The Modem State on the Status page displays ‘No lock on satellite’. You keep hearing a low pitch tone through the Point & Play tool.
Check if you have a clear line of sight, and no buildings, tree or other obstruction is blocking the path between the dish and the satellite. Select a place with clear line of sight to set up the dish. Also check if your compass is functioning correctly. Try the other pointing carrier if two pointing carriers are available
The Modem State on the Status page displays ‘Wrong satellite’. You keep hearing a low pitch tone through the Point & Play tool.
The dish is not pointed correctly.
Error messages shown on modem web interface,
Error 010, No demodulator lock (The RX indicator LED is off)
The modem is not receiving a signal from the satellite. Check the positioning of the dish and the RX connection between the LNB and the modem. Check that the RX cable is firmly connected at both ends and examine the F connectors to make sure the centre pin is not touching the outer shell of the F connector and that none of the braided shield of the cable is coming into contact with the centre pin.
Error 020, Terminal specific forward carrier lookup is ongoing (Warning LED is on, RX LED is on)
If the message does not disappear within 10 minutes, reset the modem. If the problem persists please contact us to check your account is active on the network.
Error 030, Network lookup failed (Warning LED is on, RX LED is on)
The modem could not login to the satellite network. Check the positioning of the dish and reset the modem. If the problem persists for more than 4 hours please contact us.
Error 040, Synchronisation process failed (Warning LED is on, RX LED is on)
Time synchronisation process failed, this error can be an indication of a general network problem.
Try resetting the modem and if the problem persists for more than 4 hours please contact us.
Error 045, Synchronisation lost (Warning LED is on, RX LED is on)
Time synchronisation was lost, this error can be an indication of a general network problem.
Try resetting the modem and if the problem persists for more than 4 hours please contact us.
Error 050, Network Login Failed (Warning LED is on, RX LED is on)
The modem is getting information from the satellite but is not able to transmit back to it. This means there is a problem with the TX connection from the modem to the LNB. Check that the TX cable is firmly connected at both ends and examine the F connectors to make sure the centre pin is not touching the outer shell of the F connector and that none of the braided shield of the cable is coming into contact with the centre pin.
Error 055, Network Layer configuration failed (Warning LED is on, RX LED is on)
An error occurred during the configuration of the network layers after a valid satellite network login. Reset the modem and contact us if the problem persists.
Error 060, TCP acceleration service failed (Warning LED is on, RX LED is on)
An error is detected in the TCP acceleration service. Try resetting the modem and if the problem persists for more than 4 hours please contact us.
Error 070, Network connectivity lost (Warning LED is on, RX LED is on)
The connectivity with the satellite network is lost. Try resetting the modem and check the dish positioning, if the problem persists for more than 4 hours please contact us.
Appendix C – Troubleshooting Guide
Error
Problem indication
Code
030
Error information in the web interface:
Network lookup failed
LED error indication:
Warning LED is on, RX LED is on
040
Error information in the web interface:
Synchronisation process failed
LED error indication:
Warning LED is on, RX LED is on
045
Error information in the web interface:
Synchronisation lost
LED error indication:
Warning LED is on, RX LED is on
050
Error information in the web interface:
Network login failed:
Error information on the IPmodem:
LED error indication:
Warning LED is on, RX LED is on.
055
Error information in the web interface:
Network Layer configuration failed
LED error indication:
Warning LED is on, RX LED is on
060
Error information in the web interface:
TCP acceleration service failed
LED error indication:
Warning LED is on, RX LED is on
version 3.0
46
User Manual for the Satellite Terminal
Possible solution
If the IPmodem could not login to the
satellite network, maybe the result of
pointing to a wrong satellite.
Verify the configuration of the satellite
interface:
If the pointing data is correct, check if the
antenna is pointed correctly. Re-point if
necessary.
Reset the IPmodem.
Contact the ISP (Internet Service
Provider) if this error is persistent for more
than four hours.
The time synchronisation process failed.
Reset the IPmodem (section 3.4).
Contact your ISP if this error is persistent
for more than four hours.
The error can be an indication of a
general network problem.
The time synchronisation is lost.
Reset the IPmodem (section 3.4).
Contact your ISP if this error is persistent
for more than four hours.
The error can be an indication of a
general network problem.
The IPmodem could not login to the
satellite
Verify if the TX cable is correctly
connected.
If the TX cable is correctly connected and
the error is still occurring after a number
of hours, contact your ISP :
— to report the problem;
— to check if your IPmodem is provisioned
in the network.
An error occurred during the configuration
of the network layers after a valid satellite
network login.
Reset the IPmodem (section 3.4).
Contact your ISP if this error persists, and
provide them with any additional error
information displayed.
An error is detected in the TCP
acceleration service.
Reset the IPmodem (section 3.4)
Contact your ISP if this error is persistent
for more than four hours.
We bumped Sentry-CLI to 1.47.1 and set output verbosity to debug, redacted log:
TLDR: still fails with [55]
[14:19:25]uploading sourcemaps for version 1.1.2 to sentry http://dockerhost:9000
[14:19:25]> Analyzing 18 sources
[14:19:25]> Adding source map references
[14:19:25]> Validating sources
[14:19:25]> Uploading source maps for release 1.1.2
[14:19:25]
[14:19:25]stderr: INFO 2019-08-06 14:19:24.314796900 +02:00 Loaded config from .sentryclirc
[14:19:25] DEBUG 2019-08-06 14:19:24.316791300 +02:00 sentry-cli version: 1.47.1, platform: "windows", architecture: "x86_64"
[14:19:25] INFO 2019-08-06 14:19:24.316791300 +02:00 sentry-cli was invoked with the following command line: "node_modules\@sentry\cli\sentry-cli" "--log-level" "DEBUG" "--auth-token" "*******" "--url" "http://dockerhost:9000" "releases" "-o" "myorg" "-p" "projectname" "files" "1.1.2" "upload-sourcemaps" "--url-prefix=~/" "--validate" "dist"
[14:19:25] DEBUG 2019-08-06 14:19:24.324770900 +02:00 built glob set; 0 literals, 0 basenames, 0 extensions, 0 prefixes, 0 suffixes, 4 required extensions, 0 regexes (from globset)
[14:19:25] DEBUG 2019-08-06 14:19:24.325768500 +02:00 MYFILE: Ignore(IgnoreMatch(Types(Glob(UnmatchedIgnore)))) (from ignore)
.... few more ignores and includes omitted for clarity and sensitivity
[14:19:25] WARN 2019-08-06 14:19:24.328787700 +02:00 The default --no-rewrite will disappear. Please specify --rewrite or --no-rewrite explicitly during sourcemap upload.
