[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] trying to improve connection stability

  • Subject: Re: [Openvpn-users] trying to improve connection stability
  • From: Erik Anderson <erikba@xxxxxxxxxxxxxxxxx>
  • Date: Sun, 01 Aug 2004 13:12:07 -0700
Okay, update on my situation (if helpful). Thank you for your support in helping to get this running more smoothly :-)

There are two machines currently at the satellite office. I was concentrating on the more critical one which was having very bad connectivity issues. I had someone go over and restart the OpenVPN service and grab the logs, the connection improved and is now near 100%. The logs showed a connection failure once a minute (described below, I call this an "UNDEF timeout")

The other machine (less critical at the moment) is from the server's perspective connecting once every ten minutes, grabbing an address off of the DHCP server (on the same machine as the OpenVPN server), and then disconnecting seconds later (timing out after about 30sec). I have asked for the logs from that machine, they also show this UNDEF timeout error. This error may indicate a simple failure to connect, but the only failure to connect errors I've seen so far are the "TLS key negotiation failure" and "IPv4 read failed: invalid argument"; I haven't seen this particular error before.

Sun Aug 01 13:05:08 2004 Preserving previous TUN/TAP instance: VPN
Sun Aug 01 13:05:08 2004 UDPv4 link local (bound): [undef]:5000
Sun Aug 01 13:05:08 2004 UDPv4 link remote: 2.3.4.5:5009
Sun Aug 01 13:05:53 2004 [UNDEF] Inactivity timeout (--ping-restart), restarting
Sun Aug 01 13:05:53 2004 SIGUSR1[soft,ping-restart] received, process restarting
Sun Aug 01 13:05:53 2004 Re-using SSL/TLS context
Sun Aug 01 13:05:53 2004 LZO compression initialized
Sun Aug 01 13:05:53 2004 Preserving previous TUN/TAP instance: VPN
Sun Aug 01 13:05:53 2004 UDPv4 link local (bound): [undef]:5000
Sun Aug 01 13:05:53 2004 UDPv4 link remote: 2.3.4.5:5009
Sun Aug 01 13:06:39 2004 [UNDEF] Inactivity timeout (--ping-restart), restarting
Sun Aug 01 13:06:39 2004 SIGUSR1[soft,ping-restart] received, process restarting
Sun Aug 01 13:06:39 2004 Re-using SSL/TLS context
Sun Aug 01 13:06:39 2004 LZO compression initialized
Sun Aug 01 13:06:39 2004 Preserving previous TUN/TAP instance: VPN
Sun Aug 01 13:06:39 2004 UDPv4 link local (bound): [undef]:5000
Sun Aug 01 13:06:39 2004 UDPv4 link remote: 2.3.4.5:5009
Sun Aug 01 13:07:24 2004 [UNDEF] Inactivity timeout (--ping-restart), restarting
Sun Aug 01 13:07:24 2004 SIGUSR1[soft,ping-restart] received, process restarting
Sun Aug 01 13:07:24 2004 Re-using SSL/TLS context
Sun Aug 01 13:07:24 2004 LZO compression initialized
Sun Aug 01 13:07:24 2004 Preserving previous TUN/TAP instance: VPN
Sun Aug 01 13:07:24 2004 UDPv4 link local (bound): [undef]:5000
Sun Aug 01 13:07:24 2004 UDPv4 link remote: 2.3.4.5:5009
Sun Aug 01 13:08:09 2004 [UNDEF] Inactivity timeout (--ping-restart), restarting
Sun Aug 01 13:08:09 2004 SIGUSR1[soft,ping-restart] received, process restarting
Sun Aug 01 13:08:09 2004 Re-using SSL/TLS context
Sun Aug 01 13:08:09 2004 LZO compression initialized
Sun Aug 01 13:08:09 2004 Preserving previous TUN/TAP instance: VPN
Sun Aug 01 13:08:09 2004 UDPv4 link local (bound): [undef]:5000
Sun Aug 01 13:08:09 2004 UDPv4 link remote: 2.3.4.5:5009
Sun Aug 01 13:08:55 2004 [UNDEF] Inactivity timeout (--ping-restart), restarting
Sun Aug 01 13:08:55 2004 SIGUSR1[soft,ping-restart] received, process restarting
Sun Aug 01 13:08:55 2004 Re-using SSL/TLS context
Sun Aug 01 13:08:55 2004 LZO compression initialized
Sun Aug 01 13:08:55 2004 Preserving previous TUN/TAP instance: VPN
Sun Aug 01 13:08:55 2004 UDPv4 link local (bound): [undef]:5000
Sun Aug 01 13:08:55 2004 UDPv4 link remote: 2.3.4.5:5009
Sun Aug 01 13:09:40 2004 [UNDEF] Inactivity timeout (--ping-restart), restarting
Sun Aug 01 13:09:40 2004 SIGUSR1[soft,ping-restart] received, process restarting
Sun Aug 01 13:09:40 2004 Re-using SSL/TLS context
Sun Aug 01 13:09:40 2004 LZO compression initialized
Sun Aug 01 13:09:40 2004 Preserving previous TUN/TAP instance: VPN
Sun Aug 01 13:09:40 2004 UDPv4 link local (bound): [undef]:5000
Sun Aug 01 13:09:40 2004 UDPv4 link remote: 2.3.4.5:5009
Sun Aug 01 13:09:43 2004 [knight] Peer Connection Initiated with 2.3.4.5:5009

