Hello,
I try to set up an openvpn server on microtik and after i fallowed all in this topic i get tls error.
I will post my configs and logs maybe someone can point me where i`m wrong.
Microtik Log :
20:20:38 ovpn,debug,error,20076,29312,60348,61328,27884,20684,58064,60344,l2tp,info,60348,debug,79,65535,critical,8976,62372,29584,20008,20760,31112,29312,20148,20144,20684,
41904,20684,packet duplicate packet, dropping
20:20:38 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=35e032ad92ca5c6b pid=1 DATA len=293
20:20:38 ovpn,debug,packet sent P_ACK kid=0 sid=9a7e849ce3139b68 [1 sid=35e032ad92ca5c6b] DATA len=0
20:20:38 ovpn,debug,packet sent P_CONTROL kid=0 sid=9a7e849ce3139b68 pid=1 DATA len=933
20:20:38 ovpn,debug <10.10.10.3>: disconnected <peer disconnected>
20:20:43 ovpn,info TCP connection established from 10.10.10.3
20:20:43 ovpn,debug,packet sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=156fd32f2dee8e68 pid=0 DATA len=0
20:20:44 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=effd2eb77764ddc4 pid=0 DATA len=0
20:20:44 ovpn,debug,packet sent P_ACK kid=0 sid=156fd32f2dee8e68 [0 sid=effd2eb77764ddc4] DATA len=0
20:20:44 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=effd2eb77764ddc4 [0 sid=156fd32f2dee8e68] pid=0 DATA len=0
20:20:44 ovpn,debug,error,20076,29312,60348,61328,27884,20684,58064,60344,l2tp,info,60348,debug,79,65535,critical,8976,62372,29584,20008,20760,31112,29312,20148,20144,20684,
41904,20684,packet duplicate packet, dropping
20:20:44 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=effd2eb77764ddc4 pid=1 DATA len=293
20:20:44 ovpn,debug,packet sent P_ACK kid=0 sid=156fd32f2dee8e68 [1 sid=effd2eb77764ddc4] DATA len=0
20:20:44 ovpn,debug,packet sent P_CONTROL kid=0 sid=156fd32f2dee8e68 pid=1 DATA len=933
20:20:44 ovpn,debug <10.10.10.3>: disconnected <peer disconnected>
20:20:49 ovpn,info TCP connection established from 10.10.10.3
20:20:49 ovpn,debug,packet sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=e91b8bfe5da9ee27 pid=0 DATA len=0
20:20:50 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=35efaf7d447f6c7 pid=0 DATA len=0
20:20:50 ovpn,debug,packet sent P_ACK kid=0 sid=e91b8bfe5da9ee27 [0 sid=35efaf7d447f6c7] DATA len=0
20:20:50 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=35efaf7d447f6c7 [0 sid=e91b8bfe5da9ee27] pid=0 DATA len=0
20:20:50 ovpn,debug,error,20076,29312,60348,61328,27884,20684,58064,60344,l2tp,info,60348,debug,79,65535,critical,8976,62372,29584,20008,20760,31112,29312,20148,20144,20684,
41904,20684,packet duplicate packet, dropping
20:20:50 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=35efaf7d447f6c7 pid=1 DATA len=293
20:20:50 ovpn,debug,packet sent P_ACK kid=0 sid=e91b8bfe5da9ee27 [1 sid=35efaf7d447f6c7] DATA len=0
20:20:50 ovpn,debug,packet sent P_CONTROL kid=0 sid=e91b8bfe5da9ee27 pid=1 DATA len=933
20:20:50 ovpn,debug <10.10.10.3>: disconnected <peer disconnected>
20:20:56 ovpn,info TCP connection established from 10.10.10.3
20:20:56 ovpn,debug,packet sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=9986814ecf7f806a pid=0 DATA len=0
20:20:56 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=d899584ffaf3574 pid=0 DATA len=0
20:20:56 ovpn,debug,packet sent P_ACK kid=0 sid=9986814ecf7f806a [0 sid=d899584ffaf3574] DATA len=0
20:20:56 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=d899584ffaf3574 [0 sid=9986814ecf7f806a] pid=0 DATA len=0
20:20:56 ovpn,debug,error,20076,29312,60348,61328,27884,20684,58064,60344,l2tp,info,60348,debug,79,65535,critical,8976,62372,29584,20008,20760,31112,29312,20148,20144,20684,
41904,20684,packet duplicate packet, dropping
20:20:56 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=d899584ffaf3574 pid=1 DATA len=293
20:20:56 ovpn,debug,packet sent P_ACK kid=0 sid=9986814ecf7f806a [1 sid=d899584ffaf3574] DATA len=0
20:20:56 ovpn,debug,packet sent P_CONTROL kid=0 sid=9986814ecf7f806a pid=1 DATA len=933
20:20:57 ovpn,debug <10.10.10.3>: disconnected <peer disconnected>
Windows client config
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
proto tcp
;proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote kiaunel.fiberdatatelecom.ro 1194
;remote my-server-2 1194
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don’t need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It’s best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca myCa.crt
cert client.crt
key client.key
# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
# digitalSignature, keyEncipherment
# and the extendedKeyUsage to
# serverAuth
# EasyRSA can do this for you.
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher AES 128
# Enable compression on the VPN link.
# Don’t enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Set log file verbosity.
verb 5
# Silence repeating messages
;mute 20
Windows client log :
Sun Jan 24 20:20:31 2016 us=64211 Current Parameter Settings:
Sun Jan 24 20:20:31 2016 us=64211 config = ‘client.ovpn’
Sun Jan 24 20:20:31 2016 us=64211 mode = 0
Sun Jan 24 20:20:31 2016 us=64211 show_ciphers = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 show_digests = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 show_engines = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 genkey = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 key_pass_file = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 show_tls_ciphers = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 Connection profiles [default]:
Sun Jan 24 20:20:31 2016 us=64211 proto = tcp-client
Sun Jan 24 20:20:31 2016 us=64211 local = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 local_port = 0
Sun Jan 24 20:20:31 2016 us=64211 remote = ‘kiaunel.fiberdatatelecom.ro’
Sun Jan 24 20:20:31 2016 us=64211 remote_port = 1194
Sun Jan 24 20:20:31 2016 us=64211 remote_float = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 bind_defined = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 bind_local = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 connect_retry_seconds = 5
Sun Jan 24 20:20:31 2016 us=64211 connect_timeout = 10
Sun Jan 24 20:20:31 2016 us=64211 connect_retry_max = 0
Sun Jan 24 20:20:31 2016 us=64211 socks_proxy_server = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 socks_proxy_port = 0
Sun Jan 24 20:20:31 2016 us=64211 socks_proxy_retry = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 tun_mtu = 1500
Sun Jan 24 20:20:31 2016 us=64211 tun_mtu_defined = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 link_mtu = 1500
Sun Jan 24 20:20:31 2016 us=64211 link_mtu_defined = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 tun_mtu_extra = 0
Sun Jan 24 20:20:31 2016 us=64211 tun_mtu_extra_defined = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 mtu_discover_type = -1
Sun Jan 24 20:20:31 2016 us=64211 fragment = 0
Sun Jan 24 20:20:31 2016 us=64211 mssfix = 1450
Sun Jan 24 20:20:31 2016 us=64211 explicit_exit_notification = 0
Sun Jan 24 20:20:31 2016 us=64211 Connection profiles END
Sun Jan 24 20:20:31 2016 us=64211 remote_random = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 ipchange = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 dev = ‘tun’
Sun Jan 24 20:20:31 2016 us=64211 dev_type = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 dev_node = ‘MyTap’
Sun Jan 24 20:20:31 2016 us=64211 lladdr = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 topology = 1
Sun Jan 24 20:20:31 2016 us=64211 tun_ipv6 = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 ifconfig_local = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 ifconfig_remote_netmask = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 ifconfig_noexec = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 ifconfig_nowarn = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 ifconfig_ipv6_local = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 ifconfig_ipv6_netbits = 0
Sun Jan 24 20:20:31 2016 us=64211 ifconfig_ipv6_remote = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 shaper = 0
Sun Jan 24 20:20:31 2016 us=64211 mtu_test = 0
Sun Jan 24 20:20:31 2016 us=64211 mlock = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 keepalive_ping = 0
Sun Jan 24 20:20:31 2016 us=64211 keepalive_timeout = 0
Sun Jan 24 20:20:31 2016 us=64211 inactivity_timeout = 0
Sun Jan 24 20:20:31 2016 us=64211 ping_send_timeout = 0
Sun Jan 24 20:20:31 2016 us=64211 ping_rec_timeout = 0
Sun Jan 24 20:20:31 2016 us=64211 ping_rec_timeout_action = 0
Sun Jan 24 20:20:31 2016 us=64211 ping_timer_remote = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 remap_sigusr1 = 0
Sun Jan 24 20:20:31 2016 us=64211 persist_tun = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 persist_local_ip = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 persist_remote_ip = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 persist_key = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 passtos = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 resolve_retry_seconds = 1000000000
Sun Jan 24 20:20:31 2016 us=64211 username = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 groupname = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 chroot_dir = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 cd_dir = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 writepid = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 up_script = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 down_script = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 down_pre = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 up_restart = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 up_delay = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 daemon = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 inetd = 0
Sun Jan 24 20:20:31 2016 us=64211 log = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 suppress_timestamps = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 nice = 0
Sun Jan 24 20:20:31 2016 us=64211 verbosity = 5
Sun Jan 24 20:20:31 2016 us=64211 mute = 0
Sun Jan 24 20:20:31 2016 us=64211 gremlin = 0
Sun Jan 24 20:20:31 2016 us=64211 status_file = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 status_file_version = 1
Sun Jan 24 20:20:31 2016 us=64211 status_file_update_freq = 60
Sun Jan 24 20:20:31 2016 us=64211 occ = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 rcvbuf = 0
Sun Jan 24 20:20:31 2016 us=64211 sndbuf = 0
Sun Jan 24 20:20:31 2016 us=64211 sockflags = 0
Sun Jan 24 20:20:31 2016 us=64211 fast_io = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 lzo = 0
Sun Jan 24 20:20:31 2016 us=64211 route_script = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 route_default_gateway = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 route_default_metric = 0
Sun Jan 24 20:20:31 2016 us=64211 route_noexec = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 route_delay = 5
Sun Jan 24 20:20:31 2016 us=64211 route_delay_window = 30
Sun Jan 24 20:20:31 2016 us=64211 route_delay_defined = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 route_nopull = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 route_gateway_via_dhcp = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 max_routes = 100
Sun Jan 24 20:20:31 2016 us=64211 allow_pull_fqdn = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 management_addr = ‘127.0.0.1’
Sun Jan 24 20:20:31 2016 us=64211 management_port = 25340
Sun Jan 24 20:20:31 2016 us=64211 management_user_pass = ‘stdin’
Sun Jan 24 20:20:31 2016 us=64211 management_log_history_cache = 250
Sun Jan 24 20:20:31 2016 us=64211 management_echo_buffer_size = 100
Sun Jan 24 20:20:31 2016 us=64211 management_write_peer_info_file = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 management_client_user = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 management_client_group = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 management_flags = 6