[14:19:25] DEBUG 2019-08-06 14:19:24.977041800 +02:00 request POST http://dockerhost:9000/api/0/projects/myorg/projectname/releases/
[14:19:25] DEBUG 2019-08-06 14:19:24.977041800 +02:00 using token authentication
[14:19:25] DEBUG 2019-08-06 14:19:24.977041800 +02:00 json body: {"version":"1.1.2","projects":["projectname"]}
[14:19:25] DEBUG 2019-08-06 14:19:24.977041800 +02:00 retry number 0, max retries: 0
[14:19:25] DEBUG 2019-08-06 14:19:24.985993500 +02:00 > POST /api/0/projects/myorg/projectname/releases/ HTTP/1.1
[14:19:25] DEBUG 2019-08-06 14:19:24.985993500 +02:00 > Host: dockerhost:9000
[14:19:25] DEBUG 2019-08-06 14:19:24.985993500 +02:00 > Accept: */*
[14:19:25] DEBUG 2019-08-06 14:19:24.985993500 +02:00 > Connection: TE
[14:19:25] DEBUG 2019-08-06 14:19:24.985993500 +02:00 > TE: gzip
[14:19:25] DEBUG 2019-08-06 14:19:24.985993500 +02:00 > User-Agent: sentry-cli/1.47.1
[14:19:25] DEBUG 2019-08-06 14:19:24.985993500 +02:00 > Authorization: Bearer 08cd752b***
[14:19:25] DEBUG 2019-08-06 14:19:24.985993500 +02:00 > Content-Type: application/json
[14:19:25] DEBUG 2019-08-06 14:19:24.985993500 +02:00 > Content-Length: 65
[14:19:25] DEBUG 2019-08-06 14:19:25.018939400 +02:00 < HTTP/1.1 208 ALREADY REPORTED
[14:19:25] DEBUG 2019-08-06 14:19:25.018939400 +02:00 < Content-Length: 409
[14:19:25] DEBUG 2019-08-06 14:19:25.018939400 +02:00 < X-XSS-Protection: 1; mode=block
[14:19:25] DEBUG 2019-08-06 14:19:25.018939400 +02:00 < Content-Language: en
[14:19:25] DEBUG 2019-08-06 14:19:25.018939400 +02:00 < X-Content-Type-Options: nosniff
[14:19:25] DEBUG 2019-08-06 14:19:25.018939400 +02:00 < Vary: Accept-Language, Cookie
[14:19:25] DEBUG 2019-08-06 14:19:25.018939400 +02:00 < Allow: GET, POST, HEAD, OPTIONS
[14:19:25] DEBUG 2019-08-06 14:19:25.018939400 +02:00 < X-Frame-Options: deny
[14:19:25] DEBUG 2019-08-06 14:19:25.018939400 +02:00 < Content-Type: application/json
[14:19:25] DEBUG 2019-08-06 14:19:25.018939400 +02:00 response status: 208
[14:19:25] DEBUG 2019-08-06 14:19:25.018939400 +02:00 body: {"dateReleased": null, "commitCount": 0, "url": null, "data": {}, "lastDeploy": null, "deployCount": 0, "dateCreated": "2019-08-06T09:16:23.807Z", "lastEvent": null, "version": "1.1.2", "firstEvent": null, "lastCommit": null, "shortVersion": "1.1.2", "authors": [], "owner": null, "newGroups": 0, "ref": null, "projects": [{"slug": "projectname", "name": "projectname"}]}
[14:19:25] DEBUG 2019-08-06 14:19:25.019903200 +02:00 request GET http://dockerhost:9000/api/0/organizations/myorg/chunk-upload/
[14:19:25] DEBUG 2019-08-06 14:19:25.019903200 +02:00 using token authentication
[14:19:25] DEBUG 2019-08-06 14:19:25.019903200 +02:00 retry number 0, max retries: 0
[14:19:25] DEBUG 2019-08-06 14:19:25.019903200 +02:00 > GET /api/0/organizations/myorg/chunk-upload/ HTTP/1.1
[14:19:25] DEBUG 2019-08-06 14:19:25.019903200 +02:00 > Host: dockerhost:9000
[14:19:25] DEBUG 2019-08-06 14:19:25.019903200 +02:00 > Accept: */*
[14:19:25] DEBUG 2019-08-06 14:19:25.019903200 +02:00 > Connection: TE
[14:19:25] DEBUG 2019-08-06 14:19:25.019903200 +02:00 > TE: gzip
[14:19:25] DEBUG 2019-08-06 14:19:25.019903200 +02:00 > User-Agent: sentry-cli/1.47.1
[14:19:25] DEBUG 2019-08-06 14:19:25.019903200 +02:00 > Authorization: Bearer 08cd752b***
[14:19:25] DEBUG 2019-08-06 14:19:25.041843600 +02:00 < HTTP/1.1 200 OK
[14:19:25] DEBUG 2019-08-06 14:19:25.041843600 +02:00 < Content-Length: 237
[14:19:25] DEBUG 2019-08-06 14:19:25.041843600 +02:00 < X-XSS-Protection: 1; mode=block
[14:19:25] DEBUG 2019-08-06 14:19:25.042841 +02:00 < Content-Language: en
[14:19:25] DEBUG 2019-08-06 14:19:25.042841 +02:00 < X-Content-Type-Options: nosniff
[14:19:25] DEBUG 2019-08-06 14:19:25.042841 +02:00 < Vary: Accept-Language, Cookie
[14:19:25] DEBUG 2019-08-06 14:19:25.042841 +02:00 < Allow: GET, POST, HEAD, OPTIONS
[14:19:25] DEBUG 2019-08-06 14:19:25.042841 +02:00 < X-Frame-Options: deny
[14:19:25] DEBUG 2019-08-06 14:19:25.042841 +02:00 < Content-Type: application/json
[14:19:25] DEBUG 2019-08-06 14:19:25.042841 +02:00 response status: 200
[14:19:25] DEBUG 2019-08-06 14:19:25.042841 +02:00 body: {"maxFileSize": 2147483648, "hashAlgorithm": "sha1", "concurrency": 4, "chunkSize": 8388608, "maxRequestSize": 33554432, "url": "https://errors.myorg.nl/api/0/organizations/myorg/chunk-upload/", "chunksPerRequest": 64, "compression": ["gzip"]}
[14:19:25] DEBUG 2019-08-06 14:19:25.042841 +02:00 request GET http://dockerhost:9000/api/0/projects/myorg/projectname/releases/1.1.2/files/?cursor=
[14:19:25] DEBUG 2019-08-06 14:19:25.042841 +02:00 using token authentication
[14:19:25] DEBUG 2019-08-06 14:19:25.042841 +02:00 retry number 0, max retries: 0
[14:19:25] DEBUG 2019-08-06 14:19:25.042841 +02:00 > GET /api/0/projects/myorg/projectname/releases/1.1.2/files/?cursor= HTTP/1.1
[14:19:25] DEBUG 2019-08-06 14:19:25.042841 +02:00 > Host: dockerhost:9000
[14:19:25] DEBUG 2019-08-06 14:19:25.042841 +02:00 > Accept: */*
[14:19:25] DEBUG 2019-08-06 14:19:25.042841 +02:00 > Connection: TE
[14:19:25] DEBUG 2019-08-06 14:19:25.042841 +02:00 > TE: gzip
[14:19:25] DEBUG 2019-08-06 14:19:25.042841 +02:00 > User-Agent: sentry-cli/1.47.1
[14:19:25] DEBUG 2019-08-06 14:19:25.042841 +02:00 > Authorization: Bearer 08cd752b***
[14:19:25] DEBUG 2019-08-06 14:19:25.073786800 +02:00 < HTTP/1.1 200 OK
[14:19:25] DEBUG 2019-08-06 14:19:25.073786800 +02:00 < Content-Length: 5809
[14:19:25] DEBUG 2019-08-06 14:19:25.073786800 +02:00 < X-XSS-Protection: 1; mode=block
[14:19:25] DEBUG 2019-08-06 14:19:25.073786800 +02:00 < X-Content-Type-Options: nosniff
[14:19:25] DEBUG 2019-08-06 14:19:25.073786800 +02:00 < Content-Language: en
[14:19:25] DEBUG 2019-08-06 14:19:25.073786800 +02:00 < Vary: Accept-Language, Cookie