James Yonan wrote:

On Saturday 31 July 2004 01:43, Erik Anderson wrote:


I've been using OpenVPN to connect several machines, but I have been rathar
concerned about stability, especially as it is necessary to maintain a
stable connection between the VPN hub and a satellite machine on the other
side of the country.  The machine here is on a frac-T1 link, the satellite
is on a DSL connection.

I have recently (this afternoon) upgraded the satellite from 1.6, it is now
running 2.0b8 against a 2.0b5 server (will upgrade soon), but now that it
is connecting on the newer protocol (and I'm receiving hourly status
reports) I'm seeing an awful lot of connection instabilities.  Here's one
excerpt from the logs.  Note that the configuration files are nearly
identical on both sides.

I think part of me is wondering (1) is this normal and to be expected, and
(2) if not, what are good ways to look at improving things.  I have not had
any significant problems with the actual connections themselves, So I don't
believe this to be an MTU problem (at least not obviously).  I had
previously noticed that significant use of the VPN (remote desktop) would
cause 10-min outages, but I believe that this was a rathar old router
(which was replaced last week because of these strange outages)

--

Security Events
=-=-=-=-=-=-=-=
Jul 30 22:15:52 knight openvpn[2844]: cpm-t30/1.2.3.4:5009
Authenticate/Decrypt packet error: packet HMAC authentication failed



These messages (above) usually mean one of three things:

(1) You are using different static or --tls-auth keys on both sides of the connection.

(2) Packets are getting corrupted somewhere.

(3) OpenVPN is receiving packets sent by another program, not OpenVPN.



Jul 30 22:15:53 knight openvpn[2844]: cpmt40/1.2.3.4:15009
Authenticate/Decrypt packet error: packet HMAC authentication failed
Jul 30 22:16:08 knight openvpn[2844]: cpmt40/1.2.3.4:15009
Authenticate/Decrypt packet error: packet HMAC authentication failed
Jul 30 22:16:08 knight openvpn[2844]: cpm-t30/1.2.3.4:5009
Authenticate/Decrypt packet error: packet HMAC authentication failed
Jul 30 22:16:22 knight openvpn[2844]: cpmt40/1.2.3.4:15009
Authenticate/Decrypt packet error: packet HMAC authentication failed
Jul 30 22:16:22 knight openvpn[2844]: cpm-t30/1.2.3.4:5009
Authenticate/Decrypt packet error: packet HMAC authentication failed
Jul 30 22:25:57 knight qmail: 1091251557.952852 delivery 8598: deferral:
Connected_to_68.6.19.3_but_sender_was_rejected./Remote_host_said:_450_Unabl
e _to_find_aafinder.com/
Jul 30 22:27:49 knight openvpn[2844]: cpmt40/1.2.3.4:5009
Authenticate/Decrypt packet error: packet HMAC authentication failed
Jul 30 22:27:55 knight openvpn[2844]: cpm-t30/1.2.3.4:15009
Authenticate/Decrypt packet error: packet HMAC authentication failed
Jul 30 22:28:05 knight openvpn[2844]: cpmt40/1.2.3.4:5009
Authenticate/Decrypt packet error: packet HMAC authentication failed
Jul 30 22:28:10 knight openvpn[2844]: cpm-t30/1.2.3.4:15009
Authenticate/Decrypt packet error: packet HMAC authentication failed
Jul 30 22:39:55 knight openvpn[2844]: cpm-t30/1.2.3.4:5009
Authenticate/Decrypt packet error: packet HMAC authentication failed
Jul 30 22:39:56 knight openvpn[2844]: cpmt40/1.2.3.4:15009
Authenticate/Decrypt packet error: packet HMAC authentication failed
Jul 30 22:40:11 knight openvpn[2844]: cpm-t30/1.2.3.4:5009
Authenticate/Decrypt packet error: packet HMAC authentication failed
Jul 30 22:40:12 knight openvpn[2844]: cpmt40/1.2.3.4:15009
Authenticate/Decrypt packet error: packet HMAC authentication failed
Jul 30 22:40:26 knight openvpn[2844]: cpm-t30/1.2.3.4:5009
Authenticate/Decrypt packet error: packet HMAC authentication failed