Sun Jan 24 20:20:31 2016 us=64211 shared_secret_file = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 key_direction = 0
Sun Jan 24 20:20:31 2016 us=64211 ciphername_defined = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 ciphername = ‘BF-CBC’
Sun Jan 24 20:20:31 2016 us=64211 authname_defined = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 authname = ‘SHA1’
Sun Jan 24 20:20:31 2016 us=64211 prng_hash = ‘SHA1’
Sun Jan 24 20:20:31 2016 us=64211 prng_nonce_secret_len = 16
Sun Jan 24 20:20:31 2016 us=64211 keysize = 0
Sun Jan 24 20:20:31 2016 us=64211 engine = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 replay = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 mute_replay_warnings = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 replay_window = 64
Sun Jan 24 20:20:31 2016 us=64211 replay_time = 15
Sun Jan 24 20:20:31 2016 us=64211 packet_id_file = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 use_iv = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 test_crypto = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 tls_server = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 tls_client = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 key_method = 2
Sun Jan 24 20:20:31 2016 us=64211 ca_file = ‘myCa.crt’
Sun Jan 24 20:20:31 2016 us=64211 ca_path = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 dh_file = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 cert_file = ‘client.crt’
Sun Jan 24 20:20:31 2016 us=64211 extra_certs_file = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 priv_key_file = ‘client.key’
Sun Jan 24 20:20:31 2016 us=64211 pkcs12_file = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 cryptoapi_cert = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 cipher_list = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 tls_verify = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 tls_export_cert = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 verify_x509_type = 0
Sun Jan 24 20:20:31 2016 us=64211 verify_x509_name = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 crl_file = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 ns_cert_type = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku = 160
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku = 136
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku[i] = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku[i] = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku[i] = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku[i] = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku[i] = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku[i] = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_eku = ‘TLS Web Server Authentication’
Sun Jan 24 20:20:31 2016 us=64211 ssl_flags = 0
Sun Jan 24 20:20:31 2016 us=64211 tls_timeout = 2
Sun Jan 24 20:20:31 2016 us=64211 renegotiate_bytes = 0
Sun Jan 24 20:20:31 2016 us=64211 renegotiate_packets = 0
Sun Jan 24 20:20:31 2016 us=64211 renegotiate_seconds = 3600
Sun Jan 24 20:20:31 2016 us=64211 handshake_window = 60
Sun Jan 24 20:20:31 2016 us=64211 transition_window = 3600
Sun Jan 24 20:20:31 2016 us=64211 single_session = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 push_peer_info = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 tls_exit = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 tls_auth_file = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_pin_cache_period = -1
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_id = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_id_management = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 server_network = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=64211 server_netmask = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=81850 server_network_ipv6 = ::
Sun Jan 24 20:20:31 2016 us=81850 server_netbits_ipv6 = 0
Sun Jan 24 20:20:31 2016 us=81850 server_bridge_ip = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=81850 server_bridge_netmask = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=81850 server_bridge_pool_start = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=81850 server_bridge_pool_end = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=81850 ifconfig_pool_defined = DISABLED
Sun Jan 24 20:20:31 2016 us=81850 ifconfig_pool_start = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=81850 ifconfig_pool_end = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=81850 ifconfig_pool_netmask = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=81850 ifconfig_pool_persist_filename = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=81850 ifconfig_pool_persist_refresh_freq = 600
Sun Jan 24 20:20:31 2016 us=81850 ifconfig_ipv6_pool_defined = DISABLED
Sun Jan 24 20:20:31 2016 us=81850 ifconfig_ipv6_pool_base = ::
Sun Jan 24 20:20:31 2016 us=81850 ifconfig_ipv6_pool_netbits = 0
Sun Jan 24 20:20:31 2016 us=81850 n_bcast_buf = 256
Sun Jan 24 20:20:31 2016 us=81850 tcp_queue_limit = 64
Sun Jan 24 20:20:31 2016 us=81850 real_hash_size = 256
Sun Jan 24 20:20:31 2016 us=82351 virtual_hash_size = 256
Sun Jan 24 20:20:31 2016 us=82351 client_connect_script = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=82351 learn_address_script = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=82351 client_disconnect_script = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=82351 client_config_dir = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=82351 ccd_exclusive = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 tmp_dir = ‘C:UserskiaunelAppDataLocalTemp’
Sun Jan 24 20:20:31 2016 us=82351 push_ifconfig_defined = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 push_ifconfig_local = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=82351 push_ifconfig_remote_netmask = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=82351 push_ifconfig_ipv6_defined = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 push_ifconfig_ipv6_local = ::/0
Sun Jan 24 20:20:31 2016 us=82351 push_ifconfig_ipv6_remote = ::
Sun Jan 24 20:20:31 2016 us=82351 enable_c2c = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 duplicate_cn = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 cf_max = 0
Sun Jan 24 20:20:31 2016 us=82351 cf_per = 0
Sun Jan 24 20:20:31 2016 us=82351 max_clients = 1024
Sun Jan 24 20:20:31 2016 us=82351 max_routes_per_client = 256
Sun Jan 24 20:20:31 2016 us=82351 auth_user_pass_verify_script = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=82351 auth_user_pass_verify_script_via_file = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 client = ENABLED
Sun Jan 24 20:20:31 2016 us=82351 pull = ENABLED
Sun Jan 24 20:20:31 2016 us=82351 auth_user_pass_file = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=82351 show_net_up = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 route_method = 0
Sun Jan 24 20:20:31 2016 us=82351 block_outside_dns = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 ip_win32_defined = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 ip_win32_type = 3
Sun Jan 24 20:20:31 2016 us=82351 dhcp_masq_offset = 0
Sun Jan 24 20:20:31 2016 us=82351 dhcp_lease_time = 31536000
Sun Jan 24 20:20:31 2016 us=82351 tap_sleep = 0
Sun Jan 24 20:20:31 2016 us=82351 dhcp_options = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 dhcp_renew = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 dhcp_pre_release = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 dhcp_release = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 domain = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=82351 netbios_scope = ‘[UNDEF]’
Sun Jan 24 20:20:31 2016 us=82351 netbios_node_type = 0
Sun Jan 24 20:20:31 2016 us=82351 disable_nbt = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jan 4 2016
Sun Jan 24 20:20:31 2016 us=82851 Windows version 6.2 (Windows 8 or greater)
Sun Jan 24 20:20:31 2016 us=82851 library versions: OpenSSL 1.0.1q 3 Dec 2015, LZO 2.09
Enter Management Password:
Sun Jan 24 20:20:31 2016 us=82851 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Jan 24 20:20:31 2016 us=83351 Need hold release from management interface, waiting…
Sun Jan 24 20:20:31 2016 us=558936 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Jan 24 20:20:31 2016 us=670061 MANAGEMENT: CMD ‘state on’
Sun Jan 24 20:20:31 2016 us=670560 MANAGEMENT: CMD ‘log all on’
Sun Jan 24 20:20:31 2016 us=825697 MANAGEMENT: CMD ‘hold off’
Sun Jan 24 20:20:31 2016 us=825697 MANAGEMENT: CMD ‘hold release’
Sun Jan 24 20:20:37 2016 us=124614 MANAGEMENT: CMD ‘password […]’
Sun Jan 24 20:20:37 2016 us=125117 WARNING: this configuration may cache passwords in memory — use the auth-nocache option to prevent this
Sun Jan 24 20:20:37 2016 us=134123 Control Channel MTU parms [ L:1543 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Sun Jan 24 20:20:37 2016 us=134624 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Jan 24 20:20:37 2016 us=134624 MANAGEMENT: >STATE:1453659637,RESOLVE,,,
Sun Jan 24 20:20:37 2016 us=281429 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:12 ET:0 EL:3 ]
Sun Jan 24 20:20:37 2016 us=281429 Local Options String: ‘V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client’
Sun Jan 24 20:20:37 2016 us=281429 Expected Remote Options String: ‘V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server’
Sun Jan 24 20:20:37 2016 us=281429 Local Options hash (VER=V4): ‘db02a8f8’
Sun Jan 24 20:20:37 2016 us=281429 Expected Remote Options hash (VER=V4): ‘7e068940’
Sun Jan 24 20:20:37 2016 us=281429 Attempting to establish TCP connection with [AF_INET]89.137.228.94:1194 [nonblock]
Sun Jan 24 20:20:37 2016 us=281429 MANAGEMENT: >STATE:1453659637,TCP_CONNECT,,,
Sun Jan 24 20:20:38 2016 us=313123 TCP connection established with [AF_INET]89.137.228.94:1194
Sun Jan 24 20:20:38 2016 us=313123 TCPv4_CLIENT link local: [undef]
Sun Jan 24 20:20:38 2016 us=313623 TCPv4_CLIENT link remote: [AF_INET]89.137.228.94:1194
Sun Jan 24 20:20:38 2016 us=314122 MANAGEMENT: >STATE:1453659638,WAIT,,,
Sun Jan 24 20:20:38 2016 us=315124 MANAGEMENT: >STATE:1453659638,AUTH,,,
Sun Jan 24 20:20:38 2016 us=315630 TLS: Initial packet from [AF_INET]89.137.228.94:1194, sid=9a7e849c e3139b68
Sun Jan 24 20:20:38 2016 us=632417 Validating certificate key usage
Sun Jan 24 20:20:38 2016 us=632417 ++ Certificate has key usage 0006, expects 00a0
Sun Jan 24 20:20:38 2016 us=632417 ++ Certificate has key usage 0006, expects 0088
Sun Jan 24 20:20:38 2016 us=632417 VERIFY KU ERROR
Sun Jan 24 20:20:38 2016 us=632417 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sun Jan 24 20:20:38 2016 us=632417 TLS Error: TLS object -> incoming plaintext read error
Sun Jan 24 20:20:38 2016 us=632417 TLS Error: TLS handshake failed
Sun Jan 24 20:20:38 2016 us=632417 Fatal TLS error (check_tls_errors_co), restarting
Sun Jan 24 20:20:38 2016 us=632417 TCP/UDP: Closing socket
Sun Jan 24 20:20:38 2016 us=632417 SIGUSR1[soft,tls-error] received, process restarting
Sun Jan 24 20:20:38 2016 us=632417 MANAGEMENT: >STATE:1453659638,RECONNECTING,tls-error,,
Sun Jan 24 20:20:38 2016 us=632417 Restart pause, 5 second(s)
Sun Jan 24 20:20:43 2016 us=656149 Re-using SSL/TLS context
Sun Jan 24 20:20:43 2016 us=656657 Control Channel MTU parms [ L:1543 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Sun Jan 24 20:20:43 2016 us=657157 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Jan 24 20:20:43 2016 us=657157 MANAGEMENT: >STATE:1453659643,RESOLVE,,,
Sun Jan 24 20:20:43 2016 us=658158 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:12 ET:0 EL:3 ]
Sun Jan 24 20:20:43 2016 us=658658 Local Options String: ‘V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client’
