Forum: PC Hard- und Software [OpenVPN] Heimrouter bleibt unerreichbar


[OpenVPN] Heimrouter bleibt unerreichbar
von X. A. (wilhem)

Angehängte Dateien:
Lesenswert? 

Hallo Freunde,

irgendwie klappt es mit der Einrichtung eines OpenVPN Servers in meinem 
Tp-Link Archer Router nicht.
Ich habe unzählige Videos angeschaut, die Anleitung durchgelesen, alle 
Schritte sorgfältig ausgeführt....und trotzdem lässt sich der OpenVPN 
Server nicht einrichten. Was ich möchte, ist über OpenVPN zu meinem 
Router über Internet zugreifen können.

Am besten fange ich von vorne an:

1) Zuerst habe ich bei no-ip einen DDNS Service eingerichten und dessen 
Einlogdaten in meinen Router eingetragen (Screenshot 1)
Der Hostname also xxx.ddns.net ist aktiv und pingbar.

2) Dann habe ich den OpenVPN aktiviert, den Zertifikat erzeugt und die 
ovpn Datei für den Client heruntergeladen (Screenshot 2)

Hiermit der Inhalt der Datei (xxx bedeutet, dass ich den Inhalt hier 
maskiert habe):

1
client

2
dev tun

3
auth-nocache

4
proto udp

5
float

6
nobind

7
cipher AES-128-CBC

8
comp-lzo adaptive

9
resolv-retry infinite

10
persist-key

11
persist-tun

12
verb 6

13
remote xxx.ddns.net 1194

14
<ca>

15
-----BEGIN CERTIFICATE-----

16
XXX

17
-----END CERTIFICATE-----

18
</ca>

19
<cert>

20
-----BEGIN CERTIFICATE-----

21
XXX

22
-----END CERTIFICATE-----

23
</cert>

24
<key>

25
-----BEGIN PRIVATE KEY-----

26
XXX

27
-----END PRIVATE KEY-----

28
</key>


3) Ich gehe ins Internet über den Hotspot meines Handy, um die 
OpenVPN-Verbindung zu testen

4) Am Ende versuch der Client sich vergeblich zu verbinden. Ich erhalte 
nur die Meldung:
1
[LOG] Waiting for server response


Mein System ist Ubuntu 22.04 und ich habe sowohl mit OpenVPN2 als auch 
OpenVPN3 versucht. Gar kein Unterschied.

Hier noch ein Paar Dinge, die ich probiert habe:
1) In meinem Tp-Link Router habe ich versucht, unter "NAT" -> 
"Port-Triggering" einen Port zuzuweisen. Aber der Router sagt, dass dies 
nicht möglich sei, da ein OpenVPN Service denselben Port bereits 
verwendet. Dies ist also unmöglich.
2) Ich habe meinen xxx.ddns.net Adresse mit der IP-Adresse getauscht. Es 
ändert sich nichts.
3) [S] Ich habe versucht, mich über den Client auf dem Handy zu 
verbinden. Die Fehlermeldung lautet nun:
"Authentication Failed: Server TLS version is too low"
Nun... ich entscheide nicht selbst, was Tp-Link in ihren Routern 
installieren [/S]
Nachdem ich die Sicherheitstufe gesenkt habe, klappt es doch übers 
Handy. Es muss also an dem Linux-Client liegen.

Was soll ich noch prüfen?
Danke

: Bearbeitet durch User
Beitrag melden Bearbeiten Thread verschieben Thread sperren Anmeldepflicht aktivieren Anpinnen Thread löschen Thread mit anderem zusammenführen Markierten Text zitieren Antwort Antwort mit Zitat
Re: [OpenVPN] Heimrouter bleibt unerreichbar
von Rüdiger B. (rbruns)

Lesenswert? 

Hier in meinem Urlaubswlan funktioniert OpenVPN auch nicht, dagegen 
WireGuard problemlos. Auch hatte ich bei OpenVPN das Problem das nach 
einer Stunde der Schlüsselwechsel nicht funktionierte. Probier das 
Ganzel mal per WLAN und Handy bei einem Freund aus.

Beitrag melden Bearbeiten Löschen Markierten Text zitieren Antwort Antwort mit Zitat
Re: [OpenVPN] Heimrouter bleibt unerreichbar
von Ben B. (Firma: Funkenflug Industries) (stromkraft)

Lesenswert? 

https://community.tp-link.com/en/home/forum/topic/642104

Versuch bitte, die alten TLS-Versionen 1.0 und 1.1 zu meiden, nur im 
Notfall nutzen wenn es gar nicht anders geht.

Beitrag melden Bearbeiten Löschen Markierten Text zitieren Antwort Antwort mit Zitat
Re: [OpenVPN] Heimrouter bleibt unerreichbar
von X. A. (wilhem)

Angehängte Dateien:
Lesenswert? 

Kurzes Update:
ich habe eben gerade mit sudo probiert und nun wechselt sich der Status 
vom Waiting for Server Responde zu Connecting. Aber leider lässt sich 
keine Verbindung herstellen (siehe Screenshot)

Beitrag melden Bearbeiten Löschen Markierten Text zitieren Antwort Antwort mit Zitat
Re: [OpenVPN] Heimrouter bleibt unerreichbar
von Ob S. (Firma: 1984now) (observer)

Lesenswert? 

X. A. schrieb:

> 1) Zuerst habe ich bei no-ip einen DDNS Service eingerichten und dessen
> Einlogdaten in meinen Router eingetragen (Screenshot 1)
> Der Hostname also xxx.ddns.net ist aktiv und pingbar.

Das ist schon mal gut.

> 2) Dann habe ich den OpenVPN aktiviert, den Zertifikat erzeugt und die
> ovpn Datei für den Client heruntergeladen (Screenshot 2)

Schön.

> remote xxx.ddns.net 1194

Das könnte das Problem sein. Muß das nicht so aussehen "remote 
xxx.ddns.net:1194"? (Hab' lange nichts mehr mit OpenVPN gemacht, aber 
aus der Erinnerung würde ich sagen: ja, das muß in der üblichen 
Url-Notation geschrieben werden)

Außerdem: Du verwendest einen "unusual" Port. Längst nicht jeder 
Netzbetreiber erlaubt die Verbindung mit solchen ungewöhnlichen Ports. 
Es gibt da die lustigsten Restriktionen. In Hotelnetzen ist das extrem, 
aber auch einige Mobilfunkprovider nehmen sich hier erhebliche 
Freiheiten heraus, die mit "Netzneutralität" kaum noch etwas zu tun 
haben. Aus welche Netz heraus versuchst du denn die Verbindungsaufnahme?

Beitrag melden Bearbeiten Löschen Markierten Text zitieren Antwort Antwort mit Zitat
Re: [OpenVPN] Heimrouter bleibt unerreichbar
von X. A. (wilhem)

Lesenswert? 

Ich habe gerade mit
$openvpn
anstatt
$openvpn2

probiert.
Die Ausgabe ist ziemlich ausführlich
1
2024-07-21 13:55:25 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.

2
2024-07-21 13:55:25 us=613055 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.

3
2024-07-21 13:55:25 us=613952 Current Parameter Settings:

4
2024-07-21 13:55:25 us=613961   config = 'client_home.ovpn'

5
2024-07-21 13:55:25 us=613965   mode = 0

6
2024-07-21 13:55:25 us=613969   persist_config = DISABLED

7
2024-07-21 13:55:25 us=613972   persist_mode = 1

8
2024-07-21 13:55:25 us=613976   show_ciphers = DISABLED

9
2024-07-21 13:55:25 us=613979   show_digests = DISABLED

10
2024-07-21 13:55:25 us=613982   show_engines = DISABLED

11
2024-07-21 13:55:25 us=613986   genkey = DISABLED

12
2024-07-21 13:55:25 us=613989   genkey_filename = '[UNDEF]'

13
2024-07-21 13:55:25 us=613993   key_pass_file = '[UNDEF]'

14
2024-07-21 13:55:25 us=613996   show_tls_ciphers = DISABLED

15
2024-07-21 13:55:25 us=613999   connect_retry_max = 0

16
2024-07-21 13:55:25 us=614003 Connection profiles [0]:

17
2024-07-21 13:55:25 us=614007   proto = udp

18
2024-07-21 13:55:25 us=614010   local = '[UNDEF]'

19
2024-07-21 13:55:25 us=614013   local_port = '[UNDEF]'

20
2024-07-21 13:55:25 us=614017   remote = 'construction-site.ddns.net'

21
2024-07-21 13:55:25 us=614021   remote_port = '1194'

22
2024-07-21 13:55:25 us=614024   remote_float = ENABLED

23
2024-07-21 13:55:25 us=614027   bind_defined = DISABLED

24
2024-07-21 13:55:25 us=614031   bind_local = DISABLED

25
2024-07-21 13:55:25 us=614034   bind_ipv6_only = DISABLED

26
2024-07-21 13:55:25 us=614038   connect_retry_seconds = 5

27
2024-07-21 13:55:25 us=614041   connect_timeout = 120

28
2024-07-21 13:55:25 us=614045   socks_proxy_server = '[UNDEF]'

29
2024-07-21 13:55:25 us=614048   socks_proxy_port = '[UNDEF]'

30
2024-07-21 13:55:25 us=614052   tun_mtu = 1500

31
2024-07-21 13:55:25 us=614055   tun_mtu_defined = ENABLED

32
2024-07-21 13:55:25 us=614058   link_mtu = 1500

33
2024-07-21 13:55:25 us=614062   link_mtu_defined = DISABLED

34
2024-07-21 13:55:25 us=614065   tun_mtu_extra = 0

35
2024-07-21 13:55:25 us=614069   tun_mtu_extra_defined = DISABLED

36
2024-07-21 13:55:25 us=614072   mtu_discover_type = -1

37
2024-07-21 13:55:25 us=614076   fragment = 0

38
2024-07-21 13:55:25 us=614079   mssfix = 1450

39
2024-07-21 13:55:25 us=614083   explicit_exit_notification = 0

40
2024-07-21 13:55:25 us=614086   tls_auth_file = '[UNDEF]'

