| View previous topic :: View next topic |
| Author |
Message |
linux_os2
Apprentice
Joined: 29 Aug 2018
Posts: 223
Location: Zedelgem Belgium
|
 Posted: Sun Dec 04, 2022 8:33 pm Post subject: SOLVEDOpenVPN server and VPN provider client on one computer |
 |
|
Server running openvpn server and PIA (Private Internet Access) client.
Openvpn client running on laptop.
When only running openvpn server and PIA client not connected on server, openvpn client on laptop connects to server, ssh and remmina-rdp is OK.
When connecting PIA client on server, openvpn client looses connection, restarting openvpn client does not solve problem.
openvpn.conf of server:
| Code: | tls-server
# server binding port
#port 38173
port 12112
# openvpn protocol, could be tcp / udp / tcp6 / udp6
proto udp
# tun/tap device
dev tun0
# keys configuration, use generated keys
ca example/ca.crt
cert example/example.crt
key example/example.key
dh example/dh.pem
# optional tls-auth key to secure identifying
# tls-auth example/ta.key 0
# OpenVPN 'virtual' network infomation, network and mask
server 10.100.0.0 255.255.255.0
# persistent device and key settings
persist-key
persist-tun
ifconfig-pool-persist ipp.txt
# pushing route tables
push "route 192.168.0.0 255.255.255.0"
# push "dhcp-option DNS 192.168.1.1"
# connection
keepalive 10 120
#comp-lzo
#user nobody
#group nobody
# logging
status openvpn-status.log
log /etc/openvpn/openvpn.log
verb 4
topology subnet
data-ciphers-fallback AES-256-CBC
cipher AES-256-CBC |
openvpn.conf of client
| Code: | # specify client-side
client
# tun/tap device
dev tun0
# protocol, according to server
proto udp
# server address
#remote 192.168.0.228 12112
remote 178.116.89.125 12112
#remote 37.185.159.52 12112
#remote 81.169.23.175 12112
#remote 181.214.206.57 38173
# connection
#comp-lzo
resolv-retry 30
nobind
# persistent device and keys
persist-key
persist-tun
# keys settings
ca example/ca.crt
cert example/client-marco.crt
key example/client-marco.key
# optional tls-auth
# tls-auth exmaple/ta.key 1
# pull dns settings from the server
script-security 2
# These scripts are defaults within the service script. To specify custom scripts,
# use /etc/openvpn/${SVCNAME}- {up,down}.sh as suggested by the service script.
# If you use systemd, SVCNAME will not get set automatically.
# Add `setenv SVCNAME my_svc_name` to set it, where my_svc_name is determined by
# /etc/openvpn/client/my_svc_name.conf
up /etc/openvpn/up.sh
down /etc/openvpn/down.sh
# logging
log /etc/openvpn/openvpn.log
verb 4
data-ciphers-fallback AES-256-CBC
cipher AES-256-CBC |
openvpn_server.log-PIA_not_running
| Code: | Current Parameter Settings:
config = 'openvpn.conf'
mode = 1
persist_config = DISABLED
persist_mode = 1
show_ciphers = DISABLED
show_digests = DISABLED
show_engines = DISABLED
genkey = DISABLED
genkey_filename = '[UNDEF]'
key_pass_file = '[UNDEF]'
show_tls_ciphers = DISABLED
connect_retry_max = 0
Connection profiles [0]:
proto = udp
local = '[UNDEF]'
local_port = '12112'
remote = '[UNDEF]'
remote_port = '12112'
remote_float = DISABLED
bind_defined = DISABLED
bind_local = ENABLED
bind_ipv6_only = DISABLED
connect_retry_seconds = 5
connect_timeout = 120
socks_proxy_server = '[UNDEF]'
socks_proxy_port = '[UNDEF]'
tun_mtu = 1500
tun_mtu_defined = ENABLED
link_mtu = 1500
link_mtu_defined = DISABLED
tun_mtu_extra = 0
tun_mtu_extra_defined = DISABLED
mtu_discover_type = -1
fragment = 0
mssfix = 1450
explicit_exit_notification = 0
tls_auth_file = '[UNDEF]'
key_direction = not set
tls_crypt_file = '[UNDEF]'
tls_crypt_v2_file = '[UNDEF]'
Connection profiles END
remote_random = DISABLED
ipchange = '[UNDEF]'
dev = 'tun0'
dev_type = '[UNDEF]'
dev_node = '[UNDEF]'
lladdr = '[UNDEF]'
topology = 3
ifconfig_local = '10.100.0.1'
ifconfig_remote_netmask = '255.255.255.0'
ifconfig_noexec = DISABLED
ifconfig_nowarn = DISABLED
ifconfig_ipv6_local = '[UNDEF]'
ifconfig_ipv6_netbits = 0
ifconfig_ipv6_remote = '[UNDEF]'
shaper = 0
mtu_test = 0
mlock = DISABLED
keepalive_ping = 10
keepalive_timeout = 120
inactivity_timeout = 0
ping_send_timeout = 10
ping_rec_timeout = 240
ping_rec_timeout_action = 2
ping_timer_remote = DISABLED
remap_sigusr1 = 0
persist_tun = ENABLED
persist_local_ip = DISABLED
persist_remote_ip = DISABLED
persist_key = ENABLED
passtos = DISABLED
resolve_retry_seconds = 1000000000
resolve_in_advance = DISABLED
username = '[UNDEF]'
groupname = '[UNDEF]'
chroot_dir = '[UNDEF]'
cd_dir = '[UNDEF]'
writepid = '[UNDEF]'
up_script = '[UNDEF]'
down_script = '[UNDEF]'
down_pre = DISABLED
