-01-31T14:23:21.934+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [22] [SSL-0] [0______________________00000000000000000000000000000000000000000] 0:311438 0:311416 t=1612099401[0] r=[-2,64,15,22,1] sl=[15,64,64,528]
2021-01-31T14:24:17.949+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [32] [SSL-0] [000______________________________0000000000000000000000000000000] 0:545834 0:545802 t=1612099457[0] r=[-3,64,15,32,1] sl=[61,64,64,528]
2021-01-31T14:34:29.525+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [39] [SSL-0] [000_____________________________________000000000000000000000000] 0:915963 0:915924 t=1612100069[0] r=[-4,64,15,39,1] sl=[54,64,64,528]
2021-01-31T14:37:10.904+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [40] [SSL-0] [000000___________________________________00000000000000000000000] 0:1730407 0:1730367 t=1612100230[0] r=[0,64,15,40,1] sl=[57,64,64,528]
2021-01-31T14:42:16.010+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [51] [SSL-0] [0___________________________________________________000000000000] 0:3389803 0:3389752 t=1612100536[0] r=[-1,64,15,51,1] sl=[59,64,64,528]
2021-01-31T14:51:04.156+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [59] [SSL-0] [0000________________________________________________________0000] 0:6050488 0:6050429 t=1612101064[0] r=[-4,64,15,59,1] sl=[7,64,64,528]

Repository owner

deleted a comment

Jan 31, 2021

Repository owner

deleted a comment

Jan 31, 2021

So the logs here are completely irrelevant to the issue BUT thank you, I finally nailed the (me being silly) bug where it would give occasionally an ’empty connection’ for NordVPN and Windscribe. It’s now fixed with dd5a9c6 which is incorporated in :latest and :windscribe-tls-sync. I made bug fix docker tags down to v3.10 with the fix, 👍

Anyway, going back to this Windscribe TLS issue, can you please pull and re-run the container for a few days see what it gives when this TLS issue happens?

=========================================
================ Gluetun ================
=========================================
==== A mix of OpenVPN, DNS over TLS, ====
======= Shadowsocks and HTTP proxy ======
========= all glued up with Go ==========
=========================================
=========== For tunneling to ============
======== your favorite VPN server =======
=========================================
=== Made with ❤️  by github.com/qdm12 ====
=========================================

Running version windscribe-tls-sync built on 2021-01-31T18:50:00Z (commit 61d0d70)

🔧  Need help? https://github.com/qdm12/gluetun/issues/new
💻  Email? quentin.mcgaw@gmail.com
☕  Slack? Join from the Slack button on Github
💸  Help me? https://github.com/sponsors/qdm12
2021-02-05T06:00:24.587+0100	INFO	OpenVPN version: 2.4.10
2021-02-05T06:00:24.711+0100	INFO	Unbound version: 1.10.1
2021-02-05T06:00:24.827+0100	INFO	IPtables version: v1.8.4
2021-02-05T06:00:24.827+0100	WARN	You are using the old environment variable USER, please consider changing it to OPENVPN_USER
2021-02-05T06:00:24.827+0100	WARN	You are using the old environment variable PASSWORD, please consider changing it to OPENVPN_PASSWORD
2021-02-05T06:00:24.827+0100	WARN	You are using the old environment variable HOSTNAME, please consider changing it to SERVER_HOSTNAME
2021-02-05T06:00:24.828+0100	INFO	Settings summary below:
OpenVPN settings:
|--User: [redacted]
|--Password: [redacted]
|--Verbosity level: 4
|--Run as root: no
|--Windscribe settings:
 |--Network protocol: udp
 |--Regions: switzerland, netherlands
 |--Custom port: 54783
|--Custom cipher: aes-256-gcm
|--Custom auth algorithm: sha512
System settings:
|--Process user ID: 1000
|--Process group ID: 1000
|--Timezone: europe/berlin
DNS settings:
 |--Unbound:
    |--DNS over TLS provider:
       |--cloudflare
    |--Listening port: 53
    |--Access control:
       |--Allowed:
    |--    |--0.0.0.0/0
    |--    |--::/0
    |--Caching: enabled
    |--IPv4 resolution: enabled
    |--IPv6 resolution: disabled
    |--Verbosity level: 1/5
    |--Verbosity details level: 0/4
    |--Validation log level: 0/2
    |--Blocked hostnames:
    |--Blocked IP addresses:
       |--127.0.0.1/8
       |--10.0.0.0/8
       |--172.16.0.0/12
       |--192.168.0.0/16
       |--169.254.0.0/16
       |--::1/128
       |--fc00::/7
       |--fe80::/10
       |--::ffff:0:0/96
    |--Allowed hostnames:
 |--Block malicious: enabled
 |--Block ads: disabled
 |--Block surveillance: disabled
 |--Update: every 24h0m0s
 |--Keep nameserver (disabled blocking): no
Firewall settings:
 |--VPN input ports: 
 |--Input ports: 
 |--Outbound subnets: 
HTTP Proxy settings: disabled
ShadowSocks settings: disabled
HTTP Control server:
 |--Listening port: 8000
 |--Logging: true
Server updater settings: disabled
Public IP getter settings:
|--Period: 1h0m0s
|--IP file: /tmp/gluetun/ip
Version information: enabled