[14:19:25] DEBUG 2019-08-06 14:19:25.073786800 +02:00 < Link: <https://errors.myorg.nl/api/0/projects/myorg/projectname/releases/1.1.2/files/?&cursor=100:-1:1>; rel="previous"; results="false"; cursor="100:-1:1", <https://errors.myorg.nl/api/0/projects/myorg/projectname/releases/1.1.2/files/?&cursor=100:1:0>; rel="next"; results="false"; cursor="100:1:0"
[14:19:25] DEBUG 2019-08-06 14:19:25.073786800 +02:00 < Allow: GET, POST, HEAD, OPTIONS
[14:19:25] DEBUG 2019-08-06 14:19:25.073786800 +02:00 < X-Frame-Options: deny
[14:19:25] DEBUG 2019-08-06 14:19:25.073786800 +02:00 < Content-Type: application/json
[14:19:25] DEBUG 2019-08-06 14:19:25.073786800 +02:00 response status: 200
[14:19:25] DEBUG 2019-08-06 14:19:25.073786800 +02:00 body: [
{"sha1": "bbb41cf40157b764c2a4101a4eee543ecaedec09", "dist": null, "name": "~/myprojectroot/assets/js/google-charts-presets.js", "dateCreated": "2019-08-06T09:16:24.378Z", "headers": {"Content-Type": "application/octet-stream"}, "id": "40741", "size": 1793}
, {"sha1": "67bdacbd077ee59f411109fd119ee9f58db15a5f", "dist": null, "name": "~/myprojectroot/assets/js/jquery-3.2.1.min.js", "dateCreated": "2019-08-06T09:22:54.707Z", "headers": {"Content-Type": "application/octet-stream"}, "id": "40752", "size": 86663}
, {"sha1": "34e2159935aa8d4ad1e98f97dcc73f675e08cb5c", "dist": null, "name": "~/myprojectroot/assets/js/underscore.mixin.deepExtend.js", "dateCreated": "2019-08-06T09:22:55.219Z", "headers": {"Content-Type": "application/octet-stream"}, "id": "40758", "size": 3972}
, {"sha1": "64727680c27a4131f16126af486c9d49e981f895", "dist": null, "name": "~/myprojectroot/main-es2015.6e0ca32c518bf11840fd.js", "dateCreated": "2019-08-06T09:22:55.569Z", "headers": {"Sourcemap" : "main-es2015.6e0ca32c518bf11840fd.js.map", "Content-Type": "application/octet-stream"}, "id": "40763", "size": 3319952}
, {"sha1": "51075ca50e7659212dd852161f6e1dc064bc76eb", "dist": null, "name": "~/myprojectroot/main-es2015.6e0ca32c518bf11840fd.js.map", "dateCreated": "2019-08-06T09:16:24.121Z", "headers": {"Content-Type": "application/octet-stream"}, "id": "40740", "size": 19689429}
, {"sha1": "e712afc703c0e1a7db9e95ed9bc1df23c93dabc6", "dist": null, "name": "~/myprojectroot/main-es2015.c09ba01df98d6bb6ba6e.js", "dateCreated": "2019-08-06T11:26:16.365Z", "headers": {"Sourcemap" : "main-es2015.c09ba01df98d6bb6ba6e.js.map", "Content-Type": "application/octet-stream"}, "id": "40778", "size": 3319953}
, {"sha1": "32e5b6442b6eb5a669c79b7512fbdaea7a207ea4", "dist": null, "name": "~/myprojectroot/main-es2015.c09ba01df98d6bb6ba6e.js.map", "dateCreated": "2019-08-06T11:26:16.520Z", "headers": {"Content-Type": "application/octet-stream"}, "id": "40779", "size": 19689429}
, {"sha1": "e3a7fdeb88192c9bae1fb3ea1e02be4c70a8400c", "dist": null, "name": "~/myprojectroot/main-es5.8b597e93c9d008da5ebe.js", "dateCreated": "2019-08-06T09:16:24.522Z", "headers": {"Sourcemap" : "main-es5.8b597e93c9d008da5ebe.js.map", "Content-Type": "application/octet-stream"}, "id": "40743", "size": 3579417}
, {"sha1": "22a0cb7a281a0529d35b0e6acdd0f65ce786668a", "dist": null, "name": "~/myprojectroot/main-es5.f01dd61ed1f9da64dbec.js", "dateCreated": "2019-08-06T11:26:16.013Z", "headers": {"Sourcemap" : "main-es5.f01dd61ed1f9da64dbec.js.map", "Content-Type": "application/octet-stream"}, "id": "40772", "size": 3579418}
, {"sha1": "ddf7288ed430665ca784c539562c494c05bf3fbd", "dist": null, "name": "~/myprojectroot/polyfills-es2015.0cc5377576d194f64fab.js", "dateCreated": "2019-08-06T09:16:24.839Z", "headers": {"Sourcemap" : "polyfills-es2015.0cc5377576d194f64fab.js.map", "Content-Type": "application/octet-stream"}, "id": "40747", "size": 41670}
, {"sha1": "d217b46427ee0dc1b6afa2d06bfab1ca7443d320", "dist": null, "name": "~/myprojectroot/polyfills-es2015.0cc5377576d194f64fab.js.map", "dateCreated": "2019-08-06T09:16:24.427Z", "headers": {"Content-Type": "application/octet-stream"}, "id": "40742", "size": 214461}
, {"sha1": "12a8f3b0da700c51b432e49f861b556aab132669", "dist": null, "name": "~/myprojectroot/polyfills-es5.b5b61f6726ab80db9eb1.js", "dateCreated": "2019-08-06T09:16:24.943Z", "headers": {"Sourcemap" : "polyfills-es5.b5b61f6726ab80db9eb1.js.map", "Content-Type": "application/octet-stream"}, "id": "40749", "size": 117557}
, {"sha1": "c68c92ae0d772e5f52524ee373f50f5ec925ca64", "dist": null, "name": "~/myprojectroot/polyfills-es5.b5b61f6726ab80db9eb1.js.map", "dateCreated": "2019-08-06T09:16:24.739Z", "headers": {"Content-Type": "application/octet-stream"}, "id": "40746", "size": 584802}
, {"sha1": "b92ba971b5b14681fd40c9c2e101b8b8b053f0d5", "dist": null, "name": "~/myprojectroot/runtime-es2015.858f8dd898b75fe86926.js", "dateCreated": "2019-08-06T09:16:24.897Z", "headers": {"Sourcemap" : "runtime-es2015.858f8dd898b75fe86926.js.map", "Content-Type": "application/octet-stream"}, "id": "40748", "size": 1504}
, {"sha1": "e802f48368f5edea63484d8272357c2c89b362ff", "dist": null, "name": "~/myprojectroot/runtime-es2015.858f8dd898b75fe86926.js.map", "dateCreated": "2019-08-06T09:22:55.486Z", "headers": {"Content-Type": "application/octet-stream"}, "id": "40762", "size": 7969}
, {"sha1": "84b2a90444e100ea9721228e5fd436c0f38b47b6", "dist": null, "name": "~/myprojectroot/runtime-es5.741402d1d47331ce975c.js", "dateCreated": "2019-08-06T09:16:24.649Z", "headers": {"Sourcemap" : "runtime-es5.741402d1d47331ce975c.js.map", "Content-Type": "application/octet-stream"}, "id": "40745", "size": 1501}
, {"sha1": "b9c1b8191ab7cae0379b6d5b400ca5b17e073908", "dist": null, "name": "~/myprojectroot/runtime-es5.741402d1d47331ce975c.js.map", "dateCreated": "2019-08-06T09:22:55.275Z", "headers": {"Content-Type": "application/octet-stream"}, "id": "40759", "size": 7966}
, {"sha1": "d8e65882e096cad922113f2bd71eca6525f1d00a", "dist": null, "name": "~/myprojectroot/scripts.d941dc5eab1f45c0b068.js", "dateCreated": "2019-08-06T09:16:24.606Z", "headers": {"Sourcemap" : "scripts.d941dc5eab1f45c0b068.js.map", "Content-Type": "application/octet-stream"}, "id": "40744", "size": 71605}