41
2024-07-21 13:55:25 us=614090   key_direction = not set

42
2024-07-21 13:55:25 us=614093   tls_crypt_file = '[UNDEF]'

43
2024-07-21 13:55:25 us=614096   tls_crypt_v2_file = '[UNDEF]'

44
2024-07-21 13:55:25 us=614100 Connection profiles END

45
2024-07-21 13:55:25 us=614103   remote_random = DISABLED

46
2024-07-21 13:55:25 us=614107   ipchange = '[UNDEF]'

47
2024-07-21 13:55:25 us=614110   dev = 'tun'

48
2024-07-21 13:55:25 us=614114   dev_type = '[UNDEF]'

49
2024-07-21 13:55:25 us=614117   dev_node = '[UNDEF]'

50
2024-07-21 13:55:25 us=614120   lladdr = '[UNDEF]'

51
2024-07-21 13:55:25 us=614124   topology = 1

52
2024-07-21 13:55:25 us=614127   ifconfig_local = '[UNDEF]'

53
2024-07-21 13:55:25 us=614131   ifconfig_remote_netmask = '[UNDEF]'

54
2024-07-21 13:55:25 us=614134   ifconfig_noexec = DISABLED

55
2024-07-21 13:55:25 us=614137   ifconfig_nowarn = DISABLED

56
2024-07-21 13:55:25 us=614141   ifconfig_ipv6_local = '[UNDEF]'

57
2024-07-21 13:55:25 us=614144   ifconfig_ipv6_netbits = 0

58
2024-07-21 13:55:25 us=614148   ifconfig_ipv6_remote = '[UNDEF]'

59
2024-07-21 13:55:25 us=614151   shaper = 0

60
2024-07-21 13:55:25 us=614155   mtu_test = 0

61
2024-07-21 13:55:25 us=614158   mlock = DISABLED

62
2024-07-21 13:55:25 us=614161   keepalive_ping = 0

63
2024-07-21 13:55:25 us=614166   keepalive_timeout = 0

64
2024-07-21 13:55:25 us=614170   inactivity_timeout = 0

65
2024-07-21 13:55:25 us=614173   inactivity_minimum_bytes = 0

66
2024-07-21 13:55:25 us=614177   ping_send_timeout = 0

67
2024-07-21 13:55:25 us=614180   ping_rec_timeout = 0

68
2024-07-21 13:55:25 us=614189   ping_rec_timeout_action = 0

69
2024-07-21 13:55:25 us=614193   ping_timer_remote = DISABLED

70
2024-07-21 13:55:25 us=614197   remap_sigusr1 = 0

71
2024-07-21 13:55:25 us=614200   persist_tun = ENABLED

72
2024-07-21 13:55:25 us=614204   persist_local_ip = DISABLED

73
2024-07-21 13:55:25 us=614207   persist_remote_ip = DISABLED

74
2024-07-21 13:55:25 us=614211   persist_key = ENABLED

75
2024-07-21 13:55:25 us=614214   passtos = DISABLED

76
2024-07-21 13:55:25 us=614218   resolve_retry_seconds = 1000000000

77
2024-07-21 13:55:25 us=614221   resolve_in_advance = DISABLED

78
2024-07-21 13:55:25 us=614224   username = '[UNDEF]'

79
2024-07-21 13:55:25 us=614228   groupname = '[UNDEF]'

80
2024-07-21 13:55:25 us=614231   chroot_dir = '[UNDEF]'

81
2024-07-21 13:55:25 us=614235   cd_dir = '[UNDEF]'

82
2024-07-21 13:55:25 us=614238   writepid = '[UNDEF]'

83
2024-07-21 13:55:25 us=614242   up_script = '[UNDEF]'

84
2024-07-21 13:55:25 us=614245   down_script = '[UNDEF]'

85
2024-07-21 13:55:25 us=614249   down_pre = DISABLED

86
2024-07-21 13:55:25 us=614252   up_restart = DISABLED

87
2024-07-21 13:55:25 us=614255   up_delay = DISABLED

88
2024-07-21 13:55:25 us=614259   daemon = DISABLED

89
2024-07-21 13:55:25 us=614262   inetd = 0

90
2024-07-21 13:55:25 us=614266   log = DISABLED

91
2024-07-21 13:55:25 us=614269   suppress_timestamps = DISABLED

92
2024-07-21 13:55:25 us=614273   machine_readable_output = DISABLED

93
2024-07-21 13:55:25 us=614276   nice = 0

94
2024-07-21 13:55:25 us=614280   verbosity = 6

95
2024-07-21 13:55:25 us=614283   mute = 0

96
2024-07-21 13:55:25 us=614287   gremlin = 0

97
2024-07-21 13:55:25 us=614290   status_file = '[UNDEF]'

98
2024-07-21 13:55:25 us=614294   status_file_version = 1

99
2024-07-21 13:55:25 us=614297   status_file_update_freq = 60

100
2024-07-21 13:55:25 us=614301   occ = ENABLED

101
2024-07-21 13:55:25 us=614304   rcvbuf = 0

102
2024-07-21 13:55:25 us=614307   sndbuf = 0

103
2024-07-21 13:55:25 us=614311   mark = 0

104
2024-07-21 13:55:25 us=614314   sockflags = 0

105
2024-07-21 13:55:25 us=614318   fast_io = DISABLED

106
2024-07-21 13:55:25 us=614321   comp.alg = 2

107
2024-07-21 13:55:25 us=614325   comp.flags = 1

108
2024-07-21 13:55:25 us=614328   route_script = '[UNDEF]'

109
2024-07-21 13:55:25 us=614332   route_default_gateway = '[UNDEF]'

110
2024-07-21 13:55:25 us=614336   route_default_metric = 0

111
2024-07-21 13:55:25 us=614339   route_noexec = DISABLED

112
2024-07-21 13:55:25 us=614343   route_delay = 0

113
2024-07-21 13:55:25 us=614346   route_delay_window = 30

114
2024-07-21 13:55:25 us=614350   route_delay_defined = DISABLED

115
2024-07-21 13:55:25 us=614353   route_nopull = DISABLED

116
2024-07-21 13:55:25 us=614357   route_gateway_via_dhcp = DISABLED

117
2024-07-21 13:55:25 us=614360   allow_pull_fqdn = DISABLED

118
2024-07-21 13:55:25 us=614364   management_addr = '[UNDEF]'

119
2024-07-21 13:55:25 us=614367   management_port = '[UNDEF]'

120
2024-07-21 13:55:25 us=614371   management_user_pass = '[UNDEF]'

121
2024-07-21 13:55:25 us=614374   management_log_history_cache = 250

122
2024-07-21 13:55:25 us=614378   management_echo_buffer_size = 100

123
2024-07-21 13:55:25 us=614381   management_write_peer_info_file = '[UNDEF]'

124
2024-07-21 13:55:25 us=614385   management_client_user = '[UNDEF]'

125
2024-07-21 13:55:25 us=614389   management_client_group = '[UNDEF]'

126
2024-07-21 13:55:25 us=614392   management_flags = 0

127
2024-07-21 13:55:25 us=614396   shared_secret_file = '[UNDEF]'

128
2024-07-21 13:55:25 us=614399   key_direction = not set

129
2024-07-21 13:55:25 us=614403   ciphername = 'AES-128-CBC'

130
2024-07-21 13:55:25 us=614407   ncp_enabled = ENABLED

131
2024-07-21 13:55:25 us=614410   ncp_ciphers = 'AES-256-GCM:AES-128-GCM:AES-128-CBC'

132
2024-07-21 13:55:25 us=614414   authname = 'SHA1'

133
2024-07-21 13:55:25 us=614417   prng_hash = 'SHA1'

134
2024-07-21 13:55:25 us=614421   prng_nonce_secret_len = 16

135
2024-07-21 13:55:25 us=614425   keysize = 0

136
2024-07-21 13:55:25 us=614428   engine = DISABLED

137
2024-07-21 13:55:25 us=614432   replay = ENABLED

138
2024-07-21 13:55:25 us=614435   mute_replay_warnings = DISABLED

139
2024-07-21 13:55:25 us=614439   replay_window = 64

140
2024-07-21 13:55:25 us=614443   replay_time = 15

141
2024-07-21 13:55:25 us=614446   packet_id_file = '[UNDEF]'

142
2024-07-21 13:55:25 us=614453   test_crypto = DISABLED

143
2024-07-21 13:55:25 us=614457   tls_server = DISABLED

144
2024-07-21 13:55:25 us=614460   tls_client = ENABLED

145
2024-07-21 13:55:25 us=614464   ca_file = '[INLINE]'

146
2024-07-21 13:55:25 us=614468   ca_path = '[UNDEF]'

147
2024-07-21 13:55:25 us=614471   dh_file = '[UNDEF]'

148
2024-07-21 13:55:25 us=614475   cert_file = '[INLINE]'

149
2024-07-21 13:55:25 us=614478   extra_certs_file = '[UNDEF]'

150
2024-07-21 13:55:25 us=614482   priv_key_file = '[INLINE]'

151
2024-07-21 13:55:25 us=614486   pkcs12_file = '[UNDEF]'

152
2024-07-21 13:55:25 us=614489   cipher_list = '[UNDEF]'

153
2024-07-21 13:55:25 us=614493   cipher_list_tls13 = '[UNDEF]'

154
2024-07-21 13:55:25 us=614496   tls_cert_profile = '[UNDEF]'