System Events
=-=-=-=-=-=-=
Jul 30 22:16:24 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 [cpm-t30]
Inactivity timeout (--ping-restart), restarting
Jul 30 22:16:24 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 MULTI:
multi_close_instance called
Jul 30 22:16:33 knight openvpn[2844]: MULTI: multi_create_instance called
Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 Re-using SSL/TLS context
Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 LZO compression
initialized
Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 Control Channel MTU
parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 Data Channel MTU parms
[ L:1578 D:1450 EF:46 EB:19 ET:32 EL:0 ]
Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 Fragmentation MTU parms
[ L:1578 D:1450 EF:45 EB:19 ET:33 EL:0 ]
Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 Local Options hash
(VER=V3): '72712ff8'
Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 Expected Remote Options
hash (VER=V3): 'bfef2756'
Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 TLS: Initial packet from
1.2.3.4:5009, sid=88ca26cf 25b307e0
Jul 30 22:16:33 knight openvpn[2844]: MULTI: multi_create_instance called
Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 Re-using SSL/TLS
context Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 LZO compression
initialized
Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 Control Channel MTU
parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 Data Channel MTU parms
[ L:1578 D:1450 EF:46 EB:19 ET:32 EL:0 ]
Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 Fragmentation MTU parms
[ L:1578 D:1450 EF:45 EB:19 ET:33 EL:0 ]
Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 Local Options hash
(VER=V3): '72712ff8'
Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 Expected Remote Options
hash (VER=V3): 'bfef2756'
Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 TLS: Initial packet
from 1.2.3.4:15009, sid=418ede80 9d15316a
Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=2,
/OU=Security.Management/CN=Organizational.Root/emailAddress=erikba@teamwork
g roup.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham Jul 30
22:16:36 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=1,
/OU=Security.Management/CN=OpenVPN.Access.CA/emailAddress=erikba@teamworkgr
o up.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham
Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=0,
/CN=cpm-t30/emailAddress=cpmonteiro@xxxxxxxxxxxxxxxxx/C=US/ST=Virginia/L=Al
e xandria/O=The.TeamWork.Group..Inc./OU=Security.Management
Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=2,
/OU=Security.Management/CN=Organizational.Root/emailAddress=erikba@teamwork
g roup.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham Jul 30
22:16:36 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=1,
/OU=Security.Management/CN=OpenVPN.Access.CA/emailAddress=erikba@teamworkgr
o up.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham
Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=0,
/CN=cpmt40/emailAddress=cpmonteiro@xxxxxxxxxxxxxxxxx/C=US/ST=Virginia/L=Ale
x andria/O=The.TeamWork.Group..Inc./OU=Security.Management
Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Encrypt:
Cipher 'BF-CBC' initialized with 128 bit key
Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Encrypt:
Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Decrypt:
Cipher 'BF-CBC' initialized with 128 bit key
Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Decrypt:
Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 Control Channel: TLSv1,
cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 [cpm-t30] Peer
Connection Initiated with 1.2.3.4:15009
Jul 30 22:16:36 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 MULTI: no
dynamic or static remote --ifconfig address is available for
cpm-t30/1.2.3.4:15009
Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Encrypt:
Cipher 'BF-CBC' initialized with 128 bit key
Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Encrypt:
Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Decrypt:
Cipher 'BF-CBC' initialized with 128 bit key
Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Decrypt:
Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 Control Channel: TLSv1,
cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 [cpmt40] Peer Connection
Initiated with 1.2.3.4:5009
Jul 30 22:16:36 knight openvpn[2844]: cpmt40/1.2.3.4:5009 MULTI: no dynamic
or static remote --ifconfig address is available for cpmt40/1.2.3.4:5009
Jul 30 22:16:58 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 MULTI: Learn:
00:ff:87:46:55:70 -> cpm-t30/1.2.3.4:15009
Jul 30 22:17:51 knight openvpn[2844]: cpmt40/1.2.3.4:5009 MULTI: Learn:
00:ff:86:0e:c0:45 -> cpmt40/1.2.3.4:5009
Jul 30 22:28:18 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 [cpm-t30]
Inactivity timeout (--ping-restart), restarting
Jul 30 22:28:18 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 MULTI:
multi_close_instance called
Jul 30 22:28:21 knight openvpn[2844]: cpmt40/1.2.3.4:5009 TLS: new session
incoming connection from 1.2.3.4:5009
Jul 30 22:28:21 knight openvpn[2844]: MULTI: multi_create_instance called
Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 Re-using SSL/TLS
context Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 LZO compression
initialized
Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 Control Channel MTU
parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 Data Channel MTU parms
[ L:1578 D:1450 EF:46 EB:19 ET:32 EL:0 ]
Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 Fragmentation MTU parms
[ L:1578 D:1450 EF:45 EB:19 ET:33 EL:0 ]
Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 Local Options hash
(VER=V3): '72712ff8'
Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 Expected Remote Options
hash (VER=V3): 'bfef2756'
Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 TLS: Initial packet
from 1.2.3.4:15009, sid=0d8c60b8 ea61aef8
Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=2,
/OU=Security.Management/CN=Organizational.Root/emailAddress=erikba@teamwork
g roup.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham Jul 30
22:28:24 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=1,
/OU=Security.Management/CN=OpenVPN.Access.CA/emailAddress=erikba@teamworkgr
o up.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham
Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=0,
/CN=cpmt40/emailAddress=cpmonteiro@xxxxxxxxxxxxxxxxx/C=US/ST=Virginia/L=Ale
x andria/O=The.TeamWork.Group..Inc./OU=Security.Management
Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Encrypt:
Cipher 'BF-CBC' initialized with 128 bit key
Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Encrypt:
Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Decrypt:
Cipher 'BF-CBC' initialized with 128 bit key
Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Decrypt:
Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 Control Channel: TLSv1,
cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 [cpmt40] Peer
Connection Initiated with 1.2.3.4:15009
Jul 30 22:28:24 knight openvpn[2844]: cpmt40/1.2.3.4:15009 MULTI:
multi_close_instance called
Jul 30 22:28:24 knight openvpn[2844]: MULTI: no dynamic or static
remote --ifconfig address is available for cpmt40/1.2.3.4:15009