, {"sha1": "673204135d08826714fc188109332871cb527663", "dist": null, "name": "~/myprojectroot/scripts.d941dc5eab1f45c0b068.js.map", "dateCreated": "2019-08-06T09:22:55.174Z", "headers": {"Content-Type": "application/octet-stream"}, "id": "40757", "size": 683154}
, {"sha1": "b4ba5a779b96c62ada4c09e2c8a701810cf80bfa", "dist": null, "name": "~/myprojectroot/styles.8debd8c8dfeab96ebcae.myorgs.map", "dateCreated": "2019-08-06T09:22:54.770Z", "headers": {"Content-Type": "application/octet-stream"}, "id": "40753", "size": 528126}]
[14:19:25] DEBUG 2019-08-06 14:19:25.808813 +02:00 error: running update nagger
[14:19:25] DEBUG 2019-08-06 14:19:25.808813 +02:00 skipping update nagger because session is not attended
[14:19:25]error: API request failed
[14:19:25] caused by: [55] Failed sending data to the peer
[14:19:25] DEBUG 2019-08-06 14:19:25.808813 +02:00 client close; no transport to shut down (from sentry)
at about one third you see:
[14:19:25] DEBUG 2019-08-06 14:19:25.018939400 +02:00 < HTTP/1.1 208 ALREADY REPORTED
…likely indicating that this is an existing release, which is a situation that should be handled, but the actual error is only later on.
I’m trying to connect to the corporate VPN from Kubuntu 17.10. I have network-manager-l2tp installed (version 1.2.8). The output I’m getting:
Nov 28 17:20:48 T460 NetworkManager[667]: initiating Main Mode IKE_SA 41d2e76d-a4c4-4f56-bd6a-58ad795af332[1] to xxx.xxx.xxx.xxx
Nov 28 17:20:48 T460 NetworkManager[667]: generating ID_PROT request 0 [ SA V V V V V ]
Nov 28 17:20:48 T460 NetworkManager[667]: sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
Nov 28 17:20:48 T460 NetworkManager[667]: sending retransmit 1 of request message ID 0, seq 1
Nov 28 17:20:48 T460 NetworkManager[667]: sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
Nov 28 17:20:48 T460 NetworkManager[667]: destroying IKE_SA in state CONNECTING without notification
Nov 28 17:20:48 T460 NetworkManager[667]: establishing connection '41d2e76d-a4c4-4f56-bd6a-58ad795af332' failed
Nov 28 17:20:48 T460 nm-l2tp-service[3673]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Nov 28 17:20:48 T460 NetworkManager[667]: <info> [1511889648.3131] vpn-connection[0x55fe5d8fe2f0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN service disappeared
Nov 28 17:20:48 T460 NetworkManager[667]: <warn> [1511889648.3161] vpn-connection[0x55fe5d8fe2f0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
Nov 28 17:23:58 T460 NetworkManager[667]: <info> [1511889838.9310] audit: op="connection-activate" uuid="41d2e76d-a4c4-4f56-bd6a-58ad795af332" name="WorkVPN" pid=1017 uid=1000 result="success"
Nov 28 17:23:58 T460 NetworkManager[667]: <info> [1511889838.9371] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: Started the VPN service, PID 3759
Nov 28 17:23:58 T460 NetworkManager[667]: <info> [1511889838.9477] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: Saw the service appear; activating connection
Nov 28 17:24:01 T460 nm-l2tp-service[3759]: Check port 1701
Nov 28 17:24:01 T460 NetworkManager[667]: Stopping strongSwan IPsec failed: starter is not running
Nov 28 17:24:03 T460 NetworkManager[667]: Starting strongSwan 5.5.1 IPsec [starter]...
Nov 28 17:24:03 T460 NetworkManager[667]: Loading config setup
Nov 28 17:24:03 T460 NetworkManager[667]: Loading conn '41d2e76d-a4c4-4f56-bd6a-58ad795af332'
Nov 28 17:24:03 T460 NetworkManager[667]: found netkey IPsec stack
Nov 28 17:24:03 T460 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.5.1, Linux 4.14.2-041402-generic, x86_64)
Nov 28 17:24:03 T460 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Nov 28 17:24:03 T460 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Nov 28 17:24:03 T460 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Nov 28 17:24:03 T460 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Nov 28 17:24:03 T460 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Nov 28 17:24:03 T460 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Nov 28 17:24:03 T460 charon: 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-41d2e76d-a4c4-4f56-bd6a-58ad795af332.secrets'
Nov 28 17:24:03 T460 charon: 00[CFG] loaded IKE secret for %any
Nov 28 17:24:03 T460 charon: 00[LIB] loaded plugins: charon test-vectors aesni aes rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac ccm gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic
Nov 28 17:24:03 T460 charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
Nov 28 17:24:03 T460 charon: 00[JOB] spawning 16 worker threads
Nov 28 17:24:03 T460 charon: 05[CFG] received stroke: add connection '41d2e76d-a4c4-4f56-bd6a-58ad795af332'
Nov 28 17:24:03 T460 charon: 05[CFG] added configuration '41d2e76d-a4c4-4f56-bd6a-58ad795af332'
Nov 28 17:24:04 T460 charon: 07[CFG] rereading secrets
Nov 28 17:24:04 T460 charon: 07[CFG] loading secrets from '/etc/ipsec.secrets'
Nov 28 17:24:04 T460 charon: 07[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-41d2e76d-a4c4-4f56-bd6a-58ad795af332.secrets'
Nov 28 17:24:04 T460 charon: 07[CFG] loaded IKE secret for %any
Nov 28 17:24:04 T460 charon: 10[CFG] received stroke: initiate '41d2e76d-a4c4-4f56-bd6a-58ad795af332'
Nov 28 17:24:04 T460 charon: 11[IKE] initiating Main Mode IKE_SA 41d2e76d-a4c4-4f56-bd6a-58ad795af332[1] to xxx.xxx.xxx.xxx
Nov 28 17:24:04 T460 charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V ]
Nov 28 17:24:04 T460 charon: 11[NET] sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
Nov 28 17:24:08 T460 charon: 12[IKE] sending retransmit 1 of request message ID 0, seq 1
Nov 28 17:24:08 T460 charon: 12[NET] sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
Nov 28 17:24:14 T460 NetworkManager[667]: Stopping strongSwan IPsec...