up_restart = DISABLED
up_delay = DISABLED
daemon = DISABLED
inetd = 0
log = ENABLED
suppress_timestamps = ENABLED
machine_readable_output = DISABLED
nice = 0
verbosity = 4
mute = 0
gremlin = 0
status_file = 'openvpn-status.log'
status_file_version = 2
status_file_update_freq = 60
occ = ENABLED
rcvbuf = 0
sndbuf = 0
mark = 0
sockflags = 0
fast_io = DISABLED
comp.alg = 0
comp.flags = 0
route_script = '[UNDEF]'
route_default_gateway = '10.100.0.2'
route_default_metric = 0
route_noexec = DISABLED
route_delay = 0
route_delay_window = 30
route_delay_defined = DISABLED
route_nopull = DISABLED
route_gateway_via_dhcp = DISABLED
allow_pull_fqdn = DISABLED
management_addr = '[UNDEF]'
management_port = '[UNDEF]'
management_user_pass = '[UNDEF]'
management_log_history_cache = 250
management_echo_buffer_size = 100
management_write_peer_info_file = '[UNDEF]'
management_client_user = '[UNDEF]'
management_client_group = '[UNDEF]'
management_flags = 0
shared_secret_file = '[UNDEF]'
key_direction = not set
ciphername = 'AES-256-CBC'
ncp_enabled = ENABLED
ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
authname = 'SHA1'
prng_hash = 'SHA1'
prng_nonce_secret_len = 16
keysize = 0
engine = DISABLED
replay = ENABLED
mute_replay_warnings = DISABLED
replay_window = 64
replay_time = 15
packet_id_file = '[UNDEF]'
test_crypto = DISABLED
tls_server = ENABLED
tls_client = DISABLED
ca_file = 'example/ca.crt'
ca_path = '[UNDEF]'
dh_file = 'example/dh.pem'
cert_file = 'example/example.crt'
extra_certs_file = '[UNDEF]'
priv_key_file = 'example/example.key'
pkcs12_file = '[UNDEF]'
cipher_list = '[UNDEF]'
cipher_list_tls13 = '[UNDEF]'
tls_cert_profile = '[UNDEF]'
tls_verify = '[UNDEF]'
tls_export_cert = '[UNDEF]'
verify_x509_type = 0
verify_x509_name = '[UNDEF]'
crl_file = '[UNDEF]'
ns_cert_type = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_eku = '[UNDEF]'
ssl_flags = 0
tls_timeout = 2
renegotiate_bytes = -1
renegotiate_packets = 0
renegotiate_seconds = 3600
handshake_window = 60
transition_window = 3600
single_session = DISABLED
push_peer_info = DISABLED
tls_exit = DISABLED
tls_crypt_v2_metadata = '[UNDEF]'
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_pin_cache_period = -1
pkcs11_id = '[UNDEF]'
pkcs11_id_management = DISABLED
server_network = 10.100.0.0
server_netmask = 255.255.255.0
server_network_ipv6 = ::
server_netbits_ipv6 = 0
server_bridge_ip = 0.0.0.0
server_bridge_netmask = 0.0.0.0
server_bridge_pool_start = 0.0.0.0
server_bridge_pool_end = 0.0.0.0
push_entry = 'route 192.168.0.0 255.255.255.0'
push_entry = 'route-gateway 10.100.0.1'
push_entry = 'topology subnet'
push_entry = 'ping 10'
push_entry = 'ping-restart 120'
ifconfig_pool_defined = ENABLED
ifconfig_pool_start = 10.100.0.2
ifconfig_pool_end = 10.100.0.254
ifconfig_pool_netmask = 255.255.255.0
ifconfig_pool_persist_filename = 'ipp.txt'
ifconfig_pool_persist_refresh_freq = 600
ifconfig_ipv6_pool_defined = DISABLED
ifconfig_ipv6_pool_base = ::
ifconfig_ipv6_pool_netbits = 0
n_bcast_buf = 256
tcp_queue_limit = 64
real_hash_size = 256
virtual_hash_size = 256
client_connect_script = '[UNDEF]'
learn_address_script = '[UNDEF]'
client_disconnect_script = '[UNDEF]'
client_config_dir = '[UNDEF]'
ccd_exclusive = DISABLED
tmp_dir = '/tmp'
push_ifconfig_defined = DISABLED
push_ifconfig_local = 0.0.0.0
push_ifconfig_remote_netmask = 0.0.0.0
push_ifconfig_ipv6_defined = DISABLED
push_ifconfig_ipv6_local = ::/0
push_ifconfig_ipv6_remote = ::
enable_c2c = DISABLED
duplicate_cn = DISABLED
cf_max = 0
cf_per = 0
max_clients = 1024
max_routes_per_client = 256
auth_user_pass_verify_script = '[UNDEF]'
auth_user_pass_verify_script_via_file = DISABLED
auth_token_generate = DISABLED
auth_token_lifetime = 0
auth_token_secret_file = '[UNDEF]'
port_share_host = '[UNDEF]'
port_share_port = '[UNDEF]'
vlan_tagging = DISABLED
vlan_accept = all
vlan_pvid = 1
client = DISABLED
pull = DISABLED
auth_user_pass_file = '[UNDEF]'
OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
net_route_v4_best_gw query: dst 0.0.0.0
net_route_v4_best_gw result: via 192.168.0.1 dev ens5
Diffie-Hellman initialized with 2048 bit key
TLS-Auth MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
TUN/TAP device tun0 opened
do_ifconfig, ipv4=1, ipv6=0
net_iface_mtu_set: mtu 1500 for tun0
net_iface_up: set tun0 up
net_addr_v4_add: 10.100.0.1/24 dev tun0
Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Could not determine IPv4/IPv6 protocol. Using AF_INET
Socket Buffers: R=[212992->212992] S=[212992->212992]
UDPv4 link local (bound): [AF_INET][undef]:12112