This may be the problem (above). Unless you're using DHCP or not interested in tunneling the IP protocol, make sure that the OpenVPN server has enough information so that it can push a virtual address (or ifconfig address) to the client. Normally, that means using either --ifconfig-pool, DHCP, or fixed IPs assigned to specific client certificates using --ifconfig-push.

James



Jul 30 22:28:48 knight openvpn[2844]: cpmt40/1.2.3.4:15009 MULTI: Learn:
00:ff:86:0e:c0:45 -> cpmt40/1.2.3.4:15009
Jul 30 22:29:08 knight openvpn[2844]: MULTI: multi_create_instance called
Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 Re-using SSL/TLS context
Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 LZO compression
initialized
Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 Control Channel MTU
parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 Data Channel MTU parms
[ L:1578 D:1450 EF:46 EB:19 ET:32 EL:0 ]
Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 Fragmentation MTU parms
[ L:1578 D:1450 EF:45 EB:19 ET:33 EL:0 ]
Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 Local Options hash
(VER=V3): '72712ff8'
Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 Expected Remote Options
hash (VER=V3): 'bfef2756'
Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 TLS: Initial packet from
1.2.3.4:5009, sid=d5e53b24 fb1a75b4
Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=2,
/OU=Security.Management/CN=Organizational.Root/emailAddress=erikba@teamwork
g roup.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham Jul 30
22:29:11 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=1,
/OU=Security.Management/CN=OpenVPN.Access.CA/emailAddress=erikba@teamworkgr
o up.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham
Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=0,
/CN=cpm-t30/emailAddress=cpmonteiro@xxxxxxxxxxxxxxxxx/C=US/ST=Virginia/L=Al
e xandria/O=The.TeamWork.Group..Inc./OU=Security.Management
Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Encrypt:
Cipher 'BF-CBC' initialized with 128 bit key
Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Encrypt:
Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Decrypt:
Cipher 'BF-CBC' initialized with 128 bit key
Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Decrypt:
Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 Control Channel: TLSv1,
cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 [cpm-t30] Peer
Connection Initiated with 1.2.3.4:5009
Jul 30 22:29:11 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 MULTI: no
dynamic or static remote --ifconfig address is available for
cpm-t30/1.2.3.4:5009 Jul 30 22:31:59 knight openvpn[2844]:
cpm-t30/1.2.3.4:5009 MULTI: Learn: 00:ff:87:46:55:70 ->
cpm-t30/1.2.3.4:5009
Jul 30 22:40:26 knight openvpn[2844]: cpmt40/1.2.3.4:15009 [cpmt40]
Inactivity timeout (--ping-restart), restarting
Jul 30 22:40:26 knight openvpn[2844]: cpmt40/1.2.3.4:15009 MULTI:
multi_close_instance called
Jul 30 22:40:27 knight openvpn[2844]: MULTI: multi_create_instance called
Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 Re-using SSL/TLS
context Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 LZO compression
initialized
Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 Control Channel MTU
parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 Data Channel MTU parms
[ L:1578 D:1450 EF:46 EB:19 ET:32 EL:0 ]
Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 Fragmentation MTU parms
[ L:1578 D:1450 EF:45 EB:19 ET:33 EL:0 ]
Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 Local Options hash
(VER=V3): '72712ff8'
Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 Expected Remote Options
hash (VER=V3): 'bfef2756'
Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 TLS Error: Unknown data
channel key ID or IP address received from 1.2.3.4:15009: 0 (see FAQ for
more info on this error)
Jul 30 22:40:28 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 [cpm-t30]
Inactivity timeout (--ping-restart), restarting
Jul 30 22:40:28 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 MULTI:
multi_close_instance called
Jul 30 22:40:35 knight openvpn[2844]: MULTI: multi_create_instance called
Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 Re-using SSL/TLS context
Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 LZO compression
initialized
Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 Control Channel MTU
parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ]
Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 Data Channel MTU parms
[ L:1578 D:1450 EF:46 EB:19 ET:32 EL:0 ]
Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 Fragmentation MTU parms
[ L:1578 D:1450 EF:45 EB:19 ET:33 EL:0 ]
Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 Local Options hash
(VER=V3): '72712ff8'
Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 Expected Remote Options
hash (VER=V3): 'bfef2756'
Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 TLS: Initial packet from
1.2.3.4:5009, sid=bd8ac68d 6132a999
Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:15009 TLS: Initial packet
from 1.2.3.4:15009, sid=eb68f5e7 29652858
Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=2,
/OU=Security.Management/CN=Organizational.Root/emailAddress=erikba@teamwork
g roup.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham Jul 30
22:40:37 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=1,
/OU=Security.Management/CN=OpenVPN.Access.CA/emailAddress=erikba@teamworkgr
o up.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham
Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=0,
/CN=cpm-t30/emailAddress=cpmonteiro@xxxxxxxxxxxxxxxxx/C=US/ST=Virginia/L=Al
e xandria/O=The.TeamWork.Group..Inc./OU=Security.Management
Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Encrypt:
Cipher 'BF-CBC' initialized with 128 bit key
Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Encrypt:
Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Decrypt:
Cipher 'BF-CBC' initialized with 128 bit key
Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Decrypt:
Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=2,
/OU=Security.Management/CN=Organizational.Root/emailAddress=erikba@teamwork
g roup.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham Jul 30
22:40:37 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=1,
/OU=Security.Management/CN=OpenVPN.Access.CA/emailAddress=erikba@teamworkgr
o up.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham
Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=0,
/CN=cpmt40/emailAddress=cpmonteiro@xxxxxxxxxxxxxxxxx/C=US/ST=Virginia/L=Ale
x andria/O=The.TeamWork.Group..Inc./OU=Security.Management
Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 Control Channel: TLSv1,
cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 [cpm-t30] Peer
Connection Initiated with 1.2.3.4:15009
Jul 30 22:40:37 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 MULTI: no
dynamic or static remote --ifconfig address is available for
cpm-t30/1.2.3.4:15009
Jul 30 22:40:38 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Encrypt:
Cipher 'BF-CBC' initialized with 128 bit key
Jul 30 22:40:38 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Encrypt:
Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 30 22:40:38 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Decrypt:
Cipher 'BF-CBC' initialized with 128 bit key
Jul 30 22:40:38 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Decrypt:
Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 30 22:40:38 knight openvpn[2844]: 1.2.3.4:5009 Control Channel: TLSv1,
cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jul 30 22:40:38 knight openvpn[2844]: 1.2.3.4:5009 [cpmt40] Peer Connection
Initiated with 1.2.3.4:5009
Jul 30 22:40:38 knight openvpn[2844]: cpmt40/1.2.3.4:5009 MULTI: no dynamic
or static remote --ifconfig address is available for cpmt40/1.2.3.4:5009
Jul 30 22:41:52 knight openvpn[2844]: cpmt40/1.2.3.4:5009 MULTI: Learn:
00:ff:86:0e:c0:45 -> cpmt40/1.2.3.4:5009
Jul 30 22:41:59 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 MULTI: Learn:
00:ff:87:46:55:70 -> cpm-t30/1.2.3.4:15009



-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users




-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users




____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users