|
|
Erik Anderson <erikba@xxxxxxxxxxxxxxxxx> said: > Okay, update on my situation (if helpful). Thank you for your support > in helping to get this running more smoothly :-) > > There are two machines currently at the satellite office. I was > concentrating on the more critical one which was having very bad > connectivity issues. I had someone go over and restart the OpenVPN > service and grab the logs, the connection improved and is now near > 100%. The logs showed a connection failure once a minute (described > below, I call this an "UNDEF timeout") The "UNDEF timeout" usually means that a client started the initial process of authenticating with the server, but the handshake failed before it could be completed for network reasons. The "UNDEF" means that the client common name was undefined at the point that the server timed out and deleted the client object instance. This usually indicates some kind of network or firewall problem. For example, if the client was able to send UDP packets to the server, but the server was not able to send UDP packets back to the client, you would see this behavior. James > The other machine (less critical at the moment) is from the server's > perspective connecting once every ten minutes, grabbing an address off > of the DHCP server (on the same machine as the OpenVPN server), and then > disconnecting seconds later (timing out after about 30sec). I have > asked for the logs from that machine, they also show this UNDEF timeout > error. This error may indicate a simple failure to connect, but the > only failure to connect errors I've seen so far are the "TLS key > negotiation failure" and "IPv4 read failed: invalid argument"; I haven't > seen this particular error before. > > Sun Aug 01 13:05:08 2004 Preserving previous TUN/TAP instance: VPN > Sun Aug 01 13:05:08 2004 UDPv4 link local (bound): [undef]:5000 > Sun Aug 01 13:05:08 2004 UDPv4 link remote: 2.3.4.5:5009 > Sun Aug 01 13:05:53 2004 [UNDEF] Inactivity timeout (--ping-restart), > restarting > Sun Aug 01 13:05:53 2004 SIGUSR1[soft,ping-restart] received, process > restarting > Sun Aug 01 13:05:53 2004 Re-using SSL/TLS context > Sun Aug 01 13:05:53 2004 LZO compression initialized > Sun Aug 01 13:05:53 2004 Preserving previous TUN/TAP instance: VPN > Sun Aug 01 13:05:53 2004 UDPv4 link local (bound): [undef]:5000 > Sun Aug 01 13:05:53 2004 UDPv4 link remote: 2.3.4.5:5009 > Sun Aug 01 13:06:39 2004 [UNDEF] Inactivity timeout (--ping-restart), > restarting > Sun Aug 01 13:06:39 2004 SIGUSR1[soft,ping-restart] received, process > restarting > Sun Aug 01 13:06:39 2004 Re-using SSL/TLS context > Sun Aug 01 13:06:39 2004 LZO compression initialized > Sun Aug 01 13:06:39 2004 Preserving previous TUN/TAP instance: VPN > Sun Aug 01 13:06:39 2004 UDPv4 link local (bound): [undef]:5000 > Sun Aug 01 13:06:39 2004 UDPv4 link remote: 2.3.4.5:5009 > Sun Aug 01 13:07:24 2004 [UNDEF] Inactivity timeout (--ping-restart), > restarting > Sun Aug 01 13:07:24 2004 SIGUSR1[soft,ping-restart] received, process > restarting > Sun Aug 01 13:07:24 2004 Re-using SSL/TLS context > Sun Aug 01 13:07:24 2004 LZO compression initialized > Sun Aug 01 13:07:24 2004 Preserving previous TUN/TAP instance: VPN > Sun Aug 01 13:07:24 2004 UDPv4 link local (bound): [undef]:5000 > Sun Aug 01 13:07:24 2004 UDPv4 link remote: 2.3.4.5:5009 > Sun Aug 01 13:08:09 2004 [UNDEF] Inactivity timeout (--ping-restart), > restarting > Sun Aug 01 13:08:09 2004 SIGUSR1[soft,ping-restart] received, process > restarting > Sun Aug 01 13:08:09 2004 Re-using SSL/TLS context > Sun Aug 01 13:08:09 2004 LZO compression initialized > Sun Aug 01 13:08:09 2004 Preserving previous TUN/TAP instance: VPN > Sun Aug 01 13:08:09 2004 UDPv4 link local (bound): [undef]:5000 > Sun Aug 01 13:08:09 2004 UDPv4 link remote: 2.3.4.5:5009 > Sun Aug 01 13:08:55 2004 [UNDEF] Inactivity timeout (--ping-restart), > restarting > Sun Aug 01 13:08:55 2004 SIGUSR1[soft,ping-restart] received, process > restarting > Sun Aug 01 13:08:55 2004 Re-using SSL/TLS context > Sun Aug 01 13:08:55 2004 LZO compression initialized > Sun Aug 01 13:08:55 2004 Preserving previous TUN/TAP instance: VPN > Sun Aug 01 13:08:55 2004 UDPv4 link local (bound): [undef]:5000 > Sun Aug 01 13:08:55 2004 UDPv4 link remote: 2.3.4.5:5009 > Sun Aug 01 13:09:40 2004 [UNDEF] Inactivity timeout (--ping-restart), > restarting > Sun Aug 01 13:09:40 2004 SIGUSR1[soft,ping-restart] received, process > restarting > Sun Aug 01 13:09:40 2004 Re-using SSL/TLS context > Sun Aug 01 13:09:40 2004 LZO compression initialized > Sun Aug 01 13:09:40 2004 Preserving previous TUN/TAP instance: VPN > Sun Aug 01 13:09:40 2004 UDPv4 link local (bound): [undef]:5000 > Sun Aug 01 13:09:40 2004 UDPv4 link remote: 2.3.4.5:5009 > Sun Aug 01 13:09:43 2004 [knight] Peer Connection Initiated with > 2.3.4.5:5009 > > James Yonan wrote: > > >On Saturday 31 July 2004 01:43, Erik Anderson wrote: > > > > > >>I've been using OpenVPN to connect several machines, but I have been rathar > >>concerned about stability, especially as it is necessary to maintain a > >>stable connection between the VPN hub and a satellite machine on the other > >>side of the country. The machine here is on a frac-T1 link, the satellite > >>is on a DSL connection. > >> > >>I have recently (this afternoon) upgraded the satellite from 1.6, it is now > >>running 2.0b8 against a 2.0b5 server (will upgrade soon), but now that it > >>is connecting on the newer protocol (and I'm receiving hourly status > >>reports) I'm seeing an awful lot of connection instabilities. Here's one > >>excerpt from the logs. Note that the configuration files are nearly > >>identical on both sides. > >> > >>I think part of me is wondering (1) is this normal and to be expected, and > >>(2) if not, what are good ways to look at improving things. I have not had > >>any significant problems with the actual connections themselves, So I don't > >>believe this to be an MTU problem (at least not obviously). I had > >>previously noticed that significant use of the VPN (remote desktop) would > >>cause 10-min outages, but I believe that this was a rathar old router > >>(which was replaced last week because of these strange outages) > >> > >>-- > >> > >>Security Events > >>=-=-=-=-=-=-=-= > >>Jul 30 22:15:52 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > >> > >> > > > >These messages (above) usually mean one of three things: > > > >(1) You are using different static or --tls-auth keys on both sides of the > >connection. > > > >(2) Packets are getting corrupted somewhere. > > > >(3) OpenVPN is receiving packets sent by another program, not OpenVPN. > > > > > > > >>Jul 30 22:15:53 knight openvpn[2844]: cpmt40/1.2.3.4:15009 > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > >>Jul 30 22:16:08 knight openvpn[2844]: cpmt40/1.2.3.4:15009 > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > >>Jul 30 22:16:08 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > >>Jul 30 22:16:22 knight openvpn[2844]: cpmt40/1.2.3.4:15009 > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > >>Jul 30 22:16:22 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > >>Jul 30 22:25:57 knight qmail: 1091251557.952852 delivery 8598: deferral: > >>Connected_to_68.6.19.3_but_sender_was_rejected./Remote_host_said:_450_Unabl > >>e _to_find_aafinder.com/ > >>Jul 30 22:27:49 knight openvpn[2844]: cpmt40/1.2.3.4:5009 > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > >>Jul 30 22:27:55 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > >>Jul 30 22:28:05 knight openvpn[2844]: cpmt40/1.2.3.4:5009 > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > >>Jul 30 22:28:10 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > >>Jul 30 22:39:55 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > >>Jul 30 22:39:56 knight openvpn[2844]: cpmt40/1.2.3.4:15009 > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > >>Jul 30 22:40:11 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > >>Jul 30 22:40:12 knight openvpn[2844]: cpmt40/1.2.3.4:15009 > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > >>Jul 30 22:40:26 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > >> > >>System Events > >>=-=-=-=-=-=-= > >>Jul 30 22:16:24 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 [cpm-t30] > >>Inactivity timeout (--ping-restart), restarting > >>Jul 30 22:16:24 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 MULTI: > >>multi_close_instance called > >>Jul 30 22:16:33 knight openvpn[2844]: MULTI: multi_create_instance called > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 Re-using SSL/TLS context > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 LZO compression > >>initialized > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 Control Channel MTU > >>parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ] > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 Data Channel