UDPv4 link remote: [AF_UNSPEC]
MULTI: multi_init called, r=256 v=256
IFCONFIG POOL IPv4: base=10.100.0.2 size=253
ifconfig_pool_read(), in='client-marco,10.100.0.2,'
succeeded -> ifconfig_pool_set(hand=0)
IFCONFIG POOL LIST
client-marco,10.100.0.2,
Initialization Sequence Completed
MULTI: multi_create_instance called
37.185.248.252:47311 Re-using SSL/TLS context
37.185.248.252:47311 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
37.185.248.252:47311 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
37.185.248.252:47311 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,auth SHA1,keysize 256,key-method 2,tls-server'
37.185.248.252:47311 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,auth SHA1,keysize 256,key-method 2,tls-client'
37.185.248.252:47311 TLS: Initial packet from [AF_INET]37.185.248.252:47311, sid=72ce63cb d9f05afd
37.185.248.252:47311 VERIFY OK: depth=1, CN=marc
37.185.248.252:47311 VERIFY OK: depth=0, CN=client-marco
37.185.248.252:47311 peer info: IV_VER=2.5.6
37.185.248.252:47311 peer info: IV_PLAT=linux
37.185.248.252:47311 peer info: IV_PROTO=6
37.185.248.252:47311 peer info: IV_NCP=2
37.185.248.252:47311 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM
37.185.248.252:47311 peer info: IV_LZ4=1
37.185.248.252:47311 peer info: IV_LZ4v2=1
37.185.248.252:47311 peer info: IV_LZO=1
37.185.248.252:47311 peer info: IV_COMP_STUB=1
37.185.248.252:47311 peer info: IV_COMP_STUBv2=1
37.185.248.252:47311 peer info: IV_TCPNL=1
37.185.248.252:47311 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
37.185.248.252:47311 [client-marco] Peer Connection Initiated with [AF_INET]37.185.248.252:47311
client-marco/37.185.248.252:47311 MULTI_sva: pool returned IPv4=10.100.0.2, IPv6=(Not enabled)
client-marco/37.185.248.252:47311 MULTI: Learn: 10.100.0.2 -> client-marco/37.185.248.252:47311
client-marco/37.185.248.252:47311 MULTI: primary virtual IP for client-marco/37.185.248.252:47311: 10.100.0.2
client-marco/37.185.248.252:47311 Data Channel: using negotiated cipher 'AES-256-GCM'
client-marco/37.185.248.252:47311 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 ]
client-marco/37.185.248.252:47311 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
client-marco/37.185.248.252:47311 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
client-marco/37.185.248.252:47311 SENT CONTROL [client-marco]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route-gateway 10.100.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.100.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1) |
openvpn_client.log-PIA_not_running_on_server
| Code: | Current Parameter Settings:
config = 'openvpn.conf'
mode = 0
persist_config = DISABLED
persist_mode = 1
show_ciphers = DISABLED
show_digests = DISABLED
show_engines = DISABLED
genkey = DISABLED
genkey_filename = '[UNDEF]'
key_pass_file = '[UNDEF]'
show_tls_ciphers = DISABLED
connect_retry_max = 0
Connection profiles [0]:
proto = udp
local = '[UNDEF]'
local_port = '[UNDEF]'
remote = '178.116.89.125'
remote_port = '12112'
remote_float = DISABLED
bind_defined = DISABLED
bind_local = DISABLED
bind_ipv6_only = DISABLED
connect_retry_seconds = 5
connect_timeout = 120
socks_proxy_server = '[UNDEF]'
socks_proxy_port = '[UNDEF]'
tun_mtu = 1500
tun_mtu_defined = ENABLED
link_mtu = 1500
link_mtu_defined = DISABLED
tun_mtu_extra = 0
tun_mtu_extra_defined = DISABLED
mtu_discover_type = -1
fragment = 0
mssfix = 1450
explicit_exit_notification = 0
tls_auth_file = '[UNDEF]'
key_direction = not set
tls_crypt_file = '[UNDEF]'
tls_crypt_v2_file = '[UNDEF]'
Connection profiles END
remote_random = DISABLED
ipchange = '[UNDEF]'
dev = 'tun0'
dev_type = '[UNDEF]'
dev_node = '[UNDEF]'
lladdr = '[UNDEF]'
topology = 1
ifconfig_local = '[UNDEF]'
ifconfig_remote_netmask = '[UNDEF]'
ifconfig_noexec = DISABLED
ifconfig_nowarn = DISABLED
ifconfig_ipv6_local = '[UNDEF]'
ifconfig_ipv6_netbits = 0
ifconfig_ipv6_remote = '[UNDEF]'
shaper = 0
mtu_test = 0
mlock = DISABLED
keepalive_ping = 0
keepalive_timeout = 0
inactivity_timeout = 0
inactivity_minimum_bytes = 0
ping_send_timeout = 0
ping_rec_timeout = 0
ping_rec_timeout_action = 0
ping_timer_remote = DISABLED
remap_sigusr1 = 0
persist_tun = ENABLED
persist_local_ip = DISABLED
persist_remote_ip = DISABLED
persist_key = ENABLED
passtos = DISABLED
resolve_retry_seconds = 30
resolve_in_advance = DISABLED
username = '[UNDEF]'
groupname = '[UNDEF]'
chroot_dir = '[UNDEF]'
cd_dir = '[UNDEF]'
writepid = '[UNDEF]'
up_script = '/etc/openvpn/up.sh'