2021-02-05T06:00:24.979+0100	INFO	storage: merging by most recent 6949 hardcoded servers and 6949 servers read from /gluetun/servers.json
2021-02-05T06:00:25.034+0100	INFO	routing: default route found: interface eth0, gateway 172.17.0.1
2021-02-05T06:00:25.035+0100	INFO	routing: local subnet found: 172.17.0.0/16
2021-02-05T06:00:25.036+0100	INFO	routing: default route found: interface eth0, gateway 172.17.0.1
2021-02-05T06:00:25.036+0100	INFO	routing: adding route for 0.0.0.0/0
2021-02-05T06:00:25.036+0100	INFO	firewall: firewall disabled, only updating allowed subnets internal list
2021-02-05T06:00:25.037+0100	INFO	routing: default route found: interface eth0, gateway 172.17.0.1
2021-02-05T06:00:25.037+0100	INFO	openvpn configurator: checking for device /dev/net/tun
2021-02-05T06:00:25.037+0100	INFO	firewall: enabling...
2021-02-05T06:00:25.174+0100	INFO	firewall: enabled successfully
2021-02-05T06:00:25.174+0100	INFO	healthcheck: listening on 127.0.0.1:9999
==========> DEBUG: Protocol selected is: udp
==========> DEBUG: connection picked is: {46.166.143.98 54783 udp }
==========> DEBUG: connection to use in BuildConf is: {46.166.143.98 54783 udp }
2021-02-05T06:00:25.174+0100	INFO	dns over tls: using plaintext DNS at address 1.1.1.1
2021-02-05T06:00:25.174+0100	INFO	http server: listening on 0.0.0.0:8000
2021-02-05T06:00:25.175+0100	INFO	firewall: setting VPN connection through firewall...
2021-02-05T06:00:25.675+0100	INFO	openvpn configurator: starting openvpn
2021-02-05T06:00:25.678+0100	INFO	openvpn: Current Parameter Settings:
2021-02-05T06:00:25.678+0100	INFO	openvpn:   config = '/etc/openvpn/target.ovpn'
2021-02-05T06:00:25.678+0100	INFO	openvpn:   mode = 0
2021-02-05T06:00:25.678+0100	INFO	openvpn:   persist_config = DISABLED
2021-02-05T06:00:25.678+0100	INFO	openvpn:   persist_mode = 1
2021-02-05T06:00:25.678+0100	INFO	openvpn:   show_ciphers = DISABLED
2021-02-05T06:00:25.678+0100	INFO	openvpn:   show_digests = DISABLED
2021-02-05T06:00:25.678+0100	INFO	openvpn:   show_engines = DISABLED
2021-02-05T06:00:25.678+0100	INFO	openvpn:   genkey = DISABLED
2021-02-05T06:00:25.678+0100	INFO	openvpn:   key_pass_file = '[UNDEF]'
2021-02-05T06:00:25.678+0100	INFO	openvpn:   show_tls_ciphers = DISABLED
2021-02-05T06:00:25.678+0100	INFO	openvpn:   connect_retry_max = 0
2021-02-05T06:00:25.678+0100	INFO	openvpn: Connection profiles [0]:
2021-02-05T06:00:25.678+0100	INFO	openvpn:   proto = udp
2021-02-05T06:00:25.678+0100	INFO	openvpn:   local = '[UNDEF]'
2021-02-05T06:00:25.678+0100	INFO	openvpn:   local_port = '[UNDEF]'
2021-02-05T06:00:25.679+0100	INFO	openvpn:   remote = '46.166.143.98'
2021-02-05T06:00:25.679+0100	INFO	openvpn:   remote_port = '54783'
2021-02-05T06:00:25.680+0100	INFO	openvpn:   remote_float = DISABLED
2021-02-05T06:00:25.680+0100	INFO	openvpn:   bind_defined = DISABLED
2021-02-05T06:00:25.680+0100	INFO	openvpn:   bind_local = DISABLED
2021-02-05T06:00:25.680+0100	INFO	openvpn:   bind_ipv6_only = DISABLED
2021-02-05T06:00:25.680+0100	INFO	openvpn:   connect_retry_seconds = 5
2021-02-05T06:00:25.680+0100	INFO	openvpn:   connect_timeout = 120
2021-02-05T06:00:25.680+0100	INFO	openvpn:   socks_proxy_server = '[UNDEF]'
2021-02-05T06:00:25.680+0100	INFO	openvpn:   socks_proxy_port = '[UNDEF]'
2021-02-05T06:00:25.680+0100	INFO	openvpn:   tun_mtu = 1500
2021-02-05T06:00:25.680+0100	INFO	openvpn:   tun_mtu_defined = ENABLED
2021-02-05T06:00:25.680+0100	INFO	openvpn:   link_mtu = 1500
2021-02-05T06:00:25.680+0100	INFO	openvpn:   link_mtu_defined = DISABLED
2021-02-05T06:00:25.680+0100	INFO	openvpn:   tun_mtu_extra = 0
2021-02-05T06:00:25.680+0100	INFO	openvpn:   tun_mtu_extra_defined = DISABLED
2021-02-05T06:00:25.680+0100	INFO	openvpn:   mtu_discover_type = -1
2021-02-05T06:00:25.680+0100	INFO	openvpn:   fragment = 0
2021-02-05T06:00:25.680+0100	INFO	openvpn:   mssfix = 1450
2021-02-05T06:00:25.680+0100	INFO	openvpn:   explicit_exit_notification = 0
2021-02-05T06:00:25.680+0100	INFO	openvpn: Connection profiles END
2021-02-05T06:00:25.680+0100	INFO	openvpn:   remote_random = DISABLED
2021-02-05T06:00:25.681+0100	INFO	openvpn:   ipchange = '[UNDEF]'
2021-02-05T06:00:25.681+0100	INFO	openvpn:   dev = 'tun'
2021-02-05T06:00:25.681+0100	INFO	openvpn:   dev_type = '[UNDEF]'
2021-02-05T06:00:25.681+0100	INFO	openvpn:   dev_node = '[UNDEF]'
2021-02-05T06:00:25.681+0100	INFO	openvpn:   lladdr = '[UNDEF]'
2021-02-05T06:00:25.681+0100	INFO	openvpn:   topology = 1
2021-02-05T06:00:25.681+0100	INFO	openvpn:   ifconfig_local = '[UNDEF]'
2021-02-05T06:00:25.681+0100	INFO	openvpn:   ifconfig_remote_netmask = '[UNDEF]'
2021-02-05T06:00:25.681+0100	INFO	openvpn:   ifconfig_noexec = DISABLED
2021-02-05T06:00:25.681+0100	INFO	openvpn:   ifconfig_nowarn = DISABLED
2021-02-05T06:00:25.681+0100	INFO	openvpn:   ifconfig_ipv6_local = '[UNDEF]'
2021-02-05T06:00:25.681+0100	INFO	openvpn:   ifconfig_ipv6_netbits = 0
2021-02-05T06:00:25.681+0100	INFO	openvpn:   ifconfig_ipv6_remote = '[UNDEF]'
2021-02-05T06:00:25.681+0100	INFO	openvpn:   shaper = 0
2021-02-05T06:00:25.682+0100	INFO	openvpn:   mtu_test = 0
2021-02-05T06:00:25.682+0100	INFO	openvpn:   mlock = DISABLED
2021-02-05T06:00:25.682+0100	INFO	openvpn:   keepalive_ping = 0
2021-02-05T06:00:25.682+0100	INFO	openvpn:   keepalive_timeout = 0
2021-02-05T06:00:25.682+0100	INFO	openvpn:   inactivity_timeout = 0
2021-02-05T06:00:25.682+0100	INFO	openvpn:   ping_send_timeout = 10
2021-02-05T06:00:25.682+0100	INFO	openvpn:   ping_rec_timeout = 60
2021-02-05T06:00:25.682+0100	INFO	openvpn:   ping_rec_timeout_action = 1
2021-02-05T06:00:25.682+0100	INFO	openvpn:   ping_timer_remote = ENABLED
2021-02-05T06:00:25.682+0100	INFO	openvpn:   remap_sigusr1 = 0
2021-02-05T06:00:25.682+0100	INFO	openvpn:   persist_tun = DISABLED
2021-02-05T06:00:25.682+0100	INFO	openvpn:   persist_local_ip = DISABLED
2021-02-05T06:00:25.682+0100	INFO	openvpn:   persist_remote_ip = DISABLED
2021-02-05T06:00:25.682+0100	INFO	openvpn:   persist_key = ENABLED
2021-02-05T06:00:25.682+0100	INFO	openvpn:   passtos = DISABLED
2021-02-05T06:00:25.682+0100	INFO	openvpn:   resolve_retry_seconds = 1000000000
2021-02-05T06:00:25.682+0100	INFO	openvpn:   resolve_in_advance = DISABLED
2021-02-05T06:00:25.682+0100	INFO	openvpn:   username = 'nonrootuser'
2021-02-05T06:00:25.682+0100	INFO	openvpn:   groupname = '[UNDEF]'
2021-02-05T06:00:25.682+0100	INFO	openvpn:   chroot_dir = '[UNDEF]'
2021-02-05T06:00:25.682+0100	INFO	openvpn:   cd_dir = '[UNDEF]'
2021-02-05T06:00:25.682+0100	INFO	openvpn:   writepid = '[UNDEF]'
2021-02-05T06:00:25.682+0100	INFO	openvpn:   up_script = '[UNDEF]'
2021-02-05T06:00:25.682+0100	INFO	openvpn:   down_script = '[UNDEF]'
2021-02-05T06:00:25.682+0100	INFO	openvpn:   down_pre = DISABLED
2021-02-05T06:00:25.682+0100	INFO	openvpn:   up_restart = DISABLED
2021-02-05T06:00:25.682+0100	INFO	openvpn:   up_delay = DISABLED
2021-02-05T06:00:25.682+0100	INFO	openvpn:   daemon = DISABLED
2021-02-05T06:00:25.682+0100	INFO	openvpn:   inetd = 0
2021-02-05T06:00:25.682+0100	INFO	openvpn:   log = DISABLED
2021-02-05T06:00:25.682+0100	INFO	openvpn:   suppress_timestamps = ENABLED
2021-02-05T06:00:25.682+0100	INFO	openvpn:   machine_readable_output = DISABLED
2021-02-05T06:00:25.682+0100	INFO	openvpn:   nice = 0
2021-02-05T06:00:25.682+0100	INFO	openvpn:   verbosity = 4
2021-02-05T06:00:25.683+0100	INFO	openvpn:   mute = 0
2021-02-05T06:00:25.683+0100	INFO	openvpn:   gremlin = 0
2021-02-05T06:00:25.683+0100	INFO	openvpn:   status_file = '[UNDEF]'
2021-02-05T06:00:25.683+0100	INFO	openvpn:   status_file_version = 1
2021-02-05T06:00:25.683+0100	INFO	openvpn:   status_file_update_freq = 60
2021-02-05T06:00:25.683+0100	INFO	openvpn:   occ = ENABLED
2021-02-05T06:00:25.683+0100	INFO	openvpn:   rcvbuf = 0
2021-02-05T06:00:25.683+0100	INFO	openvpn:   sndbuf = 0
2021-02-05T06:00:25.683+0100	INFO	openvpn:   mark = 0
2021-02-05T06:00:25.683+0100	INFO	openvpn:   sockflags = 0
2021-02-05T06:00:25.683+0100	INFO	openvpn:   fast_io = DISABLED
2021-02-05T06:00:25.683+0100	INFO	openvpn:   comp.alg = 2
2021-02-05T06:00:25.683+0100	INFO	openvpn:   comp.flags = 1
2021-02-05T06:00:25.683+0100	INFO	openvpn:   route_script = '[UNDEF]'
2021-02-05T06:00:25.683+0100	INFO	openvpn:   route_default_gateway = '[UNDEF]'
2021-02-05T06:00:25.683+0100	INFO	openvpn:   route_default_metric = 0
2021-02-05T06:00:25.683+0100	INFO	openvpn:   route_noexec = DISABLED
2021-02-05T06:00:25.683+0100	INFO	openvpn:   route_delay = 0
2021-02-05T06:00:25.683+0100	INFO	openvpn:   route_delay_window = 30
2021-02-05T06:00:25.683+0100	INFO	openvpn:   route_delay_defined = DISABLED
2021-02-05T06:00:25.683+0100	INFO	openvpn:   route_nopull = DISABLED
2021-02-05T06:00:25.683+0100	INFO	openvpn:   route_gateway_via_dhcp = DISABLED
2021-02-05T06:00:25.683+0100	INFO	openvpn:   allow_pull_fqdn = DISABLED
2021-02-05T06:00:25.683+0100	INFO	openvpn:   Pull filters:
2021-02-05T06:00:25.683+0100	INFO	openvpn:     ignore "auth-token"
2021-02-05T06:00:25.683+0100	INFO	openvpn:   management_addr = '[UNDEF]'
2021-02-05T06:00:25.683+0100	INFO	openvpn:   management_port = '[UNDEF]'
2021-02-05T06:00:25.683+0100	INFO	openvpn:   management_user_pass = '[UNDEF]'
2021-02-05T06:00:25.683+0100	INFO	openvpn:   management_log_history_cache = 250
2021-02-05T06:00:25.683+0100	INFO	openvpn:   management_echo_buffer_size = 100
2021-02-05T06:00:25.683+0100	INFO	openvpn:   management_write_peer_info_file = '[UNDEF]'
2021-02-05T06:00:25.684+0100	INFO	openvpn:   management_client_user = '[UNDEF]'
2021-02-05T06:00:25.684+0100	INFO	openvpn:   management_client_group = '[UNDEF]'
2021-02-05T06:00:25.684+0100	INFO	openvpn:   management_flags = 0
2021-02-05T06:00:25.684+0100	INFO	openvpn:   shared_secret_file = '[UNDEF]'
2021-02-05T06:00:25.684+0100	INFO	openvpn:   key_direction = 1
2021-02-05T06:00:25.684+0100	INFO	openvpn:   ciphername = 'aes-256-gcm'
2021-02-05T06:00:25.684+0100	INFO	openvpn:   ncp_enabled = DISABLED
2021-02-05T06:00:25.684+0100	INFO	openvpn:   ncp_ciphers = 'AES-256-GCM:AES-256-CBC:AES-128-GCM'
2021-02-05T06:00:25.684+0100	INFO	openvpn:   authname = 'sha512'
2021-02-05T06:00:25.684+0100	INFO	openvpn:   prng_hash = 'SHA1'
2021-02-05T06:00:25.684+0100	INFO	openvpn:   prng_nonce_secret_len = 16
2021-02-05T06:00:25.684+0100	INFO	openvpn:   keysize = 0
2021-02-05T06:00:25.684+0100	INFO	openvpn:   engine = DISABLED
2021-02-05T06:00:25.684+0100	INFO	openvpn:   replay = ENABLED
2021-02-05T06:00:25.684+0100	INFO	openvpn:   mute_replay_warnings = ENABLED
2021-02-05T06:00:25.684+0100	INFO	openvpn:   replay_window = 64
2021-02-05T06:00:25.684+0100	INFO	openvpn:   replay_time = 15
2021-02-05T06:00:25.684+0100	INFO	openvpn:   packet_id_file = '[UNDEF]'
2021-02-05T06:00:25.684+0100	INFO	openvpn:   use_iv = ENABLED
2021-02-05T06:00:25.684+0100	INFO	openvpn:   test_crypto = DISABLED
2021-02-05T06:00:25.684+0100	INFO	openvpn:   tls_server = DISABLED
2021-02-05T06:00:25.684+0100	INFO	openvpn:   tls_client = ENABLED
2021-02-05T06:00:25.684+0100	INFO	openvpn:   key_method = 2
2021-02-05T06:00:25.684+0100	INFO	openvpn:   ca_file = '[[INLINE]]'
2021-02-05T06:00:25.684+0100	INFO	openvpn:   ca_path = '[UNDEF]'
2021-02-05T06:00:25.684+0100	INFO	openvpn:   dh_file = '[UNDEF]'
2021-02-05T06:00:25.684+0100	INFO	openvpn:   cert_file = '[UNDEF]'
2021-02-05T06:00:25.684+0100	INFO	openvpn:   extra_certs_file = '[UNDEF]'
2021-02-05T06:00:25.684+0100	INFO	openvpn:   priv_key_file = '[UNDEF]'
2021-02-05T06:00:25.684+0100	INFO	openvpn:   pkcs12_file = '[UNDEF]'
2021-02-05T06:00:25.684+0100	INFO	openvpn:   cipher_list = '[UNDEF]'
2021-02-05T06:00:25.684+0100	INFO	openvpn:   cipher_list_tls13 = '[UNDEF]'
2021-02-05T06:00:25.684+0100	INFO	openvpn:   tls_cert_profile = '[UNDEF]'
2021-02-05T06:00:25.684+0100	INFO	openvpn:   tls_verify = '[UNDEF]'
2021-02-05T06:00:25.685+0100	INFO	openvpn:   tls_export_cert = '[UNDEF]'
2021-02-05T06:00:25.685+0100	INFO	openvpn:   verify_x509_type = 0
2021-02-05T06:00:25.685+0100	INFO	openvpn:   verify_x509_name = '[UNDEF]'
2021-02-05T06:00:25.685+0100	INFO	openvpn:   crl_file = '[UNDEF]'
2021-02-05T06:00:25.685+0100	INFO	openvpn:   ns_cert_type = 0
2021-02-05T06:00:25.685+0100	INFO	openvpn:   remote_cert_ku[i] = 65535
2021-02-05T06:00:25.685+0100	INFO	openvpn:   remote_cert_ku[i] = 0
2021-02-05T06:00:25.685+0100	INFO	openvpn:   remote_cert_ku[i] = 0
2021-02-05T06:00:25.685+0100	INFO	openvpn:   remote_cert_ku[i] = 0
2021-02-05T06:00:25.685+0100	INFO	openvpn:   remote_cert_ku[i] = 0
2021-02-05T06:00:25.685+0100	INFO	openvpn:   remote_cert_ku[i] = 0
2021-02-05T06:00:25.685+0100	INFO	openvpn:   remote_cert_ku[i] = 0
2021-02-05T06:00:25.685+0100	INFO	openvpn:   remote_cert_ku[i] = 0
2021-02-05T06:00:25.685+0100	INFO	openvpn:   remote_cert_ku[i] = 0
2021-02-05T06:00:25.685+0100	INFO	openvpn:   remote_cert_ku[i] = 0
2021-02-05T06:00:25.685+0100	INFO	openvpn:   remote_cert_ku[i] = 0
2021-02-05T06:00:25.685+0100	INFO	openvpn:   remote_cert_ku[i] = 0
2021-02-05T06:00:25.685+0100	INFO	openvpn:   remote_cert_ku[i] = 0
2021-02-05T06:00:25.685+0100	INFO	openvpn:   remote_cert_ku[i] = 0
2021-02-05T06:00:25.685+0100	INFO	openvpn:   remote_cert_ku[i] = 0
2021-02-05T06:00:25.685+0100	INFO	openvpn:   remote_cert_ku[i] = 0
2021-02-05T06:00:25.685+0100	INFO	openvpn:   remote_cert_eku = 'TLS Web Server Authentication'
2021-02-05T06:00:25.685+0100	INFO	openvpn:   ssl_flags = 0
2021-02-05T06:00:25.685+0100	INFO	openvpn:   tls_timeout = 2
2021-02-05T06:00:25.685+0100	INFO	openvpn:   renegotiate_bytes = -1
2021-02-05T06:00:25.685+0100	INFO	openvpn:   renegotiate_packets = 0
2021-02-05T06:00:25.685+0100	INFO	openvpn:   renegotiate_seconds = 0
2021-02-05T06:00:25.685+0100	INFO	openvpn:   handshake_window = 60
2021-02-05T06:00:25.685+0100	INFO	openvpn:   transition_window = 3600
2021-02-05T06:00:25.685+0100	INFO	openvpn:   single_session = DISABLED
2021-02-05T06:00:25.685+0100	INFO	openvpn:   push_peer_info = DISABLED
2021-02-05T06:00:25.685+0100	INFO	openvpn:   tls_exit = ENABLED
2021-02-05T06:00:25.685+0100	INFO	openvpn:   tls_auth_file = '[[INLINE]]'
2021-02-05T06:00:25.685+0100	INFO	openvpn:   tls_crypt_file = '[UNDEF]'
2021-02-05T06:00:25.686+0100	INFO	openvpn:   server_network = 0.0.0.0
2021-02-05T06:00:25.686+0100	INFO	openvpn:   server_netmask = 0.0.0.0
2021-02-05T06:00:25.686+0100	INFO	openvpn:   server_network_ipv6 = ::
2021-02-05T06:00:25.686+0100	INFO	openvpn:   server_netbits_ipv6 = 0
2021-02-05T06:00:25.686+0100	INFO	openvpn:   server_bridge_ip = 0.0.0.0
2021-02-05T06:00:25.686+0100	INFO	openvpn:   server_bridge_netmask = 0.0.0.0
2021-02-05T06:00:25.686+0100	INFO	openvpn:   server_bridge_pool_start = 0.0.0.0
2021-02-05T06:00:25.686+0100	INFO	openvpn:   server_bridge_pool_end = 0.0.0.0