MTU parms > >>[ L:1578 D:1450 EF:46 EB:19 ET:32 EL:0 ] > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 Fragmentation MTU parms > >>[ L:1578 D:1450 EF:45 EB:19 ET:33 EL:0 ] > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 Local Options hash > >>(VER=V3): '72712ff8' > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 Expected Remote Options > >>hash (VER=V3): 'bfef2756' > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 TLS: Initial packet from > >>1.2.3.4:5009, sid=88ca26cf 25b307e0 > >>Jul 30 22:16:33 knight openvpn[2844]: MULTI: multi_create_instance called > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 Re-using SSL/TLS > >>context Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 LZO compression > >>initialized > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 Control Channel MTU > >>parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ] > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 Data Channel MTU parms > >>[ L:1578 D:1450 EF:46 EB:19 ET:32 EL:0 ] > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 Fragmentation MTU parms > >>[ L:1578 D:1450 EF:45 EB:19 ET:33 EL:0 ] > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 Local Options hash > >>(VER=V3): '72712ff8' > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 Expected Remote Options > >>hash (VER=V3): 'bfef2756' > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 TLS: Initial packet > >>from 1.2.3.4:15009, sid=418ede80 9d15316a > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=2, > >>/OU=Security.Management/CN=Organizational.Root/emailAddress=erikba@teamwork > >>g roup.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham Jul 30 > >>22:16:36 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=1, > >>/OU=Security.Management/CN=OpenVPN.Access.CA/emailAddress=erikba@teamworkgr > >>o up.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=0, > >>/CN=cpm-t30/emailAddress=cpmonteiro@xxxxxxxxxxxxxxxxx/C=US/ST=Virginia/L=Al > >>e xandria/O=The.TeamWork.Group..Inc./OU=Security.Management > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=2, > >>/OU=Security.Management/CN=Organizational.Root/emailAddress=erikba@teamwork > >>g roup.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham Jul 30 > >>22:16:36 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=1, > >>/OU=Security.Management/CN=OpenVPN.Access.CA/emailAddress=erikba@teamworkgr > >>o up.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=0, > >>/CN=cpmt40/emailAddress=cpmonteiro@xxxxxxxxxxxxxxxxx/C=US/ST=Virginia/L=Ale > >>x andria/O=The.TeamWork.Group..Inc./OU=Security.Management > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Encrypt: > >>Cipher 'BF-CBC' initialized with 128 bit key > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Encrypt: > >>Using 160 bit message hash 'SHA1' for HMAC authentication > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Decrypt: > >>Cipher 'BF-CBC' initialized with 128 bit key > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Decrypt: > >>Using 160 bit message hash 'SHA1' for HMAC authentication > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 Control Channel: TLSv1, > >>cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 [cpm-t30] Peer > >>Connection Initiated with 1.2.3.4:15009 > >>Jul 30 22:16:36 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 MULTI: no > >>dynamic or static remote --ifconfig address is available for > >>cpm-t30/1.2.3.4:15009 > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Encrypt: > >>Cipher 'BF-CBC' initialized with 128 bit key > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Encrypt: > >>Using 160 bit message hash 'SHA1' for HMAC authentication > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Decrypt: > >>Cipher 'BF-CBC' initialized with 128 bit key > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Decrypt: > >>Using 160 bit message hash 'SHA1' for HMAC authentication > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 Control Channel: TLSv1, > >>cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 [cpmt40] Peer Connection > >>Initiated with 1.2.3.4:5009 > >>Jul 30 22:16:36 knight openvpn[2844]: cpmt40/1.2.3.4:5009 MULTI: no dynamic > >>or static remote --ifconfig address is available for cpmt40/1.2.3.4:5009 > >>Jul 30 22:16:58 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 MULTI: Learn: > >>00:ff:87:46:55:70 -> cpm-t30/1.2.3.4:15009 > >>Jul 30 22:17:51 knight openvpn[2844]: cpmt40/1.2.3.4:5009 MULTI: Learn: > >>00:ff:86:0e:c0:45 -> cpmt40/1.2.3.4:5009 > >>Jul 30 22:28:18 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 [cpm-t30] > >>Inactivity timeout (--ping-restart), restarting > >>Jul 30 22:28:18 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 MULTI: > >>multi_close_instance called > >>Jul 30 22:28:21 knight openvpn[2844]: cpmt40/1.2.3.4:5009 TLS: new session > >>incoming connection from 1.2.3.4:5009 > >>Jul 30 22:28:21 knight openvpn[2844]: MULTI: multi_create_instance called > >>Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 Re-using SSL/TLS > >>context Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 LZO compression > >>initialized > >>Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 Control Channel MTU > >>parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ] > >>Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 Data Channel MTU parms > >>[ L:1578 D:1450 EF:46 EB:19 ET:32 EL:0 ] > >>Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 Fragmentation MTU parms > >>[ L:1578 D:1450 EF:45 EB:19 ET:33 EL:0 ] > >>Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 Local Options hash > >>(VER=V3): '72712ff8' > >>Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 Expected Remote Options > >>hash (VER=V3): 'bfef2756' > >>Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 TLS: Initial packet > >>from 1.2.3.4:15009, sid=0d8c60b8 ea61aef8 > >>Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=2, > >>/OU=Security.Management/CN=Organizational.Root/emailAddress=erikba@teamwork > >>g roup.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham Jul 30 > >>22:28:24 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=1, > >>/OU=Security.Management/CN=OpenVPN.Access.CA/emailAddress=erikba@teamworkgr > >>o up.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham > >>Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=0, > >>/CN=cpmt40/emailAddress=cpmonteiro@xxxxxxxxxxxxxxxxx/C=US/ST=Virginia/L=Ale > >>x andria/O=The.TeamWork.Group..Inc./OU=Security.Management > >>Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Encrypt: > >>Cipher 'BF-CBC' initialized with 128 bit key > >>Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Encrypt: > >>Using 160 bit message hash 'SHA1' for HMAC authentication > >>Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Decrypt: > >>Cipher 'BF-CBC' initialized with 128 bit key > >>Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Decrypt: > >>Using 160 bit message hash 'SHA1' for HMAC authentication > >>Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 Control Channel: TLSv1, > >>cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA > >>Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 [cpmt40] Peer > >>Connection Initiated with 1.2.3.4:15009 > >>Jul 30 22:28:24 knight openvpn[2844]: cpmt40/1.2.3.4:15009 MULTI: > >>multi_close_instance called > >>Jul 30 22:28:24 knight openvpn[2844]: MULTI: no dynamic or static > >>remote --ifconfig address is available for cpmt40/1.2.3.4:15009 > >> > >> > > > >This may be the problem (above). Unless you're using DHCP or not interested > >in tunneling the IP protocol, make sure that the OpenVPN server has enough > >information so that it can push a virtual address (or ifconfig address) to > >the client. Normally, that means using either --ifconfig-pool, DHCP, or > >fixed IPs assigned to specific client certificates using --ifconfig-push. > > > >James > > > > > > > >>Jul 30 22:28:48 knight openvpn[2844]: cpmt40/1.2.3.4:15009 MULTI: Learn: > >>00:ff:86:0e:c0:45 -> cpmt40/1.2.3.4:15009 > >>Jul 30 22:29:08 knight openvpn[2844]: MULTI: multi_create_instance called > >>Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 Re-using SSL/TLS context > >>Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 LZO compression > >>initialized > >>Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 Control Channel MTU > >>parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ] > >>Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 Data Channel MTU parms > >>[ L:1578 D:1450 EF:46 EB:19 ET:32 EL:0 ] > >>Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 Fragmentation MTU parms > >>[ L:1578 D:1450 EF:45 EB:19 ET:33 EL:0 ] > >>Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 Local Options hash > >>(VER=V3): '72712ff8' > >>Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 Expected Remote Options > >>hash (VER=V3): 'bfef2756' > >>Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 TLS: Initial packet from > >>1.2.3.4:5009, sid=d5e53b24 fb1a75b4 > >>Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=2, > >>/OU=Security.Management/CN=Organizational.Root/emailAddress=erikba@teamwork > >>g roup.