down_script = '/etc/openvpn/down.sh'
down_pre = DISABLED
up_restart = DISABLED
up_delay = DISABLED
daemon = DISABLED
inetd = 0
log = ENABLED
suppress_timestamps = ENABLED
machine_readable_output = DISABLED
nice = 0
verbosity = 4
mute = 0
gremlin = 0
status_file = '[UNDEF]'
status_file_version = 1
status_file_update_freq = 60
occ = ENABLED
rcvbuf = 0
sndbuf = 0
mark = 0
sockflags = 0
fast_io = DISABLED
comp.alg = 0
comp.flags = 0
route_script = '[UNDEF]'
route_default_gateway = '[UNDEF]'
route_default_metric = 0
route_noexec = DISABLED
route_delay = 0
route_delay_window = 30
route_delay_defined = DISABLED
route_nopull = DISABLED
route_gateway_via_dhcp = DISABLED
allow_pull_fqdn = DISABLED
management_addr = '[UNDEF]'
management_port = '[UNDEF]'
management_user_pass = '[UNDEF]'
management_log_history_cache = 250
management_echo_buffer_size = 100
management_write_peer_info_file = '[UNDEF]'
management_client_user = '[UNDEF]'
management_client_group = '[UNDEF]'
management_flags = 0
shared_secret_file = '[UNDEF]'
key_direction = not set
ciphername = 'AES-256-CBC'
ncp_enabled = ENABLED
ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
authname = 'SHA1'
prng_hash = 'SHA1'
prng_nonce_secret_len = 16
keysize = 0
engine = DISABLED
replay = ENABLED
mute_replay_warnings = DISABLED
replay_window = 64
replay_time = 15
packet_id_file = '[UNDEF]'
test_crypto = DISABLED
tls_server = DISABLED
tls_client = ENABLED
ca_file = 'example/ca.crt'
ca_path = '[UNDEF]'
dh_file = '[UNDEF]'
cert_file = 'example/client-marco.crt'
extra_certs_file = '[UNDEF]'
priv_key_file = 'example/client-marco.key'
pkcs12_file = '[UNDEF]'
cipher_list = '[UNDEF]'
cipher_list_tls13 = '[UNDEF]'
tls_cert_profile = '[UNDEF]'
tls_verify = '[UNDEF]'
tls_export_cert = '[UNDEF]'
verify_x509_type = 0
verify_x509_name = '[UNDEF]'
crl_file = '[UNDEF]'
ns_cert_type = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_eku = '[UNDEF]'
ssl_flags = 0
tls_timeout = 2
renegotiate_bytes = -1
renegotiate_packets = 0
renegotiate_seconds = 3600
handshake_window = 60
transition_window = 3600
single_session = DISABLED
push_peer_info = DISABLED
tls_exit = DISABLED
tls_crypt_v2_metadata = '[UNDEF]'
server_network = 0.0.0.0
server_netmask = 0.0.0.0
server_network_ipv6 = ::
server_netbits_ipv6 = 0
server_bridge_ip = 0.0.0.0
server_bridge_netmask = 0.0.0.0
server_bridge_pool_start = 0.0.0.0
server_bridge_pool_end = 0.0.0.0
ifconfig_pool_defined = DISABLED
ifconfig_pool_start = 0.0.0.0
ifconfig_pool_end = 0.0.0.0
ifconfig_pool_netmask = 0.0.0.0
ifconfig_pool_persist_filename = '[UNDEF]'
ifconfig_pool_persist_refresh_freq = 600
ifconfig_ipv6_pool_defined = DISABLED
ifconfig_ipv6_pool_base = ::
ifconfig_ipv6_pool_netbits = 0
n_bcast_buf = 256
tcp_queue_limit = 64
real_hash_size = 256
virtual_hash_size = 256
client_connect_script = '[UNDEF]'
learn_address_script = '[UNDEF]'
client_disconnect_script = '[UNDEF]'
client_config_dir = '[UNDEF]'
ccd_exclusive = DISABLED
tmp_dir = '/tmp'
push_ifconfig_defined = DISABLED
push_ifconfig_local = 0.0.0.0
push_ifconfig_remote_netmask = 0.0.0.0
push_ifconfig_ipv6_defined = DISABLED
push_ifconfig_ipv6_local = ::/0
push_ifconfig_ipv6_remote = ::
enable_c2c = DISABLED
duplicate_cn = DISABLED
cf_max = 0
cf_per = 0
max_clients = 1024
max_routes_per_client = 256
auth_user_pass_verify_script = '[UNDEF]'
auth_user_pass_verify_script_via_file = DISABLED
auth_token_generate = DISABLED
auth_token_lifetime = 0
auth_token_secret_file = '[UNDEF]'
port_share_host = '[UNDEF]'
port_share_port = '[UNDEF]'
vlan_tagging = DISABLED
vlan_accept = all
vlan_pvid = 1
client = ENABLED
pull = ENABLED
auth_user_pass_file = '[UNDEF]'
OpenVPN 2.5.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 25 2022
library versions: OpenSSL 1.1.1q 5 Jul 2022, LZO 2.10
WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,auth SHA1,keysize 256,key-method 2,tls-client'
Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,auth SHA1,keysize 256,key-method 2,tls-server'
TCP/UDP: Preserving recently used remote address: [AF_INET]178.116.89.125:12112
Socket Buffers: R=[212992->212992] S=[212992->212992]
UDP link local: (not bound)
UDP link remote: [AF_INET]178.116.89.125:12112
TLS: Initial packet from [AF_INET]178.116.89.125:12112, sid=caf26462 6823743d
VERIFY OK: depth=1, CN=marc
VERIFY OK: depth=0, CN=marc
Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
[marc] Peer Connection Initiated with [AF_INET]178.116.89.125:12112
PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route-gateway 10.100.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.100.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: route-related options modified
OPTIONS IMPORT: peer-id set
OPTIONS IMPORT: adjusting link_mtu to 1624
OPTIONS IMPORT: data channel crypto options modified
Data Channel: using negotiated cipher 'AES-256-GCM'
Data Channel MTU parms [ L:1552 D:1450 EF:52 EB:406 ET:0 EL:3 ]
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
net_route_v4_best_gw query: dst 0.0.0.0
net_route_v4_best_gw result: via 192.168.32.216 dev wlan0
ROUTE_GATEWAY 192.168.32.216/255.255.255.0 IFACE=wlan0 HWADDR=74:da:38:a6:47:21
TUN/TAP device tun0 opened
do_ifconfig, ipv4=1, ipv6=0
net_iface_mtu_set: mtu 1500 for tun0
net_iface_up: set tun0 up
net_addr_v4_add: 10.100.0.2/24 dev tun0
/etc/openvpn/up.sh tun0 1500 1552 10.100.0.2 255.255.255.0 init
net_route_v4_add: 192.168.0.0/24 via 10.100.0.1 dev [NULL] table 0 metric -1
WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Initialization Sequence Completed |
openvpn_server.log-PIA_running
| Code: | Current Parameter Settings:
config = 'openvpn.conf'
mode = 1
persist_config = DISABLED
persist_mode = 1
show_ciphers = DISABLED
show_digests = DISABLED
show_engines = DISABLED
genkey = DISABLED
genkey_filename = '[UNDEF]'
key_pass_file = '[UNDEF]'
show_tls_ciphers = DISABLED
connect_retry_max = 0
Connection profiles [0]:
proto = udp
local = '[UNDEF]'
local_port = '12112'
remote = '[UNDEF]'
remote_port = '12112'
remote_float = DISABLED
bind_defined = DISABLED
bind_local = ENABLED
bind_ipv6_only = DISABLED
connect_retry_seconds = 5
connect_timeout = 120
socks_proxy_server = '[UNDEF]'
socks_proxy_port = '[UNDEF]'
tun_mtu = 1500
tun_mtu_defined = ENABLED
link_mtu = 1500
link_mtu_defined = DISABLED
tun_mtu_extra = 0
tun_mtu_extra_defined = DISABLED
mtu_discover_type = -1
fragment = 0
mssfix = 1450
explicit_exit_notification = 0
tls_auth_file = '[UNDEF]'
key_direction = not set
tls_crypt_file = '[UNDEF]'
tls_crypt_v2_file = '[UNDEF]'
Connection profiles END
remote_random = DISABLED
ipchange = '[UNDEF]'
dev = 'tun0'
dev_type = '[UNDEF]'
dev_node = '[UNDEF]'
lladdr = '[UNDEF]'
topology = 3
ifconfig_local = '10.100.0.1'
ifconfig_remote_netmask = '255.255.255.0'
ifconfig_noexec = DISABLED
ifconfig_nowarn = DISABLED
ifconfig_ipv6_local = '[UNDEF]'
ifconfig_ipv6_netbits = 0
ifconfig_ipv6_remote = '[UNDEF]'
shaper = 0
mtu_test = 0
mlock = DISABLED
keepalive_ping = 10
keepalive_timeout = 120
inactivity_timeout = 0
ping_send_timeout = 10
ping_rec_timeout = 240
ping_rec_timeout_action = 2
ping_timer_remote = DISABLED
remap_sigusr1 = 0
persist_tun = ENABLED
persist_local_ip = DISABLED
persist_remote_ip = DISABLED
persist_key = ENABLED
passtos = DISABLED
resolve_retry_seconds = 1000000000
resolve_in_advance = DISABLED
username = '[UNDEF]'
groupname = '[UNDEF]'
chroot_dir = '[UNDEF]'
cd_dir = '[UNDEF]'
writepid = '[UNDEF]'
up_script = '[UNDEF]'
down_script = '[UNDEF]'
down_pre = DISABLED
up_restart = DISABLED
up_delay = DISABLED
daemon = DISABLED
inetd = 0
log = ENABLED
suppress_timestamps = ENABLED
machine_readable_output = DISABLED
nice = 0
verbosity = 4
mute = 0
gremlin = 0
status_file = 'openvpn-status.log'
status_file_version = 2
status_file_update_freq = 60
occ = ENABLED
rcvbuf = 0
sndbuf = 0
mark = 0
sockflags = 0
fast_io = DISABLED
comp.alg = 0
comp.flags = 0
route_script = '[UNDEF]'
route_default_gateway = '10.100.0.2'
route_default_metric = 0
route_noexec = DISABLED
route_delay = 0
route_delay_window = 30
route_delay_defined = DISABLED
route_nopull = DISABLED
route_gateway_via_dhcp = DISABLED
allow_pull_fqdn = DISABLED
management_addr = '[UNDEF]'
management_port = '[UNDEF]'
management_user_pass = '[UNDEF]'
management_log_history_cache = 250
management_echo_buffer_size = 100
management_write_peer_info_file = '[UNDEF]'
management_client_user = '[UNDEF]'
management_client_group = '[UNDEF]'
management_flags = 0
shared_secret_file = '[UNDEF]'
key_direction = not set
ciphername = 'AES-256-CBC'
ncp_enabled = ENABLED
ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
authname = 'SHA1'
prng_hash = 'SHA1'
prng_nonce_secret_len = 16
keysize = 0
engine = DISABLED
replay = ENABLED
mute_replay_warnings = DISABLED
replay_window = 64
replay_time = 15
packet_id_file = '[UNDEF]'
test_crypto = DISABLED
tls_server = ENABLED
tls_client = DISABLED
ca_file = 'example/ca.crt'
ca_path = '[UNDEF]'
dh_file = 'example/dh.pem'
cert_file = 'example/example.crt'
extra_certs_file = '[UNDEF]'
priv_key_file = 'example/example.key'
pkcs12_file = '[UNDEF]'
cipher_list = '[UNDEF]'