2021-02-05T06:00:25.686+0100	INFO	openvpn:   ifconfig_pool_defined = DISABLED
2021-02-05T06:00:25.686+0100	INFO	openvpn:   ifconfig_pool_start = 0.0.0.0
2021-02-05T06:00:25.686+0100	INFO	openvpn:   ifconfig_pool_end = 0.0.0.0
2021-02-05T06:00:25.686+0100	INFO	openvpn:   ifconfig_pool_netmask = 0.0.0.0
2021-02-05T06:00:25.686+0100	INFO	openvpn:   ifconfig_pool_persist_filename = '[UNDEF]'
2021-02-05T06:00:25.686+0100	INFO	openvpn:   ifconfig_pool_persist_refresh_freq = 600
2021-02-05T06:00:25.686+0100	INFO	openvpn:   ifconfig_ipv6_pool_defined = DISABLED
2021-02-05T06:00:25.686+0100	INFO	openvpn:   ifconfig_ipv6_pool_base = ::
2021-02-05T06:00:25.686+0100	INFO	openvpn:   ifconfig_ipv6_pool_netbits = 0
2021-02-05T06:00:25.686+0100	INFO	openvpn:   n_bcast_buf = 256
2021-02-05T06:00:25.686+0100	INFO	openvpn:   tcp_queue_limit = 64
2021-02-05T06:00:25.686+0100	INFO	openvpn:   real_hash_size = 256
2021-02-05T06:00:25.686+0100	INFO	openvpn:   virtual_hash_size = 256
2021-02-05T06:00:25.686+0100	INFO	openvpn:   client_connect_script = '[UNDEF]'
2021-02-05T06:00:25.686+0100	INFO	openvpn:   learn_address_script = '[UNDEF]'
2021-02-05T06:00:25.686+0100	INFO	openvpn:   client_disconnect_script = '[UNDEF]'
2021-02-05T06:00:25.686+0100	INFO	openvpn:   client_config_dir = '[UNDEF]'
2021-02-05T06:00:25.686+0100	INFO	openvpn:   ccd_exclusive = DISABLED
2021-02-05T06:00:25.686+0100	INFO	openvpn:   tmp_dir = '/tmp'
2021-02-05T06:00:25.686+0100	INFO	openvpn:   push_ifconfig_defined = DISABLED
2021-02-05T06:00:25.686+0100	INFO	openvpn:   push_ifconfig_local = 0.0.0.0
2021-02-05T06:00:25.686+0100	INFO	openvpn:   push_ifconfig_remote_netmask = 0.0.0.0
2021-02-05T06:00:25.686+0100	INFO	openvpn:   push_ifconfig_ipv6_defined = DISABLED
2021-02-05T06:00:25.686+0100	INFO	openvpn:   push_ifconfig_ipv6_local = ::/0
2021-02-05T06:00:25.686+0100	INFO	openvpn:   push_ifconfig_ipv6_remote = ::
2021-02-05T06:00:25.687+0100	INFO	openvpn:   enable_c2c = DISABLED
2021-02-05T06:00:25.687+0100	INFO	openvpn:   duplicate_cn = DISABLED
2021-02-05T06:00:25.687+0100	INFO	openvpn:   cf_max = 0
2021-02-05T06:00:25.687+0100	INFO	openvpn:   cf_per = 0
2021-02-05T06:00:25.687+0100	INFO	openvpn:   max_clients = 1024
2021-02-05T06:00:25.687+0100	INFO	openvpn:   max_routes_per_client = 256
2021-02-05T06:00:25.687+0100	INFO	openvpn:   auth_user_pass_verify_script = '[UNDEF]'
2021-02-05T06:00:25.687+0100	INFO	openvpn:   auth_user_pass_verify_script_via_file = DISABLED
2021-02-05T06:00:25.687+0100	INFO	openvpn:   auth_token_generate = DISABLED
2021-02-05T06:00:25.687+0100	INFO	openvpn:   auth_token_lifetime = 0
2021-02-05T06:00:25.687+0100	INFO	openvpn:   port_share_host = '[UNDEF]'
2021-02-05T06:00:25.687+0100	INFO	openvpn:   port_share_port = '[UNDEF]'
2021-02-05T06:00:25.687+0100	INFO	openvpn:   client = ENABLED
2021-02-05T06:00:25.687+0100	INFO	openvpn:   pull = ENABLED
2021-02-05T06:00:25.687+0100	INFO	openvpn:   auth_user_pass_file = '/etc/openvpn/auth.conf'
2021-02-05T06:00:25.687+0100	INFO	openvpn: OpenVPN 2.4.10 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan  4 2021
2021-02-05T06:00:25.687+0100	INFO	openvpn: library versions: OpenSSL 1.1.1i  8 Dec 2020, LZO 2.10
2021-02-05T06:00:25.728+0100	INFO	openvpn: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-02-05T06:00:25.728+0100	INFO	openvpn: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-02-05T06:00:25.728+0100	INFO	openvpn: LZO compression initializing
2021-02-05T06:00:25.728+0100	INFO	openvpn: Control Channel MTU parms [ L:1622 D:1140 EF:110 EB:0 ET:0 EL:3 ]
2021-02-05T06:00:25.728+0100	INFO	openvpn: Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
2021-02-05T06:00:25.729+0100	INFO	openvpn: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-client'
2021-02-05T06:00:25.729+0100	INFO	openvpn: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-server'
2021-02-05T06:00:25.729+0100	INFO	openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]46.166.143.98:54783
2021-02-05T06:00:25.729+0100	INFO	openvpn: Socket Buffers: R=[212992->212992] S=[212992->212992]
2021-02-05T06:00:25.729+0100	INFO	openvpn: UDP link local: (not bound)
2021-02-05T06:00:25.729+0100	INFO	openvpn: UDP link remote: [AF_INET]46.166.143.98:54783
2021-02-05T06:00:25.743+0100	INFO	openvpn: TLS: Initial packet from [AF_INET]46.166.143.98:54783, sid=c70ab2ad 3d93edc6
2021-02-05T06:00:25.770+0100	INFO	openvpn: VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Operations, CN=Windscribe Node CA
2021-02-05T06:00:25.771+0100	INFO	openvpn: VERIFY KU OK
2021-02-05T06:00:25.771+0100	INFO	openvpn: Validating certificate extended key usage
2021-02-05T06:00:25.771+0100	INFO	openvpn: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-02-05T06:00:25.771+0100	INFO	openvpn: VERIFY EKU OK
2021-02-05T06:00:25.771+0100	INFO	openvpn: VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096
2021-02-05T06:00:25.810+0100	INFO	openvpn: Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2021-02-05T06:00:25.810+0100	INFO	openvpn: [Windscribe Node Server 4096] Peer Connection Initiated with [AF_INET]46.166.143.98:54783
2021-02-05T06:00:26.993+0100	INFO	openvpn: SENT CONTROL [Windscribe Node Server 4096]: 'PUSH_REQUEST' (status=1)
2021-02-05T06:00:27.385+0100	INFO	openvpn: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,rcvbuf 256000,sndbuf 256000,route-gateway 10.116.50.1,topology subnet,ping 5,ping-restart 60,dhcp-option DNS 10.255.255.4,ifconfig 10.116.50.6 255.255.254.0,peer-id 10'
2021-02-05T06:00:27.385+0100	INFO	openvpn: OPTIONS IMPORT: timers and/or timeouts modified
2021-02-05T06:00:27.385+0100	INFO	openvpn: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2021-02-05T06:00:27.385+0100	INFO	openvpn: Socket Buffers: R=[212992->425984] S=[212992->425984]
2021-02-05T06:00:27.385+0100	INFO	openvpn: OPTIONS IMPORT: --ifconfig/up options modified
2021-02-05T06:00:27.385+0100	INFO	openvpn: OPTIONS IMPORT: route options modified
2021-02-05T06:00:27.385+0100	INFO	openvpn: OPTIONS IMPORT: route-related options modified
2021-02-05T06:00:27.385+0100	INFO	openvpn: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-02-05T06:00:27.385+0100	INFO	openvpn: OPTIONS IMPORT: peer-id set
2021-02-05T06:00:27.385+0100	INFO	openvpn: OPTIONS IMPORT: adjusting link_mtu to 1625
2021-02-05T06:00:27.385+0100	INFO	openvpn: Data Channel MTU parms [ L:1553 D:1450 EF:53 EB:406 ET:0 EL:3 ]
2021-02-05T06:00:27.385+0100	INFO	openvpn: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-02-05T06:00:27.385+0100	INFO	openvpn: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-02-05T06:00:27.386+0100	INFO	openvpn: ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:04
2021-02-05T06:00:27.387+0100	INFO	openvpn: TUN/TAP device tun0 opened
2021-02-05T06:00:27.387+0100	INFO	openvpn: TUN/TAP TX queue length set to 100
2021-02-05T06:00:27.387+0100	INFO	openvpn: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2021-02-05T06:00:27.387+0100	INFO	openvpn: /sbin/ip link set dev tun0 up mtu 1500
2021-02-05T06:00:28.104+0100	INFO	openvpn: /sbin/ip addr add dev tun0 10.116.50.6/23 broadcast 10.116.51.255
2021-02-05T06:00:28.106+0100	INFO	openvpn: /sbin/ip route add 46.166.143.98/32 via 172.17.0.1
2021-02-05T06:00:28.108+0100	INFO	openvpn: /sbin/ip route add 0.0.0.0/1 via 10.116.50.1
2021-02-05T06:00:28.109+0100	INFO	openvpn: /sbin/ip route add 128.0.0.0/1 via 10.116.50.1
2021-02-05T06:00:28.111+0100	INFO	openvpn: UID set to nonrootuser
2021-02-05T06:00:28.111+0100	INFO	openvpn: Initialization Sequence Completed
2021-02-05T06:00:28.112+0100	INFO	VPN routing IP address: 46.166.143.98
2021-02-05T06:00:28.112+0100	INFO	dns over tls: downloading DNS over TLS cryptographic files
2021-02-05T06:00:28.202+0100	INFO	healthcheck: passed
2021-02-05T06:00:29.953+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [2] [SSL-0] [0__00000111] 0:11 0:9 t=1612501229[0] r=[-1,64,15,2,1] sl=[53,11,64,528]
2021-02-05T06:00:30.642+0100	INFO	dns over tls: downloading hostnames and IP block lists
2021-02-05T06:00:30.815+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [4] [SSL-0] [0____00000000000000000000000000000000000000000000000001111111122] 0:65 0:61 t=1612501230[0] r=[-2,64,15,4,1] sl=[63,64,64,528]
2021-02-05T06:00:31.599+0100	INFO	dns over tls: init module 0: validator
2021-02-05T06:00:31.599+0100	INFO	dns over tls: init module 1: iterator
2021-02-05T06:00:31.640+0100	INFO	dns over tls: start of service (unbound 1.10.1).
2021-02-05T06:00:31.731+0100	INFO	dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-02-05T06:00:32.098+0100	INFO	dns over tls: ready
2021-02-05T06:00:32.439+0100	INFO	There is a new release v3.13.1 (v3.13.1 - Empty connection fix for NordVPN and Windscribe) created 4 days ago
2021-02-05T06:00:32.625+0100	INFO	ip getter: Public IP address is 46.166.143.102
2021-02-05T06:04:54.859+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [7] [SSL-0] [00______00000000000000000000000000000000000000000000000000000000] 0:1838 0:1831 t=1612501494[0] r=[0,64,15,7,1] sl=[18,64,64,528]
2021-02-05T06:04:54.995+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [12] [SSL-0] [0____________000000000000000000000000000000000000000000000000000] 0:3675 0:3663 t=1612501494[0] r=[0,64,15,12,1] sl=[37,64,64,528]
2021-02-05T06:04:55.000+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [15] [SSL-0] [0_______________00000000011111111111111111111111111111111111111_] 0:3863 0:3848 t=1612501495[0] r=[-1,64,15,15,1] sl=[41,64,64,528]
2021-02-05T06:04:56.666+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [18] [SSL-0] [000________________000000000000000000000000000000000000000000000] 0:32015 0:31997 t=1612501496[0] r=[-2,64,15,18,1] sl=[49,64,64,528]
2021-02-05T06:04:57.071+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [24] [SSL-0] [0________________________00000000000000000000000000__________000] 0:38649 0:38625 t=1612501497[0] r=[-3,64,15,24,1] sl=[7,64,64,528]
2021-02-05T06:04:58.459+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [26] [SSL-0] [00_________________________00_0000000000000000000000000000000000] 0:58633 0:58607 t=1612501498[0] r=[-4,64,15,26,1] sl=[55,64,64,528]
2021-02-05T06:05:05.289+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [45] [SSL-0] [0_____________________________________________0000_0__0000000000] 0:157087 0:157042 t=1612501505[0] r=[-1,64,15,45,1] sl=[11,64,64,528]
2021-02-05T06:05:12.162+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [53] [SSL-0] [0_____________________________________________________0000000000] 0:261778 0:261725 t=1612501512[0] r=[-3,64,15,53,1] sl=[48,64,64,528]
2021-02-05T06:05:12.173+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [58] [SSL-0] [0__________________________________________________________00___] 0:262025 0:261967 t=1612501512[0] r=[-3,64,15,58,1] sl=[57,64,64,528]
2021-02-05T06:05:23.413+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [62] [SSL-0] [000_____________________________________________________________] 0:436124 0:436062 t=1612501523[0] r=[-4,64,15,62,1] sl=[39,64,64,528]
2021-02-05T06:05:57.889+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [67] [SSL-0] [0_______________________________________________________________] 0:921751 0:921684 t=1612501557[0] r=[-3,64,15,67,1] sl=[0,64,64,528]
2021-02-05T06:05:57.890+0100	INFO	openvpn: PID_ERR large diff [67] [SSL-0] [0_______________________________________________________________] 0:921751 0:921684 t=1612501557[0] r=[-3,64,15,67,1] sl=[0,64,64,528]
2021-02-05T06:05:57.890+0100	INFO	openvpn: PID_ERR large diff [66] [SSL-0] [0_______________________________________________________________] 0:921751 0:921685 t=1612501557[0] r=[-3,64,15,67,1] sl=[0,64,64,528]
2021-02-05T06:05:57.890+0100	INFO	openvpn: PID_ERR large diff [65] [SSL-0] [0_______________________________________________________________] 0:921751 0:921686 t=1612501557[0] r=[-3,64,15,67,1] sl=[0,64,64,528]
2021-02-05T06:13:12.019+0100	INFO	openvpn: TLS Error: unknown opcode received from [AF_INET]46.166.143.98:54783 op=27
2021-02-05T07:13:15.397+0100	INFO	dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-02-05T08:07:02.971+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [69] [SSL-0] [0_______________________________________________________________] 0:1977792 0:1977723 t=1612508822[0] r=[-1,64,15,69,1] sl=[0,64,64,528]
2021-02-05T08:07:02.972+0100	INFO	openvpn: PID_ERR large diff [69] [SSL-0] [0_______________________________________________________________] 0:1977792 0:1977723 t=1612508822[0] r=[-1,64,15,69,1] sl=[0,64,64,528]
2021-02-05T08:07:02.973+0100	INFO	openvpn: PID_ERR large diff [69] [SSL-0] [00______________________________________________________________] 0:1977793 0:1977724 t=1612508822[0] r=[-1,64,15,69,1] sl=[63,64,64,528]
2021-02-05T08:07:02.974+0100	INFO	openvpn: PID_ERR large diff [68] [SSL-0] [00______________________________________________________________] 0:1977793 0:1977725 t=1612508822[0] r=[-1,64,15,69,1] sl=[63,64,64,528]
2021-02-05T08:07:02.975+0100	INFO	openvpn: PID_ERR large diff [67] [SSL-0] [00______________________________________________________________] 0:1977793 0:1977726 t=1612508822[0] r=[-1,64,15,69,1] sl=[63,64,64,528]
2021-02-05T08:07:02.975+0100	INFO	openvpn: PID_ERR large diff [66] [SSL-0] [00______________________________________________________________] 0:1977793 0:1977727 t=1612508822[0] r=[-1,64,15,69,1] sl=[63,64,64,528]
2021-02-05T08:07:02.976+0100	INFO	openvpn: PID_ERR large diff [65] [SSL-0] [00______________________________________________________________] 0:1977793 0:1977728 t=1612508822[0] r=[-1,64,15,69,1] sl=[63,64,64,528]
2021-02-05T08:07:02.977+0100	INFO	openvpn: PID_ERR large diff [64] [SSL-0] [00______________________________________________________________] 0:1977793 0:1977729 t=1612508822[0] r=[-1,64,15,69,1] sl=[63,64,64,528]
2021-02-05T09:06:59.451+0100	INFO	dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-02-05T10:45:37.130+0100	INFO	dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-02-05T11:39:40.256+0100	INFO	openvpn: TLS Error: unknown opcode received from [AF_INET]46.166.143.98:54783 op=15
2021-02-05T11:40:15.330+0100	INFO	openvpn: TLS Error: unknown opcode received from [AF_INET]46.166.143.98:54783 op=16
2021-02-05T12:04:55.863+0100	INFO	dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-02-05T12:11:03.360+0100	INFO	openvpn: PID_ERR large diff [65] [SSL-0] [000_____________________________________________________________] 0:4971144 0:4971079 t=1612523463[0] r=[-3,64,15,69,1] sl=[56,64,64,528]
2021-02-05T12:11:03.360+0100	INFO	openvpn: PID_ERR large diff [64] [SSL-0] [000_____________________________________________________________] 0:4971144 0:4971080 t=1612523463[0] r=[-3,64,15,69,1] sl=[56,64,64,528]