155
2024-07-21 13:55:25 us=614500   tls_verify = '[UNDEF]'

156
2024-07-21 13:55:25 us=614503   tls_export_cert = '[UNDEF]'

157
2024-07-21 13:55:25 us=614507   verify_x509_type = 0

158
2024-07-21 13:55:25 us=614511   verify_x509_name = '[UNDEF]'

159
2024-07-21 13:55:25 us=614514   crl_file = '[UNDEF]'

160
2024-07-21 13:55:25 us=614518   ns_cert_type = 0

161
2024-07-21 13:55:25 us=614521   remote_cert_ku[i] = 0

162
2024-07-21 13:55:25 us=614525   remote_cert_ku[i] = 0

163
2024-07-21 13:55:25 us=614528   remote_cert_ku[i] = 0

164
2024-07-21 13:55:25 us=614532   remote_cert_ku[i] = 0

165
2024-07-21 13:55:25 us=614535   remote_cert_ku[i] = 0

166
2024-07-21 13:55:25 us=614539   remote_cert_ku[i] = 0

167
2024-07-21 13:55:25 us=614543   remote_cert_ku[i] = 0

168
2024-07-21 13:55:25 us=614546   remote_cert_ku[i] = 0

169
2024-07-21 13:55:25 us=614550   remote_cert_ku[i] = 0

170
2024-07-21 13:55:25 us=614553   remote_cert_ku[i] = 0

171
2024-07-21 13:55:25 us=614557   remote_cert_ku[i] = 0

172
2024-07-21 13:55:25 us=614560   remote_cert_ku[i] = 0

173
2024-07-21 13:55:25 us=614564   remote_cert_ku[i] = 0

174
2024-07-21 13:55:25 us=614567   remote_cert_ku[i] = 0

175
2024-07-21 13:55:25 us=614571   remote_cert_ku[i] = 0

176
2024-07-21 13:55:25 us=614574   remote_cert_ku[i] = 0

177
2024-07-21 13:55:25 us=614578   remote_cert_eku = '[UNDEF]'

178
2024-07-21 13:55:25 us=614581   ssl_flags = 1088

179
2024-07-21 13:55:25 us=614585   tls_timeout = 2

180
2024-07-21 13:55:25 us=614588   renegotiate_bytes = -1

181
2024-07-21 13:55:25 us=614592   renegotiate_packets = 0

182
2024-07-21 13:55:25 us=614596   renegotiate_seconds = 3600

183
2024-07-21 13:55:25 us=614599   handshake_window = 60

184
2024-07-21 13:55:25 us=614603   transition_window = 3600

185
2024-07-21 13:55:25 us=614606   single_session = DISABLED

186
2024-07-21 13:55:25 us=614610   push_peer_info = DISABLED

187
2024-07-21 13:55:25 us=614613   tls_exit = DISABLED

188
2024-07-21 13:55:25 us=614617   tls_crypt_v2_metadata = '[UNDEF]'

189
2024-07-21 13:55:25 us=614621   pkcs11_protected_authentication = DISABLED

190
2024-07-21 13:55:25 us=614624   pkcs11_protected_authentication = DISABLED

191
2024-07-21 13:55:25 us=614628   pkcs11_protected_authentication = DISABLED

192
2024-07-21 13:55:25 us=614631   pkcs11_protected_authentication = DISABLED

193
2024-07-21 13:55:25 us=614635   pkcs11_protected_authentication = DISABLED

194
2024-07-21 13:55:25 us=614638   pkcs11_protected_authentication = DISABLED

195
2024-07-21 13:55:25 us=614642   pkcs11_protected_authentication = DISABLED

196
2024-07-21 13:55:25 us=614646   pkcs11_protected_authentication = DISABLED

197
2024-07-21 13:55:25 us=614649   pkcs11_protected_authentication = DISABLED

198
2024-07-21 13:55:25 us=614653   pkcs11_protected_authentication = DISABLED

199
2024-07-21 13:55:25 us=614656   pkcs11_protected_authentication = DISABLED

200
2024-07-21 13:55:25 us=614660   pkcs11_protected_authentication = DISABLED

201
2024-07-21 13:55:25 us=614663   pkcs11_protected_authentication = DISABLED

202
2024-07-21 13:55:25 us=614667   pkcs11_protected_authentication = DISABLED

203
2024-07-21 13:55:25 us=614670   pkcs11_protected_authentication = DISABLED

204
2024-07-21 13:55:25 us=614674   pkcs11_protected_authentication = DISABLED

205
2024-07-21 13:55:25 us=614677   pkcs11_private_mode = 00000000

206
2024-07-21 13:55:25 us=614681   pkcs11_private_mode = 00000000

207
2024-07-21 13:55:25 us=614685   pkcs11_private_mode = 00000000

208
2024-07-21 13:55:25 us=614688   pkcs11_private_mode = 00000000

209
2024-07-21 13:55:25 us=614692   pkcs11_private_mode = 00000000

210
2024-07-21 13:55:25 us=614698   pkcs11_private_mode = 00000000

211
2024-07-21 13:55:25 us=614702   pkcs11_private_mode = 00000000

212
2024-07-21 13:55:25 us=614705   pkcs11_private_mode = 00000000

213
2024-07-21 13:55:25 us=614709   pkcs11_private_mode = 00000000

214
2024-07-21 13:55:25 us=614712   pkcs11_private_mode = 00000000

215
2024-07-21 13:55:25 us=614716   pkcs11_private_mode = 00000000

216
2024-07-21 13:55:25 us=614719   pkcs11_private_mode = 00000000

217
2024-07-21 13:55:25 us=614723   pkcs11_private_mode = 00000000

218
2024-07-21 13:55:25 us=614726   pkcs11_private_mode = 00000000

219
2024-07-21 13:55:25 us=614729   pkcs11_private_mode = 00000000

220
2024-07-21 13:55:25 us=614733   pkcs11_private_mode = 00000000

221
2024-07-21 13:55:25 us=614736   pkcs11_cert_private = DISABLED

222
2024-07-21 13:55:25 us=614740   pkcs11_cert_private = DISABLED

223
2024-07-21 13:55:25 us=614743   pkcs11_cert_private = DISABLED

224
2024-07-21 13:55:25 us=614747   pkcs11_cert_private = DISABLED

225
2024-07-21 13:55:25 us=614750   pkcs11_cert_private = DISABLED

226
2024-07-21 13:55:25 us=614754   pkcs11_cert_private = DISABLED

227
2024-07-21 13:55:25 us=614757   pkcs11_cert_private = DISABLED

228
2024-07-21 13:55:25 us=614761   pkcs11_cert_private = DISABLED

229
2024-07-21 13:55:25 us=614764   pkcs11_cert_private = DISABLED

230
2024-07-21 13:55:25 us=614767   pkcs11_cert_private = DISABLED

231
2024-07-21 13:55:25 us=614771   pkcs11_cert_private = DISABLED

232
2024-07-21 13:55:25 us=614774   pkcs11_cert_private = DISABLED

233
2024-07-21 13:55:25 us=614778   pkcs11_cert_private = DISABLED

234
2024-07-21 13:55:25 us=614781   pkcs11_cert_private = DISABLED

235
2024-07-21 13:55:25 us=614785   pkcs11_cert_private = DISABLED

236
2024-07-21 13:55:25 us=614788   pkcs11_cert_private = DISABLED

237
2024-07-21 13:55:25 us=614792   pkcs11_pin_cache_period = -1

238
2024-07-21 13:55:25 us=614795   pkcs11_id = '[UNDEF]'

239
2024-07-21 13:55:25 us=614799   pkcs11_id_management = DISABLED

240
2024-07-21 13:55:25 us=614806   server_network = 0.0.0.0

241
2024-07-21 13:55:25 us=614810   server_netmask = 0.0.0.0

242
2024-07-21 13:55:25 us=614815   server_network_ipv6 = ::

243
2024-07-21 13:55:25 us=614819   server_netbits_ipv6 = 0

244
2024-07-21 13:55:25 us=614823   server_bridge_ip = 0.0.0.0

245
2024-07-21 13:55:25 us=614827   server_bridge_netmask = 0.0.0.0

246
2024-07-21 13:55:25 us=614830   server_bridge_pool_start = 0.0.0.0

247
2024-07-21 13:55:25 us=614834   server_bridge_pool_end = 0.0.0.0

248
2024-07-21 13:55:25 us=614838   ifconfig_pool_defined = DISABLED

249
2024-07-21 13:55:25 us=614842   ifconfig_pool_start = 0.0.0.0

250
2024-07-21 13:55:25 us=614846   ifconfig_pool_end = 0.0.0.0

251
2024-07-21 13:55:25 us=614849   ifconfig_pool_netmask = 0.0.0.0

252
2024-07-21 13:55:25 us=614853   ifconfig_pool_persist_filename = '[UNDEF]'

253
2024-07-21 13:55:25 us=614857   ifconfig_pool_persist_refresh_freq = 600

254
2024-07-21 13:55:25 us=614860   ifconfig_ipv6_pool_defined = DISABLED

255
2024-07-21 13:55:25 us=614864   ifconfig_ipv6_pool_base = ::

256
2024-07-21 13:55:25 us=614868   ifconfig_ipv6_pool_netbits = 0

257
2024-07-21 13:55:25 us=614871   n_bcast_buf = 256

258
2024-07-21 13:55:25 us=614875   tcp_queue_limit = 64

259
2024-07-21 13:55:25 us=614879   real_hash_size = 256

260
2024-07-21 13:55:25 us=614882   virtual_hash_size = 256

261
2024-07-21 13:55:25 us=614886   client_connect_script = '[UNDEF]'

262
2024-07-21 13:55:25 us=614889   learn_address_script = '[UNDEF]'

263
2024-07-21 13:55:25 us=614893   client_disconnect_script = '[UNDEF]'