Sun Jan 24 20:20:43 2016 us=659170 Expected Remote Options String: ‘V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server’
Sun Jan 24 20:20:43 2016 us=659664 Local Options hash (VER=V4): ‘db02a8f8’
Sun Jan 24 20:20:43 2016 us=659664 Expected Remote Options hash (VER=V4): ‘7e068940’
Sun Jan 24 20:20:43 2016 us=659664 Attempting to establish TCP connection with [AF_INET]89.137.228.94:1194 [nonblock]
Sun Jan 24 20:20:43 2016 us=660165 MANAGEMENT: >STATE:1453659643,TCP_CONNECT,,,
Sun Jan 24 20:20:44 2016 us=672632 TCP connection established with [AF_INET]89.137.228.94:1194
Sun Jan 24 20:20:44 2016 us=673120 TCPv4_CLIENT link local: [undef]
Sun Jan 24 20:20:44 2016 us=673120 TCPv4_CLIENT link remote: [AF_INET]89.137.228.94:1194
Sun Jan 24 20:20:44 2016 us=673120 MANAGEMENT: >STATE:1453659644,WAIT,,,
Sun Jan 24 20:20:44 2016 us=674127 MANAGEMENT: >STATE:1453659644,AUTH,,,
Sun Jan 24 20:20:44 2016 us=674627 TLS: Initial packet from [AF_INET]89.137.228.94:1194, sid=156fd32f 2dee8e68
Sun Jan 24 20:20:44 2016 us=727861 Validating certificate key usage
Sun Jan 24 20:20:44 2016 us=727861 ++ Certificate has key usage 0006, expects 00a0
Sun Jan 24 20:20:44 2016 us=727861 ++ Certificate has key usage 0006, expects 0088
Sun Jan 24 20:20:44 2016 us=727861 VERIFY KU ERROR
Sun Jan 24 20:20:44 2016 us=727861 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sun Jan 24 20:20:44 2016 us=727861 TLS Error: TLS object -> incoming plaintext read error
Sun Jan 24 20:20:44 2016 us=727861 TLS Error: TLS handshake failed
Sun Jan 24 20:20:44 2016 us=727861 Fatal TLS error (check_tls_errors_co), restarting
Sun Jan 24 20:20:44 2016 us=727861 TCP/UDP: Closing socket
Sun Jan 24 20:20:44 2016 us=727861 SIGUSR1[soft,tls-error] received, process restarting
Sun Jan 24 20:20:44 2016 us=727861 MANAGEMENT: >STATE:1453659644,RECONNECTING,tls-error,,
Sun Jan 24 20:20:44 2016 us=727861 Restart pause, 5 second(s)
Sun Jan 24 20:20:49 2016 us=761155 Re-using SSL/TLS context
Sun Jan 24 20:20:49 2016 us=761664 Control Channel MTU parms [ L:1543 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Sun Jan 24 20:20:49 2016 us=761664 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Jan 24 20:20:49 2016 us=762162 MANAGEMENT: >STATE:1453659649,RESOLVE,,,
Sun Jan 24 20:20:49 2016 us=762665 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:12 ET:0 EL:3 ]
Sun Jan 24 20:20:49 2016 us=762665 Local Options String: ‘V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client’
Sun Jan 24 20:20:49 2016 us=763165 Expected Remote Options String: ‘V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server’
Sun Jan 24 20:20:49 2016 us=763165 Local Options hash (VER=V4): ‘db02a8f8’
Sun Jan 24 20:20:49 2016 us=763165 Expected Remote Options hash (VER=V4): ‘7e068940’
Sun Jan 24 20:20:49 2016 us=763165 Attempting to establish TCP connection with [AF_INET]89.137.228.94:1194 [nonblock]
Sun Jan 24 20:20:49 2016 us=763666 MANAGEMENT: >STATE:1453659649,TCP_CONNECT,,,
Sun Jan 24 20:20:50 2016 us=777603 TCP connection established with [AF_INET]89.137.228.94:1194
Sun Jan 24 20:20:50 2016 us=778104 TCPv4_CLIENT link local: [undef]
Sun Jan 24 20:20:50 2016 us=778104 TCPv4_CLIENT link remote: [AF_INET]89.137.228.94:1194
Sun Jan 24 20:20:50 2016 us=778605 MANAGEMENT: >STATE:1453659650,WAIT,,,
Sun Jan 24 20:20:50 2016 us=779608 MANAGEMENT: >STATE:1453659650,AUTH,,,
Sun Jan 24 20:20:50 2016 us=780105 TLS: Initial packet from [AF_INET]89.137.228.94:1194, sid=e91b8bfe 5da9ee27
Sun Jan 24 20:20:50 2016 us=822462 Validating certificate key usage
Sun Jan 24 20:20:50 2016 us=822462 ++ Certificate has key usage 0006, expects 00a0
Sun Jan 24 20:20:50 2016 us=822462 ++ Certificate has key usage 0006, expects 0088
Sun Jan 24 20:20:50 2016 us=822462 VERIFY KU ERROR
Sun Jan 24 20:20:50 2016 us=822462 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sun Jan 24 20:20:50 2016 us=822462 TLS Error: TLS object -> incoming plaintext read error
Sun Jan 24 20:20:50 2016 us=822462 TLS Error: TLS handshake failed
Sun Jan 24 20:20:50 2016 us=822462 Fatal TLS error (check_tls_errors_co), restarting
Sun Jan 24 20:20:50 2016 us=822462 TCP/UDP: Closing socket
Sun Jan 24 20:20:50 2016 us=822462 SIGUSR1[soft,tls-error] received, process restarting
Sun Jan 24 20:20:50 2016 us=822462 MANAGEMENT: >STATE:1453659650,RECONNECTING,tls-error,,
Sun Jan 24 20:20:50 2016 us=822462 Restart pause, 5 second(s)
Sun Jan 24 20:20:55 2016 us=877529 Re-using SSL/TLS context
Sun Jan 24 20:20:55 2016 us=877529 Control Channel MTU parms [ L:1543 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Sun Jan 24 20:20:55 2016 us=878032 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Jan 24 20:20:55 2016 us=878530 MANAGEMENT: >STATE:1453659655,RESOLVE,,,
Sun Jan 24 20:20:55 2016 us=879528 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:12 ET:0 EL:3 ]
Sun Jan 24 20:20:55 2016 us=879528 Local Options String: ‘V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client’
Sun Jan 24 20:20:55 2016 us=880025 Expected Remote Options String: ‘V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server’
Sun Jan 24 20:20:55 2016 us=880025 Local Options hash (VER=V4): ‘db02a8f8’
Sun Jan 24 20:20:55 2016 us=880025 Expected Remote Options hash (VER=V4): ‘7e068940’
Sun Jan 24 20:20:55 2016 us=880526 Attempting to establish TCP connection with [AF_INET]89.137.228.94:1194 [nonblock]
Sun Jan 24 20:20:55 2016 us=880526 MANAGEMENT: >STATE:1453659655,TCP_CONNECT,,,
Sun Jan 24 20:20:56 2016 us=893345 TCP connection established with [AF_INET]89.137.228.94:1194
Sun Jan 24 20:20:56 2016 us=893842 TCPv4_CLIENT link local: [undef]
Sun Jan 24 20:20:56 2016 us=893842 TCPv4_CLIENT link remote: [AF_INET]89.137.228.94:1194
Sun Jan 24 20:20:56 2016 us=894343 MANAGEMENT: >STATE:1453659656,WAIT,,,
Sun Jan 24 20:20:56 2016 us=895342 MANAGEMENT: >STATE:1453659656,AUTH,,,
Sun Jan 24 20:20:56 2016 us=895843 TLS: Initial packet from [AF_INET]89.137.228.94:1194, sid=9986814e cf7f806a
Sun Jan 24 20:20:56 2016 us=946811 Validating certificate key usage
Sun Jan 24 20:20:56 2016 us=946811 ++ Certificate has key usage 0006, expects 00a0
Sun Jan 24 20:20:56 2016 us=947301 ++ Certificate has key usage 0006, expects 0088
Sun Jan 24 20:20:56 2016 us=947301 VERIFY KU ERROR
Sun Jan 24 20:20:56 2016 us=947796 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sun Jan 24 20:20:56 2016 us=947796 TLS Error: TLS object -> incoming plaintext read error
Sun Jan 24 20:20:56 2016 us=947796 TLS Error: TLS handshake failed
Sun Jan 24 20:20:56 2016 us=948305 Fatal TLS error (check_tls_errors_co), restarting
Sun Jan 24 20:20:56 2016 us=948305 TCP/UDP: Closing socket
Sun Jan 24 20:20:56 2016 us=948305 SIGUSR1[soft,tls-error] received, process restarting
Sun Jan 24 20:20:56 2016 us=948305 MANAGEMENT: >STATE:1453659656,RECONNECTING,tls-error,,
Sun Jan 24 20:20:56 2016 us=948305 Restart pause, 5 second(s)
Sun Jan 24 20:21:01 2016 us=966630 SIGTERM[hard,init_instance] received, process exiting
Sun Jan 24 20:21:01 2016 us=966630 MANAGEMENT: >STATE:1453659661,EXITING,init_instance,,
WRWRWRRWRWRWRRWRWRWRRWRWRWRR
Microtik server configuration
[admin@MikroTik] > cert print
Flags: K — private-key, D — dsa, L — crl, C — smart-card-key, A — authority, I — issued, R — revoked, E — expired, T — trusted
# NAME COMMON-NAME SUBJECT-ALT-NAME FINGERPRINT
0 microtik fiberdatatelecom.ro email:iulian.c@fiberdatatelecom.ro
1 L T certificate-response.pem_0 fiberdatatelecom.ro DNS:fiberdatatelecom.ro b99b3a15fe14c1187543797056d2a…
2 K A T myCa myCa 30ca22675721690a47d731c946570…
3 K A T server server 7604c6b2281305afb208beb35840d…
4 K A T client1 client1 e4956724a5ec3d8b1254ceb6d1ca5…
5 K A T client2 client2 2e9e5c16bbac7bb9388cf10e02247…
[admin@MikroTik] >
I`m using Ros 6.3.33.
Thanks in advance.
Log on the server side.
Code: Select all
Thu May 23 20:02:25 2013 us=929417 MULTI: multi_create_instance called
Thu May 23 20:02:25 2013 us=929490 Re-using SSL/TLS context
Thu May 23 20:02:25 2013 us=929510 LZO compression initialized
Thu May 23 20:02:25 2013 us=929596 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu May 23 20:02:25 2013 us=929619 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu May 23 20:02:25 2013 us=929670 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu May 23 20:02:25 2013 us=929684 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu May 23 20:02:25 2013 us=929708 Local Options hash (VER=V4): '3e6d1056'
Thu May 23 20:02:25 2013 us=929729 Expected Remote Options hash (VER=V4): '31fdf004'
Thu May 23 20:02:25 2013 us=929759 TCP connection established with 190.29.98.60:18134
Thu May 23 20:02:25 2013 us=929780 TCPv4_SERVER link local: [undef]
Thu May 23 20:02:25 2013 us=929796 TCPv4_SERVER link remote: 190.29.98.60:18134
Thu May 23 20:02:25 2013 us=930730 190.29.98.60:18134 TCPv4_SERVER READ [14] from 190.29.98.60:18134: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu May 23 20:02:25 2013 us=930775 190.29.98.60:18134 TLS: Initial packet from 190.29.98.60:18134, sid=38e9543e 75913372
Thu May 23 20:02:25 2013 us=930820 190.29.98.60:18134 TCPv4_SERVER WRITE [26] to 190.29.98.60:18134: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Thu May 23 20:02:25 2013 us=933212 190.29.98.60:18134 TCPv4_SERVER READ [22] from 190.29.98.60:18134: P_ACK_V1 kid=0 [ 0 ]
Thu May 23 20:02:25 2013 us=968658 190.29.98.60:18134 TCPv4_SERVER READ [114] from 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Thu May 23 20:02:25 2013 us=968743 190.29.98.60:18134 TCPv4_SERVER WRITE [22] to 190.29.98.60:18134: P_ACK_V1 kid=0 [ 1 ]
Thu May 23 20:02:25 2013 us=968794 190.29.98.60:18134 TCPv4_SERVER READ [114] from 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Thu May 23 20:02:25 2013 us=968847 190.29.98.60:18134 TCPv4_SERVER WRITE [22] to 190.29.98.60:18134: P_ACK_V1 kid=0 [ 2 ]
Thu May 23 20:02:25 2013 us=968885 190.29.98.60:18134 TCPv4_SERVER READ [24] from 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=10
Thu May 23 20:02:25 2013 us=975212 190.29.98.60:18134 TCPv4_SERVER WRITE [126] to 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ 3 ] pid=1 DATA len=100
Thu May 23 20:02:25 2013 us=975267 190.29.98.60:18134 TCPv4_SERVER WRITE [114] to 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Thu May 23 20:02:25 2013 us=975312 190.29.98.60:18134 TCPv4_SERVER WRITE [114] to 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Thu May 23 20:02:25 2013 us=975355 190.29.98.60:18134 TCPv4_SERVER WRITE [114] to 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=100
Thu May 23 20:02:26 2013 us=129628 190.29.98.60:18134 TCPv4_SERVER READ [22] from 190.29.98.60:18134: P_ACK_V1 kid=0 [ 1 ]
Thu May 23 20:02:26 2013 us=129706 190.29.98.60:18134 TCPv4_SERVER WRITE [114] to 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100
Thu May 23 20:02:26 2013 us=131889 190.29.98.60:18134 TCPv4_SERVER READ [30] from 190.29.98.60:18134: P_ACK_V1 kid=0 [ 2 3 4 ]
Thu May 23 20:02:26 2013 us=131965 190.29.98.60:18134 TCPv4_SERVER WRITE [114] to 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Thu May 23 20:02:26 2013 us=132025 190.29.98.60:18134 TCPv4_SERVER WRITE [114] to 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Thu May 23 20:02:26 2013 us=132099 190.29.98.60:18134 TCPv4_SERVER WRITE [114] to 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100
Thu May 23 20:02:26 2013 us=134032 190.29.98.60:18134 TCPv4_SERVER READ [22] from 190.29.98.60:18134: P_ACK_V1 kid=0 [ 5 ]
Thu May 23 20:02:26 2013 us=134112 190.29.98.60:18134 TCPv4_SERVER WRITE [114] to 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Thu May 23 20:02:26 2013 us=136098 190.29.98.60:18134 TCPv4_SERVER READ [22] from 190.29.98.60:18134: P_ACK_V1 kid=0 [ 6 ]
Thu May 23 20:02:26 2013 us=136173 190.29.98.60:18134 TCPv4_SERVER WRITE [114] to 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Thu May 23 20:02:26 2013 us=138360 190.29.98.60:18134 TCPv4_SERVER READ [22] from 190.29.98.60:18134: P_ACK_V1 kid=0 [ 7 ]