2021-02-08T06:00:52.631+0100	INFO	ip getter: Public IP address is 109.201.130.11
2021-02-08T06:07:55.033+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [12] [SSL-0] [000__________000000000000000000000000000000000000000000000000000] 0:6396 0:6384 t=1612760875[0] r=[-2,64,15,12,1] sl=[4,64,64,528]
2021-02-08T06:07:55.579+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [13] [SSL-0] [00____________00000000000000000000000000000000000000000000000000] 0:14633 0:14620 t=1612760875[0] r=[-2,64,15,13,1] sl=[23,64,64,528]
2021-02-08T06:07:55.628+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [15] [SSL-0] [00000___________000000000000000000000000000000000000000000000000] 0:15323 0:15308 t=1612760875[0] r=[-2,64,15,15,1] sl=[37,64,64,528]
2021-02-08T06:07:56.547+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [19] [SSL-0] [00__________________00000000000000000000000000000000000000000000] 0:26850 0:26831 t=1612760876[0] r=[-3,64,15,19,1] sl=[30,64,64,528]
2021-02-08T06:07:56.843+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [23] [SSL-0] [000_____________________0000000000000000000000000000000000000000] 0:31434 0:31411 t=1612760876[0] r=[-3,64,15,23,1] sl=[54,64,64,528]
2021-02-08T06:07:57.300+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [24] [SSL-0] [00_______________________000000000000000000000000000000000000000] 0:37861 0:37837 t=1612760877[0] r=[-4,64,15,24,1] sl=[39,64,64,528]
2021-02-08T06:07:57.526+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [34] [SSL-0] [0__________________________________0____00000000000000000000____] 0:41122 0:41088 t=1612760877[0] r=[-4,64,15,34,1] sl=[42,64,64,528]
2021-02-08T06:07:57.530+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [42] [SSL-0] [0__________________________________________0______0____000000000] 0:41497 0:41455 t=1612760877[0] r=[-4,64,15,42,1] sl=[51,64,64,528]
2021-02-08T06:08:20.237+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [48] [SSL-0] [0________________________________________________0000____0_00000] 0:301424 0:301376 t=1612760900[0] r=[-2,64,15,48,1] sl=[51,64,64,528]
2021-02-08T06:08:21.677+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [60] [SSL-0] [000__________________________________________________________000] 0:318133 0:318073 t=1612760901[0] r=[-3,64,15,60,1] sl=[41,64,64,528]
2021-02-08T07:01:48.143+0100	INFO	dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-02-08T08:42:16.564+0100	INFO	dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-02-08T09:44:16.445+0100	INFO	dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-02-08T09:57:42.741+0100	INFO	openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=15
2021-02-08T10:45:46.084+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [66] [SSL-0] [00______________________________________________________________] 0:5150433 0:5150367 t=1612777546[0] r=[-1,64,15,66,1] sl=[63,64,64,528]
2021-02-08T10:45:46.150+0100	INFO	openvpn: PID_ERR large diff [66] [SSL-0] [00______________________________________________________________] 0:5150433 0:5150367 t=1612777546[0] r=[-1,64,15,66,1] sl=[63,64,64,528]
2021-02-08T10:45:46.151+0100	INFO	openvpn: PID_ERR large diff [65] [SSL-0] [00______________________________________________________________] 0:5150433 0:5150368 t=1612777546[0] r=[-1,64,15,66,1] sl=[63,64,64,528]
2021-02-08T10:45:46.151+0100	INFO	openvpn: PID_ERR large diff [64] [SSL-0] [00______________________________________________________________] 0:5150433 0:5150369 t=1612777546[0] r=[-1,64,15,66,1] sl=[63,64,64,528]
2021-02-08T10:46:01.065+0100	INFO	openvpn: PID_ERR large diff [66] [SSL-0] [000_____________________________________________________________] 0:5357248 0:5357182 t=1612777561[0] r=[-1,64,15,66,1] sl=[62,64,64,528]
2021-02-08T10:46:01.065+0100	INFO	openvpn: PID_ERR large diff [65] [SSL-0] [000_____________________________________________________________] 0:5357248 0:5357183 t=1612777561[0] r=[-1,64,15,66,1] sl=[62,64,64,528]
2021-02-08T10:46:01.065+0100	INFO	openvpn: PID_ERR large diff [64] [SSL-0] [000_____________________________________________________________] 0:5357248 0:5357184 t=1612777561[0] r=[-1,64,15,66,1] sl=[62,64,64,528]
2021-02-08T10:55:04.373+0100	INFO	dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-02-08T12:07:57.792+0100	INFO	dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-02-08T12:18:27.552+0100	INFO	openvpn: PID_ERR replay-window backtrack occurred [82] [SSL-0] [00000___________________________________________________________] 0:7154690 0:7154608 t=1612783107[0] r=[-2,64,15,82,1] sl=[60,64,64,528]
2021-02-08T12:18:27.552+0100	INFO	openvpn: PID_ERR large diff [82] [SSL-0] [00000___________________________________________________________] 0:7154690 0:7154608 t=1612783107[0] r=[-2,64,15,82,1] sl=[60,64,64,528]
2021-02-08T12:18:27.553+0100	INFO	openvpn: PID_ERR large diff [81] [SSL-0] [00000___________________________________________________________] 0:7154690 0:7154609 t=1612783107[0] r=[-2,64,15,82,1] sl=[60,64,64,528]
2021-02-08T12:18:27.554+0100	INFO	openvpn: PID_ERR large diff [80] [SSL-0] [00000___________________________________________________________] 0:7154690 0:7154610 t=1612783107[0] r=[-2,64,15,82,1] sl=[60,64,64,528]
2021-02-08T12:18:27.554+0100	INFO	openvpn: PID_ERR large diff [79] [SSL-0] [00000___________________________________________________________] 0:7154690 0:7154611 t=1612783107[0] r=[-2,64,15,82,1] sl=[60,64,64,528]
2021-02-08T12:18:27.554+0100	INFO	openvpn: PID_ERR large diff [78] [SSL-0] [00000___________________________________________________________] 0:7154690 0:7154612 t=1612783107[0] r=[-2,64,15,82,1] sl=[60,64,64,528]
2021-02-08T12:18:27.554+0100	INFO	openvpn: PID_ERR large diff [77] [SSL-0] [00000___________________________________________________________] 0:7154690 0:7154613 t=1612783107[0] r=[-2,64,15,82,1] sl=[60,64,64,528]
2021-02-08T12:18:27.554+0100	INFO	openvpn: PID_ERR large diff [76] [SSL-0] [00000___________________________________________________________] 0:7154690 0:7154614 t=1612783107[0] r=[-2,64,15,82,1] sl=[60,64,64,528]
2021-02-08T12:18:27.555+0100	INFO	openvpn: PID_ERR large diff [75] [SSL-0] [00000___________________________________________________________] 0:7154690 0:7154615 t=1612783107[0] r=[-2,64,15,82,1] sl=[60,64,64,528]
2021-02-08T12:18:27.555+0100	INFO	openvpn: PID_ERR large diff [74] [SSL-0] [00000___________________________________________________________] 0:7154690 0:7154616 t=1612783107[0] r=[-2,64,15,82,1] sl=[60,64,64,528]
2021-02-08T12:18:27.555+0100	INFO	openvpn: PID_ERR large diff [73] [SSL-0] [00000___________________________________________________________] 0:7154690 0:7154617 t=1612783107[0] r=[-2,64,15,82,1] sl=[60,64,64,528]
2021-02-08T12:18:27.555+0100	INFO	openvpn: PID_ERR large diff [72] [SSL-0] [00000___________________________________________________________] 0:7154690 0:7154618 t=1612783107[0] r=[-2,64,15,82,1] sl=[60,64,64,528]
2021-02-08T12:18:27.555+0100	INFO	openvpn: PID_ERR large diff [71] [SSL-0] [00000___________________________________________________________] 0:7154690 0:7154619 t=1612783107[0] r=[-2,64,15,82,1] sl=[60,64,64,528]
2021-02-08T12:18:27.555+0100	INFO	openvpn: PID_ERR large diff [70] [SSL-0] [00000___________________________________________________________] 0:7154690 0:7154620 t=1612783107[0] r=[-2,64,15,82,1] sl=[60,64,64,528]
2021-02-08T12:18:27.555+0100	INFO	openvpn: PID_ERR large diff [69] [SSL-0] [00000___________________________________________________________] 0:7154690 0:7154621 t=1612783107[0] r=[-2,64,15,82,1] sl=[60,64,64,528]
2021-02-08T12:18:27.555+0100	INFO	openvpn: PID_ERR large diff [68] [SSL-0] [00000___________________________________________________________] 0:7154690 0:7154622 t=1612783107[0] r=[-2,64,15,82,1] sl=[60,64,64,528]
2021-02-08T12:18:27.556+0100	INFO	openvpn: PID_ERR large diff [67] [SSL-0] [00000___________________________________________________________] 0:7154690 0:7154623 t=1612783107[0] r=[-2,64,15,82,1] sl=[60,64,64,528]
2021-02-08T12:18:27.556+0100	INFO	openvpn: PID_ERR large diff [66] [SSL-0] [00000___________________________________________________________] 0:7154690 0:7154624 t=1612783107[0] r=[-2,64,15,82,1] sl=[60,64,64,528]
2021-02-08T12:18:27.556+0100	INFO	openvpn: PID_ERR large diff [65] [SSL-0] [00000___________________________________________________________] 0:7154690 0:7154625 t=1612783107[0] r=[-2,64,15,82,1] sl=[60,64,64,528]
2021-02-08T12:18:27.556+0100	INFO	openvpn: PID_ERR large diff [64] [SSL-0] [00000___________________________________________________________] 0:7154690 0:7154626 t=1612783107[0] r=[-2,64,15,82,1] sl=[60,64,64,528]
2021-02-08T12:30:32.688+0100	INFO	openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=10
2021-02-08T13:17:09.355+0100	INFO	dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-02-08T14:21:13.591+0100	INFO	openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=31
2021-02-08T15:20:41.594+0100	INFO	dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021-02-08T15:42:26.397+0100	INFO	openvpn: TLS Error: unknown opcode received from [AF_INET]109.201.130.2:54783 op=21