cipher_list_tls13 = '[UNDEF]'
tls_cert_profile = '[UNDEF]'
tls_verify = '[UNDEF]'
tls_export_cert = '[UNDEF]'
verify_x509_type = 0
verify_x509_name = '[UNDEF]'
crl_file = '[UNDEF]'
ns_cert_type = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_eku = '[UNDEF]'
ssl_flags = 0
tls_timeout = 2
renegotiate_bytes = -1
renegotiate_packets = 0
renegotiate_seconds = 3600
handshake_window = 60
transition_window = 3600
single_session = DISABLED
push_peer_info = DISABLED
tls_exit = DISABLED
tls_crypt_v2_metadata = '[UNDEF]'
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_protected_authentication = DISABLED
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_private_mode = 00000000
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_cert_private = DISABLED
pkcs11_pin_cache_period = -1
pkcs11_id = '[UNDEF]'
pkcs11_id_management = DISABLED
server_network = 10.100.0.0
server_netmask = 255.255.255.0
server_network_ipv6 = ::
server_netbits_ipv6 = 0
server_bridge_ip = 0.0.0.0
server_bridge_netmask = 0.0.0.0
server_bridge_pool_start = 0.0.0.0
server_bridge_pool_end = 0.0.0.0
push_entry = 'route 192.168.0.0 255.255.255.0'
push_entry = 'route-gateway 10.100.0.1'
push_entry = 'topology subnet'
push_entry = 'ping 10'
push_entry = 'ping-restart 120'
ifconfig_pool_defined = ENABLED
ifconfig_pool_start = 10.100.0.2
ifconfig_pool_end = 10.100.0.254
ifconfig_pool_netmask = 255.255.255.0
ifconfig_pool_persist_filename = 'ipp.txt'
ifconfig_pool_persist_refresh_freq = 600
ifconfig_ipv6_pool_defined = DISABLED
ifconfig_ipv6_pool_base = ::
ifconfig_ipv6_pool_netbits = 0
n_bcast_buf = 256
tcp_queue_limit = 64
real_hash_size = 256
virtual_hash_size = 256
client_connect_script = '[UNDEF]'
learn_address_script = '[UNDEF]'
client_disconnect_script = '[UNDEF]'
client_config_dir = '[UNDEF]'
ccd_exclusive = DISABLED
tmp_dir = '/tmp'
push_ifconfig_defined = DISABLED
push_ifconfig_local = 0.0.0.0
push_ifconfig_remote_netmask = 0.0.0.0
push_ifconfig_ipv6_defined = DISABLED
push_ifconfig_ipv6_local = ::/0
push_ifconfig_ipv6_remote = ::
enable_c2c = DISABLED
duplicate_cn = DISABLED
cf_max = 0
cf_per = 0
max_clients = 1024
max_routes_per_client = 256
auth_user_pass_verify_script = '[UNDEF]'
auth_user_pass_verify_script_via_file = DISABLED
auth_token_generate = DISABLED
auth_token_lifetime = 0
auth_token_secret_file = '[UNDEF]'
port_share_host = '[UNDEF]'
port_share_port = '[UNDEF]'
vlan_tagging = DISABLED
vlan_accept = all
vlan_pvid = 1
client = DISABLED
pull = DISABLED
auth_user_pass_file = '[UNDEF]'
OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
net_route_v4_best_gw query: dst 0.0.0.0
net_route_v4_best_gw result: via 192.168.0.1 dev ens5
Diffie-Hellman initialized with 2048 bit key
TLS-Auth MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
TUN/TAP device tun0 opened
do_ifconfig, ipv4=1, ipv6=0
net_iface_mtu_set: mtu 1500 for tun0
net_iface_up: set tun0 up
net_addr_v4_add: 10.100.0.1/24 dev tun0
Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Could not determine IPv4/IPv6 protocol. Using AF_INET
Socket Buffers: R=[212992->212992] S=[212992->212992]
UDPv4 link local (bound): [AF_INET][undef]:12112
UDPv4 link remote: [AF_UNSPEC]
MULTI: multi_init called, r=256 v=256
IFCONFIG POOL IPv4: base=10.100.0.2 size=253
ifconfig_pool_read(), in='client-marco,10.100.0.2,'
succeeded -> ifconfig_pool_set(hand=0)
IFCONFIG POOL LIST
client-marco,10.100.0.2,
Initialization Sequence Completed
MULTI: multi_create_instance called
37.185.248.252:47150 Re-using SSL/TLS context
37.185.248.252:47150 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
37.185.248.252:47150 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
37.185.248.252:47150 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,auth SHA1,keysize 256,key-method 2,tls-server'
37.185.248.252:47150 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,auth SHA1,keysize 256,key-method 2,tls-client'
37.185.248.252:47150 TLS: Initial packet from [AF_INET]37.185.248.252:47150, sid=9fccf5ec 822ab640
37.185.248.252:47150 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
37.185.248.252:47150 TLS Error: TLS handshake failed
37.185.248.252:47150 SIGUSR1[soft,tls-error] received, client-instance restarting
MULTI: multi_create_instance called
37.185.248.252:47184 Re-using SSL/TLS context
37.185.248.252:47184 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
37.185.248.252:47184 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
37.185.248.252:47184 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,auth SHA1,keysize 256,key-method 2,tls-server'