Thu May 23 20:02:26 2013 us=138435 190.29.98.60:18134 TCPv4_SERVER WRITE [114] to 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100
Thu May 23 20:02:26 2013 us=138477 190.29.98.60:18134 TCPv4_SERVER READ [22] from 190.29.98.60:18134: P_ACK_V1 kid=0 [ 8 ]
Thu May 23 20:02:26 2013 us=138526 190.29.98.60:18134 TCPv4_SERVER WRITE [114] to 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100
Thu May 23 20:02:26 2013 us=140646 190.29.98.60:18134 TCPv4_SERVER READ [22] from 190.29.98.60:18134: P_ACK_V1 kid=0 [ 9 ]
Thu May 23 20:02:26 2013 us=140725 190.29.98.60:18134 TCPv4_SERVER WRITE [114] to 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=13 DATA len=100
Thu May 23 20:02:26 2013 us=142866 190.29.98.60:18134 TCPv4_SERVER READ [22] from 190.29.98.60:18134: P_ACK_V1 kid=0 [ 10 ]
Thu May 23 20:02:26 2013 us=142940 190.29.98.60:18134 TCPv4_SERVER WRITE [114] to 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=14 DATA len=100
Thu May 23 20:02:26 2013 us=144949 190.29.98.60:18134 TCPv4_SERVER READ [22] from 190.29.98.60:18134: P_ACK_V1 kid=0 [ 11 ]
Thu May 23 20:02:26 2013 us=145028 190.29.98.60:18134 TCPv4_SERVER WRITE [114] to 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=15 DATA len=100
Thu May 23 20:02:26 2013 us=145078 190.29.98.60:18134 TCPv4_SERVER READ [22] from 190.29.98.60:18134: P_ACK_V1 kid=0 [ 12 ]
Thu May 23 20:02:26 2013 us=145120 190.29.98.60:18134 TCPv4_SERVER WRITE [114] to 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=16 DATA len=100
Thu May 23 20:02:26 2013 us=147954 190.29.98.60:18134 TCPv4_SERVER READ [22] from 190.29.98.60:18134: P_ACK_V1 kid=0 [ 13 ]
Thu May 23 20:02:26 2013 us=148027 190.29.98.60:18134 TCPv4_SERVER WRITE [114] to 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=17 DATA len=100
Thu May 23 20:02:26 2013 us=149952 190.29.98.60:18134 TCPv4_SERVER READ [22] from 190.29.98.60:18134: P_ACK_V1 kid=0 [ 14 ]
Thu May 23 20:02:26 2013 us=150030 190.29.98.60:18134 TCPv4_SERVER WRITE [114] to 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100
Thu May 23 20:02:26 2013 us=151831 190.29.98.60:18134 TCPv4_SERVER READ [22] from 190.29.98.60:18134: P_ACK_V1 kid=0 [ 15 ]
Thu May 23 20:02:26 2013 us=151905 190.29.98.60:18134 TCPv4_SERVER WRITE [114] to 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100
Thu May 23 20:02:26 2013 us=151947 190.29.98.60:18134 TCPv4_SERVER READ [22] from 190.29.98.60:18134: P_ACK_V1 kid=0 [ 16 ]
Thu May 23 20:02:26 2013 us=151993 190.29.98.60:18134 TCPv4_SERVER WRITE [22] to 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=8
Thu May 23 20:02:26 2013 us=153740 190.29.98.60:18134 TCPv4_SERVER READ [22] from 190.29.98.60:18134: P_ACK_V1 kid=0 [ 17 ]
Thu May 23 20:02:26 2013 us=155581 190.29.98.60:18134 TCPv4_SERVER READ [22] from 190.29.98.60:18134: P_ACK_V1 kid=0 [ 18 ]
Thu May 23 20:02:26 2013 us=191382 190.29.98.60:18134 TCPv4_SERVER READ [22] from 190.29.98.60:18134: P_ACK_V1 kid=0 [ 19 ]
Thu May 23 20:02:26 2013 us=191452 190.29.98.60:18134 TCPv4_SERVER READ [126] from 190.29.98.60:18134: P_CONTROL_V1 kid=0 [ 20 ] pid=4 DATA len=100
Thu May 23 20:02:26 2013 us=191498 190.29.98.60:18134 TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Thu May 23 20:02:26 2013 us=191533 190.29.98.60:18134 TLS Error: TLS object -> incoming plaintext read error
Thu May 23 20:02:26 2013 us=191547 190.29.98.60:18134 TLS Error: TLS handshake failed
Thu May 23 20:02:26 2013 us=191617 190.29.98.60:18134 Fatal TLS error (check_tls_errors_co), restarting
Thu May 23 20:02:26 2013 us=191635 190.29.98.60:18134 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu May 23 20:02:26 2013 us=191676 TCP/UDP: Closing socket
Thu May 23 20:02:31 2013 us=203713 MULTI: multi_create_instance called
Thu May 23 20:02:31 2013 us=203749 Re-using SSL/TLS context
Thu May 23 20:02:31 2013 us=203766 LZO compression initialized
Thu May 23 20:02:31 2013 us=203839 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu May 23 20:02:31 2013 us=203862 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu May 23 20:02:31 2013 us=203909 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu May 23 20:02:31 2013 us=203922 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu May 23 20:02:31 2013 us=203945 Local Options hash (VER=V4): '3e6d1056'
Thu May 23 20:02:31 2013 us=203966 Expected Remote Options hash (VER=V4): '31fdf004'
Thu May 23 20:02:31 2013 us=203993 TCP connection established with 190.29.98.60:18143
Thu May 23 20:02:31 2013 us=204013 TCPv4_SERVER link local: [undef]
Thu May 23 20:02:31 2013 us=204029 TCPv4_SERVER link remote: 190.29.98.60:18143
Thu May 23 20:02:31 2013 us=204492 190.29.98.60:18143 TCPv4_SERVER READ [14] from 190.29.98.60:18143: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu May 23 20:02:31 2013 us=204530 190.29.98.60:18143 TLS: Initial packet from 190.29.98.60:18143, sid=1ce9944a baa7396e
Thu May 23 20:02:31 2013 us=204574 190.29.98.60:18143 TCPv4_SERVER WRITE [26] to 190.29.98.60:18143: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Thu May 23 20:02:31 2013 us=209851 190.29.98.60:18143 TCPv4_SERVER READ [22] from 190.29.98.60:18143: P_ACK_V1 kid=0 [ 0 ]
Thu May 23 20:02:31 2013 us=248934 190.29.98.60:18143 TCPv4_SERVER READ [114] from 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Thu May 23 20:02:31 2013 us=249020 190.29.98.60:18143 TCPv4_SERVER WRITE [22] to 190.29.98.60:18143: P_ACK_V1 kid=0 [ 1 ]
Thu May 23 20:02:31 2013 us=249070 190.29.98.60:18143 TCPv4_SERVER READ [114] from 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Thu May 23 20:02:31 2013 us=249123 190.29.98.60:18143 TCPv4_SERVER WRITE [22] to 190.29.98.60:18143: P_ACK_V1 kid=0 [ 2 ]
Thu May 23 20:02:31 2013 us=249160 190.29.98.60:18143 TCPv4_SERVER READ [24] from 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=10
Thu May 23 20:02:31 2013 us=255506 190.29.98.60:18143 TCPv4_SERVER WRITE [126] to 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ 3 ] pid=1 DATA len=100
Thu May 23 20:02:31 2013 us=255563 190.29.98.60:18143 TCPv4_SERVER WRITE [114] to 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Thu May 23 20:02:31 2013 us=255609 190.29.98.60:18143 TCPv4_SERVER WRITE [114] to 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Thu May 23 20:02:31 2013 us=255652 190.29.98.60:18143 TCPv4_SERVER WRITE [114] to 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=100
Thu May 23 20:02:31 2013 us=437894 190.29.98.60:18143 TCPv4_SERVER READ [22] from 190.29.98.60:18143: P_ACK_V1 kid=0 [ 1 ]
Thu May 23 20:02:31 2013 us=437969 190.29.98.60:18143 TCPv4_SERVER WRITE [114] to 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100
Thu May 23 20:02:31 2013 us=440120 190.29.98.60:18143 TCPv4_SERVER READ [30] from 190.29.98.60:18143: P_ACK_V1 kid=0 [ 2 3 4 ]
Thu May 23 20:02:31 2013 us=440197 190.29.98.60:18143 TCPv4_SERVER WRITE [114] to 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Thu May 23 20:02:31 2013 us=440256 190.29.98.60:18143 TCPv4_SERVER WRITE [114] to 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Thu May 23 20:02:31 2013 us=440322 190.29.98.60:18143 TCPv4_SERVER WRITE [114] to 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100
Thu May 23 20:02:31 2013 us=442651 190.29.98.60:18143 TCPv4_SERVER READ [22] from 190.29.98.60:18143: P_ACK_V1 kid=0 [ 5 ]
Thu May 23 20:02:31 2013 us=442726 190.29.98.60:18143 TCPv4_SERVER WRITE [114] to 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Thu May 23 20:02:31 2013 us=444615 190.29.98.60:18143 TCPv4_SERVER READ [22] from 190.29.98.60:18143: P_ACK_V1 kid=0 [ 6 ]
Thu May 23 20:02:31 2013 us=444695 190.29.98.60:18143 TCPv4_SERVER WRITE [114] to 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Thu May 23 20:02:31 2013 us=446658 190.29.98.60:18143 TCPv4_SERVER READ [22] from 190.29.98.60:18143: P_ACK_V1 kid=0 [ 7 ]
Thu May 23 20:02:31 2013 us=446733 190.29.98.60:18143 TCPv4_SERVER WRITE [114] to 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100
Thu May 23 20:02:31 2013 us=446776 190.29.98.60:18143 TCPv4_SERVER READ [22] from 190.29.98.60:18143: P_ACK_V1 kid=0 [ 8 ]
Thu May 23 20:02:31 2013 us=446824 190.29.98.60:18143 TCPv4_SERVER WRITE [114] to 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100
Thu May 23 20:02:31 2013 us=448589 190.29.98.60:18143 TCPv4_SERVER READ [22] from 190.29.98.60:18143: P_ACK_V1 kid=0 [ 9 ]
Thu May 23 20:02:31 2013 us=448663 190.29.98.60:18143 TCPv4_SERVER WRITE [114] to 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=13 DATA len=100
Thu May 23 20:02:31 2013 us=450568 190.29.98.60:18143 TCPv4_SERVER READ [22] from 190.29.98.60:18143: P_ACK_V1 kid=0 [ 10 ]
Thu May 23 20:02:31 2013 us=450646 190.29.98.60:18143 TCPv4_SERVER WRITE [114] to 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=14 DATA len=100
Thu May 23 20:02:31 2013 us=452460 190.29.98.60:18143 TCPv4_SERVER READ [22] from 190.29.98.60:18143: P_ACK_V1 kid=0 [ 11 ]
Thu May 23 20:02:31 2013 us=452535 190.29.98.60:18143 TCPv4_SERVER WRITE [114] to 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=15 DATA len=100
Thu May 23 20:02:31 2013 us=452577 190.29.98.60:18143 TCPv4_SERVER READ [22] from 190.29.98.60:18143: P_ACK_V1 kid=0 [ 12 ]
Thu May 23 20:02:31 2013 us=452624 190.29.98.60:18143 TCPv4_SERVER WRITE [114] to 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=16 DATA len=100
Thu May 23 20:02:31 2013 us=454764 190.29.98.60:18143 TCPv4_SERVER READ [22] from 190.29.98.60:18143: P_ACK_V1 kid=0 [ 13 ]
Thu May 23 20:02:31 2013 us=454838 190.29.98.60:18143 TCPv4_SERVER WRITE [114] to 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=17 DATA len=100
Thu May 23 20:02:31 2013 us=456746 190.29.98.60:18143 TCPv4_SERVER READ [22] from 190.29.98.60:18143: P_ACK_V1 kid=0 [ 14 ]
Thu May 23 20:02:31 2013 us=456820 190.29.98.60:18143 TCPv4_SERVER WRITE [114] to 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100
Thu May 23 20:02:31 2013 us=458740 190.29.98.60:18143 TCPv4_SERVER READ [22] from 190.29.98.60:18143: P_ACK_V1 kid=0 [ 15 ]
Thu May 23 20:02:31 2013 us=458819 190.29.98.60:18143 TCPv4_SERVER WRITE [114] to 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100
Thu May 23 20:02:31 2013 us=458863 190.29.98.60:18143 TCPv4_SERVER READ [22] from 190.29.98.60:18143: P_ACK_V1 kid=0 [ 16 ]
Thu May 23 20:02:31 2013 us=458904 190.29.98.60:18143 TCPv4_SERVER WRITE [22] to 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=8
Thu May 23 20:02:31 2013 us=460691 190.29.98.60:18143 TCPv4_SERVER READ [22] from 190.29.98.60:18143: P_ACK_V1 kid=0 [ 17 ]
Thu May 23 20:02:31 2013 us=462658 190.29.98.60:18143 TCPv4_SERVER READ [22] from 190.29.98.60:18143: P_ACK_V1 kid=0 [ 18 ]
Thu May 23 20:02:31 2013 us=497172 190.29.98.60:18143 TCPv4_SERVER READ [22] from 190.29.98.60:18143: P_ACK_V1 kid=0 [ 19 ]
Thu May 23 20:02:31 2013 us=497243 190.29.98.60:18143 TCPv4_SERVER READ [126] from 190.29.98.60:18143: P_CONTROL_V1 kid=0 [ 20 ] pid=4 DATA len=100
Thu May 23 20:02:31 2013 us=497289 190.29.98.60:18143 TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Thu May 23 20:02:31 2013 us=497323 190.29.98.60:18143 TLS Error: TLS object -> incoming plaintext read error
Thu May 23 20:02:31 2013 us=497336 190.29.98.60:18143 TLS Error: TLS handshake failed
Thu May 23 20:02:31 2013 us=497405 190.29.98.60:18143 Fatal TLS error (check_tls_errors_co), restarting
Thu May 23 20:02:31 2013 us=497424 190.29.98.60:18143 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu May 23 20:02:31 2013 us=497464 TCP/UDP: Closing socket
Thu May 23 20:02:36 2013 us=508185 MULTI: multi_create_instance called
Thu May 23 20:02:36 2013 us=508240 Re-using SSL/TLS context
Thu May 23 20:02:36 2013 us=508259 LZO compression initialized