I haven’t seen this message for a long time «AEAD Decrypt error: cipher final failed»

and this is something else or not «openvpn: TLS Error: unknown opcode received»

otherwise everything is good, connection is stable

I created #373 to address the opcode error.

Also does this opcode error disconnects you or is this just a strange error message in the logs?

I merged :windscribe-tls-sync in :latest, maybe

I also added ncp-disable which may help the AEAD Decrypt error: cipher final failed error.

fixed that TLS issue somehow. Let’s close the issue for now until this happens again, as it’s getting quite huge now with all them logs 😅 And let’s continue the discussion on #373 (I also pasted your most recent logs there).

Источник

Столкнулся с необходимостью поднять OpenVPN. Случай мой оказался не стандартным. Cервер должен быть на Windows, клиентами же выступают пром. gsm-модемы. с линуксом на борту. Задача не простая, тут собран мой опыт по настройке OpenVPN, и варианты граблей с которыми мне пришлось в этом процессе столкнуться. Начну пожалуй с ресурсов которые мне в этом помогли:

Примеры настройки OpenVPN

Основные ресурсы с примерами настройки openVPN сервера и клиентов:

прежде всего официальный мануал:https://openvpn.net/index.php/open-source/documentation/manuals/openvpn-20x-manpage.html

теперь ряд русскоязычных ресурсов:

http://compkaluga.ru/articles/172/ — грамотный туториал с указанием основных возможных ошибок
http://www.sysadmin.in.ua/info/index/22/27/39 — простая и доходчивая статья, но в настройках допущена ошибка —
# Эти параметры в среде windows — не дадут клиенту подключиться к серверу. их следует закоментировать или убрать.
user nouser
group nogroup

пойдем дальше

Эта статья незаслуженно низко находится в выдаче поисковиков http://interface31.ru/tech_it/2011/09/organizaciya-vpn-kanalov-mezhdu-ofisami.html — очень грамотная и доступная подробно разбирает процесс настройки сервера и клиента, а так же вопросы настройки маршрутизации трафика. Т.е. если у вас задача объединить несколько офисных сетей — то обязательна к изучению. Однако, вопрос генерации ключей дан вскользь, для этого стоит посмотреть один из мануалов дальше.

http://habrahabr.ru/post/233971/ — подробный разбор запуска на Linux системах. В конце материала описана процедура настройки для windows систем.
http://habrahabr.ru/sandbox/58689/ — по сути краткая шпаргалка по заведению openVPN на windows. полезна в том случае если подробный разбор вы уже изучили, но подзабыли отдельные детали процесса.А вот на это я бы обратил внимание:

— Далее во избежание проблем с созданием сертификата клиента очищаем index.txt папке ssl
http://geektimes.ru/post/197744/ Основная особенность этого мануала заключается в том что дан пример настройки OpenVPN под Windows, но без tls аутентификации — соответственно конфиг проще, ключей поменьше. Но и уровень безопасности пожиже. Однако главной фишкой для меня стало вот это: «Теперь о конфиге клиента. Можно не передавать файлы сертификатов, а вписать сразу в конфиг, только делать это лучше не с блокнота, а с AkelPad’а или Notepad++ например.» ну и дальше читайте на странице.От себя должен сказать, что у меня такой файл конфига клиента с вшитыми ключами создать пока не вышло. Но обязательно буду пытаться, о результатах доложу здесь же.
http://yakm.ru/Nastroyka-OpenVPN.html тут дан пример простенького конфига с одним секретным ключём на две машины. Т.е. использую данный конфиг, вы можете поднять сервер и подключить к нему одного клиента. Для более сложных конфигураций надо всё-таки генерить все ключи.
http://yakm.ru/Nastroyka-OpenVPN-chast-2.html продолжение туториала выше, где собран простенький но полноценный конфиг. Однако вопрос генерации ключей разобран вскользь.
http://www.freeproxy.ru/ru/vpn/windows-7/openvpn.htm простой но очень важный туториал по правильной установке и запуску OpenVpn в среде Windows. Особо хотелось бы обратить внимание на необходимость запускать openvpnGUI — от имени администратора. Без этой малости — ни один клиент не сможет подключиться к успешно работающему серверу.
http://forum.ixbt.com/topic.cgi?id=14:40906:1#1 — огромная конференция по вопросам работы с OpenVPN. Наверное тут разобраны все возможные вопросы. Однако вкурить всю ветку форума — задача поистине титаническая.

http://suli-company.org.ua/it/unix/1063-prostaya-nastroyka-openvpn-s-fiksirovannymi-adresami-klientov.html еще один очень подробный разобор. В основном он посвещен настройки openVPN на Linux. Но разбор конфигов очень подробный. Дан частичный адаптированный русский перевод мануала из первой ссылки. И в конце статьи вариант настройки на Windows. + решения для нескольких проблемм:»Получено сообщение Initialization Sequence Completed, но пинг не проходит — это означает, что брандмауэр на сервере или клиенте блокирует VPN сетевой трафик на TUN/TAP интерфейсе. Решение проблемы: запретите брандмауэру клиента (если есть) фильтрацию TUN/TAP интерфейса клиента.»
http://samag.ru/archive/article/318 — еще один разбор настройки OpenVPN — тут упор сделан на кросс-платформенность.

OpenVPN и роутеры

http://www.dd-wrt.com/site/support/router-database

Конфиг OpenVPN Сервера, на Windows 7:

Ну и собственно мой конфиг. Он прямо скажем не идеален, но вполне годен.

port 1194
proto udp
dev tap2
dev-node «vpn»
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
client-to-client #разрешить общение клиентов между собой подробнее см.ниже
topology subnet
route-method exe
route-delay 5
route 10.8.0.0 255.255.255.0
#PUSH START те данные которые мы передаем на клиент.
#push «dhcp-option gateway 10.8.0.1» — имело бы смысл с windows клиентами, у нас linux
push «persist-key»
push «persist-tun»
#PUSH END
duplicate-cn #позволяем нескольким клиентам пользоваться одним ключом
keepalive 10 120
#cipher AES-128-CBC #закоментировали алгоритм шифрования будет использован по умолчанию
comp-lzo
persist-tun
persist-key
persist-local-ip
persist-remote-ip
status openvpn-status.log
log c:\OpenVPN\log\openvpn.log
verb 5

Настройка Клиента IRZ RUH2:

client
proto udp
dev tap2
remote 111.111.111.111 1194
ca ca.crt #ключи
key client.key
cert client.crt
route-method ipapi #если клиент Linux, exe если Windows
route-delay 5 #пауза для применения настроек 5-10 секунд
route 10.8.0.0 255.255.255.0 10.8.0.1 #прописываем на клиенте маршрут
route-gateway 10.8.0.1 #Шлюз
comp-lzo #сжатие
nobind #
persist-key #
persist-tun
verb 5
mute 20

Некоторые ошибки при настройке OpenVPN

Authenticate/Decrypt packet error: packet HMAC authentication failed

Authenticate/Decrypt packet error: cipher final failed

Не возможно подключиться к интерфейсу, если служба уже запущена

Идем в службы и выключаем её

При запуске сервера OpenVPN ошибкa: не возможно добавить маршрут в таблицу маршрутизации

Решение: Не хватает прав доступа, необходимо запустить сервер от имени администратора.

Клиент находит сервер, подключается, но не пингуется, или не может подключиться.

— Необходимо на сервере внести в правила фаервола исключение для нашего сервиса.

Клиент находит сервер, но не пингуется.

Ошибка: Initialization Sequence Completed With Errors ( see http://openvpn.net/f…#dhcpclientserv )

вылечилось добавлением openVPN в исключения фаервола.

netsh firewall add allowedprogram program = C:OpenVPNbinopenvpn.exe name = «OpenVPN Server» ENABLE scope = ALL profile = ALL

Продолжение темы настройки openVPN:

Настройка OpenVPN на роутере DD-WRT Asus RT-N10U
Клиенты OpenVPN не видят друг друга

Источник

I’m using OPNsense and followed the instructions for pfSense found here seemingly to the tee, but when I do this (and even though the vpn client status is saying that it’s status is «up«), I get the following log entries:

Apr 7 22:40:33 openvpn[6489]: SIGUSR1[soft,ping-restart] received, process restarting 
Apr 7 22:40:33 openvpn[6489]: [6a23523234543a944680d35345ab3] Inactivity timeout (--ping-restart), restarting 
Apr 7 22:40:32 openvpn[6489]: AEAD Decrypt error: cipher final failed 
Apr 7 22:40:22 openvpn[6489]: AEAD Decrypt error: cipher final failed 
Apr 7 22:40:12 openvpn[6489]: AEAD Decrypt error: cipher final failed 
Apr 7 22:40:02 openvpn[6489]: AEAD Decrypt error: cipher final failed 
Apr 7 22:39:52 openvpn[6489]: AEAD Decrypt error: cipher final failed 
Apr 7 22:39:42 openvpn[6489]: AEAD Decrypt error: cipher final failed 
Apr 7 22:39:33 openvpn[6489]: Initialization Sequence Completed

It did say to use AES-128-GCM (notice in steps 3 & 4) with PIA-2048 (specifically I believe: ca.rsa.2048.crt). Here are all the settings: https://ibb.co/3Yc7GXn

One thing I have found is that if I change instead to aes-128-cbc it does connect and stays connected to the VPN, but clearly the PIA instructions must be wrong…?

Has something changed or did I miss something?

Источник

Fixing OpenVPN «Authenticate/Decrypt packet error: cipher final failed»

When connecting to a VPN I was constant getting the error

Mar 8 09:29:27 openvpn[1696]: Authenticate/Decrypt packet error: cipher final failed

I had imported the supplied ovpn file and had followed all the other configuration steps, so this was quite frustrating. Then I saw this in the logs:

Mar 8 09:31:07 openvpn[1790]: WARNING: ‘cipher’ is used inconsistently, local=’cipher BF-CBC’, remote=’cipher AES-256-CBC’

Changing my client to use «cipher AES-256-CBC» instead of the default (which apparently was cipher BF-CBC) fixed the issue.

MinHash for dummies

Duplicate document detection is becoming increasingly important for businesses that have huge collections of email, web pages and documents with multiple copies that may or may not be kept up to date. MinHash is a fairly simple algorithm that from all my Googling has been explained very poorly in blogs or in the kind of mathematical terms that I forgot long ago. So in this article I will attempt to explain how MinHash works at a practical code level. Before I start, please take a look at http://infolab.stanford.edu/~ullman/mmds/ch3.pdf . That document goes into a lot of theory, and was ultimately where my understanding on MinHash came from. Unfortunately it approaches the algorithm from a theoretical standpoint, but if I gloss over some aspect of the MinHash algorithm here, you will almost certainly find a fuller explanation in the PDF. I’ll also be using pseudo Java in these examples instead of traditional math. This means when I use terms like Set, I am referring to the gr

Authenticating via Kerberos with Keycloak and Windows 2008 Active Directory

The following instructions show you how to configure Keycloak with Windows AD in order to use Kerberos authentication. Assumptions The Kerberos realm is VIRTUAL.LOCAL The hostname used to access Keycloak is virtual.local. This just means we are running Keycloak on the domain controller. In production virtual.local will be replaced with something like keycloak.dev.virtual.local or something like that, giving you a SPN of HTTP/keycloak.dev.virtual.local@VIRTUAL.LOCAL Configuration Create a windows domain account called Keycloak. Run the following command to assign a SPN to the user and generate a keytab file: ktpass -out keycloak.keytab -princ HTTP/virtual.local@VIRTUAL.LOCAL -mapUser Keycloak@VIRTUAL.LOCAL -pass password1! -kvno 0 -ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT Verify the SPN has been assigned to the user with the command: setspn -l Keycloak Configure the LDAP settings in Keycloak like this. Since we are running Keycloak on the domain controller, we ref

Источник

Hi,

On 03-11-17 15:03, Jan Just Keijser wrote:
> whilst testing some new hardware with OpenVPN I ran into the following
> messages which keep popping up from time to time:
> 
>  AEAD Decrypt error: cipher final failed
> 
> 
> Config:
> 
> server running OpenVPN 2.4.3, basic config, Ubuntu 17, kernel 4.14,
> openssl 1.0.2g
> client running OpenVPN 2.4.4, basic config, CentOS 7.4, kernel 3.10,
> openssl 1.0.2k
> 
> it's the client that is throwing the above message during heavy load
> (900 Mbps VPN traffic). It happens only with NCP ciphers , I am not
> seeing any cipher messages with 'ncp-disable' set.
> 
> as soon as I add 'verb 5' or higher, the message goes away, because
> performance drops to below 500 Mbps due to excessive output.
> Any idea how to tackle this?

This is (most likely) the GCM authentication check failing.  What would
be interesting is to see at least what is on the wire and what the
receiving process thinks it's receiving.  Also, printing the session
keys would help to verify the crypto.

The verb level do not allow enough granularity to achieve this, so
you'll have to change the code to print the session keys (after the kex)
and the full received packet if this error occurs, and keep a pcap of
the transfer.  Though I'm not very sure whether it's doable to store a
pcap @ 900 mbit - it's probably not on my old/cheap hw ;-)

-Steffan

Источник

Windows IP Configuration

Unknown adapter Local Area Connection:

Ethernet adapter Ethernet:

Ethernet adapter 000int-miknyb (Cray-4):

Ethernet adapter Npcap Loopback Adapter:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Npcap Loopback Adapter
Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e5d3 :11af: 5af4:92c9%6(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.146.201(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 805437516
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-27-55-5D-85-3C-7C-3F-D4-C1-56
DNS Servers . . . . . . . . . . . : fd53:7061:726b:4c61:6273:5669:7344:4e53
127.56.49.53
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter vEthernet (Internet):

Ethernet adapter vEthernet (Default Switch):

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
Physical Address. . . . . . . . . : 00-15-5D-40-3F-A5
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b838:6e5d :3235: 9cf2%25(Preferred)
IPv4 Address. . . . . . . . . . . : 172.18.137.225(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 419435869
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-27-55-5D-85-3C-7C-3F-D4-C1-56
DNS Servers . . . . . . . . . . . : fd53:7061:726b:4c61:6273:5669:7344:4e53
127.56.49.53
NetBIOS over Tcpip. . . . . . . . : Enabled

Источник

While setting up OpenVPN I came accross some common errors or workarounds that make life easier. To make it easier to remember these I have documented them in this blog. Maybe they are useful for others as well.

Remove pass phrase

In case you want to remove the pass phrase from the server key to make it easiert to start the OpenVPN server part, use the following command:

mv server.key server.key.orig
openssl rsa -in server.key.orig -out server.key

You’ll have to enter one more time the pass phrase of the key, and then a new server.key file is written without the pass phrase. You can see this when looking into the key files.