Nov 28 17:24:14 T460 charon: 00[DMN] signal of type SIGINT received. Shutting down
Nov 28 17:24:14 T460 charon: 00[IKE] destroying IKE_SA in state CONNECTING without notification
Nov 28 17:24:14 T460 NetworkManager[667]: initiating Main Mode IKE_SA 41d2e76d-a4c4-4f56-bd6a-58ad795af332[1] to xxx.xxx.xxx.xxx
Nov 28 17:24:14 T460 NetworkManager[667]: generating ID_PROT request 0 [ SA V V V V V ]
Nov 28 17:24:14 T460 NetworkManager[667]: sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
Nov 28 17:24:14 T460 NetworkManager[667]: sending retransmit 1 of request message ID 0, seq 1
Nov 28 17:24:14 T460 NetworkManager[667]: sending packet: from 192.168.43.232[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
Nov 28 17:24:14 T460 NetworkManager[667]: destroying IKE_SA in state CONNECTING without notification
Nov 28 17:24:14 T460 NetworkManager[667]: establishing connection '41d2e76d-a4c4-4f56-bd6a-58ad795af332' failed
Nov 28 17:24:14 T460 nm-l2tp-service[3759]: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
Nov 28 17:24:14 T460 NetworkManager[667]: <info> [1511889854.5718] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN plugin: state changed: stopped (6)
Nov 28 17:24:14 T460 NetworkManager[667]: <info> [1511889854.5779] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN service disappeared
Nov 28 17:24:14 T460 NetworkManager[667]: <warn> [1511889854.5803] vpn-connection[0x55fe5d8fe4e0,41d2e76d-a4c4-4f56-bd6a-58ad795af332,"WorkVPN",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying'
EDIT:
Here’s the debug info output:
van@z97:/opt/testing$ sudo /usr/lib/NetworkManager/nm-l2tp-service --debug
nm-l2tp[24282] <debug> nm-l2tp-service (version 1.2.8) starting...
nm-l2tp[24282] <debug> uses default --bus-name "org.freedesktop.NetworkManager.l2tp"
nm-l2tp[24282] <info> ipsec enable flag: yes
** Message: Check port 1701
** Message: Can't bind to port 1701
nm-l2tp[24282] <warn> L2TP port 1701 is busy, using ephemeral.
connection
id : "Work" (s)
uuid : "71468d41-cd5a-4c91-a70a-c6bc7e1db86a" (s)
interface-name : NULL (sd)
type : "vpn" (s)
permissions : ["user:van:"] (s)
autoconnect : TRUE (sd)
autoconnect-priority : 0 (sd)
autoconnect-retries : -1 (sd)
timestamp : 0 (sd)
read-only : FALSE (sd)
zone : NULL (sd)
master : NULL (sd)
slave-type : NULL (sd)
autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd)
secondaries : NULL (sd)
gateway-ping-timeout : 0 (sd)
metered : ((NMMetered) NM_METERED_UNKNOWN) (sd)
lldp : -1 (sd)
stable-id : NULL (sd)
ipv6
method : "auto" (s)
dns : [] (s)
dns-search : [] (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x5645b3895ae0) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x5645b3895ae0) (s)
route-metric : -1 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN) (sd)
addr-gen-mode : 1 (sd)
token : NULL (sd)
proxy
method : 0 (sd)
browser-only : FALSE (sd)
pac-url : NULL (sd)
pac-script : NULL (sd)
vpn
service-type : "org.freedesktop.NetworkManager.l2tp" (s)
user-name : "van" (s)
persistent : FALSE (sd)
data : ((GHashTable*) 0x7fef54006de0) (s)
secrets : ((GHashTable*) 0x7fef54006cc0) (s)
timeout : 0 (sd)
ipv4
method : "auto" (s)
dns : [] (s)
dns-search : [] (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x5645b38957a0) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x5645b3895a00) (s)
route-metric : -1 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
dhcp-client-id : NULL (sd)
dhcp-fqdn : NULL (sd)
nm-l2tp[24282] <info> starting ipsec
Stopping strongSwan IPsec failed: starter is not running
Starting strongSwan 5.5.1 IPsec [starter]...
Loading config setup
Loading conn '71468d41-cd5a-4c91-a70a-c6bc7e1db86a'
found netkey IPsec stack
nm-l2tp[24282] <info> Spawned ipsec up script with PID 24345.
initiating Main Mode IKE_SA 71468d41-cd5a-4c91-a70a-c6bc7e1db86a[1] to xxx.xxx.xxx.xxx
generating ID_PROT request 0 [ SA V V V V V ]
sending packet: from 192.168.0.2[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
sending retransmit 1 of request message ID 0, seq 1
sending packet: from 192.168.0.2[500] to xxx.xxx.xxx.xxx[500] (240 bytes)
nm-l2tp[24282] <warn> Timeout trying to establish IPsec connection
nm-l2tp[24282] <info> Terminating ipsec script with PID 24345.
Stopping strongSwan IPsec...
destroying IKE_SA in state CONNECTING without notification
establishing connection '71468d41-cd5a-4c91-a70a-c6bc7e1db86a' failed
nm-l2tp[24282] <warn> Could not establish IPsec tunnel.