264
2024-07-21 13:55:25 us=614897   client_config_dir = '[UNDEF]'

265
2024-07-21 13:55:25 us=614900   ccd_exclusive = DISABLED

266
2024-07-21 13:55:25 us=614904   tmp_dir = '/tmp'

267
2024-07-21 13:55:25 us=614907   push_ifconfig_defined = DISABLED

268
2024-07-21 13:55:25 us=614911   push_ifconfig_local = 0.0.0.0

269
2024-07-21 13:55:25 us=614915   push_ifconfig_remote_netmask = 0.0.0.0

270
2024-07-21 13:55:25 us=614919   push_ifconfig_ipv6_defined = DISABLED

271
2024-07-21 13:55:25 us=614922   push_ifconfig_ipv6_local = ::/0

272
2024-07-21 13:55:25 us=614929   push_ifconfig_ipv6_remote = ::

273
2024-07-21 13:55:25 us=614933   enable_c2c = DISABLED

274
2024-07-21 13:55:25 us=614936   duplicate_cn = DISABLED

275
2024-07-21 13:55:25 us=614940   cf_max = 0

276
2024-07-21 13:55:25 us=614946   cf_per = 0

277
2024-07-21 13:55:25 us=614950   max_clients = 1024

278
2024-07-21 13:55:25 us=614954   max_routes_per_client = 256

279
2024-07-21 13:55:25 us=614958   auth_user_pass_verify_script = '[UNDEF]'

280
2024-07-21 13:55:25 us=614961   auth_user_pass_verify_script_via_file = DISABLED

281
2024-07-21 13:55:25 us=614965   auth_token_generate = DISABLED

282
2024-07-21 13:55:25 us=614968   auth_token_lifetime = 0

283
2024-07-21 13:55:25 us=614972   auth_token_secret_file = '[UNDEF]'

284
2024-07-21 13:55:25 us=614975   port_share_host = '[UNDEF]'

285
2024-07-21 13:55:25 us=614979   port_share_port = '[UNDEF]'

286
2024-07-21 13:55:25 us=614982   vlan_tagging = DISABLED

287
2024-07-21 13:55:25 us=614986   vlan_accept = all

288
2024-07-21 13:55:25 us=614990   vlan_pvid = 1

289
2024-07-21 13:55:25 us=614993   client = ENABLED

290
2024-07-21 13:55:25 us=614997   pull = ENABLED

291
2024-07-21 13:55:25 us=615000   auth_user_pass_file = '[UNDEF]'

292
2024-07-21 13:55:25 us=615005 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 27 2024

293
2024-07-21 13:55:25 us=615011 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10

294
2024-07-21 13:55:25 us=615055 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

295
2024-07-21 13:55:25 us=616638 LZO compression initializing

296
2024-07-21 13:55:25 us=616744 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]

297
2024-07-21 13:55:25 us=617824 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]

298
2024-07-21 13:55:25 us=617848 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'

299
2024-07-21 13:55:25 us=617854 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'

300
2024-07-21 13:55:25 us=617862 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx:1194

301
2024-07-21 13:55:25 us=617872 Socket Buffers: R=[212992->212992] S=[212992->212992]

302
2024-07-21 13:55:25 us=617877 UDP link local: (not bound)

303
2024-07-21 13:55:25 us=617882 UDP link remote: [AF_INET]xxx:1194

304
2024-07-21 13:55:25 us=617897 UDP WRITE [14] to [AF_INET]xxx:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0

305
2024-07-21 13:55:25 us=644629 UDP READ [26] from [AF_INET]xxx:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0

306
2024-07-21 13:55:25 us=644657 TLS: Initial packet from [AF_INET]xxx:1194, sid=f1c6b333 6d79b295

307
2024-07-21 13:55:25 us=644676 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 0 ]

308
2024-07-21 13:55:25 us=644744 UDP WRITE [110] to [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=96

309
2024-07-21 13:55:26 us=85015 UDP READ [126] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ 1 ] pid=1 DATA len=100

310
2024-07-21 13:55:26 us=85215 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 1 ]

311
2024-07-21 13:55:26 us=85365 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100

312
2024-07-21 13:55:26 us=85423 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 2 ]

313
2024-07-21 13:55:26 us=85495 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100

314
2024-07-21 13:55:26 us=85540 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 3 ]

315
2024-07-21 13:55:26 us=85606 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=100

316
2024-07-21 13:55:26 us=85650 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 4 ]

317
2024-07-21 13:55:26 us=112956 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100

318
2024-07-21 13:55:26 us=113091 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 5 ]

319
2024-07-21 13:55:26 us=113197 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100

320
2024-07-21 13:55:26 us=113290 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 6 ]

321
2024-07-21 13:55:26 us=118959 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100

322
2024-07-21 13:55:26 us=119093 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 7 ]

323
2024-07-21 13:55:26 us=119202 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100

324
2024-07-21 13:55:26 us=119254 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 8 ]

325
2024-07-21 13:55:26 us=141929 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100

326
2024-07-21 13:55:26 us=142063 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 9 ]

327
2024-07-21 13:55:26 us=142171 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100

328
2024-07-21 13:55:26 us=142225 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 10 ]

329
2024-07-21 13:55:26 us=146929 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100

330
2024-07-21 13:55:26 us=147063 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 11 ]

331
2024-07-21 13:55:26 us=147174 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100

332
2024-07-21 13:55:26 us=147226 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 12 ]

333
2024-07-21 13:55:26 us=166963 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=13 DATA len=100

334
2024-07-21 13:55:26 us=169648 VERIFY OK: depth=1, CN=openvpn CA

335
2024-07-21 13:55:26 us=169964 VERIFY OK: depth=0, CN=openvpn-server

336
2024-07-21 13:55:26 us=170075 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 13 ]

337
2024-07-21 13:55:26 us=170188 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=14 DATA len=100

338
2024-07-21 13:55:26 us=170245 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 14 ]

339
2024-07-21 13:55:26 us=171900 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=15 DATA len=100

340
2024-07-21 13:55:26 us=172035 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 15 ]

341
2024-07-21 13:55:26 us=172141 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=16 DATA len=100

342
2024-07-21 13:55:26 us=172194 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 16 ]

343
2024-07-21 13:55:26 us=197994 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=17 DATA len=100

344
2024-07-21 13:55:26 us=198127 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 17 ]

345
2024-07-21 13:55:26 us=198239 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100

346
2024-07-21 13:55:26 us=198293 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 18 ]

347
2024-07-21 13:55:26 us=202895 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100

348
2024-07-21 13:55:26 us=203028 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 19 ]

349
2024-07-21 13:55:26 us=203136 UDP READ [84] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=70

350
2024-07-21 13:55:26 us=203325 OpenSSL: error:0A0C0103:SSL routines::internal error

351
2024-07-21 13:55:26 us=203361 TLS_ERROR: BIO read tls_read_plaintext error

352
2024-07-21 13:55:26 us=203381 TLS Error: TLS object -> incoming plaintext read error

353
2024-07-21 13:55:26 us=203399 TLS Error: TLS handshake failed

354
2024-07-21 13:55:26 us=203631 TCP/UDP: Closing socket

355
2024-07-21 13:55:26 us=203702 SIGUSR1[soft,tls-error] received, process restarting

356
2024-07-21 13:55:26 us=203740 Restart pause, 5 second(s)

357
2024-07-21 13:55:31 us=204130 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.

358
2024-07-21 13:55:31 us=204219 Re-using SSL/TLS context

359
2024-07-21 13:55:31 us=204246 LZO compression initializing

360
2024-07-21 13:55:31 us=204396 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]

361
2024-07-21 13:55:31 us=206336 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]

362
2024-07-21 13:55:31 us=206472 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'

363
2024-07-21 13:55:31 us=206498 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'

364
2024-07-21 13:55:31 us=206524 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx:1194

365
2024-07-21 13:55:31 us=206573 Socket Buffers: R=[212992->212992] S=[212992->212992]

366
2024-07-21 13:55:31 us=206598 UDP link local: (not bound)

367
2024-07-21 13:55:31 us=206617 UDP link remote: [AF_INET]xxx:1194

368
2024-07-21 13:55:31 us=206677 UDP WRITE [14] to [AF_INET]xxx:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0

369
2024-07-21 13:55:31 us=242894 UDP READ [26] from [AF_INET]xxx:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0

370
2024-07-21 13:55:31 us=242985 TLS: Initial packet from [AF_INET]xxx:1194, sid=3d86ac8c c3229dfb

371
2024-07-21 13:55:31 us=243055 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 0 ]

372
2024-07-21 13:55:31 us=243207 UDP WRITE [110] to [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=96

373
2024-07-21 13:55:31 us=725004 UDP READ [126] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ 1 ] pid=1 DATA len=100

374
2024-07-21 13:55:31 us=725159 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 1 ]

375
2024-07-21 13:55:31 us=725262 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=100

376
2024-07-21 13:55:31 us=725312 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 2 ]

377
2024-07-21 13:55:31 us=725377 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=100

378
2024-07-21 13:55:31 us=725419 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 3 ]

379
2024-07-21 13:55:31 us=725482 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=4 DATA len=100

380
2024-07-21 13:55:31 us=725524 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 4 ]

381
2024-07-21 13:55:31 us=749976 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=100

382
2024-07-21 13:55:31 us=750103 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 5 ]

383
2024-07-21 13:55:31 us=750205 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=100

384
2024-07-21 13:55:31 us=750252 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 6 ]

385
2024-07-21 13:55:31 us=755894 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=7 DATA len=100

386
2024-07-21 13:55:31 us=756021 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 7 ]

387
2024-07-21 13:55:31 us=756122 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=8 DATA len=100

388
2024-07-21 13:55:31 us=756169 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 8 ]