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham Jul 30 > >>22:29:11 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=1, > >>/OU=Security.Management/CN=OpenVPN.Access.CA/emailAddress=erikba@teamworkgr > >>o up.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham > >>Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=0, > >>/CN=cpm-t30/emailAddress=cpmonteiro@xxxxxxxxxxxxxxxxx/C=US/ST=Virginia/L=Al > >>e xandria/O=The.TeamWork.Group..Inc./OU=Security.Management > >>Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Encrypt: > >>Cipher 'BF-CBC' initialized with 128 bit key > >>Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Encrypt: > >>Using 160 bit message hash 'SHA1' for HMAC authentication > >>Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Decrypt: > >>Cipher 'BF-CBC' initialized with 128 bit key > >>Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Decrypt: > >>Using 160 bit message hash 'SHA1' for HMAC authentication > >>Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 Control Channel: TLSv1, > >>cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA > >>Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 [cpm-t30] Peer > >>Connection Initiated with 1.2.3.4:5009 > >>Jul 30 22:29:11 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 MULTI: no > >>dynamic or static remote --ifconfig address is available for > >>cpm-t30/1.2.3.4:5009 Jul 30 22:31:59 knight openvpn[2844]: > >>cpm-t30/1.2.3.4:5009 MULTI: Learn: 00:ff:87:46:55:70 -> > >>cpm-t30/1.2.3.4:5009 > >>Jul 30 22:40:26 knight openvpn[2844]: cpmt40/1.2.3.4:15009 [cpmt40] > >>Inactivity timeout (--ping-restart), restarting > >>Jul 30 22:40:26 knight openvpn[2844]: cpmt40/1.2.3.4:15009 MULTI: > >>multi_close_instance called > >>Jul 30 22:40:27 knight openvpn[2844]: MULTI: multi_create_instance called > >>Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 Re-using SSL/TLS > >>context Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 LZO compression > >>initialized > >>Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 Control Channel MTU > >>parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ] > >>Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 Data Channel MTU parms > >>[ L:1578 D:1450 EF:46 EB:19 ET:32 EL:0 ] > >>Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 Fragmentation MTU parms > >>[ L:1578 D:1450 EF:45 EB:19 ET:33 EL:0 ] > >>Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 Local Options hash > >>(VER=V3): '72712ff8' > >>Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 Expected Remote Options > >>hash (VER=V3): 'bfef2756' > >>Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 TLS Error: Unknown data > >>channel key ID or IP address received from 1.2.3.4:15009: 0 (see FAQ for > >>more info on this error) > >>Jul 30 22:40:28 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 [cpm-t30] > >>Inactivity timeout (--ping-restart), restarting > >>Jul 30 22:40:28 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 MULTI: > >>multi_close_instance called > >>Jul 30 22:40:35 knight openvpn[2844]: MULTI: multi_create_instance called > >>Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 Re-using SSL/TLS context > >>Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 LZO compression > >>initialized > >>Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 Control Channel MTU > >>parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ] > >>Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 Data Channel MTU parms > >>[ L:1578 D:1450 EF:46 EB:19 ET:32 EL:0 ] > >>Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 Fragmentation MTU parms > >>[ L:1578 D:1450 EF:45 EB:19 ET:33 EL:0 ] > >>Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 Local Options hash > >>(VER=V3): '72712ff8' > >>Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 Expected Remote Options > >>hash (VER=V3): 'bfef2756' > >>Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 TLS: Initial packet from > >>1.2.3.4:5009, sid=bd8ac68d 6132a999 > >>Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:15009 TLS: Initial packet > >>from 1.2.3.4:15009, sid=eb68f5e7 29652858 > >>Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=2, > >>/OU=Security.Management/CN=Organizational.Root/emailAddress=erikba@teamwork > >>g roup.