Thu May 23 20:02:36 2013 us=508331 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu May 23 20:02:36 2013 us=508353 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu May 23 20:02:36 2013 us=508399 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu May 23 20:02:36 2013 us=508414 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu May 23 20:02:36 2013 us=508436 Local Options hash (VER=V4): '3e6d1056'
Thu May 23 20:02:36 2013 us=508457 Expected Remote Options hash (VER=V4): '31fdf004'
Thu May 23 20:02:36 2013 us=508485 TCP connection established with 190.29.98.60:18144
Thu May 23 20:02:36 2013 us=508505 TCPv4_SERVER link local: [undef]
Thu May 23 20:02:36 2013 us=508520 TCPv4_SERVER link remote: 190.29.98.60:18144
Thu May 23 20:02:36 2013 us=509375 190.29.98.60:18144 TCPv4_SERVER READ [14] from 190.29.98.60:18144: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu May 23 20:02:36 2013 us=509418 190.29.98.60:18144 TLS: Initial packet from 190.29.98.60:18144, sid=85b8a75f c2a4463f
Thu May 23 20:02:36 2013 us=509462 190.29.98.60:18144 TCPv4_SERVER WRITE [26] to 190.29.98.60:18144: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Thu May 23 20:02:36 2013 us=512328 190.29.98.60:18144 TCPv4_SERVER READ [22] from 190.29.98.60:18144: P_ACK_V1 kid=0 [ 0 ]
Thu May 23 20:02:36 2013 us=545361 190.29.98.60:18144 TCPv4_SERVER READ [114] from 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Thu May 23 20:02:36 2013 us=545452 190.29.98.60:18144 TCPv4_SERVER WRITE [22] to 190.29.98.60:18144: P_ACK_V1 kid=0 [ 1 ]
Thu May 23 20:02:36 2013 us=545504 190.29.98.60:18144 TCPv4_SERVER READ [114] from 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Thu May 23 20:02:36 2013 us=545557 190.29.98.60:18144 TCPv4_SERVER WRITE [22] to 190.29.98.60:18144: P_ACK_V1 kid=0 [ 2 ]
Thu May 23 20:02:36 2013 us=545595 190.29.98.60:18144 TCPv4_SERVER READ [24] from 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=10
Thu May 23 20:02:36 2013 us=551912 190.29.98.60:18144 TCPv4_SERVER WRITE [126] to 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ 3 ] pid=1 DATA len=100
Thu May 23 20:02:36 2013 us=551967 190.29.98.60:18144 TCPv4_SERVER WRITE [114] to 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Thu May 23 20:02:36 2013 us=552011 190.29.98.60:18144 TCPv4_SERVER WRITE [114] to 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Thu May 23 20:02:36 2013 us=552055 190.29.98.60:18144 TCPv4_SERVER WRITE [114] to 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=100
Thu May 23 20:02:36 2013 us=745624 190.29.98.60:18144 TCPv4_SERVER READ [22] from 190.29.98.60:18144: P_ACK_V1 kid=0 [ 1 ]
Thu May 23 20:02:36 2013 us=745700 190.29.98.60:18144 TCPv4_SERVER WRITE [114] to 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100
Thu May 23 20:02:36 2013 us=747732 190.29.98.60:18144 TCPv4_SERVER READ [30] from 190.29.98.60:18144: P_ACK_V1 kid=0 [ 2 3 4 ]
Thu May 23 20:02:36 2013 us=747809 190.29.98.60:18144 TCPv4_SERVER WRITE [114] to 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Thu May 23 20:02:36 2013 us=747889 190.29.98.60:18144 TCPv4_SERVER WRITE [114] to 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Thu May 23 20:02:36 2013 us=747935 190.29.98.60:18144 TCPv4_SERVER WRITE [114] to 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100
Thu May 23 20:02:36 2013 us=749814 190.29.98.60:18144 TCPv4_SERVER READ [22] from 190.29.98.60:18144: P_ACK_V1 kid=0 [ 5 ]
Thu May 23 20:02:36 2013 us=749889 190.29.98.60:18144 TCPv4_SERVER WRITE [114] to 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Thu May 23 20:02:36 2013 us=751759 190.29.98.60:18144 TCPv4_SERVER READ [22] from 190.29.98.60:18144: P_ACK_V1 kid=0 [ 6 ]
Thu May 23 20:02:36 2013 us=751834 190.29.98.60:18144 TCPv4_SERVER WRITE [114] to 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Thu May 23 20:02:36 2013 us=753688 190.29.98.60:18144 TCPv4_SERVER READ [22] from 190.29.98.60:18144: P_ACK_V1 kid=0 [ 7 ]
Thu May 23 20:02:36 2013 us=753763 190.29.98.60:18144 TCPv4_SERVER WRITE [114] to 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100
Thu May 23 20:02:36 2013 us=753806 190.29.98.60:18144 TCPv4_SERVER READ [22] from 190.29.98.60:18144: P_ACK_V1 kid=0 [ 8 ]
Thu May 23 20:02:36 2013 us=753854 190.29.98.60:18144 TCPv4_SERVER WRITE [114] to 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100
Thu May 23 20:02:36 2013 us=755645 190.29.98.60:18144 TCPv4_SERVER READ [22] from 190.29.98.60:18144: P_ACK_V1 kid=0 [ 9 ]
Thu May 23 20:02:36 2013 us=755720 190.29.98.60:18144 TCPv4_SERVER WRITE [114] to 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=13 DATA len=100
Thu May 23 20:02:36 2013 us=757708 190.29.98.60:18144 TCPv4_SERVER READ [22] from 190.29.98.60:18144: P_ACK_V1 kid=0 [ 10 ]
Thu May 23 20:02:36 2013 us=757782 190.29.98.60:18144 TCPv4_SERVER WRITE [114] to 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=14 DATA len=100
Thu May 23 20:02:36 2013 us=759736 190.29.98.60:18144 TCPv4_SERVER READ [22] from 190.29.98.60:18144: P_ACK_V1 kid=0 [ 11 ]
Thu May 23 20:02:36 2013 us=759810 190.29.98.60:18144 TCPv4_SERVER WRITE [114] to 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=15 DATA len=100
Thu May 23 20:02:36 2013 us=759857 190.29.98.60:18144 TCPv4_SERVER READ [22] from 190.29.98.60:18144: P_ACK_V1 kid=0 [ 12 ]
Thu May 23 20:02:36 2013 us=759900 190.29.98.60:18144 TCPv4_SERVER WRITE [114] to 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=16 DATA len=100
Thu May 23 20:02:36 2013 us=762278 190.29.98.60:18144 TCPv4_SERVER READ [22] from 190.29.98.60:18144: P_ACK_V1 kid=0 [ 13 ]
Thu May 23 20:02:36 2013 us=762352 190.29.98.60:18144 TCPv4_SERVER WRITE [114] to 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=17 DATA len=100
Thu May 23 20:02:36 2013 us=764310 190.29.98.60:18144 TCPv4_SERVER READ [22] from 190.29.98.60:18144: P_ACK_V1 kid=0 [ 14 ]
Thu May 23 20:02:36 2013 us=764383 190.29.98.60:18144 TCPv4_SERVER WRITE [114] to 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100
Thu May 23 20:02:36 2013 us=766241 190.29.98.60:18144 TCPv4_SERVER READ [22] from 190.29.98.60:18144: P_ACK_V1 kid=0 [ 15 ]
Thu May 23 20:02:36 2013 us=766319 190.29.98.60:18144 TCPv4_SERVER WRITE [114] to 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100
Thu May 23 20:02:36 2013 us=766363 190.29.98.60:18144 TCPv4_SERVER READ [22] from 190.29.98.60:18144: P_ACK_V1 kid=0 [ 16 ]
Thu May 23 20:02:36 2013 us=766404 190.29.98.60:18144 TCPv4_SERVER WRITE [22] to 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=8
Thu May 23 20:02:36 2013 us=768101 190.29.98.60:18144 TCPv4_SERVER READ [22] from 190.29.98.60:18144: P_ACK_V1 kid=0 [ 17 ]
Thu May 23 20:02:36 2013 us=770026 190.29.98.60:18144 TCPv4_SERVER READ [22] from 190.29.98.60:18144: P_ACK_V1 kid=0 [ 18 ]
Thu May 23 20:02:36 2013 us=805354 190.29.98.60:18144 TCPv4_SERVER READ [22] from 190.29.98.60:18144: P_ACK_V1 kid=0 [ 19 ]
Thu May 23 20:02:36 2013 us=805429 190.29.98.60:18144 TCPv4_SERVER READ [126] from 190.29.98.60:18144: P_CONTROL_V1 kid=0 [ 20 ] pid=4 DATA len=100
Thu May 23 20:02:36 2013 us=805476 190.29.98.60:18144 TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Thu May 23 20:02:36 2013 us=805510 190.29.98.60:18144 TLS Error: TLS object -> incoming plaintext read error
Thu May 23 20:02:36 2013 us=805524 190.29.98.60:18144 TLS Error: TLS handshake failed
Thu May 23 20:02:36 2013 us=805593 190.29.98.60:18144 Fatal TLS error (check_tls_errors_co), restarting
Thu May 23 20:02:36 2013 us=805611 190.29.98.60:18144 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu May 23 20:02:36 2013 us=805652 TCP/UDP: Closing socket
Thu May 23 20:02:41 2013 us=817146 MULTI: multi_create_instance called
Thu May 23 20:02:41 2013 us=817204 Re-using SSL/TLS context
Thu May 23 20:02:41 2013 us=817222 LZO compression initialized
Thu May 23 20:02:41 2013 us=817298 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu May 23 20:02:41 2013 us=817321 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu May 23 20:02:41 2013 us=817368 Local Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu May 23 20:02:41 2013 us=817382 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1576,tun-mtu 1532,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu May 23 20:02:41 2013 us=817405 Local Options hash (VER=V4): '3e6d1056'
Thu May 23 20:02:41 2013 us=817426 Expected Remote Options hash (VER=V4): '31fdf004'
Thu May 23 20:02:41 2013 us=817453 TCP connection established with 190.29.98.60:18148
Thu May 23 20:02:41 2013 us=817474 TCPv4_SERVER link local: [undef]
Thu May 23 20:02:41 2013 us=817490 TCPv4_SERVER link remote: 190.29.98.60:18148
Thu May 23 20:02:41 2013 us=818212 190.29.98.60:18148 TCPv4_SERVER READ [14] from 190.29.98.60:18148: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu May 23 20:02:41 2013 us=818255 190.29.98.60:18148 TLS: Initial packet from 190.29.98.60:18148, sid=07a86d15 9154cdba
Thu May 23 20:02:41 2013 us=818300 190.29.98.60:18148 TCPv4_SERVER WRITE [26] to 190.29.98.60:18148: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
Thu May 23 20:02:41 2013 us=821159 190.29.98.60:18148 TCPv4_SERVER READ [22] from 190.29.98.60:18148: P_ACK_V1 kid=0 [ 0 ]
Thu May 23 20:02:41 2013 us=861842 190.29.98.60:18148 TCPv4_SERVER READ [114] from 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=100
Thu May 23 20:02:41 2013 us=861928 190.29.98.60:18148 TCPv4_SERVER WRITE [22] to 190.29.98.60:18148: P_ACK_V1 kid=0 [ 1 ]
Thu May 23 20:02:41 2013 us=861978 190.29.98.60:18148 TCPv4_SERVER READ [114] from 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Thu May 23 20:02:41 2013 us=862031 190.29.98.60:18148 TCPv4_SERVER WRITE [22] to 190.29.98.60:18148: P_ACK_V1 kid=0 [ 2 ]
Thu May 23 20:02:41 2013 us=862068 190.29.98.60:18148 TCPv4_SERVER READ [24] from 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=10
Thu May 23 20:02:41 2013 us=868434 190.29.98.60:18148 TCPv4_SERVER WRITE [126] to 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ 3 ] pid=1 DATA len=100
Thu May 23 20:02:41 2013 us=868493 190.29.98.60:18148 TCPv4_SERVER WRITE [114] to 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100
Thu May 23 20:02:41 2013 us=868539 190.29.98.60:18148 TCPv4_SERVER WRITE [114] to 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100
Thu May 23 20:02:41 2013 us=868582 190.29.98.60:18148 TCPv4_SERVER WRITE [114] to 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=100
Thu May 23 20:02:42 2013 us=57743 190.29.98.60:18148 TCPv4_SERVER READ [22] from 190.29.98.60:18148: P_ACK_V1 kid=0 [ 1 ]
Thu May 23 20:02:42 2013 us=57820 190.29.98.60:18148 TCPv4_SERVER WRITE [114] to 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100
Thu May 23 20:02:42 2013 us=60446 190.29.98.60:18148 TCPv4_SERVER READ [30] from 190.29.98.60:18148: P_ACK_V1 kid=0 [ 2 3 4 ]
Thu May 23 20:02:42 2013 us=60523 190.29.98.60:18148 TCPv4_SERVER WRITE [114] to 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100
Thu May 23 20:02:42 2013 us=60603 190.29.98.60:18148 TCPv4_SERVER WRITE [114] to 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100
Thu May 23 20:02:42 2013 us=60649 190.29.98.60:18148 TCPv4_SERVER WRITE [114] to 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100
Thu May 23 20:02:42 2013 us=64891 190.29.98.60:18148 TCPv4_SERVER READ [22] from 190.29.98.60:18148: P_ACK_V1 kid=0 [ 5 ]
Thu May 23 20:02:42 2013 us=64967 190.29.98.60:18148 TCPv4_SERVER WRITE [114] to 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100
Thu May 23 20:02:42 2013 us=67010 190.29.98.60:18148 TCPv4_SERVER READ [22] from 190.29.98.60:18148: P_ACK_V1 kid=0 [ 6 ]
Thu May 23 20:02:42 2013 us=67085 190.29.98.60:18148 TCPv4_SERVER WRITE [114] to 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100
Thu May 23 20:02:42 2013 us=69081 190.29.98.60:18148 TCPv4_SERVER READ [22] from 190.29.98.60:18148: P_ACK_V1 kid=0 [ 7 ]