389
2024-07-21 13:55:31 us=772984 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=9 DATA len=100

390
2024-07-21 13:55:31 us=773111 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 9 ]

391
2024-07-21 13:55:31 us=773211 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=10 DATA len=100

392
2024-07-21 13:55:31 us=773259 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 10 ]

393
2024-07-21 13:55:31 us=776963 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=11 DATA len=100

394
2024-07-21 13:55:31 us=777091 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 11 ]

395
2024-07-21 13:55:31 us=777839 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=12 DATA len=100

396
2024-07-21 13:55:31 us=777967 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 12 ]

397
2024-07-21 13:55:31 us=798876 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=13 DATA len=100

398
2024-07-21 13:55:31 us=801325 VERIFY OK: depth=1, CN=openvpn CA

399
2024-07-21 13:55:31 us=801568 VERIFY OK: depth=0, CN=openvpn-server

400
2024-07-21 13:55:31 us=801664 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 13 ]

401
2024-07-21 13:55:31 us=801773 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=14 DATA len=100

402
2024-07-21 13:55:31 us=801823 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 14 ]

403
2024-07-21 13:55:31 us=802846 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=15 DATA len=100

404
2024-07-21 13:55:31 us=802973 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 15 ]

405
2024-07-21 13:55:31 us=803074 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=16 DATA len=100

406
2024-07-21 13:55:31 us=803123 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 16 ]

407
2024-07-21 13:55:31 us=827987 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=17 DATA len=100

408
2024-07-21 13:55:31 us=828114 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 17 ]

409
2024-07-21 13:55:31 us=828217 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=18 DATA len=100

410
2024-07-21 13:55:31 us=828265 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 18 ]

411
2024-07-21 13:55:31 us=832967 UDP READ [114] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=19 DATA len=100

412
2024-07-21 13:55:31 us=833095 UDP WRITE [22] to [AF_INET]xxx:1194: P_ACK_V1 kid=0 [ 19 ]

413
2024-07-21 13:55:31 us=834924 UDP READ [84] from [AF_INET]xxx:1194: P_CONTROL_V1 kid=0 [ ] pid=20 DATA len=70

414
2024-07-21 13:55:31 us=835184 OpenSSL: error:0A0C0103:SSL routines::internal error

415
2024-07-21 13:55:31 us=835223 TLS_ERROR: BIO read tls_read_plaintext error

416
2024-07-21 13:55:31 us=835242 TLS Error: TLS object -> incoming plaintext read error

417
2024-07-21 13:55:31 us=835259 TLS Error: TLS handshake failed

418
2024-07-21 13:55:31 us=835423 TCP/UDP: Closing socket

419
2024-07-21 13:55:31 us=835486 SIGUSR1[soft,tls-error] received, process restarting

420
2024-07-21 13:55:31 us=835521 Restart pause, 5 second(s)

421
2024-07-21 13:55:36 us=716500 SIGINT[hard,init_instance] received, process exiting

Beitrag melden Bearbeiten Löschen Markierten Text zitieren Antwort Antwort mit Zitat
Re: [OpenVPN] Heimrouter bleibt unerreichbar
von X. A. (wilhem)

Lesenswert? 

Ob S. schrieb:

> Das könnte das Problem sein. Muß das nicht so aussehen "remote
> xxx.ddns.net:1194"? (Hab' lange nichts mehr mit OpenVPN gemacht, aber
> aus der Erinnerung würde ich sagen: ja, das muß in der üblichen
> Url-Notation geschrieben werden)

Ich habe es gerade probiert.
Es ändert sich nicht.

Die ovpn Datei wird vom Router bereitgestellt und man muss sie nur 
herunterladen. Wieso soll der Router eine ovpn Datei mit falscher 
Formattierung bereitstellen? Das Problem würde jeden, der OpeVPN 
einrichten will, betreffen.

Beitrag melden Bearbeiten Löschen Markierten Text zitieren Antwort Antwort mit Zitat
Re: [OpenVPN] Heimrouter bleibt unerreichbar
von Mario M. (thelonging)

Lesenswert? 

X. A. schrieb:
> WARNING: No server certificate verification method has been enabled.
> See http://openvpn.net/howto.html#mitm for more info.

remote-cert-tls server

Beitrag melden Bearbeiten Löschen Markierten Text zitieren Antwort Antwort mit Zitat
Re: [OpenVPN] Heimrouter bleibt unerreichbar
von Ob S. (Firma: 1984now) (observer)

Lesenswert? 

X. A. schrieb:

> Die Ausgabe ist ziemlich ausführlich
[...]

2024-07-21 13:55:31 us=801325 VERIFY OK: depth=1, CN=openvpn CA
2024-07-21 13:55:31 us=801568 VERIFY OK: depth=0, CN=openvpn-server

Das ist gut.

2024-07-21 13:55:26 us=203325 OpenSSL: error:0A0C0103:SSL 
routines::internal error
2024-07-21 13:55:26 us=203361 TLS_ERROR: BIO read tls_read_plaintext 
error
2024-07-21 13:55:26 us=203381 TLS Error: TLS object -> incoming 
plaintext read error
2024-07-21 13:55:26 us=203399 TLS Error: TLS handshake failed

Das ist schlecht.

Beitrag melden Bearbeiten Löschen Markierten Text zitieren Antwort Antwort mit Zitat
Re: [OpenVPN] Heimrouter bleibt unerreichbar
von X. A. (wilhem)

Lesenswert? 

Ob S. schrieb:
> X. A. schrieb:
>
>> Die Ausgabe ist ziemlich ausführlich
> [...]
>
> 2024-07-21 13:55:31 us=801325 VERIFY OK: depth=1, CN=openvpn CA
> 2024-07-21 13:55:31 us=801568 VERIFY OK: depth=0, CN=openvpn-server
>
> Das ist gut.
>
> 2024-07-21 13:55:26 us=203325 OpenSSL: error:0A0C0103:SSL
> routines::internal error
> 2024-07-21 13:55:26 us=203361 TLS_ERROR: BIO read tls_read_plaintext
> error
> 2024-07-21 13:55:26 us=203381 TLS Error: TLS object -> incoming
> plaintext read error
> 2024-07-21 13:55:26 us=203399 TLS Error: TLS handshake failed
>
> Das ist schlecht.

Schön wäre eine Lösung und keine Bewertung.
Ich habe versucht, die TLS version auf 1.0 oder 1.1 einzuschränken. 
Jedoch ändert es sich nichts

Beitrag melden Bearbeiten Löschen Markierten Text zitieren Antwort Antwort mit Zitat
Re: [OpenVPN] Heimrouter bleibt unerreichbar
von Ob S. (Firma: 1984now) (observer)

Lesenswert? 

Mario M. schrieb:

> X. A. schrieb:
>> WARNING: No server certificate verification method has been enabled.
>> See http://openvpn.net/howto.html#mitm for more info.
>
> remote-cert-tls server

Das ist natürlich sicherheitstechnisch bedenklich, sollte aber den 
Verbindungsaufbau erstmal nicht nicht behindern. Ist im Prinzip so: Das 
Zertifikat des Servers kann nicht überprüft werden, es könnte sich also 
ein Fake-Server in die Verbindung einschleichen.

Aber angesichts des schwachen Hash spielt das kaum eine Rolle...

Beitrag melden Bearbeiten Löschen Markierten Text zitieren Antwort Antwort mit Zitat
Re: [OpenVPN] Heimrouter bleibt unerreichbar
von X. A. (wilhem)

Lesenswert? 

Ich habe auch mit der Option

remote-cert-tls server

in dem Client.ovpn File probiert.
Es ändert sich gar nichts

Der TLS handshake Fehler besteht immer noch

: Bearbeitet durch User
Beitrag melden Bearbeiten Löschen Markierten Text zitieren Antwort Antwort mit Zitat
Re: [OpenVPN] Heimrouter bleibt unerreichbar
von Ob S. (Firma: 1984now) (observer)

Lesenswert? 

X. A. schrieb:

> Schön wäre eine Lösung und keine Bewertung.

Sind wir hier bei "Wünsch dir was" oder was?

Verfüttere diese Fehlermeldung an Google:

"OpenSSL: error:0A0C0103:SSL routines::internal error"

Beitrag melden Bearbeiten Löschen Markierten Text zitieren Antwort Antwort mit Zitat
Re: [OpenVPN] Heimrouter bleibt unerreichbar
von Dieter D. (Firma: Hobbytheoretiker) (dieter_1234)

Lesenswert? 

Meines Wissens geht Openvpn nur, wenn der Master oder Server einen 
normalen Zugang zum Internet hat falls der Slave oder Client über 
Hotspot im Mobilfunknetz hängt.

Denn der HotSpot hat meist keine öffentliche IP-Adresse, sondern eine 
aus dem Adressraum des Mobilfunkproviders (nach Außen genNATtet) und ist 
so von außen nicht erreichbar. Das geht nur mit speziellen 
Businesstarifen.

Beitrag melden Bearbeiten Löschen Markierten Text zitieren Antwort Antwort mit Zitat
Re: [OpenVPN] Heimrouter bleibt unerreichbar
von Mario M. (thelonging)

Lesenswert? 

Dieter D. schrieb:
> Meines Wissens geht Openvpn nur, wenn der Master oder Server einen
> normalen Zugang zum Internet hat

Davon kann man ausgehen, da der Client Verbindung aufnimmt, dann aber 
die Aushandlung der Verschlüsselung scheitert.

Beitrag melden Bearbeiten Löschen Markierten Text zitieren Antwort Antwort mit Zitat
Re: [OpenVPN] Heimrouter bleibt unerreichbar
von X. A. (wilhem)

Lesenswert? 

Aber das erklärt nicht, warum ich mich mit dem Handy (also über OpenVPN 
App) zumselben Router verbinden kann.