37.185.248.252:47184 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,auth SHA1,keysize 256,key-method 2,tls-client'
37.185.248.252:47184 TLS: Initial packet from [AF_INET]37.185.248.252:47184, sid=fde36771 277a288f
37.185.248.252:47184 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
37.185.248.252:47184 TLS Error: TLS handshake failed
37.185.248.252:47184 SIGUSR1[soft,tls-error] received, client-instance restarting |
openvpn_client.log-PIA_running_on_server
| Code: | Current Parameter Settings:
config = 'openvpn.conf'
mode = 0
persist_config = DISABLED
persist_mode = 1
show_ciphers = DISABLED
show_digests = DISABLED
show_engines = DISABLED
genkey = DISABLED
genkey_filename = '[UNDEF]'
key_pass_file = '[UNDEF]'
show_tls_ciphers = DISABLED
connect_retry_max = 0
Connection profiles [0]:
proto = udp
local = '[UNDEF]'
local_port = '[UNDEF]'
remote = '178.116.89.125'
remote_port = '12112'
remote_float = DISABLED
bind_defined = DISABLED
bind_local = DISABLED
bind_ipv6_only = DISABLED
connect_retry_seconds = 5
connect_timeout = 120
socks_proxy_server = '[UNDEF]'
socks_proxy_port = '[UNDEF]'
tun_mtu = 1500
tun_mtu_defined = ENABLED
link_mtu = 1500
link_mtu_defined = DISABLED
tun_mtu_extra = 0
tun_mtu_extra_defined = DISABLED
mtu_discover_type = -1
fragment = 0
mssfix = 1450
explicit_exit_notification = 0
tls_auth_file = '[UNDEF]'
key_direction = not set
tls_crypt_file = '[UNDEF]'
tls_crypt_v2_file = '[UNDEF]'
Connection profiles END
remote_random = DISABLED
ipchange = '[UNDEF]'
dev = 'tun0'
dev_type = '[UNDEF]'
dev_node = '[UNDEF]'
lladdr = '[UNDEF]'
topology = 1
ifconfig_local = '[UNDEF]'
ifconfig_remote_netmask = '[UNDEF]'
ifconfig_noexec = DISABLED
ifconfig_nowarn = DISABLED
ifconfig_ipv6_local = '[UNDEF]'
ifconfig_ipv6_netbits = 0
ifconfig_ipv6_remote = '[UNDEF]'
shaper = 0
mtu_test = 0
mlock = DISABLED
keepalive_ping = 0
keepalive_timeout = 0
inactivity_timeout = 0
inactivity_minimum_bytes = 0
ping_send_timeout = 0
ping_rec_timeout = 0
ping_rec_timeout_action = 0
ping_timer_remote = DISABLED
remap_sigusr1 = 0
persist_tun = ENABLED
persist_local_ip = DISABLED
persist_remote_ip = DISABLED
persist_key = ENABLED
passtos = DISABLED
resolve_retry_seconds = 30
resolve_in_advance = DISABLED
username = '[UNDEF]'
groupname = '[UNDEF]'
chroot_dir = '[UNDEF]'
cd_dir = '[UNDEF]'
writepid = '[UNDEF]'
up_script = '/etc/openvpn/up.sh'
down_script = '/etc/openvpn/down.sh'
down_pre = DISABLED
up_restart = DISABLED
up_delay = DISABLED
daemon = DISABLED
inetd = 0
log = ENABLED
suppress_timestamps = ENABLED
machine_readable_output = DISABLED
nice = 0
verbosity = 4
mute = 0
gremlin = 0
status_file = '[UNDEF]'
status_file_version = 1
status_file_update_freq = 60
occ = ENABLED
rcvbuf = 0
sndbuf = 0
mark = 0
sockflags = 0
fast_io = DISABLED
comp.alg = 0
comp.flags = 0
route_script = '[UNDEF]'
route_default_gateway = '[UNDEF]'
route_default_metric = 0
route_noexec = DISABLED
route_delay = 0
route_delay_window = 30
route_delay_defined = DISABLED
route_nopull = DISABLED
route_gateway_via_dhcp = DISABLED
allow_pull_fqdn = DISABLED
management_addr = '[UNDEF]'
management_port = '[UNDEF]'
management_user_pass = '[UNDEF]'
management_log_history_cache = 250
management_echo_buffer_size = 100
management_write_peer_info_file = '[UNDEF]'
management_client_user = '[UNDEF]'
management_client_group = '[UNDEF]'
management_flags = 0
shared_secret_file = '[UNDEF]'
key_direction = not set
ciphername = 'AES-256-CBC'
ncp_enabled = ENABLED
ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
authname = 'SHA1'
prng_hash = 'SHA1'
prng_nonce_secret_len = 16
keysize = 0
engine = DISABLED
replay = ENABLED
mute_replay_warnings = DISABLED
replay_window = 64
replay_time = 15
packet_id_file = '[UNDEF]'
test_crypto = DISABLED
tls_server = DISABLED
tls_client = ENABLED
ca_file = 'example/ca.crt'
ca_path = '[UNDEF]'
dh_file = '[UNDEF]'
cert_file = 'example/client-marco.crt'
extra_certs_file = '[UNDEF]'
priv_key_file = 'example/client-marco.key'
pkcs12_file = '[UNDEF]'
cipher_list = '[UNDEF]'
cipher_list_tls13 = '[UNDEF]'
tls_cert_profile = '[UNDEF]'
tls_verify = '[UNDEF]'
tls_export_cert = '[UNDEF]'
verify_x509_type = 0
verify_x509_name = '[UNDEF]'
crl_file = '[UNDEF]'
ns_cert_type = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_ku[i] = 0
remote_cert_eku = '[UNDEF]'
ssl_flags = 0
tls_timeout = 2
renegotiate_bytes = -1
renegotiate_packets = 0
renegotiate_seconds = 3600
handshake_window = 60
transition_window = 3600
single_session = DISABLED
push_peer_info = DISABLED