Thu May 23 20:02:42 2013 us=69156 190.29.98.60:18148 TCPv4_SERVER WRITE [114] to 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100
Thu May 23 20:02:42 2013 us=69205 190.29.98.60:18148 TCPv4_SERVER READ [22] from 190.29.98.60:18148: P_ACK_V1 kid=0 [ 8 ]
Thu May 23 20:02:42 2013 us=69248 190.29.98.60:18148 TCPv4_SERVER WRITE [114] to 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100
Thu May 23 20:02:42 2013 us=71032 190.29.98.60:18148 TCPv4_SERVER READ [22] from 190.29.98.60:18148: P_ACK_V1 kid=0 [ 9 ]
Thu May 23 20:02:42 2013 us=71111 190.29.98.60:18148 TCPv4_SERVER WRITE [114] to 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=13 DATA len=100
Thu May 23 20:02:42 2013 us=73095 190.29.98.60:18148 TCPv4_SERVER READ [22] from 190.29.98.60:18148: P_ACK_V1 kid=0 [ 10 ]
Thu May 23 20:02:42 2013 us=73169 190.29.98.60:18148 TCPv4_SERVER WRITE [114] to 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=14 DATA len=100
Thu May 23 20:02:42 2013 us=75165 190.29.98.60:18148 TCPv4_SERVER READ [22] from 190.29.98.60:18148: P_ACK_V1 kid=0 [ 11 ]
Thu May 23 20:02:42 2013 us=75239 190.29.98.60:18148 TCPv4_SERVER WRITE [114] to 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=15 DATA len=100
Thu May 23 20:02:42 2013 us=75282 190.29.98.60:18148 TCPv4_SERVER READ [22] from 190.29.98.60:18148: P_ACK_V1 kid=0 [ 12 ]
Thu May 23 20:02:42 2013 us=75323 190.29.98.60:18148 TCPv4_SERVER WRITE [114] to 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=16 DATA len=100
Thu May 23 20:02:42 2013 us=77252 190.29.98.60:18148 TCPv4_SERVER READ [22] from 190.29.98.60:18148: P_ACK_V1 kid=0 [ 13 ]
Thu May 23 20:02:42 2013 us=77326 190.29.98.60:18148 TCPv4_SERVER WRITE [114] to 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=17 DATA len=100
Thu May 23 20:02:42 2013 us=79522 190.29.98.60:18148 TCPv4_SERVER READ [22] from 190.29.98.60:18148: P_ACK_V1 kid=0 [ 14 ]
Thu May 23 20:02:42 2013 us=79596 190.29.98.60:18148 TCPv4_SERVER WRITE [114] to 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100
Thu May 23 20:02:42 2013 us=81666 190.29.98.60:18148 TCPv4_SERVER READ [22] from 190.29.98.60:18148: P_ACK_V1 kid=0 [ 15 ]
Thu May 23 20:02:42 2013 us=81739 190.29.98.60:18148 TCPv4_SERVER WRITE [114] to 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100
Thu May 23 20:02:42 2013 us=81787 190.29.98.60:18148 TCPv4_SERVER READ [22] from 190.29.98.60:18148: P_ACK_V1 kid=0 [ 16 ]
Thu May 23 20:02:42 2013 us=81830 190.29.98.60:18148 TCPv4_SERVER WRITE [22] to 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=8
Thu May 23 20:02:42 2013 us=83832 190.29.98.60:18148 TCPv4_SERVER READ [22] from 190.29.98.60:18148: P_ACK_V1 kid=0 [ 17 ]
Thu May 23 20:02:42 2013 us=85858 190.29.98.60:18148 TCPv4_SERVER READ [22] from 190.29.98.60:18148: P_ACK_V1 kid=0 [ 18 ]
Thu May 23 20:02:42 2013 us=125877 190.29.98.60:18148 TCPv4_SERVER READ [22] from 190.29.98.60:18148: P_ACK_V1 kid=0 [ 19 ]
Thu May 23 20:02:42 2013 us=125952 190.29.98.60:18148 TCPv4_SERVER READ [126] from 190.29.98.60:18148: P_CONTROL_V1 kid=0 [ 20 ] pid=4 DATA len=100
Thu May 23 20:02:42 2013 us=126000 190.29.98.60:18148 TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
Thu May 23 20:02:42 2013 us=126033 190.29.98.60:18148 TLS Error: TLS object -> incoming plaintext read error
Thu May 23 20:02:42 2013 us=126047 190.29.98.60:18148 TLS Error: TLS handshake failed
Thu May 23 20:02:42 2013 us=126116 190.29.98.60:18148 Fatal TLS error (check_tls_errors_co), restarting
Thu May 23 20:02:42 2013 us=126135 190.29.98.60:18148 SIGUSR1[soft,tls-error] received, client-instance restarting
Thu May 23 20:02:42 2013 us=126176 TCP/UDP: Closing socket
OVPN сервер — микротик, OVPN клиент — венда
конфиг сервера:
[ziptar@MikroTik] > interface ovpn-server server print
enabled: yes
port: 1194
mode: ip
netmask: 24
mac-address: FE:9F:0B:F7:CB:D9
max-mtu: 1500
keepalive-timeout: 60
default-profile: PPP_Server
certificate: cert4
require-client-certificate: yes
auth: sha1
cipher: blowfish128конфиг клиента:
client
dev tun
proto tcp
remote ovpn.ml.ziptar.net 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
verb 4
--connect-retry 60Sun Oct 11 23:39:31 2015 us=376834 Current Parameter Settings:
список текущих параметров вырезан - больше 10000 букаф тостер ниасилил
Sun Oct 11 23:39:32 2015 us=17340 OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015
Sun Oct 11 23:39:32 2015 us=19342 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Enter Private Key Password:
Sun Oct 11 23:39:38 2015 us=627780 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Oct 11 23:39:38 2015 us=633773 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:3 ]
Sun Oct 11 23:39:38 2015 us=633773 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Oct 11 23:39:38 2015 us=637778 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:12 ET:0 EL:3 ]
Sun Oct 11 23:39:38 2015 us=637778 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Oct 11 23:39:38 2015 us=638782 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Oct 11 23:39:38 2015 us=655792 Local Options hash (VER=V4): 'db02a8f8'
Sun Oct 11 23:39:38 2015 us=656788 Expected Remote Options hash (VER=V4): '7e068940'
Sun Oct 11 23:39:38 2015 us=656788 Attempting to establish TCP connection with [AF_INET]95.31.27.23:1194 [nonblock]
Sun Oct 11 23:39:39 2015 us=663222 TCP connection established with [AF_INET]95.31.27.23:1194
Sun Oct 11 23:39:39 2015 us=663222 TCPv4_CLIENT link local: [undef]
Sun Oct 11 23:39:39 2015 us=663222 TCPv4_CLIENT link remote: [AF_INET]95.31.27.23:1194
Sun Oct 11 23:39:39 2015 us=666219 TLS: Initial packet from [AF_INET]95.31.27.23:1194, sid=0fc9eb4e dea8cee0
Sun Oct 11 23:39:39 2015 us=751116 VERIFY OK: depth=1, C=RU, O=Ziptar.Net, OU=Ziptar.Net Main Lair CA, CN=Ziptar.Net Main Lair Certification Authority
Sun Oct 11 23:39:39 2015 us=752117 Validating certificate key usage
Sun Oct 11 23:39:39 2015 us=752117 ++ Certificate has key usage 00a0, expects 00a0
Sun Oct 11 23:39:39 2015 us=755119 VERIFY KU OK
Sun Oct 11 23:39:39 2015 us=757282 Validating certificate extended key usage
Sun Oct 11 23:39:39 2015 us=759447 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Oct 11 23:39:39 2015 us=762598 VERIFY EKU OK
Sun Oct 11 23:39:39 2015 us=764603 VERIFY OK: depth=0, C=RU, O=Ziptar.Net, OU=Ziptar.Net Main Lair, CN=Ziptar.Net Main Lair OVPN Server Certificate
Sun Oct 11 23:40:40 2015 us=242140 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Oct 11 23:40:40 2015 us=242140 TLS Error: TLS handshake failed
Sun Oct 11 23:40:40 2015 us=243132 Fatal TLS error (check_tls_errors_co), restarting
Sun Oct 11 23:40:40 2015 us=247138 TCP/UDP: Closing socket
Sun Oct 11 23:40:40 2015 us=250137 SIGUSR1[soft,tls-error] received, process restarting
Sun Oct 11 23:40:40 2015 us=252138 Restart pause, 60 second(s)
на микротике-сервере коннект client-ip(внешний):1194->server-ip:1194 в состоянии established
на роутере, за которым находится венда — аналогично
netstat на венде кажет:
TCP 172.16.12.13:51360 95-31-27-23:1194 ESTABLISHED
единственно не понимаю почему через дефисы
в логе сервера идёт обмен пакетами, и оканчивается строчкой::using encoding BF-128-CBC/SHA1
Key usage сертификата сервера
KU 0xa0: Digital Signature, Key Encipherment
EKU TLS Web Server Authentication
то есть ровнёхонько то, что желает сам ovpn
сертификата клиента
KU Digital Signature, Key Encipherment, Data Encipherment
EKU TLS Web Client Authentication
так что же он от меня желает? 
Доброго времени суток! Впервые сталкиваюсь с технологией OpenVPN, yе смог найти ответа на просторах всемирной сети по сложившейся проблеме, прошу помощи!
Ситуация такая:
на машине с Windows 7 64 bit развернута VirtualBox с Ubuntu 16.04 Server, сетевая карта установлена в VB в режим сетевого моста. Таким образом хостовая машина и виртуалка видят друг друга (адрес хоста 10.80.2.107, адрес виртуалки 10.80.2.133).
На VB развернут openvpn сервер а также Удостоверяющий центр, настройка производилась в соотв. с инструкцией http://howitmake.ru/blog/ubuntu/192.html. На машине с Windows установлен openvpn клиент. Подключиться с клиента не удается. Логи во вложении. Пробовал переиздать ключи неоднократно, также проверял не блокирует ли Ubuntu сетевые пакеты — tcpdump показывает прохождение как входящих так и исходящих пакетов. Уже не знаю куда копать.
сlient.txt — конфиг клиента
server.txt — конфиг сервера
Пользователь добавил сообщение 06 Февраля 2017, 13:12:55:
Извиняюсь, не разобрался как корректно крепить файлы. Прикладываю лог клиента и лог сервера.
В логе сервера:
Mon Feb 6 16:29:52 2017 us=728532 10.80.2.107:56123 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Feb 6 16:29:52 2017 us=728665 10.80.2.107:56123 TLS Error: TLS handshake failed
Mon Feb 6 16:29:52 2017 us=728847 10.80.2.107:56123 Fatal TLS error (check_tls_errors_co), restarting
Лог клиента:
Mon Feb 06 15:54:09 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 27 2016
Mon Feb 06 15:54:09 2017 Windows version 6.1 (Windows 7) 64bit
Mon Feb 06 15:54:09 2017 library versions: OpenSSL 1.0.2i 22 Sep 2016, LZO 2.09
Enter Management Password:
Mon Feb 06 15:54:09 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Feb 06 15:54:09 2017 Need hold release from management interface, waiting…
Mon Feb 06 15:54:09 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Feb 06 15:54:09 2017 MANAGEMENT: CMD ‘state on’
Mon Feb 06 15:54:09 2017 MANAGEMENT: CMD ‘log all on’
Mon Feb 06 15:54:09 2017 MANAGEMENT: CMD ‘hold off’
Mon Feb 06 15:54:09 2017 MANAGEMENT: CMD ‘hold release’
Mon Feb 06 15:54:09 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Feb 06 15:54:09 2017 Outgoing Control Channel Authentication: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Mon Feb 06 15:54:09 2017 Incoming Control Channel Authentication: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Mon Feb 06 15:54:09 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]10.80.2.133:1988
Mon Feb 06 15:54:09 2017 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Feb 06 15:54:09 2017 Attempting to establish TCP connection with [AF_INET]10.80.2.133:1988 [nonblock]
Mon Feb 06 15:54:09 2017 MANAGEMENT: >STATE:1486371249,TCP_CONNECT,,,,,,
Mon Feb 06 15:54:09 2017 TCP connection established with [AF_INET]10.80.2.133:1988
Mon Feb 06 15:54:09 2017 TCP_CLIENT link local: (not bound)
Mon Feb 06 15:54:09 2017 TCP_CLIENT link remote: [AF_INET]10.80.2.133:1988
Mon Feb 06 15:54:09 2017 MANAGEMENT: >STATE:1486371249,WAIT,,,,,,
Mon Feb 06 15:54:10 2017 MANAGEMENT: >STATE:1486371250,AUTH,,,,,,
Mon Feb 06 15:54:10 2017 TLS: Initial packet from [AF_INET]10.80.2.133:1988, sid=446d4ca1 c9ed60d4
Mon Feb 06 15:54:11 2017 VERIFY OK: depth=1, CN=vpnserver
Mon Feb 06 15:54:11 2017 VERIFY OK: depth=0, CN=vpnserver
Mon Feb 06 15:55:09 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Feb 06 15:55:09 2017 TLS Error: TLS handshake failed
Mon Feb 06 15:55:09 2017 Fatal TLS error (check_tls_errors_co), restarting
Mon Feb 06 15:55:09 2017 SIGUSR1[soft,tls-error] received, process restarting
Mon Feb 06 15:55:09 2017 MANAGEMENT: >STATE:1486371309,RECONNECTING,tls-error,,,,,
Mon Feb 06 15:55:09 2017 Restart pause, 5 second(s)
Mon Feb 06 15:55:12 2017 SIGTERM[hard,init_instance] received, process exiting
Mon Feb 06 15:55:12 2017 MANAGEMENT: >STATE:1486371312,EXITING,init_instance,,,,,
The http://openvpn.net/index.php/open-source/documentation/howto.html page tells that the error is beacuse: «This error indicates that the client was unable to establish a network connection with the server. » But i think that is not the case here.
Here is my configuration:
OpenVPN Server has been installed on a windows 2008 with 10 valid ip addresses. I can ping the OpenVPN ip address from the outside also there’s no firewall installed on the server to block the port.