Jedenfall... ich habe alles und das Gegenteil von allem versucht. 
Vergeblich.

Hiermit der letzte Log:

1
2024-07-21 19:12:24 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.

2
2024-07-21 19:12:24 us=550844 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.

3
2024-07-21 19:12:24 us=555859 Current Parameter Settings:

4
2024-07-21 19:12:24 us=555896   config = 'client_home.ovpn'

5
2024-07-21 19:12:24 us=555913   mode = 0

6
2024-07-21 19:12:24 us=555928   persist_config = DISABLED

7
2024-07-21 19:12:24 us=555943   persist_mode = 1

8
2024-07-21 19:12:24 us=555960   show_ciphers = DISABLED

9
2024-07-21 19:12:24 us=555976   show_digests = DISABLED

10
2024-07-21 19:12:24 us=555992   show_engines = DISABLED

11
2024-07-21 19:12:24 us=556009   genkey = DISABLED

12
2024-07-21 19:12:24 us=556026   genkey_filename = '[UNDEF]'

13
2024-07-21 19:12:24 us=556043   key_pass_file = '[UNDEF]'

14
2024-07-21 19:12:24 us=556058   show_tls_ciphers = DISABLED

15
2024-07-21 19:12:24 us=556074   connect_retry_max = 0

16
2024-07-21 19:12:24 us=556091 Connection profiles [0]:

17
2024-07-21 19:12:24 us=556108   proto = udp

18
2024-07-21 19:12:24 us=556122   local = '[UNDEF]'

19
2024-07-21 19:12:24 us=556144   local_port = '[UNDEF]'

20
2024-07-21 19:12:24 us=556161   remote = 'construction-site.ddns.net'

21
2024-07-21 19:12:24 us=556178   remote_port = '1194'

22
2024-07-21 19:12:24 us=556192   remote_float = ENABLED

23
2024-07-21 19:12:24 us=556208   bind_defined = DISABLED

24
2024-07-21 19:12:24 us=556225   bind_local = DISABLED

25
2024-07-21 19:12:24 us=556241   bind_ipv6_only = DISABLED

26
2024-07-21 19:12:24 us=556257   connect_retry_seconds = 5

27
2024-07-21 19:12:24 us=556274   connect_timeout = 120

28
2024-07-21 19:12:24 us=556291   socks_proxy_server = '[UNDEF]'

29
2024-07-21 19:12:24 us=556307   socks_proxy_port = '[UNDEF]'

30
2024-07-21 19:12:24 us=556329   tun_mtu = 1500

31
2024-07-21 19:12:24 us=556347   tun_mtu_defined = ENABLED

32
2024-07-21 19:12:24 us=556363   link_mtu = 1500

33
2024-07-21 19:12:24 us=556379   link_mtu_defined = DISABLED

34
2024-07-21 19:12:24 us=556396   tun_mtu_extra = 0

35
2024-07-21 19:12:24 us=556413   tun_mtu_extra_defined = DISABLED

36
2024-07-21 19:12:24 us=556429   mtu_discover_type = -1

37
2024-07-21 19:12:24 us=556445   fragment = 0

38
2024-07-21 19:12:24 us=556462   mssfix = 1450

39
2024-07-21 19:12:24 us=556479   explicit_exit_notification = 0

40
2024-07-21 19:12:24 us=556495   tls_auth_file = '[UNDEF]'

41
2024-07-21 19:12:24 us=556511   key_direction = not set

42
2024-07-21 19:12:24 us=556527   tls_crypt_file = '[UNDEF]'

43
2024-07-21 19:12:24 us=556544   tls_crypt_v2_file = '[UNDEF]'

44
2024-07-21 19:12:24 us=556561 Connection profiles END

45
2024-07-21 19:12:24 us=556577   remote_random = DISABLED

46
2024-07-21 19:12:24 us=556593   ipchange = '[UNDEF]'

47
2024-07-21 19:12:24 us=556610   dev = 'tun'

48
2024-07-21 19:12:24 us=556626   dev_type = '[UNDEF]'

49
2024-07-21 19:12:24 us=556641   dev_node = '[UNDEF]'

50
2024-07-21 19:12:24 us=556658   lladdr = '[UNDEF]'

51
2024-07-21 19:12:24 us=556674   topology = 1

52
2024-07-21 19:12:24 us=556690   ifconfig_local = '[UNDEF]'

53
2024-07-21 19:12:24 us=556707   ifconfig_remote_netmask = '[UNDEF]'

54
2024-07-21 19:12:24 us=556723   ifconfig_noexec = DISABLED

55
2024-07-21 19:12:24 us=556739   ifconfig_nowarn = DISABLED

56
2024-07-21 19:12:24 us=556755   ifconfig_ipv6_local = '[UNDEF]'

57
2024-07-21 19:12:24 us=556772   ifconfig_ipv6_netbits = 0

58
2024-07-21 19:12:24 us=556788   ifconfig_ipv6_remote = '[UNDEF]'

59
2024-07-21 19:12:24 us=556805   shaper = 0

60
2024-07-21 19:12:24 us=556822   mtu_test = 0

61
2024-07-21 19:12:24 us=556838   mlock = DISABLED

62
2024-07-21 19:12:24 us=556854   keepalive_ping = 0

63
2024-07-21 19:12:24 us=556871   keepalive_timeout = 0

64
2024-07-21 19:12:24 us=556887   inactivity_timeout = 0

65
2024-07-21 19:12:24 us=556903   inactivity_minimum_bytes = 0

66
2024-07-21 19:12:24 us=556920   ping_send_timeout = 0

67
2024-07-21 19:12:24 us=556936   ping_rec_timeout = 0

68
2024-07-21 19:12:24 us=556952   ping_rec_timeout_action = 0

69
2024-07-21 19:12:24 us=556968   ping_timer_remote = DISABLED

70
2024-07-21 19:12:24 us=556985   remap_sigusr1 = 0

71
2024-07-21 19:12:24 us=557001   persist_tun = ENABLED

72
2024-07-21 19:12:24 us=557017   persist_local_ip = DISABLED

73
2024-07-21 19:12:24 us=557033   persist_remote_ip = DISABLED

74
2024-07-21 19:12:24 us=557049   persist_key = ENABLED

75
2024-07-21 19:12:24 us=557065   passtos = DISABLED

76
2024-07-21 19:12:24 us=557082   resolve_retry_seconds = 1000000000

77
2024-07-21 19:12:24 us=557099   resolve_in_advance = DISABLED

78
2024-07-21 19:12:24 us=557115   username = '[UNDEF]'

79
2024-07-21 19:12:24 us=557132   groupname = '[UNDEF]'

80
2024-07-21 19:12:24 us=557148   chroot_dir = '[UNDEF]'

81
2024-07-21 19:12:24 us=557164   cd_dir = '[UNDEF]'

82
2024-07-21 19:12:24 us=557201   writepid = '[UNDEF]'

83
2024-07-21 19:12:24 us=557235   up_script = '[UNDEF]'

84
2024-07-21 19:12:24 us=557263   down_script = '[UNDEF]'

85
2024-07-21 19:12:24 us=557291   down_pre = DISABLED

86
2024-07-21 19:12:24 us=557319   up_restart = DISABLED

87
2024-07-21 19:12:24 us=557347   up_delay = DISABLED

88
2024-07-21 19:12:24 us=557374   daemon = DISABLED

89
2024-07-21 19:12:24 us=557400   inetd = 0

90
2024-07-21 19:12:24 us=557426   log = DISABLED

91
2024-07-21 19:12:24 us=557450   suppress_timestamps = DISABLED

92
2024-07-21 19:12:24 us=557475   machine_readable_output = DISABLED

93
2024-07-21 19:12:24 us=557500   nice = 0

94
2024-07-21 19:12:24 us=557524   verbosity = 6

95
2024-07-21 19:12:24 us=557549   mute = 0

96
2024-07-21 19:12:24 us=557573   gremlin = 0

97
2024-07-21 19:12:24 us=557596   status_file = '[UNDEF]'

98
2024-07-21 19:12:24 us=557622   status_file_version = 1

99
2024-07-21 19:12:24 us=557646   status_file_update_freq = 60

100
2024-07-21 19:12:24 us=557671   occ = ENABLED

101
2024-07-21 19:12:24 us=557695   rcvbuf = 0

102
2024-07-21 19:12:24 us=557720   sndbuf = 0

103
2024-07-21 19:12:24 us=557744   mark = 0

104
2024-07-21 19:12:24 us=557768   sockflags = 0

105
2024-07-21 19:12:24 us=557792   fast_io = DISABLED

106
2024-07-21 19:12:24 us=557817   comp.alg = 2

107
2024-07-21 19:12:24 us=557841   comp.flags = 1

108
2024-07-21 19:12:24 us=557866   route_script = '[UNDEF]'

109
2024-07-21 19:12:24 us=557890   route_default_gateway = '[UNDEF]'

110
2024-07-21 19:12:24 us=557916   route_default_metric = 0

111
2024-07-21 19:12:24 us=557941   route_noexec = DISABLED

112
2024-07-21 19:12:24 us=557965   route_delay = 0

113
2024-07-21 19:12:24 us=557990   route_delay_window = 30

114
2024-07-21 19:12:24 us=558015   route_delay_defined = DISABLED

115
2024-07-21 19:12:24 us=558040   route_nopull = DISABLED

116
2024-07-21 19:12:24 us=558064   route_gateway_via_dhcp = DISABLED

117
2024-07-21 19:12:24 us=558088   allow_pull_fqdn = DISABLED

118
2024-07-21 19:12:24 us=558113   management_addr = '[UNDEF]'

119
2024-07-21 19:12:24 us=558138   management_port = '[UNDEF]'

120
2024-07-21 19:12:24 us=558163   management_user_pass = '[UNDEF]'