(nm-l2tp-service:24282): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
-
bznelson
- OpenVpn Newbie
- Posts: 6
- Joined: Mon Mar 19, 2018 1:13 am
[Solved] HMAC authentication failed while trying to connect
Client can’t connect. Used PiVPN to install and generate keys/config files. Error in the server log is:
Code: Select all
Apr 9 22:02:46 raspberrypi ovpn-server[12210]: Authenticate/Decrypt packet error: packet HMAC authentication failed
Apr 9 22:02:46 raspberrypi ovpn-server[12210]: TLS Error: incoming packet authentication failed from [AF_INET]174.206.2
2.22:7533Server:
Linux raspberrypi 4.9.35+ #1014 Fri Jun 30 14:34:49 BST 2017 armv6l GNU/Linux
Client:
Android Oreo Pixel 2 OpenVPN client
server
dev tun
proto udp
port 1169
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server_CqXZt2pzIwXhf5hu.crt
key /etc/openvpn/easy-rsa/pki/private/server_CqXZt2pzIwXhf5hu.key
dh /etc/openvpn/easy-rsa/pki/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
push «dhcp-option DNS 10.8.0.1»
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push «redirect-gateway def1»
client-to-client
keepalive 10 120
remote-cert-tls client
mode server
tls-server
tls-version-min 1.2
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
cipher AES-256-CBC
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 4
Code: Select all
Apr 9 22:01:37 raspberrypi ovpn-server[457]: event_wait : Interrupted system call (code=4)
Apr 9 22:01:37 raspberrypi ovpn-server[457]: Closing TUN/TAP interface
Apr 9 22:01:37 raspberrypi ovpn-server[457]: /sbin/ip addr del dev tun0 10.8.0.1/24
Apr 9 22:01:37 raspberrypi ovpn-server[457]: Linux ip addr del failed: external program exited with error status: 2
Apr 9 22:01:37 raspberrypi ovpn-server[457]: SIGTERM[hard,] received, process exiting
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: Current Parameter Settings:
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: config = '/etc/openvpn/server.conf'
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: mode = 1
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: persist_config = DISABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: persist_mode = 1
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: show_ciphers = DISABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: show_digests = DISABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: show_engines = DISABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: genkey = DISABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: key_pass_file = '[UNDEF]'
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: show_tls_ciphers = DISABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: Connection profiles [default]:
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: proto = udp
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: local = '[UNDEF]'
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: local_port = 1169
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: remote = '[UNDEF]'
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: remote_port = 1169
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: remote_float = DISABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: bind_defined = DISABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: bind_local = ENABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: connect_retry_seconds = 5
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: connect_timeout = 10
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: connect_retry_max = 0
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: socks_proxy_server = '[UNDEF]'
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: socks_proxy_port = 0
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: socks_proxy_retry = DISABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: tun_mtu = 1500
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: tun_mtu_defined = ENABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: link_mtu = 1500
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: link_mtu_defined = DISABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: tun_mtu_extra = 0
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: tun_mtu_extra_defined = DISABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: mtu_discover_type = -1
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: fragment = 0
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: mssfix = 1450
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: explicit_exit_notification = 0
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: Connection profiles END
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: remote_random = DISABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: ipchange = '[UNDEF]'
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: dev = 'tun'
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: dev_type = '[UNDEF]'
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: dev_node = '[UNDEF]'
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: lladdr = '[UNDEF]'
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: topology = 3
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: tun_ipv6 = DISABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: ifconfig_local = '10.8.0.1'
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: ifconfig_remote_netmask = '255.255.255.0'
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: ifconfig_noexec = DISABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: ifconfig_nowarn = DISABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: ifconfig_ipv6_local = '[UNDEF]'
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: ifconfig_ipv6_netbits = 0
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: ifconfig_ipv6_remote = '[UNDEF]'
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: shaper = 0
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: mtu_test = 0
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: mlock = DISABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: keepalive_ping = 10
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: keepalive_timeout = 120
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: inactivity_timeout = 0
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: ping_send_timeout = 10
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: ping_rec_timeout = 240
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: ping_rec_timeout_action = 2
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: ping_timer_remote = DISABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: remap_sigusr1 = 0
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: persist_tun = ENABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: persist_local_ip = DISABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: persist_remote_ip = DISABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: persist_key = ENABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: passtos = DISABLED
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: resolve_retry_seconds = 1000000000
Apr 9 22:01:47 raspberrypi ovpn-server[12196]: username = 'nobody'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: groupname = 'nogroup'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: chroot_dir = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: cd_dir = '/etc/openvpn'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: writepid = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: up_script = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: down_script = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: down_pre = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: up_restart = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: up_delay = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: daemon = ENABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: inetd = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: log = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: suppress_timestamps = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: nice = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: verbosity = 4
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: mute = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: gremlin = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: status_file = '/var/log/openvpn-status.log'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: status_file_version = 3
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: status_file_update_freq = 20
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: occ = ENABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: rcvbuf = 65536
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: sndbuf = 65536
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: mark = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: sockflags = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: fast_io = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: lzo = 7
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: route_script = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: route_default_gateway = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: route_default_metric = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: route_noexec = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: route_delay = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: route_delay_window = 30
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: route_delay_defined = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: route_nopull = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: route_gateway_via_dhcp = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: max_routes = 100
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: allow_pull_fqdn = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: management_addr = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: management_port = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: management_user_pass = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: management_log_history_cache = 250
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: management_echo_buffer_size = 100
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: management_write_peer_info_file = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: management_client_user = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: management_client_group = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: management_flags = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: shared_secret_file = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: key_direction = 1
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: ciphername_defined = ENABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: ciphername = 'AES-256-CBC'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: authname_defined = ENABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: authname = 'SHA256'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: prng_hash = 'SHA1'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: prng_nonce_secret_len = 16
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: keysize = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: engine = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: replay = ENABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: mute_replay_warnings = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: replay_window = 64
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: replay_time = 15
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: packet_id_file = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: use_iv = ENABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: test_crypto = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: tls_server = ENABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: tls_client = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: key_method = 2
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: ca_file = '/etc/openvpn/easy-rsa/pki/ca.crt'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: ca_path = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: dh_file = '/etc/openvpn/easy-rsa/pki/dh2048.pem'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: cert_file = '/etc/openvpn/easy-rsa/pki/issued/server_CqXZt2pzIwXhf5hu.