OpenVPN Server Configuration:
local 96.31.90.174
port 1937
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
OpenVPN Client Configuration:
I’ve installed it on my windows 7 that has no firewall.
client
dev tun
proto tcp
remote 96.31.90.174 1937
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
verb 3
And here is the Client log:
Tue Dec 08 23:42:06 2009 LZO compression initialized
Tue Dec 08 23:42:06 2009 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:
0 EL:0 ]
Tue Dec 08 23:42:06 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:
0 EL:0 AF:3/1 ]
Tue Dec 08 23:42:06 2009 Local Options hash (VER=V4): '69109d17'
Tue Dec 08 23:42:06 2009 Expected Remote Options hash (VER=V4): 'c0103fa8'
Tue Dec 08 23:42:06 2009 Attempting to establish TCP connection with 96.31.90.17
4:1937
Tue Dec 08 23:42:06 2009 TCP connection established with 96.31.90.174:1937
Tue Dec 08 23:42:06 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Dec 08 23:42:06 2009 TCPv4_CLIENT link local: [undef]
Tue Dec 08 23:42:06 2009 TCPv4_CLIENT link remote: 96.31.90.174:1937
Tue Dec 08 23:42:08 2009 TLS: Initial packet from 96.31.90.174:1937, sid=fdc04dc
5 451dd470
Tue Dec 08 23:43:06 2009 TLS Error: TLS key negotiation failed to occur within 6
0 seconds (check your network connectivity)
Tue Dec 08 23:43:06 2009 TLS Error: TLS handshake failed
Tue Dec 08 23:43:06 2009 Fatal TLS error (check_tls_errors_co), restarting
Tue Dec 08 23:43:06 2009 TCP/UDP: Closing socket
Tue Dec 08 23:43:06 2009 SIGUSR1[soft,tls-error] received, process restarting
Tue Dec 08 23:43:06 2009 Restart pause, 5 second(s)
And here is Server Log:
Tue Dec 08 15:26:13 2009 ROUTE default_gateway=96.31.90.129
Tue Dec 08 15:26:13 2009 TAP-WIN32 device [Local Area Connection 2] opened: \.
Global{0602F6D1-2000-4C16-B681-3E9FEFE3200D}.tap
Tue Dec 08 15:26:13 2009 TAP-Win32 Driver Version 9.6
Tue Dec 08 15:26:13 2009 TAP-Win32 MTU=1500
Tue Dec 08 15:26:13 2009 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1
0.8.0.1/255.255.255.252 on interface {0602F6D1-2000-4C16-B681-3E9FEFE3200D} [DHC
P-serv: 10.8.0.2, lease-time: 31536000]
Tue Dec 08 15:26:13 2009 Sleeping for 10 seconds...
Tue Dec 08 15:26:23 2009 Successful ARP Flush on interface [21] {0602F6D1-2000-4
C16-B681-3E9FEFE3200D}
Tue Dec 08 15:26:24 2009 C:WINDOWSsystem32route.exe ADD 10.8.0.0 MASK 255.255
.255.0 10.8.0.2
Tue Dec 08 15:26:24 2009 ROUTE: route addition failed using CreateIpForwardEntry
: The object already exists. [status=5010 if_index=21]
Tue Dec 08 15:26:24 2009 Route addition via IPAPI failed [adaptive]
Tue Dec 08 15:26:24 2009 Route addition fallback to route.exe
The route addition failed: The object already exists.
Tue Dec 08 15:26:24 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:
0 EL:0 AF:3/1 ]
Tue Dec 08 15:26:24 2009 Listening for incoming TCP connection on 96.31.90.174:1
937
Tue Dec 08 15:26:24 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Dec 08 15:26:24 2009 TCPv4_SERVER link local (bound): 96.31.90.174:1937
Tue Dec 08 15:26:24 2009 TCPv4_SERVER link remote: [undef]
Tue Dec 08 15:26:25 2009 MULTI: multi_init called, r=256 v=256
Tue Dec 08 15:26:25 2009 IFCONFIG POOL: base=10.8.0.4 size=62
Tue Dec 08 15:26:25 2009 IFCONFIG POOL LIST
Tue Dec 08 15:26:25 2009 MULTI: TCP INIT maxclients=60 maxevents=64
Tue Dec 08 15:26:25 2009 Initialization Sequence Completed
Tue Dec 08 15:26:33 2009 MULTI: multi_create_instance called
Tue Dec 08 15:26:33 2009 Re-using SSL/TLS context
Tue Dec 08 15:26:33 2009 LZO compression initialized
Tue Dec 08 15:26:33 2009 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:
0 EL:0 ]
Tue Dec 08 15:26:34 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:
0 EL:0 AF:3/1 ]
Tue Dec 08 15:26:34 2009 Local Options hash (VER=V4): 'c0103fa8'
Tue Dec 08 15:26:34 2009 Expected Remote Options hash (VER=V4): '69109d17'
Tue Dec 08 15:26:34 2009 TCP connection established with 62.220.113.29:56336
Tue Dec 08 15:26:34 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Dec 08 15:26:34 2009 TCPv4_SERVER link local: [undef]
Tue Dec 08 15:26:34 2009 TCPv4_SERVER link remote: 62.220.113.29:56336
Tue Dec 08 15:26:34 2009 62.220.113.29:56336 TLS: Initial packet from 62.220.113
.29:56336, sid=fa280cbb 89e9998b
Tue Dec 08 15:26:38 2009 MULTI: multi_create_instance called
Tue Dec 08 15:26:38 2009 Re-using SSL/TLS context
Tue Dec 08 15:26:38 2009 LZO compression initialized
Tue Dec 08 15:26:38 2009 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:
0 EL:0 ]
Tue Dec 08 15:26:39 2009 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:
0 EL:0 AF:3/1 ]
Tue Dec 08 15:26:39 2009 Local Options hash (VER=V4): 'c0103fa8'
Tue Dec 08 15:26:39 2009 Expected Remote Options hash (VER=V4): '69109d17'
Tue Dec 08 15:26:39 2009 TCP connection established with 81.91.158.242:62068
Tue Dec 08 15:26:39 2009 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Dec 08 15:26:39 2009 TCPv4_SERVER link local: [undef]
Tue Dec 08 15:26:39 2009 TCPv4_SERVER link remote: 81.91.158.242:62068
Tue Dec 08 15:26:39 2009 81.91.158.242:62068 TLS: Initial packet from 81.91.158.
242:62068, sid=cc8b77bc 966250fd
Tue Dec 08 15:27:34 2009 62.220.113.29:56336 TLS Error: TLS key negotiation fail
ed to occur within 60 seconds (check your network connectivity)
Tue Dec 08 15:27:34 2009 62.220.113.29:56336 TLS Error: TLS handshake failed
Tue Dec 08 15:27:34 2009 62.220.113.29:56336 Fatal TLS error (check_tls_errors_c
o), restarting
Tue Dec 08 15:27:34 2009 62.220.113.29:56336 SIGUSR1[soft,tls-error] received, c
lient-instance restarting
Tue Dec 08 15:27:34 2009 TCP/UDP: Closing socket
Tue Dec 08 15:27:39 2009 81.91.158.242:62068 TLS Error: TLS key negotiation fail
ed to occur within 60 seconds (check your network connectivity)
Tue Dec 08 15:27:39 2009 81.91.158.242:62068 TLS Error: TLS handshake failed
Tue Dec 08 15:27:39 2009 81.91.158.242:62068 Fatal TLS error (check_tls_errors_c
o), restarting
Tue Dec 08 15:27:39 2009 81.91.158.242:62068 SIGUSR1[soft,tls-error] received, c
lient-instance restarting
Tue Dec 08 15:27:40 2009 TCP/UDP: Closing socket
Содержание
- Клиенты не подключаются к OpenVPN на микротике.
- OpenVPN Support Forum
- TLS handshake failed
- TLS handshake failed
- Re: TLS handshake failed
- Re: TLS handshake failed
- Re: TLS handshake failed
- Re: TLS handshake failed
- Re: TLS handshake failed
- OpenVPN Support Forum
- TLS handshake failed
- TLS handshake failed
Клиенты не подключаются к OpenVPN на микротике.
Не подключаются клиенты (linux) к OpenVPN серверу на микротике.
Сертификаты для сервера и клиентов созданы? Сертификат сервера в микротык импортирован? Клиентские сертификаты клиентам розданы? ca.crt и серверу, и клиентам роздан?
Да. Все сертификаты на местах.
А кроме этого ворнинга какая-нибудь еще ругань есть? Микротык в log print что-нибудь говорит?
Если я все правильно понимаю, то клиенту недоступен либо чем-то не нравится ca.crt.
понять бы, чем не нравится..
Может все-таки конфиги покажем?
Микротик настраивался по статье на хабре.
1. Про серверный мы видимо должны догадаться.
2. смотрите что у вас в /etc/openvpn/ca.crt и сравните с серверным
3. Микротик настраивался по статье на хабре. — про которую мы видимо тоже должны догадаться.
ЗЫ Даты на клиенте и сервере все-таки тоже проверьте.
Буквально на днях цеплял еще одного клиента к рабочему ovpn’у. Один момент — клиент на windows. Была точно такая же ошибка, хотя конфиг и все остальное было взято с рабочего клиента. Вопрос решился установкой другой версии openvpn. Скачивал с сайта текущий 2.3.11 — с ним не шло. Поставил 2.3.10 — сразу все подключилось. Что-то они там с SSL в клиенте сделали.
Клиентский конфиг и примеры рабочих корневого и клиентского сертификатов можете скинуть?
Вообще они немного разные, но как минимум ns-cert-type server пробовали раскоментировать?
Клиентский конфиг и примеры рабочих корневого и клиентского сертификатов можете скинуть?
И ключи от квартиры где деньги лежат?
да. результат тот же.
Посмотрите от кого запускается openvpn может ему /etc/openvpn/ca.crt не доступен.
Я и имел ввиду сгенерировать новые, но с теми же параметрами (nsCertType, keyUsage,keyCertSign, authorityKeyIdentifier, и.т.д) как у рабочих.
запускал и от рута и от обычного пользователя.
btw не нулевая вероятность. Сам не сталкивался, но читал про такое.
Хотя больше предполагаю, что проблема была как обычно в самом конфиге (устаревшие/изменившие поведение/добавленные параметры). Вы лог клиента не пробовали читать?
Возможно в самом openvpn (мы же только догадываемся) захаркоден конкретный юзвер:группа, например openvpn:openvpn.
Вообще микротик насколько я слышал, та еще пакость во многих частях. Попробуйте все-таки полностью хотя по одной из инструкций сделать (они реально разные) а у вас если смотреть наискосок вроде как помесь уже.
Как уже выше писал dexpl проблема явно в одном:
Fri Jun 10 21:46:52 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
Что вы сделали не так, честно говоря я хз. Сливаюсь. Может знатоки микротика подтянуться, не нулевая вероятность что вы совсем не ca.crt выложили или не в том формате.
У меня эта проблема вылезла, после того как обновился openvpn-клиент в федоре. Теперь не могу к серверам на микротиках подключаться. А вот к старому серверу на линуксе вполне ок. Буду разбираться.
Источник
OpenVPN Support Forum
Community Support Forum
TLS handshake failed
TLS handshake failed
Post by tadrim » Mon Aug 24, 2015 4:04 pm
I’m getting TLS errors in windows when I run the configuration on Linux it works fine so unsure what’s occurring!
The error I’m getting:
Mon Aug 24 16:48:35 2015 VERIFY OK:
Mon Aug 24 16:48:35 2015 VERIFY OK: nsCertType=SERVER
Mon Aug 24 16:48:35 2015 TLS_ERROR: BIO read tls_read_plaintext error: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small
Mon Aug 24 16:48:35 2015 TLS Error: TLS object -> incoming plaintext read error
Mon Aug 24 16:48:35 2015 TLS Error: TLS handshake failed
Mon Aug 24 16:48:35 2015 Fatal TLS error (check_tls_errors_co), restarting
It connects fine with a Linux OS but when you try to connect via Windows it just keeps repeating the error
client
dev tun
proto tcp
remote (obscured) 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert tadrim.crt
key tadrim.key
auth-nocache
ns-cert-type server
comp-lzo
verb 3
I have tried putting in the full path for the certs etc and still get the same error
Re: TLS handshake failed
Post by maikcat » Tue Aug 25, 2015 8:26 am
are you using the SAME configs/certs/openvpn ver?
Re: TLS handshake failed
Post by tadrim » Tue Aug 25, 2015 8:35 am
Yes I have also generated new configs/certs to see if that is the issue but still get the same error on windows — works okay on Linux, the client is using the latest openvpn ver.
Re: TLS handshake failed
Post by tadrim » Tue Aug 25, 2015 10:21 am
Yes I am using the same configs/certs and openvpn version — apart from changing the directory of the cert files.
Re: TLS handshake failed
Post by maikcat » Tue Aug 25, 2015 11:02 am
which windows version do you have?
which openvpn version do you use on win?
please post complete server/client logs.