121
2024-07-21 19:12:24 us=558188   management_log_history_cache = 250

122
2024-07-21 19:12:24 us=558214   management_echo_buffer_size = 100

123
2024-07-21 19:12:24 us=558239   management_write_peer_info_file = '[UNDEF]'

124
2024-07-21 19:12:24 us=558264   management_client_user = '[UNDEF]'

125
2024-07-21 19:12:24 us=558288   management_client_group = '[UNDEF]'

126
2024-07-21 19:12:24 us=558314   management_flags = 0

127
2024-07-21 19:12:24 us=558339   shared_secret_file = '[UNDEF]'

128
2024-07-21 19:12:24 us=558364   key_direction = not set

129
2024-07-21 19:12:24 us=558388   ciphername = 'AES-128-CBC'

130
2024-07-21 19:12:24 us=558414   ncp_enabled = ENABLED

131
2024-07-21 19:12:24 us=558439   ncp_ciphers = 'AES-256-GCM:AES-128-GCM:AES-128-CBC'

132
2024-07-21 19:12:24 us=558465   authname = 'SHA1'

133
2024-07-21 19:12:24 us=558490   prng_hash = 'SHA1'

134
2024-07-21 19:12:24 us=558515   prng_nonce_secret_len = 16

135
2024-07-21 19:12:24 us=558540   keysize = 0

136
2024-07-21 19:12:24 us=558565   engine = DISABLED

137
2024-07-21 19:12:24 us=558589   replay = ENABLED

138
2024-07-21 19:12:24 us=558615   mute_replay_warnings = DISABLED

139
2024-07-21 19:12:24 us=558640   replay_window = 64

140
2024-07-21 19:12:24 us=558666   replay_time = 15

141
2024-07-21 19:12:24 us=558690   packet_id_file = '[UNDEF]'

142
2024-07-21 19:12:24 us=558714   test_crypto = DISABLED

143
2024-07-21 19:12:24 us=558739   tls_server = DISABLED

144
2024-07-21 19:12:24 us=558764   tls_client = ENABLED

145
2024-07-21 19:12:24 us=558788   ca_file = '[INLINE]'

146
2024-07-21 19:12:24 us=558813   ca_path = '[UNDEF]'

147
2024-07-21 19:12:24 us=558838   dh_file = '[UNDEF]'

148
2024-07-21 19:12:24 us=558863   cert_file = '[INLINE]'

149
2024-07-21 19:12:24 us=558887   extra_certs_file = '[UNDEF]'

150
2024-07-21 19:12:24 us=558913   priv_key_file = '[INLINE]'

151
2024-07-21 19:12:24 us=558938   pkcs12_file = '[UNDEF]'

152
2024-07-21 19:12:24 us=558962   cipher_list = 'DEFAULT:@SECLEVEL=0'

153
2024-07-21 19:12:24 us=558987   cipher_list_tls13 = '[UNDEF]'

154
2024-07-21 19:12:24 us=559012   tls_cert_profile = '[UNDEF]'

155
2024-07-21 19:12:24 us=559037   tls_verify = '[UNDEF]'

156
2024-07-21 19:12:24 us=559062   tls_export_cert = '[UNDEF]'

157
2024-07-21 19:12:24 us=559087   verify_x509_type = 0

158
2024-07-21 19:12:24 us=559111   verify_x509_name = '[UNDEF]'

159
2024-07-21 19:12:24 us=559137   crl_file = '[UNDEF]'

160
2024-07-21 19:12:24 us=559161   ns_cert_type = 0

161
2024-07-21 19:12:24 us=559186   remote_cert_ku[i] = 65535

162
2024-07-21 19:12:24 us=559212   remote_cert_ku[i] = 0

163
2024-07-21 19:12:24 us=559241   remote_cert_ku[i] = 0

164
2024-07-21 19:12:24 us=559262   remote_cert_ku[i] = 0

165
2024-07-21 19:12:24 us=559279   remote_cert_ku[i] = 0

166
2024-07-21 19:12:24 us=559297   remote_cert_ku[i] = 0

167
2024-07-21 19:12:24 us=559313   remote_cert_ku[i] = 0

168
2024-07-21 19:12:24 us=559330   remote_cert_ku[i] = 0

169
2024-07-21 19:12:24 us=559346   remote_cert_ku[i] = 0

170
2024-07-21 19:12:24 us=559362   remote_cert_ku[i] = 0

171
2024-07-21 19:12:24 us=559379   remote_cert_ku[i] = 0

172
2024-07-21 19:12:24 us=559395   remote_cert_ku[i] = 0

173
2024-07-21 19:12:24 us=559411   remote_cert_ku[i] = 0

174
2024-07-21 19:12:24 us=559428   remote_cert_ku[i] = 0

175
2024-07-21 19:12:24 us=559444   remote_cert_ku[i] = 0

176
2024-07-21 19:12:24 us=559467   remote_cert_ku[i] = 0

177
2024-07-21 19:12:24 us=559471   remote_cert_eku = 'TLS Web Server Authentication'

178
2024-07-21 19:12:24 us=559476   ssl_flags = 0

179
2024-07-21 19:12:24 us=559494   tls_timeout = 2

180
2024-07-21 19:12:24 us=559497   renegotiate_bytes = -1

181
2024-07-21 19:12:24 us=559501   renegotiate_packets = 0

182
2024-07-21 19:12:24 us=559525   renegotiate_seconds = 3600

183
2024-07-21 19:12:24 us=559529   handshake_window = 60

184
2024-07-21 19:12:24 us=559550   transition_window = 3600

185
2024-07-21 19:12:24 us=559567   single_session = DISABLED

186
2024-07-21 19:12:24 us=559584   push_peer_info = DISABLED

187
2024-07-21 19:12:24 us=559601   tls_exit = DISABLED

188
2024-07-21 19:12:24 us=559618   tls_crypt_v2_metadata = '[UNDEF]'

189
2024-07-21 19:12:24 us=559635   pkcs11_protected_authentication = DISABLED

190
2024-07-21 19:12:24 us=559653   pkcs11_protected_authentication = DISABLED

191
2024-07-21 19:12:24 us=559670   pkcs11_protected_authentication = DISABLED

192
2024-07-21 19:12:24 us=559686   pkcs11_protected_authentication = DISABLED

193
2024-07-21 19:12:24 us=559703   pkcs11_protected_authentication = DISABLED

194
2024-07-21 19:12:24 us=559720   pkcs11_protected_authentication = DISABLED

195
2024-07-21 19:12:24 us=559737   pkcs11_protected_authentication = DISABLED

196
2024-07-21 19:12:24 us=559754   pkcs11_protected_authentication = DISABLED

197
2024-07-21 19:12:24 us=559770   pkcs11_protected_authentication = DISABLED

198
2024-07-21 19:12:24 us=559787   pkcs11_protected_authentication = DISABLED

199
2024-07-21 19:12:24 us=559804   pkcs11_protected_authentication = DISABLED

200
2024-07-21 19:12:24 us=559821   pkcs11_protected_authentication = DISABLED

201
2024-07-21 19:12:24 us=559838   pkcs11_protected_authentication = DISABLED

202
2024-07-21 19:12:24 us=559855   pkcs11_protected_authentication = DISABLED

203
2024-07-21 19:12:24 us=559871   pkcs11_protected_authentication = DISABLED

204
2024-07-21 19:12:24 us=559888   pkcs11_protected_authentication = DISABLED

205
2024-07-21 19:12:24 us=559905   pkcs11_private_mode = 00000000

206
2024-07-21 19:12:24 us=559923   pkcs11_private_mode = 00000000

207
2024-07-21 19:12:24 us=559939   pkcs11_private_mode = 00000000

208
2024-07-21 19:12:24 us=559956   pkcs11_private_mode = 00000000

209
2024-07-21 19:12:24 us=559973   pkcs11_private_mode = 00000000

210
2024-07-21 19:12:24 us=559990   pkcs11_private_mode = 00000000

211
2024-07-21 19:12:24 us=560006   pkcs11_private_mode = 00000000

212
2024-07-21 19:12:24 us=560023   pkcs11_private_mode = 00000000

213
2024-07-21 19:12:24 us=560039   pkcs11_private_mode = 00000000

214
2024-07-21 19:12:24 us=560056   pkcs11_private_mode = 00000000

215
2024-07-21 19:12:24 us=560072   pkcs11_private_mode = 00000000

216
2024-07-21 19:12:24 us=560089   pkcs11_private_mode = 00000000

217
2024-07-21 19:12:24 us=560105   pkcs11_private_mode = 00000000

218
2024-07-21 19:12:24 us=560121   pkcs11_private_mode = 00000000

219
2024-07-21 19:12:24 us=560138   pkcs11_private_mode = 00000000

220
2024-07-21 19:12:24 us=560154   pkcs11_private_mode = 00000000

221
2024-07-21 19:12:24 us=560170   pkcs11_cert_private = DISABLED

222
2024-07-21 19:12:24 us=560187   pkcs11_cert_private = DISABLED

223
2024-07-21 19:12:24 us=560204   pkcs11_cert_private = DISABLED

224
2024-07-21 19:12:24 us=560220   pkcs11_cert_private = DISABLED

225
2024-07-21 19:12:24 us=560236   pkcs11_cert_private = DISABLED

226
2024-07-21 19:12:24 us=560253   pkcs11_cert_private = DISABLED

227
2024-07-21 19:12:24 us=560270   pkcs11_cert_private = DISABLED

228
2024-07-21 19:12:24 us=560286   pkcs11_cert_private = DISABLED

229
2024-07-21 19:12:24 us=560302   pkcs11_cert_private = DISABLED

230
2024-07-21 19:12:24 us=560327   pkcs11_cert_private = DISABLED

231
2024-07-21 19:12:24 us=560345   pkcs11_cert_private = DISABLED

232
2024-07-21 19:12:24 us=560361   pkcs11_cert_private = DISABLED

233
2024-07-21 19:12:24 us=560378   pkcs11_cert_private = DISABLED

234
2024-07-21 19:12:24 us=560394   pkcs11_cert_private = DISABLED

235
2024-07-21 19:12:24 us=560410   pkcs11_cert_private = DISABLED

236
2024-07-21 19:12:24 us=560427   pkcs11_cert_private = DISABLED

237
2024-07-21 19:12:24 us=560444   pkcs11_pin_cache_period = -1

238
2024-07-21 19:12:24 us=560461   pkcs11_id = '[UNDEF]'