crt'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: priv_key_file = '/etc/openvpn/easy-rsa/pki/private/server_CqXZt2pzIwXh
f5hu.key'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs12_file = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: cipher_list = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: tls_verify = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: tls_export_cert = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: verify_x509_type = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: verify_x509_name = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: crl_file = '/etc/openvpn/crl.pem'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: ns_cert_type = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: remote_cert_ku[i] = 128
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: remote_cert_ku[i] = 8
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: remote_cert_ku[i] = 136
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: remote_cert_ku[i] = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: remote_cert_ku[i] = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: remote_cert_ku[i] = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: remote_cert_ku[i] = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: remote_cert_ku[i] = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: remote_cert_ku[i] = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: remote_cert_ku[i] = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: remote_cert_ku[i] = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: remote_cert_ku[i] = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: remote_cert_ku[i] = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: remote_cert_ku[i] = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: remote_cert_ku[i] = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: remote_cert_ku[i] = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: remote_cert_eku = 'TLS Web Client Authentication'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: ssl_flags = 192
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: tls_timeout = 2
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: renegotiate_bytes = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: renegotiate_packets = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: renegotiate_seconds = 3600
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: handshake_window = 60
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: transition_window = 3600
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: single_session = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: push_peer_info = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: tls_exit = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: tls_auth_file = '/etc/openvpn/easy-rsa/pki/ta.key'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_protected_authentication = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_protected_authentication = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_protected_authentication = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_protected_authentication = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_protected_authentication = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_protected_authentication = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_protected_authentication = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_protected_authentication = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_protected_authentication = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_protected_authentication = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_protected_authentication = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_protected_authentication = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_protected_authentication = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_protected_authentication = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_protected_authentication = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_protected_authentication = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_private_mode = 00000000
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_private_mode = 00000000
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_private_mode = 00000000
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_private_mode = 00000000
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_private_mode = 00000000
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_private_mode = 00000000
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_private_mode = 00000000
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_private_mode = 00000000
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_private_mode = 00000000
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_private_mode = 00000000
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_private_mode = 00000000
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_private_mode = 00000000
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_private_mode = 00000000
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_private_mode = 00000000
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_private_mode = 00000000
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_private_mode = 00000000
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_cert_private = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_cert_private = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_cert_private = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_cert_private = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_cert_private = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_cert_private = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_cert_private = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_cert_private = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_cert_private = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_cert_private = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_cert_private = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_cert_private = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_cert_private = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_cert_private = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_cert_private = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_cert_private = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_pin_cache_period = -1
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_id = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pkcs11_id_management = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: server_network = 10.8.0.0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: server_netmask = 255.255.255.0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: server_network_ipv6 = ::
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: server_netbits_ipv6 = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: server_bridge_ip = 0.0.0.0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: server_bridge_netmask = 0.0.0.0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: server_bridge_pool_start = 0.0.0.0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: server_bridge_pool_end = 0.0.0.0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: push_entry = 'dhcp-option DNS 10.8.0.1'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: push_entry = 'redirect-gateway def1'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: push_entry = 'route-gateway 10.8.0.1'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: push_entry = 'topology subnet'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: push_entry = 'ping 10'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: push_entry = 'ping-restart 120'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: ifconfig_pool_defined = ENABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: ifconfig_pool_start = 10.8.0.2
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: ifconfig_pool_end = 10.8.0.253
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: ifconfig_pool_netmask = 255.255.255.0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: ifconfig_pool_persist_filename = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: ifconfig_pool_persist_refresh_freq = 600
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: ifconfig_ipv6_pool_defined = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: ifconfig_ipv6_pool_base = ::
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: ifconfig_ipv6_pool_netbits = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: n_bcast_buf = 256
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: tcp_queue_limit = 64
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: real_hash_size = 256
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: virtual_hash_size = 256
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: client_connect_script = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: learn_address_script = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: client_disconnect_script = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: client_config_dir = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: ccd_exclusive = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: tmp_dir = '/tmp'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: push_ifconfig_defined = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: push_ifconfig_local = 0.0.0.0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: push_ifconfig_remote_netmask = 0.0.0.0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: push_ifconfig_ipv6_defined = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: push_ifconfig_ipv6_local = ::/0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: push_ifconfig_ipv6_remote = ::