Re: TLS handshake failed
Post by tadrim » Thu Aug 27, 2015 12:16 pm
the version is:
OpenVPN 2.3.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jul 9 2015
Thu Aug 27 12:58:02 2015 library versions: OpenSSL 1.0.1p 9 Jul 2015, LZO 2.08
Here is the server log:
TLS: Initial packet from xxxx
VERIFY OK: details
VERIFY OK: nsCertType=SERVER
VERIFY OK: details
TLS_ERROR: BIO read tls_read_plaintext error: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
Fatal TLS error (check_tls_errors_co), restarting
SIGUSR1[soft,tls-error] received, process restarting
MANAGEMENT: >STATE:1440677050,RECONNECTING,tls-error,,
Restart pause, 5 second(s)
and here is the client log:
MULTI: multi_create_instance called
Re-using SSL/TLS context
LZO compression initialized
Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Local Options hash (VER=V4): ‘c0103fa8’
Expected Remote Options hash (VER=V4): ‘69109d17’
TCP connection established with (ipaddress):64448
TCPv4_SERVER link local: [undef]
TCPv4_SERVER link remote: (ipaddress):64448
(ipaddress):64448 TLS: Initial packet from (ipaddress):64448, sid=b991999d 259a72c5
(ipaddress):64448 Connection reset, restarting [0]
(ipaddress):64448 SIGUSR1[soft,connection-reset] received, client-instance restarting
TCP/UDP: Closing socket
Источник
OpenVPN Support Forum
Community Support Forum
TLS handshake failed
TLS handshake failed
Post by Bransonb3 » Sat Jan 06, 2018 4:57 pm
When I try to connect to my openvpn server I get TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) and TLS Error: TLS handshake failed. It looks like the server sees the client try to connect (TLS: Initial packet from. ) but doesn’t respond.
I’m running openvpn 2.4.4 on Windows Server 2016 1607. I am trying to connect my Mac running OSX 10.13.2, using Tunnelblick 3.7.4b but have also tried connecting using the openvpn connect android app. I have port forwarded 1194 udp to my server, made an inbound and outbound windows firewall rule allowing openvpn.exe, allowed tunnelblick incoming connections on the mac firewall. I have also tried to run the server as admin.
#################################################
# Sample OpenVPN 2.0 config file for #
# multi-client server. #
# #
# This file is for the server side #
# of a many-clients one-server #
# OpenVPN configuration. #
# #
# OpenVPN also supports #
# single-machine single-machine #
# configurations (See the Examples page #
# on the web site for more info). #
# #
# This config should work on Windows #
# or Linux/BSD systems. Remember on #
# Windows to quote pathnames and use #
# double backslashes, e.g.: #
# «C:\Program Files\OpenVPN\config\foo.key» #
# #
# Comments are preceded with ‘#’ or ‘;’ #
#################################################
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
# Which TCP/UDP port should OpenVPN listen on?
# If you want to run multiple OpenVPN instances
# on the same machine, use a different port
# number for each one. You will need to
# open up this port on your firewall.
port 1194
# TCP or UDP server?
;proto tcp
proto udp
# «dev tun» will create a routed IP tunnel,
# «dev tap» will create an ethernet tunnel.
# Use «dev tap0» if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use «dev-node» for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tun
dev tap
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one. On XP SP2 or higher,
# you may need to selectively disable the
# Windows firewall for the TAP adapter.
# Non-Windows systems usually don’t need this.
dev-node Ethernet_7
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the «easy-rsa» directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see «pkcs12» directive in man page).
ca «C:\Program Files\OpenVPN\config\ca.crt»
cert «C:\Program Files\OpenVPN\config\server.crt»
key «C:\Program Files\OpenVPN\config\server.key» # This file should be kept secret
# Diffie hellman parameters.
# Generate your own with:
# openssl dhparam -out dh2048.pem 2048
dh «C:\Program Files\OpenVPN\config\dh4096.pem»
# Network topology
# Should be subnet (addressing via IP)
# unless Windows clients v2.0.9 and lower have to
# be supported (then net30, i.e. a /30 per client)
# Defaults to net30 (not recommended)
topology subnet
# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
;server 192.168.1.225 255.255.0.0
# Maintain a record of client virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist ipp.txt
# Configure server mode for ethernet bridging.
# You must first use your OS’s bridging capability
# to bridge the TAP interface with the ethernet
# NIC interface. Then you must manually set the
# IP/netmask on the bridge interface, here we
# assume 192.168.1.227/255.255.0.0. Finally we
# must set aside an IP range in this subnet
# (start=192.168.3.1 end=192.168.3.254) to allocate
# to connecting clients. Leave this line commented
# out unless you are ethernet bridging.
server-bridge 192.168.1.227 255.255.0.0 192.168.3.1 192.168.3.254
# Configure server mode for ethernet bridging
# using a DHCP-proxy, where clients talk
# to the OpenVPN server-side DHCP server
# to receive their IP address allocation
# and DNS server addresses. You must first use
# your OS’s bridging capability to bridge the TAP
# interface with the ethernet NIC interface.
# Note: this mode only works on clients (such as
# Windows), where the client-side TAP adapter is
# bound to a DHCP client.
;server-bridge
# Push routes to the client to allow it
# to reach other private subnets behind
# the server. Remember that these
# private subnets will also need
# to know to route the OpenVPN client
# address pool (10.8.0.0/255.255.255.0)
# back to the OpenVPN server.
;push «route 192.168.10.0 255.255.255.0»
;push «route 192.168.20.0 255.255.255.0»
# To assign specific IP addresses to specific
# clients or if a connecting client has a private
# subnet behind it that should also have VPN access,
# use the subdirectory «ccd» for client-specific
# configuration files (see man page for more info).
# EXAMPLE: Suppose the client
# having the certificate common name «Thelonious»
# also has a small subnet behind his connecting
# machine, such as 192.168.40.128/255.255.255.248.
# First, uncomment out these lines:
;client-config-dir ccd
;route 192.168.40.128 255.255.255.248
# Then create a file ccd/Thelonious with this line:
# iroute 192.168.40.128 255.255.255.248
# This will allow Thelonious’ private subnet to
# access the VPN. This example will only work
# if you are routing, not bridging, i.e. you are
# using «dev tun» and «server» directives.
# EXAMPLE: Suppose you want to give
# Thelonious a fixed VPN IP address of 10.9.0.1.
# First uncomment out these lines:
;client-config-dir ccd
;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2
# Suppose that you want to enable different
# firewall access policies for different groups
# of clients. There are two methods:
# (1) Run multiple OpenVPN daemons, one for each
# group, and firewall the TUN/TAP interface
# for each group/daemon appropriately.
# (2) (Advanced) Create a script to dynamically
# modify the firewall in response to access
# from different clients. See man
# page for more info on learn-address script.
;learn-address ./script
# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
;push «redirect-gateway def1 bypass-dhcp»
# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# http://openvpn.net/faq.html#dhcpcaveats
# The addresses below refer to the public
# DNS servers provided by opendns.com.
;push «dhcp-option DNS 208.67.222.222»
;push «dhcp-option DNS 208.67.220.220»
# Uncomment this directive to allow different
# clients to be able to «see» each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server’s TUN/TAP interface.
client-to-client
# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE «COMMON NAME»,
# UNCOMMENT THIS LINE OUT.
;duplicate-cn
# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120
# For extra security beyond that provided
# by SSL/TLS, create an «HMAC firewall»
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn —genkey —secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be ‘0’
# on the server and ‘1’ on the clients.
;tls-auth «C:\Program Files\OpenVPN\config\ta.key» 0 # This file is secret
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
# Note that v2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the ncp-cipher option in the manpage
cipher AES-256-CBC
# Enable compression on the VPN link and push the
# option to the client (v2.4+ only, for earlier
# versions see below)
;compress lz4-v2
;push «compress lz4-v2»
# For compression compatible with older clients use comp-lzo
# If you enable it here, you must also
# enable it in the client config file.
;comp-lzo
# The maximum number of concurrently connected
# clients we want to allow.
;max-clients 100
# It’s a good idea to reduce the OpenVPN
# daemon’s privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
;user nobody
;group nobody
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status openvpn-status.log
# By default, log messages will go to the syslog (or
# on Windows, if running as a service, they will go to
# the «Program FilesOpenVPNlog» directory).
# Use log or log-append to override this default.
# «log» will truncate the log file on OpenVPN startup,
# while «log-append» will append to it. Use one
# or the other (but not both).
;log openvpn.log
;log-append openvpn.log
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3
# Silence repeating messages. At most 20
# sequential messages of the same message
# category will be output to the log.
;mute 20
# Notify the client that when the server restarts so it
# can automatically reconnect.
explicit-exit-notify 1
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
;proto tcp
proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote [Public IP] 1194
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don’t need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It’s best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
——BEGIN CERTIFICATE——
Redacted
——END CERTIFICATE——
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5 (0x5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=NC, L=High Point, O= Redacted, OU= Redacted, CN=BT-MonCon-SRV/name=Certificate Authority/emailAddress= Redacted
Validity
Not Before: Jan 5 04:57:55 2018 GMT
Not After : Jan 3 04:57:55 2028 GMT
Subject: C=US, ST=NC, L=High Point, O= Redacted, OU= Redacted, CN=BransonMac/name=BransonMac/emailAddress= Redacted
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
Redacted
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
Redacted
X509v3 Authority Key Identifier:
keyid: Redacted
DirName:/C=US/ST=NC/L=High Point/O= Redacted/OU= Redacted/CN=BT-MonCon-SRV/name=Certificate Authority/emailAddress= Redacted
serial: Redacted
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: sha256WithRSAEncryption
Redacted
——BEGIN CERTIFICATE——
Redacted
——END CERTIFICATE——
——BEGIN PRIVATE KEY——
Redacted
——END PRIVATE KEY——
# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
# http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
# digitalSignature, keyEncipherment
# and the extendedKeyUsage to
# serverAuth
# EasyRSA can do this for you.
;remote-cert-tls BT-MonCon-SRV
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
# Note that v2.4 client/server will automatically
# negotiate AES-256-GCM in TLS mode.
# See also the ncp-cipher option in the manpage
cipher AES-256-CBC
# Enable compression on the VPN link.
# Don’t enable this unless it is also
# enabled in the server config file.
#comp-lzo
# Set log file verbosity.
verb 4
# Silence repeating messages
;mute 20
Источник
Настраиваю openVPN сервер на mikritilk. Не работает))
Может кто подскажет куда копать?
Сертификаты сгенерил easy-rsa для сервера и клиента.
в резудьтате клиент open vpn не коннектится к серверу лог прилагаю
Код: Выделить всё
Wed Mar 12 18:39:57 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Mar 12 18:39:57 2014 Re-using SSL/TLS context
Wed Mar 12 18:39:57 2014 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Mar 12 18:39:57 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Mar 12 18:39:57 2014 MANAGEMENT: >STATE:1394635197,RESOLVE,,,
Wed Mar 12 18:39:58 2014 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
Wed Mar 12 18:39:58 2014 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Mar 12 18:39:58 2014 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Mar 12 18:39:58 2014 Local Options hash (VER=V4): 'db02a8f8'
Wed Mar 12 18:39:58 2014 Expected Remote Options hash (VER=V4): '7e068940'
Wed Mar 12 18:39:58 2014 Attempting to establish TCP connection with [AF_INET]58.108.2х5.х6:1194
Wed Mar 12 18:39:58 2014 MANAGEMENT: >STATE:1394635198,TCP_CONNECT,,,
Wed Mar 12 18:39:58 2014 TCP connection established with [AF_INET]58.108.2х5.х6:1194
Wed Mar 12 18:39:58 2014 TCPv4_CLIENT link local: [undef]
Wed Mar 12 18:39:58 2014 TCPv4_CLIENT link remote: [AF_INET]58.108.2х5.х6:1194
Wed Mar 12 18:39:58 2014 MANAGEMENT: >STATE:1394635198,WAIT,,,
Wed Mar 12 18:39:58 2014 MANAGEMENT: >STATE:1394635198,AUTH,,,
Wed Mar 12 18:39:58 2014 TLS: Initial packet from [AF_INET]58.108.2х5.х6:1194, sid=10c6a7e7 7257b949
Wed Mar 12 18:39:58 2014 VERIFY OK: depth=1, C=RU, ST=MR, L=SanFrancisco, O=home, OU=otdel, CN=server, name=changeme, emailAddress=sххyan@ya.ru
Wed Mar 12 18:39:58 2014 VERIFY OK: nsCertType=SERVER
Wed Mar 12 18:39:58 2014 VERIFY OK: depth=0, C=RU, ST=MR, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=server, name=changeme, emailAddress=stххan@ya.ru
[b]Wed Mar 12 18:40:58 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Mar 12 18:40:58 2014 TLS Error: TLS handshake failed
Wed Mar 12 18:40:58 2014 Fatal TLS error (check_tls_errors_co), restarting[/b]
Wed Mar 12 18:40:58 2014 TCP/UDP: Closing socket
Wed Mar 12 18:40:58 2014 SIGUSR1[soft,tls-error] received, process restarting
Wed Mar 12 18:40:58 2014 MANAGEMENT: >STATE:1394635258,RECONNECTING,tls-error,,
Wed Mar 12 18:40:58 2014 Restart pause, 5 second(s)файл конфиг ovpn прилагаю
Код: Выделить всё
client
dev tunproto tcp
remote ххххххх
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca_voip.crt
cert client_voip.crt
key client_voip.key
ns-cert-type server
verb 5