239
2024-07-21 19:12:24 us=560477   pkcs11_id_management = DISABLED

240
2024-07-21 19:12:24 us=560509   server_network = 0.0.0.0

241
2024-07-21 19:12:24 us=560535   server_netmask = 0.0.0.0

242
2024-07-21 19:12:24 us=560574   server_network_ipv6 = ::

243
2024-07-21 19:12:24 us=560602   server_netbits_ipv6 = 0

244
2024-07-21 19:12:24 us=560633   server_bridge_ip = 0.0.0.0

245
2024-07-21 19:12:24 us=560662   server_bridge_netmask = 0.0.0.0

246
2024-07-21 19:12:24 us=560688   server_bridge_pool_start = 0.0.0.0

247
2024-07-21 19:12:24 us=560707   server_bridge_pool_end = 0.0.0.0

248
2024-07-21 19:12:24 us=560741   push_entry = 'dhcp-option DNS 10.9.8.1'

249
2024-07-21 19:12:24 us=560758   push_entry = 'dhcp-option DNS 8.8.8.8'

250
2024-07-21 19:12:24 us=560775   ifconfig_pool_defined = DISABLED

251
2024-07-21 19:12:24 us=560793   ifconfig_pool_start = 0.0.0.0

252
2024-07-21 19:12:24 us=560812   ifconfig_pool_end = 0.0.0.0

253
2024-07-21 19:12:24 us=560830   ifconfig_pool_netmask = 0.0.0.0

254
2024-07-21 19:12:24 us=560847   ifconfig_pool_persist_filename = '[UNDEF]'

255
2024-07-21 19:12:24 us=560865   ifconfig_pool_persist_refresh_freq = 600

256
2024-07-21 19:12:24 us=560882   ifconfig_ipv6_pool_defined = DISABLED

257
2024-07-21 19:12:24 us=560900   ifconfig_ipv6_pool_base = ::

258
2024-07-21 19:12:24 us=560917   ifconfig_ipv6_pool_netbits = 0

259
2024-07-21 19:12:24 us=560935   n_bcast_buf = 256

260
2024-07-21 19:12:24 us=560952   tcp_queue_limit = 64

261
2024-07-21 19:12:24 us=560970   real_hash_size = 256

262
2024-07-21 19:12:24 us=560986   virtual_hash_size = 256

263
2024-07-21 19:12:24 us=561003   client_connect_script = '[UNDEF]'

264
2024-07-21 19:12:24 us=561020   learn_address_script = '[UNDEF]'

265
2024-07-21 19:12:24 us=561037   client_disconnect_script = '[UNDEF]'

266
2024-07-21 19:12:24 us=561053   client_config_dir = '[UNDEF]'

267
2024-07-21 19:12:24 us=561071   ccd_exclusive = DISABLED

268
2024-07-21 19:12:24 us=561088   tmp_dir = '/tmp'

269
2024-07-21 19:12:24 us=561105   push_ifconfig_defined = DISABLED

270
2024-07-21 19:12:24 us=561123   push_ifconfig_local = 0.0.0.0

271
2024-07-21 19:12:24 us=561141   push_ifconfig_remote_netmask = 0.0.0.0

272
2024-07-21 19:12:24 us=561158   push_ifconfig_ipv6_defined = DISABLED

273
2024-07-21 19:12:24 us=561198   push_ifconfig_ipv6_local = ::/0

274
2024-07-21 19:12:24 us=561226   push_ifconfig_ipv6_remote = ::

275
2024-07-21 19:12:24 us=561245   enable_c2c = DISABLED

276
2024-07-21 19:12:24 us=561262   duplicate_cn = DISABLED

277
2024-07-21 19:12:24 us=561279   cf_max = 0

278
2024-07-21 19:12:24 us=561295   cf_per = 0

279
2024-07-21 19:12:24 us=561312   max_clients = 1024

280
2024-07-21 19:12:24 us=561329   max_routes_per_client = 256

281
2024-07-21 19:12:24 us=561346   auth_user_pass_verify_script = '[UNDEF]'

282
2024-07-21 19:12:24 us=561363   auth_user_pass_verify_script_via_file = DISABLED

283
2024-07-21 19:12:24 us=561380   auth_token_generate = DISABLED

284
2024-07-21 19:12:24 us=561397   auth_token_lifetime = 0

285
2024-07-21 19:12:24 us=561414   auth_token_secret_file = '[UNDEF]'

286
2024-07-21 19:12:24 us=561430   port_share_host = '[UNDEF]'

287
2024-07-21 19:12:24 us=561447   port_share_port = '[UNDEF]'

288
2024-07-21 19:12:24 us=561464   vlan_tagging = DISABLED

289
2024-07-21 19:12:24 us=561480   vlan_accept = all

290
2024-07-21 19:12:24 us=561497   vlan_pvid = 1

291
2024-07-21 19:12:24 us=561514   client = ENABLED

292
2024-07-21 19:12:24 us=561531   pull = ENABLED

293
2024-07-21 19:12:24 us=561548   auth_user_pass_file = '[UNDEF]'

294
2024-07-21 19:12:24 us=561568 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 27 2024

295
2024-07-21 19:12:24 us=561607 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10

296
2024-07-21 19:12:24 us=564147 No valid translation found for TLS cipher '@SECLEVEL=0'

297
2024-07-21 19:12:24 us=570704 LZO compression initializing

298
2024-07-21 19:12:24 us=570944 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]

299
2024-07-21 19:12:24 us=574517 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]

300
2024-07-21 19:12:24 us=574630 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'

301
2024-07-21 19:12:24 us=574656 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'

302
2024-07-21 19:12:24 us=574689 TCP/UDP: Preserving recently used remote address: [AF_INET]my-link:1194

303
2024-07-21 19:12:24 us=574756 Socket Buffers: R=[212992->212992] S=[212992->212992]

304
2024-07-21 19:12:24 us=574789 UDP link local: (not bound)

305
2024-07-21 19:12:24 us=574822 UDP link remote: [AF_INET]my-link:1194

306
2024-07-21 19:12:24 us=574896 UDP WRITE [14] to [AF_INET]my-link:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0

307
2024-07-21 19:12:27 us=6633 UDP WRITE [14] to [AF_INET]my-link:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0

308
2024-07-21 19:12:31 us=868604 UDP WRITE [14] to [AF_INET]my-link:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0

309
2024-07-21 19:12:39 us=705537 UDP WRITE [14] to [AF_INET]my-link:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0

310
2024-07-21 19:12:56 us=195294 UDP WRITE [14] to [AF_INET]my-link:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0

311
^C2024-07-21 19:13:10 us=570651 event_wait : Interrupted system call (code=4)

312
2024-07-21 19:13:10 us=570911 TCP/UDP: Closing socket

313
2024-07-21 19:13:10 us=570967 SIGINT[hard,] received, process exiting


Was mich nun stutzig macht sind folgende Zeile:
1
2024-07-21 19:12:24 us=560509   server_network = 0.0.0.0

2
2024-07-21 19:12:24 us=560535   server_netmask = 0.0.0.0

3
2024-07-21 19:12:24 us=560574   server_network_ipv6 = ::

4
2024-07-21 19:12:24 us=560602   server_netbits_ipv6 = 0

5
2024-07-21 19:12:24 us=560633   server_bridge_ip = 0.0.0.0

6
2024-07-21 19:12:24 us=560662   server_bridge_netmask = 0.0.0.0

7
2024-07-21 19:12:24 us=560688   server_bridge_pool_start = 0.0.0.0

8
2024-07-21 19:12:24 us=560707   server_bridge_pool_end = 0.0.0.0


Wenn ich die Zeile richtig interpretiere, baut der Server kein Netz 
unter _10.8.0.0_ auf, wie in der graphischen Oberfläche zu sehen ist.
Das ist merkwürdig... Der Server wird mit einem Klick vom Tp-Link Router 
selbst einrichtet. Ich finde es komisch, dass der Router die 
Konfigurationsdateien herunterladen lässt, ohne dass die Einrichtung des 
Servers abgeschlossen ist.

: Bearbeitet durch User
Beitrag melden Bearbeiten Löschen Markierten Text zitieren Antwort Antwort mit Zitat
Re: [OpenVPN] Heimrouter bleibt unerreichbar
von Dieter D. (Firma: Hobbytheoretiker) (dieter_1234)

Lesenswert? 

X. A. schrieb:
> Ich finde es komisch, dass der Router die Konfigurationsdateien herunterladen 
lässt,

Kann das mit den konstruktiven und destruktiven Paketfilterregeln in 
nftables zusammenhängen, wenn da was nicht so funktioniert, wie es soll?

Beitrag melden Bearbeiten Löschen Markierten Text zitieren Antwort Antwort mit Zitat
Thread beobachten | Seitenaufteilung abschalten
Bitte melde dich an um einen Beitrag zu schreiben. Anmeldung ist kostenlos und dauert nur eine Minute.
Bestehender Account
Schon ein Account bei Google/GoogleMail? Keine Anmeldung erforderlich!
Mit Google-Account einloggen
Noch kein Account? Hier anmelden.