tls_exit = DISABLED
tls_crypt_v2_metadata = '[UNDEF]'
server_network = 0.0.0.0
server_netmask = 0.0.0.0
server_network_ipv6 = ::
server_netbits_ipv6 = 0
server_bridge_ip = 0.0.0.0
server_bridge_netmask = 0.0.0.0
server_bridge_pool_start = 0.0.0.0
server_bridge_pool_end = 0.0.0.0
ifconfig_pool_defined = DISABLED
ifconfig_pool_start = 0.0.0.0
ifconfig_pool_end = 0.0.0.0
ifconfig_pool_netmask = 0.0.0.0
ifconfig_pool_persist_filename = '[UNDEF]'
ifconfig_pool_persist_refresh_freq = 600
ifconfig_ipv6_pool_defined = DISABLED
ifconfig_ipv6_pool_base = ::
ifconfig_ipv6_pool_netbits = 0
n_bcast_buf = 256
tcp_queue_limit = 64
real_hash_size = 256
virtual_hash_size = 256
client_connect_script = '[UNDEF]'
learn_address_script = '[UNDEF]'
client_disconnect_script = '[UNDEF]'
client_config_dir = '[UNDEF]'
ccd_exclusive = DISABLED
tmp_dir = '/tmp'
push_ifconfig_defined = DISABLED
push_ifconfig_local = 0.0.0.0
push_ifconfig_remote_netmask = 0.0.0.0
push_ifconfig_ipv6_defined = DISABLED
push_ifconfig_ipv6_local = ::/0
push_ifconfig_ipv6_remote = ::
enable_c2c = DISABLED
duplicate_cn = DISABLED
cf_max = 0
cf_per = 0
max_clients = 1024
max_routes_per_client = 256
auth_user_pass_verify_script = '[UNDEF]'
auth_user_pass_verify_script_via_file = DISABLED
auth_token_generate = DISABLED
auth_token_lifetime = 0
auth_token_secret_file = '[UNDEF]'
port_share_host = '[UNDEF]'
port_share_port = '[UNDEF]'
vlan_tagging = DISABLED
vlan_accept = all
vlan_pvid = 1
client = ENABLED
pull = ENABLED
auth_user_pass_file = '[UNDEF]'
OpenVPN 2.5.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 25 2022
library versions: OpenSSL 1.1.1q 5 Jul 2022, LZO 2.10
WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,auth SHA1,keysize 256,key-method 2,tls-client'
Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,auth SHA1,keysize 256,key-method 2,tls-server'
TCP/UDP: Preserving recently used remote address: [AF_INET]178.116.89.125:12112
Socket Buffers: R=[212992->212992] S=[212992->212992]
UDP link local: (not bound)
UDP link remote: [AF_INET]178.116.89.125:12112
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
TCP/UDP: Closing socket
SIGUSR1[soft,tls-error] received, process restarting
Restart pause, 5 second(s)
WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Re-using SSL/TLS context
Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,auth SHA1,keysize 256,key-method 2,tls-client'
Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,auth SHA1,keysize 256,key-method 2,tls-server'
TCP/UDP: Preserving recently used remote address: [AF_INET]178.116.89.125:12112
Socket Buffers: R=[212992->212992] S=[212992->212992]
UDP link local: (not bound)
UDP link remote: [AF_INET]178.116.89.125:12112 |
route of server openvpn server not started and PIA client not connected
| Code: | :~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 0 0 0 ens5
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 ens5
192.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 ens5 |
route of server openvpn server started and PIA client not connected
| Code: | ~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 0 0 0 ens5
10.100.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 ens5
192.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 ens5 |
route of server openvpn server started and PIA client connected
| Code: | ~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.9.18.1 128.0.0.0 UG 0 0 0 tun1
default _gateway 0.0.0.0 UG 0 0 0 ens5
10.0.0.243 10.9.18.1 255.255.255.255 UGH 0 0 0 tun1
10.9.18.0 0.0.0.0 255.255.255.0 U 0 0 0 tun1
10.100.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
128.0.0.0 10.9.18.1 128.0.0.0 UG 0 0 0 tun1
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 ens5
181.214.218.40 _gateway 255.255.255.255 UGH 0 0 0 ens5
192.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 ens5 |
Last edited by linux_os2 on Tue Dec 06, 2022 11:13 am; edited 1 time in total |
|
| Back to top |
|
 |
linux_os2
Apprentice
Joined: 29 Aug 2018
Posts: 223
Location: Zedelgem Belgium
|
| Posted: Tue Dec 06, 2022 11:11 am Post subject: |
|
|
Good news
found a solution.
In settings of PIA on the Split Tunnel tab activate Split Tunnel, set All Other Apps to Bypass VPN and do Add Application for the apps you want through the PIA VPN tunnel and set Only VPN for this app.
To know the full name of an application like chromium
# readlink /proc/$(pgrep chrome | head -1)/exe
[ | Code: | | /usr/lib64/chromium-browser/chrome |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