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: enable_c2c = ENABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: duplicate_cn = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: cf_max = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: cf_per = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: max_clients = 1024
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: max_routes_per_client = 256
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: auth_user_pass_verify_script = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: auth_user_pass_verify_script_via_file = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: port_share_host = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: port_share_port = 0
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: client = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: pull = DISABLED
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: auth_user_pass_file = '[UNDEF]'
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL]
[PKCS11] [MH] [IPv6] built on Jun 27 2017
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: library versions: OpenSSL 1.0.1t 3 May 2016, LZO 2.08
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: NOTE: your local LAN uses the extremely common subnet address 192.168.0.
x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locati
ons such as internet cafes that use the same subnet.
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: Diffie-Hellman initialized with 2048 bit key
Apr 9 22:01:48 raspberrypi ovpn-server[12196]: Control Channel Authentication: using '/etc/openvpn/easy-rsa/pki/ta.key'
as a OpenVPN static key file
Apr 9 22:01:49 raspberrypi ovpn-server[12196]: Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA
256' for HMAC authentication
Apr 9 22:01:49 raspberrypi ovpn-server[12196]: Incoming Control Channel Authentication: Using 256 bit message hash 'SHA
256' for HMAC authentication
Apr 9 22:01:49 raspberrypi ovpn-server[12196]: TLS-Auth MTU parms [ L:1570 D:178 EF:78 EB:0 ET:0 EL:0 ]
Apr 9 22:01:49 raspberrypi ovpn-server[12196]: Socket Buffers: R=[163840->131072] S=[163840->131072]
Apr 9 22:01:49 raspberrypi ovpn-server[12196]: TUN/TAP device tun0 opened
Apr 9 22:01:49 raspberrypi ovpn-server[12196]: TUN/TAP TX queue length set to 100
Apr 9 22:01:49 raspberrypi ovpn-server[12196]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Apr 9 22:01:49 raspberrypi ovpn-server[12196]: /sbin/ip link set dev tun0 up mtu 1500
Apr 9 22:01:49 raspberrypi ovpn-server[12196]: /sbin/ip addr add dev tun0 10.8.0.1/24 broadcast 10.8.0.255
Apr 9 22:01:49 raspberrypi ovpn-server[12196]: Data Channel MTU parms [ L:1570 D:1450 EF:70 EB:135 ET:0 EL:0 AF:3/1 ]
Apr 9 22:01:49 raspberrypi ovpn-server[12210]: GID set to nogroup
Apr 9 22:01:49 raspberrypi ovpn-server[12210]: UID set to nobody
Apr 9 22:01:49 raspberrypi ovpn-server[12210]: UDPv4 link local (bound): [undef]
Apr 9 22:01:49 raspberrypi ovpn-server[12210]: UDPv4 link remote: [undef]
Apr 9 22:01:49 raspberrypi ovpn-server[12210]: MULTI: multi_init called, r=256 v=256
Apr 9 22:01:49 raspberrypi ovpn-server[12210]: IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Apr 9 22:01:49 raspberrypi ovpn-server[12210]: Initialization Sequence Completed
Apr 9 22:02:46 raspberrypi ovpn-server[12210]: Authenticate/Decrypt packet error: packet HMAC authentication failed
Apr 9 22:02:46 raspberrypi ovpn-server[12210]: TLS Error: incoming packet authentication failed from [AF_INET]174.206.2
2.22:7533
Apr 9 22:02:47 raspberrypi ovpn-server[12210]: Authenticate/Decrypt packet error: packet HMAC authentication failed
Apr 9 22:02:47 raspberrypi ovpn-server[12210]: TLS Error: incoming packet authentication failed from [AF_INET]174.206.2
2.22:7533
Apr 9 22:02:48 raspberrypi ovpn-server[12210]: Authenticate/Decrypt packet error: packet HMAC authentication failed
Apr 9 22:02:48 raspberrypi ovpn-server[12210]: TLS Error: incoming packet authentication failed from [AF_INET]174.206.2
2.22:7533
Apr 9 22:02:49 raspberrypi ovpn-server[12210]: Authenticate/Decrypt packet error: packet HMAC authentication failed
Apr 9 22:02:49 raspberrypi ovpn-server[12210]: TLS Error: incoming packet authentication failed from [AF_INET]174.206.2
2.22:7533
client
client
dev tun
proto udp
remote my.ip.addr.ess myport
resolv-retry infinite
nobind
persist-key
persist-tun
key-direction 1
remote-cert-tls server
tls-client
tls-version-min 1.2
verify-x509-name server_CqXZt2pzIwXhf5hu name
cipher AES-256-CBC
auth SHA256
comp-lzo
verb 4
<ca>
——BEGIN CERTIFICATE——
MIIDKzCCAhOgAwIBAgIJAKz6z0Dsg1+OMA0GCSqGSIb3DQEBCwUAMBMxETAPBgNV
…
p6qHSlf+LfWBCRCdVwXijFNo5Oaa1QDjuf+uwf8zR49cMFMxVF+21YDCWBRTObc=
——END CERTIFICATE——
</ca>
<cert>
——BEGIN CERTIFICATE——
MIIDTjCCAjagAwIBAgIQVo8CQgi4k3WnDcX1berdRTANBgkqhkiG9w0BAQsFADAT
…
IDp76MrxIaRcftaMfef2dttHSyhnB98GqfhoW61mvMxubg==
——END CERTIFICATE——
</cert>
<key>
——BEGIN RSA PRIVATE KEY——
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,79FE993D8B53C922
rWdKn1mTqF/v+0FFDwjh2x14Lya/0Rhr+GyfzQhIbkeDZdZkJj0KrCY7dpun+PDV
…
gXgS+L7yKiSygvuLaP4+3dtL6Q33XaDVBUckz8qbxx7XvXNXmRpqYVWCBYF1Js5K
——END RSA PRIVATE KEY——
</key>
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
——BEGIN OpenVPN Static key V1——
0ed14a0c3ac769ba1c06d2d7eab07644
…
a7be8892e7cbf07c5a2284f95ec2ea35
——END OpenVPN Static key V1——
</tls-crypt>
Code: Select all
17:17:45.337 -- ----- OpenVPN Start -----
17:17:45.337 -- EVENT: CORE_THREAD_ACTIVE
17:17:45.339 -- Frame=512/2048/512 mssfix-ctrl=1250
17:17:45.344 -- UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
10 [tls-client]
12 [verify-x509-name] [server_CqXZt2pzIwXhf5hu] [name]
16 [verb] [4]
17:17:45.345 -- EVENT: RESOLVE
17:17:45.347 -- Contacting my.ip.addr.ess:myport via UDP
17:17:45.347 -- EVENT: WAIT
17:17:45.348 -- Connecting to [my.ip.addr.ess]:myport (my.ip.addr.ess) via UDPv4
17:17:55.334 -- EVENT: CONNECTION_TIMEOUT
17:17:55.336 -- EVENT: DISCONNECTED
17:17:55.338 -- EVENT: CORE_THREAD_INACTIVE
17:17:55.338 -- Tunnel bytes per CPU second: 0
17:17:55.339 -- ----- OpenVPN Stop -----Thanks for any help!
Brad
Last edited by bznelson on Tue Apr 10, 2018 12:34 pm, edited 1 time in total.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11142
- Joined: Fri Jun 03, 2016 1:17 pm
Re: HMAC authentication failed while trying to connect
Post
by TinCanTech » Tue Apr 10, 2018 10:54 am
You have a PKI defined in your server but no client CA/cert/key/tlsauth .. is that intentional ?
-
bznelson
- OpenVpn Newbie
- Posts: 6
- Joined: Mon Mar 19, 2018 1:13 am
Re: HMAC authentication failed while trying to connect
Post
by bznelson » Tue Apr 10, 2018 12:44 pm
If you’re talking about the client keys/certs, I had omitted them in my original post. I’ve put them in but redacted/truncated (and I see that the oconf tag does some of that as well). The server side’s keys/certs match appropriately, as far as I can see:
ca matches /etc/openvpn/easy-rsa/ca.crt
cert matches one of the certs in /etc/openvpn/easy-rsa/issued
key matches the appropriate key in /etc/openvpn/easy-rsa/private
tls-crypt matches /etc/openvpn/easy-rsa/ta.key
Brad
Last edited by bznelson on Wed Apr 11, 2018 4:16 am, edited 1 time in total.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11142
- Joined: Fri Jun 03, 2016 1:17 pm
Re: HMAC authentication failed while trying to connect
Post
by TinCanTech » Tue Apr 10, 2018 1:32 pm
Try without —user/group in your server config ..
-
bznelson
- OpenVpn Newbie
- Posts: 6
- Joined: Mon Mar 19, 2018 1:13 am
Re: HMAC authentication failed while trying to connect
Post
by bznelson » Tue Apr 10, 2018 9:58 pm
TinCanTech wrote: ↑
Tue Apr 10, 2018 1:32 pm
Try without —user/group in your server config ..
Same error with this change.
Brad
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11142
- Joined: Fri Jun 03, 2016 1:17 pm
Re: HMAC authentication failed while trying to connect
Post
by TinCanTech » Wed Apr 11, 2018 1:02 am
bznelson wrote: ↑
Tue Apr 10, 2018 12:44 pm
cert matches one of the certs in /etc/openvpn/easy-rsa/certs_by_serial
You mean «matches /etc/openvpn/easy-rsa/issued» .. right ?
-
bznelson
- OpenVpn Newbie
- Posts: 6
- Joined: Mon Mar 19, 2018 1:13 am
Re: HMAC authentication failed while trying to connect
Post
by bznelson » Wed Apr 11, 2018 4:16 am
TinCanTech wrote: ↑
Wed Apr 11, 2018 1:02 am
bznelson wrote: ↑
Tue Apr 10, 2018 12:44 pm
cert matches one of the certs in /etc/openvpn/easy-rsa/certs_by_serialYou mean «matches /etc/openvpn/easy-rsa/issued» .. right ?
That, too, yes. 
Brad
-
bznelson
- OpenVpn Newbie
- Posts: 6
- Joined: Mon Mar 19, 2018 1:13 am
Re: HMAC authentication failed while trying to connect
Post
by bznelson » Wed Apr 11, 2018 12:39 pm
Any other ideas? I’ve tried regenerating the client ovpn profile, and I’ve tried doing another profile and connecting with the Windows client from a Windows 10 laptop, same error.
Brad
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11142
- Joined: Fri Jun 03, 2016 1:17 pm
Re: HMAC authentication failed while trying to connect
Post
by TinCanTech » Wed Apr 11, 2018 1:11 pm
bznelson wrote: ↑
Mon Apr 09, 2018 10:52 pm
Apr 9 22:02:46 raspberrypi ovpn-server[12210]: Authenticate/Decrypt packet error: packet HMAC authentication failed
Apr 9 22:02:46 raspberrypi ovpn-server[12210]: TLS Error: incoming packet authentication failed from [AF_INET]174.206.2 2.22:7533
This usually means you have the wrong ta.key installed somewhere.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11142
- Joined: Fri Jun 03, 2016 1:17 pm
Re: HMAC authentication failed while trying to connect
Post
by TinCanTech » Wed Apr 11, 2018 1:41 pm
bznelson wrote: ↑
Mon Apr 09, 2018 10:52 pm
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
bznelson wrote: ↑
Mon Apr 09, 2018 10:52 pm
<tls-crypt>
-
bznelson
- OpenVpn Newbie
- Posts: 6
- Joined: Mon Mar 19, 2018 1:13 am
Re: HMAC authentication failed while trying to connect
Post
by bznelson » Wed Apr 11, 2018 9:13 pm
Ah yes, the tls-auth/tls-crypt, that’s it! Thank you so much! I was running a 2.3 server, but I had initially installed 2.4 and I guess there was some cross pollination.
Thanks again!
Brad