With pass phrase:

Note: file starts with: BEGIN ENCRYPTED PRIVATE KEY

Without pass phrase:

Note: file starts with: BEGIN RSA PRIVATE KEY

Run OpenVPN as a service on Linux

After installing openvpn via yum on AWS AMI Linux, a service script is also installed. How the file works and can be activated is written in the file itself:

more /etc/init.d/openvpn

The file should already be copied by yum to /etc/rc.d/init.d/openvpn

Activate the service

chkconfig

Check whether or not openvpn is already configured to run as a service. For each run level, the status is either on or off. In case of on, openvpn is already configured to run as a service. In this example, opevpn is not configured to run as a service in any runlevel.

sudo chkconfig --add openvpn

sudo chkconfig openvpn on

OpenVPN will now be started as a service in the run levels 2, 3, 4 and 5. Output of openvpn is then written to /var/log/messages

sudo tail -f /var/log/messages

Systemd

To start and control openvpn via systemd. Check status of openvpn.

sudo systemctl status openvpn

Edit service configuration

sudo vim /etc/default/openvpn

Insert the client configuration to start automatically. Here, I am going to start client1.conf:

AUTOSTART=”client1”

Start service

sudo systemctl start openvpn
sudo systemctl status openvpn

Solving common OpenVPN connection error message

Some information on how to solve common OpenVPN error message on the server and client. Most occur when trying to start OpenVPN for the first time.

TA.KEY

Client starts connecting but no connection is established.

Error message

TLS Error: cannot locate HMAC in incoming packet from [AF_INET]

Cause

Server is configured to use ta.key.

Solution

Copy the ta.key into the openvpn configuration directory and specify its location in the conf file.

Cipher final failed

OpenVPN server accepts a client connection, but communication fails.

Error message

Authenticate/Decrypt packet error: cipher final failed

Cause

Server and client are using different algorithms for encryption and decryption. On the server, the log gives more information:

WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'

Solution

Server uses AES-256-CBC, while the client is using BF-CBC. Adjust the client configuration in client.conf. Insert cipher AES-256-CBC in client.conf

Other parameters to adjust

During first startup, some warning message may be written on the server log. Most common they refer to link-mtu, cipher, keysize or comp-lzo.

WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1542'
WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'

Solution

Adjust the parameters in the client.conf file so that they match the server configuration. Also good to check this way if a not controlled/configured client is connecting to your server.

Link-mtu

Configure the client to use the same mtu size as the server. Insert parameter link-mtu into client.conf.

link-mtu 1557

Keysize

Keysize used by client and server should be the same. Insert parameter keysize into client.conf.

keysize 256

Comp-lzo

Uncomment the parameter in server.conf.

Источник

Goto page Previous 1, 2, 3 … 6, 7, 8 … 10, 11, 12 Next

View previous topic :: View next topic

Author

Message

deadeye09
DD-WRT Novice

Joined: 23 Jul 2018
Posts: 15

Posted: Fri Sep 27, 2019 22:05 Post subject:

AW JEEZE! It WAS the date/time! I assumed the date was correct because I was using an NTP server (nist1-lv.ustiming.org) but I guess it was giving me the wrong info for some reason? I switched to 0.pool.ntp.org and now the time is corrected. I looked back at your guide and found the part about the time being correct, and I remember checking the time up at the top of my router homepage and assumed it was off a few hours due to time zones or something. But it doesn’t show the date and I didn’t know the date was that far off until I started logging and saw December in there! Dangit! I knew it was something stupid. I even started from scratch twice to make sure that I didn’t just miss a step.

Well, at least it now sort of connects, but now I just get warnings that I need to work through:

Fri Sep 27 15:54:05 2019 WARNING: ‘link-mtu’ is used inconsistently, local=’link-mtu 1549′, remote=’link-mtu 1570′

Fri Sep 27 15:54:05 2019 WARNING: ‘cipher’ is used inconsistently, local=’cipher AES-128-GCM’, remote=’cipher AES-128-CBC’

Fri Sep 27 15:54:05 2019 WARNING: ‘auth’ is used inconsistently, local=’auth [null-digest]’, remote=’auth SHA256′

Fri Sep 27 15:54:05 2019 WARNING: ‘comp-lzo’ is present in remote config but missing in local config, remote=’comp-lzo’

then I just get this message repeated a couple of times and then it disconnects.

Fri Sep 27 15:59:28 2019 AEAD Decrypt error: cipher final failed

They’re probably all just issues with the settings and I’ll try working through each one at a time when I have time. Thanks for your help!

I might have some feedback for your instructions that I’ll put together if you’re interested in getting some feedback from a complete newbie.

Sponsor

egc
DD-WRT Guru

Joined: 18 Mar 2014
Posts: 11263
Location: Netherlands

Posted: Sat Sep 28, 2019 6:40 Post subject:

deadeye09 wrote:

then I just get this message repeated a couple of times and then it disconnects.

Fri Sep 27 15:59:28 2019 AEAD Decrypt error: cipher final failed

They’re probably all just issues with the settings and I’ll try working through each one at a time when I have time. Thanks for your help!

I might have some feedback for your instructions that I’ll put together if you’re interested in getting some feedback from a complete newbie.

Feedback is always welcome Smile

The time has to be right otherwise ceertificates are not valid like you have found out.

The link MTU warning you can ignore.

The ‘auth’ is used inconsistently, warning you can ignore

The cipher warning is due to server and client are not using the same cipher, the new cipher is the best to use that is AES-128-GCM, but both client and server have to use that.

The AEAD decrypt error also has to do with that.

Did you place » ncp-disable » in the additional config?

The comp-lzo warning you can also ignore although in both client it should be disabled (if you use a configuration file for a client there should be no «comp-lzo» in the file) and if both have it disabled (or at least use the same settings) the warning should be gone

_________________
Routers:Netgear R7800, R7000, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.

Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399

Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614

Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

deadeye09
DD-WRT Novice

Joined: 23 Jul 2018
Posts: 15

Posted: Mon Sep 30, 2019 15:18 Post subject:

Hmm, the reason for the cipher error is that on my version of DD-WRT, I only have AES-128 CBC (not GCM, all of my options are CBC instead of GCM). I just updated the client config to use CBC.

I accidentally left LZO Compression enabled on my router config (funny how many times I’ve gone over the settings, even started from scratch twice, and I still missed something like that).

Yep, I am using ncp-disable in the additional config because the guide mentioned that if I was using «Redirect default gateway» to use it (not sure what that does, but I only enabled it because I saw it in your screenshot).

But now I’m getting no errors and am able to connect! Thank you!

So, onto the feedback. When I created my certificates, it asked me for a «Challenge Password» and an «Optional Company Name». Not sure what these are used for as I was never asked for it again, but you might want to mention this in step 3 and step 4.

Also might want to provide directions on how to verify the date, because maybe the time in the top right might be correct, but it doesn’t show the date and I don’t know of anywhere else to verify the time AND date besides the logs (where I found out mine was WAY off). Perhaps bold that «Before you start check if the time is right on your router» and add «time AND DATE» to it for idiots like me.

I had other questions that I had written down, but they were answered while reading the guide further (the screenshots were GREAT at verifying I had the right settings).

I think that’s it, but thanks again for doing this. This is BY FAR the best guide that I’ve read for setting up OpenVPN.

egc
DD-WRT Guru

Joined: 18 Mar 2014
Posts: 11263
Location: Netherlands

Posted: Mon Sep 30, 2019 16:02 Post subject:

Great you got it working and thanks for your feedback, I will look into it.
_________________
Routers:Netgear R7800, R7000, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.

Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399

Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614

Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

zeroprobe
DD-WRT Novice

Joined: 05 Oct 2015
Posts: 2

Posted: Thu Oct 03, 2019 21:09 Post subject:

I had to add one additional step to the guide.

I could connect to OpenVPN server however I could not access the Internet from the client.

In DD-WRT — Administration > Commands , I had to add the following lines, then click Save Firewall.

Where 10.8.0.0 is the OpenVPN subnet.

Code:

WAN_IF=»$(route -n | awk ‘/^0.0.0.0/{wif=$NF} END {print wif}’)»

iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o $WAN_IF -j MASQUERADE

Can you add this to the guide? I don’t think it is mentioned?

egc
DD-WRT Guru

Joined: 18 Mar 2014
Posts: 11263
Location: Netherlands

Posted: Fri Oct 04, 2019 7:44 Post subject:

zeroprobe wrote:

I had to add one additional step to the guide.

I could connect to OpenVPN server however I could not access the Internet from the client.

In DD-WRT — Administration > Commands , I had to add the following lines, then click Save Firewall.

Where 10.8.0.0 is the OpenVPN subnet.

Code:

WAN_IF=»$(route -n | awk ‘/^0.0.0.0/{wif=$NF} END {print wif}’)»

iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o $WAN_IF -j MASQUERADE

Can you add this to the guide? I don’t think it is mentioned?

Thanks for your feedback.

It is in step 8a on page 6.

Let me know if it is not clear or if you have trouble with it.

zeroprobe
DD-WRT Novice

Joined: 05 Oct 2015
Posts: 2

Posted: Fri Oct 04, 2019 9:05 Post subject:

egc wrote:

zeroprobe wrote:

I had to add one additional step to the guide.

I could connect to OpenVPN server however I could not access the Internet from the client.

In DD-WRT — Administration > Commands , I had to add the following lines, then click Save Firewall.

Where 10.8.0.0 is the OpenVPN subnet.

Code:

WAN_IF=»$(route -n | awk ‘/^0.0.0.0/{wif=$NF} END {print wif}’)»

iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o $WAN_IF -j MASQUERADE

Can you add this to the guide? I don’t think it is mentioned?

Thanks for your feedback.

It is in step 8a on page 6.

Let me know if it is not clear or if you have trouble with it.

Yes you are right, I got mixed up between guides. This command you mentioned also now works for me.

iptables -t nat -A POSTROUTING -o $(nvram get wan_ifname) -j MASQUERADE

egc
DD-WRT Guru

Joined: 18 Mar 2014
Posts: 11263
Location: Netherlands

Posted: Fri Oct 04, 2019 9:43 Post subject:

This is quote from this guide:

Quote:

A lot of existing guides are obsolete or wrong.

Wink Smile

But glad that it is working

Zoot7
DD-WRT Novice

Joined: 07 Oct 2019
Posts: 6

Posted: Mon Oct 07, 2019 18:40 Post subject:

I can get OpenVPN to work in TAP mode, but unfortunately I can’t use that with Android which is really where I want to use the VPN.

I’ve followed this guide to the letter (thanks for posting it), and it seems that I can’t get the OpenVPN server to start on the router whenever I select Tun.

I’ve attached images of what I see in Status -> OpenVPN and the settings under Services -> VPN.

You can see that there’s no mention of any server running in the status page, even after a reboot. The client of course fails to connect as a result.

Is this a common issue? Is there something I’m missing?

The router I have is a TP-Link Archer C7 V4 running v3.0-R40559.

It’s disappointing considering the original TP-Link firmware had OpenVPN functionality that worked quite well, it just had a nasty bug that it would randomly drop PPPoE connections on the WAN port, hence why I’m here.

egc
DD-WRT Guru

Joined: 18 Mar 2014
Posts: 11263
Location: Netherlands

Posted: Mon Oct 07, 2019 19:12 Post subject:

If the server does not start it usually indicates a major setup fault.

Often the certificates/keys.

But in this case I suspect the netmask.

Use 255.255.255.0
_________________
Routers:Netgear R7800, R7000, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.

Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399

Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614

Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

mrjcd
DD-WRT Guru

Joined: 31 Jan 2015
Posts: 5990
Location: Texas

Posted: Mon Oct 07, 2019 19:17 Post subject:
Zoot7, I suggest to update the DD-WRT build you are using https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2019/

Zoot7
DD-WRT Novice

Joined: 07 Oct 2019
Posts: 6

Posted: Mon Oct 07, 2019 22:02 Post subject:

egc wrote:

If the server does not start it usually indicates a major setup fault.

Often the certificates/keys.

But in this case I suspect the netmask.

Use 255.255.255.0

Okay that was it — the server is now starting. I feel stupid now since I should have spotted that — Thank you! Smile

I can now also connect from outside the home network via the Android client on my phone, the only issue now is that I can’t access the internet or my local server when connected to the VPN. I do have the firewall rules enabled in the guide.

New to all of this, I’d appreciate the help.

To be positive since the last poster probably thinks I’m complaining Wink , the nasty bug with WAN connection dropouts is gone since flashing DD-WRT. It boggles the mind that TP-Link couldn’t get it right with their own firmware.

egc
DD-WRT Guru

Joined: 18 Mar 2014
Posts: 11263
Location: Netherlands

Posted: Tue Oct 08, 2019 7:34 Post subject:

When connected can you ping anything on your network?

Can you connect to your routers GUI itself when connected?

Can you show me the output of the following 4 commands (telnet/Putty to yout router):

Code:

nvram get wan_iface

nvram get wan_ifname

get_wanface

echo WAN_IF=»$(route -n | awk ‘/^0.0.0.0/{wif=$NF} END {print wif}’)»

Can you post a picture of the Status/OpenVPN page from the router when you are connected (show the whole page)?

I am trying to establish if you can have traffic over the network.

Some pointers:

always test from outside your network so with your phone on cellular.

Check the LZO compression settings on client and router

Zoot7
DD-WRT Novice

Joined: 07 Oct 2019
Posts: 6

Posted: Tue Oct 08, 2019 18:19 Post subject:

egc wrote:

When connected can you ping anything on your network?

Can you connect to your routers GUI itself when connected?

Can you show me the output of the following 4 commands (telnet/Putty to yout router):

Code:

nvram get wan_iface

nvram get wan_ifname

get_wanface

echo WAN_IF=»$(route -n | awk ‘/^0.0.0.0/{wif=$NF} END {print wif}’)»

Can you post a picture of the Status/OpenVPN page from the router when you are connected (show the whole page)?

I am trying to establish if you can have traffic over the network.

Some pointers:

always test from outside your network so with your phone on cellular.

Check the LZO compression settings on client and router

So… when I connect with my phone from outside the WAN I can’t access the internet regularly and I can’t access any local IPs including my home server or the router’s GUI either.

(The ping attempts time out)

Here are the outputs for the above commands:

Code:

root@DD-WRT:~# nvram get wan_iface

vlan2

root@DD-WRT:~# nvram get wan_ifname

vlan2

root@DD-WRT:~# get_wanface

ppp0

root@DD-WRT:~# echo WAN_IF=»$(route -n | awk ‘/^0.0.0.0/{wif=$NF} END {print wif}’)»

WAN_IF=ppp0

Here’s the OpenVPN log after connecting.

Code:

Log

Serverlog:

19700101 00:00:33 W WARNING: Using —management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure

19700101 00:00:33 I OpenVPN 2.4.7 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 6 2019

19700101 00:00:33 I library versions: OpenSSL 1.1.1c 28 May 2019 LZO 2.09

19700101 00:00:33 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:14

19700101 00:00:33 W WARNING: using —duplicate-cn and —client-config-dir together is probably not what you want

19700101 00:00:33 W NOTE: the current —script-security setting may allow this configuration to call user-defined scripts

19700101 00:00:40 Diffie-Hellman initialized with 2048 bit key

19700101 00:00:40 W WARNING: Your certificate is not yet valid!

19700101 00:00:40 I TUN/TAP device tun2 opened

19700101 00:00:40 TUN/TAP TX queue length set to 100

19700101 00:00:40 I /sbin/ifconfig tun2 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255

19700101 00:00:40 Socket Buffers: R=[172032->172032] S=[172032->172032]

19700101 00:00:40 I UDPv4 link local (bound): [AF_INET][undef]:1194

19700101 00:00:40 I UDPv4 link remote: [AF_UNSPEC]

19700101 00:00:40 MULTI: multi_init called r=256 v=256

19700101 00:00:40 IFCONFIG POOL: base=10.8.0.2 size=252 ipv6=0

19700101 00:00:40 I Initialization Sequence Completed

20191008 19:12:50 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14

20191008 19:12:50 D MANAGEMENT: CMD ‘state’

20191008 19:12:50 MANAGEMENT: Client disconnected

20191008 19:12:50 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14

20191008 19:12:50 D MANAGEMENT: CMD ‘state’

20191008 19:12:50 MANAGEMENT: Client disconnected

20191008 19:12:50 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14

20191008 19:12:50 D MANAGEMENT: CMD ‘state’

20191008 19:12:50 MANAGEMENT: Client disconnected

20191008 19:12:50 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14

20191008 19:12:50 MANAGEMENT: Client disconnected

20191008 19:12:50 NOTE: —mute triggered…

20191008 19:12:50 1 variation(s) on previous 3 message(s) suppressed by —mute

20191008 19:12:50 D MANAGEMENT: CMD ‘status 2’

20191008 19:12:50 MANAGEMENT: Client disconnected

20191008 19:12:50 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14

20191008 19:12:50 D MANAGEMENT: CMD ‘status 2’

20191008 19:12:50 MANAGEMENT: Client disconnected

20191008 19:12:50 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14

20191008 19:12:50 D MANAGEMENT: CMD ‘log 500’

20191008 19:12:50 MANAGEMENT: Client disconnected

20191008 19:13:09 213.233.147.95:41957 TLS: Initial packet from [AF_INET]213.233.147.95:41957 sid=a966730a 2ac175d0

20191008 19:13:09 213.233.147.95:41957 VERIFY OK: depth=1 C=IE ST=TP L=PiggyLand O=DickHead1 OU=Heneped CN=Fantasy name=World3 emailAddress=mfinnan101@gmail.com

20191008 19:13:09 213.233.147.95:41957 VERIFY OK: depth=0 C=IE ST=TP L=PiggyLand O=DickHead1 OU=Heneped CN=client1 name=World3 emailAddress=mfinnan101@gmail.com

20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_VER=2.5_master

20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_PLAT=android

20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_PROTO=2

20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_NCP=2

20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_LZ4=1

20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_LZ4v2=1

20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_LZO=1

20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_COMP_STUB=1

20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_COMP_STUBv2=1

20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_TCPNL=1

20191008 19:13:09 I 213.233.147.95:41957 peer info: IV_GUI_VER=de.blinkt.openvpn_0.7.8

20191008 19:13:09 W 213.233.147.95:41957 WARNING: ‘link-mtu’ is used inconsistently local=’link-mtu 1569′ remote=’link-mtu 1549′

20191008 19:13:09 W 213.233.147.95:41957 WARNING: ‘cipher’ is used inconsistently local=’cipher AES-128-CBC’ remote=’cipher AES-128-GCM’

20191008 19:13:09 W 213.233.147.95:41957 WARNING: ‘auth’ is used inconsistently local=’auth SHA256′ remote=’auth [null-digest]’

20191008 19:13:09 213.233.147.95:41957 Outgoing Data Channel: Cipher ‘AES-128-CBC’ initialized with 128 bit key

20191008 19:13:09 213.233.147.95:41957 Outgoing Data Channel: Using 256 bit message hash ‘SHA256’ for HMAC authentication

20191008 19:13:09 213.233.147.95:41957 Incoming Data Channel: Cipher ‘AES-128-CBC’ initialized with 128 bit key

20191008 19:13:09 213.233.147.95:41957 NOTE: —mute triggered…

20191008 19:13:10 213.233.147.95:41957 2 variation(s) on previous 3 message(s) suppressed by —mute

20191008 19:13:10 I 213.233.147.95:41957 [client1] Peer Connection Initiated with [AF_INET]213.233.147.95:41957

20191008 19:13:10 I client1/213.233.147.95:41957 MULTI_sva: pool returned IPv4=10.8.0.2 IPv6=(Not enabled)

20191008 19:13:10 client1/213.233.147.95:41957 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_15e9437557c35a3b.tmp

20191008 19:13:10 client1/213.233.147.95:41957 MULTI: Learn: 10.8.0.2 -> client1/213.233.147.95:41957

20191008 19:13:10 client1/213.233.147.95:41957 MULTI: primary virtual IP for client1/213.233.147.95:41957: 10.8.0.2

20191008 19:13:11 client1/213.233.147.95:41957 PUSH: Received control message: ‘PUSH_REQUEST’

20191008 19:13:11 client1/213.233.147.95:41957 SENT CONTROL [client1]: ‘PUSH_REPLY redirect-gateway def1 route-gateway 10.8.0.1 topology subnet ping 10 ping-restart 120 ifconfig 10.8.0.2 255.255.255.0 peer-id 0’ (status=1)

20191008 19:13:11 N client1/213.233.147.95:41957 Authenticate/Decrypt packet error: packet HMAC authentication failed

20191008 19:13:12 N client1/213.233.147.95:41957 Authenticate/Decrypt packet error: packet HMAC authentication failed

20191008 19:13:14 N client1/213.233.147.95:41957 Authenticate/Decrypt packet error: packet HMAC authentication failed

20191008 19:13:16 client1/213.233.147.95:41957 NOTE: —mute triggered…

20191008 19:13:18 2 variation(s) on previous 3 message(s) suppressed by —mute

20191008 19:13:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14

20191008 19:13:18 D MANAGEMENT: CMD ‘state’

20191008 19:13:18 MANAGEMENT: Client disconnected

20191008 19:13:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14

20191008 19:13:18 D MANAGEMENT: CMD ‘state’

20191008 19:13:18 MANAGEMENT: Client disconnected

20191008 19:13:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14

20191008 19:13:18 D MANAGEMENT: CMD ‘state’

20191008 19:13:18 MANAGEMENT: Client disconnected

20191008 19:13:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14

20191008 19:13:18 MANAGEMENT: Client disconnected

20191008 19:13:18 NOTE: —mute triggered…

20191008 19:13:18 1 variation(s) on previous 3 message(s) suppressed by —mute

20191008 19:13:18 D MANAGEMENT: CMD ‘status 2’

20191008 19:13:18 MANAGEMENT: Client disconnected

20191008 19:13:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14

20191008 19:13:18 D MANAGEMENT: CMD ‘status 2’

20191008 19:13:18 MANAGEMENT: Client disconnected

20191008 19:13:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:14

20191008 19:13:18 D MANAGEMENT: CMD ‘log 500’

19700101 00:00:00

I see a Authenticate/Decrypt packet error: packet HMAC authentication failed, assuming this is the issue?

Regarding the LZO compression, is there a reason that you’ve specified to disable it in the guide? You mention re-enabling it above (I currently have it disabled)

On another note — thanks for all the help. Even getting this far is something with all the official guides being very far out of date. Smile

Zoot7
DD-WRT Novice

Joined: 07 Oct 2019
Posts: 6

Posted: Tue Oct 08, 2019 18:45 Post subject:
Here’s a corresponding log from the client side after connecting. The time of the AEAD Decrypt error: cipher final failed messages correspond to the Authenticate/Decrypt packet error: packet HMAC authentication failed on the server side.

Goto page Previous 1, 2, 3 … 6, 7, 8 … 10, 11, 12 Next

Display posts from previous:

Page 7 of 12

Источник