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham Jul 30 > >>22:40:37 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=1, > >>/OU=Security.Management/CN=OpenVPN.Access.CA/emailAddress=erikba@teamworkgr > >>o up.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham > >>Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=0, > >>/CN=cpm-t30/emailAddress=cpmonteiro@xxxxxxxxxxxxxxxxx/C=US/ST=Virginia/L=Al > >>e xandria/O=The.TeamWork.Group..Inc./OU=Security.Management > >>Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Encrypt: > >>Cipher 'BF-CBC' initialized with 128 bit key > >>Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Encrypt: > >>Using 160 bit message hash 'SHA1' for HMAC authentication > >>Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Decrypt: > >>Cipher 'BF-CBC' initialized with 128 bit key > >>Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Decrypt: > >>Using 160 bit message hash 'SHA1' for HMAC authentication > >>Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=2, > >>/OU=Security.Management/CN=Organizational.Root/emailAddress=erikba@teamwork > >>g roup.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham Jul 30 > >>22:40:37 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=1, > >>/OU=Security.Management/CN=OpenVPN.Access.CA/emailAddress=erikba@teamworkgr > >>o up.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham > >>Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=0, > >>/CN=cpmt40/emailAddress=cpmonteiro@xxxxxxxxxxxxxxxxx/C=US/ST=Virginia/L=Ale > >>x andria/O=The.TeamWork.Group..Inc./OU=Security.Management > >>Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 Control Channel: TLSv1, > >>cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA > >>Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 [cpm-t30] Peer > >>Connection Initiated with 1.2.3.4:15009 > >>Jul 30 22:40:37 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 MULTI: no > >>dynamic or static remote --ifconfig address is available for > >>cpm-t30/1.2.3.4:15009 > >>Jul 30 22:40:38 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Encrypt: > >>Cipher 'BF-CBC' initialized with 128 bit key > >>Jul 30 22:40:38 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Encrypt: > >>Using 160 bit message hash 'SHA1' for HMAC authentication > >>Jul 30 22:40:38 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Decrypt: > >>Cipher 'BF-CBC' initialized with 128 bit key > >>Jul 30 22:40:38 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Decrypt: > >>Using 160 bit message hash 'SHA1' for HMAC authentication > >>Jul 30 22:40:38 knight openvpn[2844]: 1.2.3.4:5009 Control Channel: TLSv1, > >>cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA > >>Jul 30 22:40:38 knight openvpn[2844]: 1.2.3.4:5009 [cpmt40] Peer Connection > >>Initiated with 1.2.3.4:5009 > >>Jul 30 22:40:38 knight openvpn[2844]: cpmt40/1.2.3.4:5009 MULTI: no dynamic > >>or static remote --ifconfig address is available for cpmt40/1.2.3.4:5009 > >>Jul 30 22:41:52 knight openvpn[2844]: cpmt40/1.2.3.4:5009 MULTI: Learn: > >>00:ff:86:0e:c0:45 -> cpmt40/1.2.3.4:5009 > >>Jul 30 22:41:59 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 MULTI: Learn: > >>00:ff:87:46:55:70 -> cpm-t30/1.2.3.4:15009 > >> > >> > >> > >>------------------------------------------------------- > >>This SF.Net email is sponsored by OSTG. Have you noticed the changes on > >>Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, > >>one more big change to announce. We are now OSTG- Open Source Technology > >>Group. Come see the changes on the new OSTG site. www.ostg.com > >>_______________________________________________ > >>Openvpn-users mailing list > >>Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > >>https://lists.sourceforge.net/lists/listinfo/openvpn-users > >> > >> > > > > > >------------------------------------------------------- > >This SF.Net email is sponsored by OSTG. Have you noticed the changes on > >Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, > >one more big change to announce. We are now OSTG- Open Source Technology > >Group. Come see the changes on the new OSTG site. www.ostg.com > >_______________________________________________ > >Openvpn-users mailing list > >Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > >https://lists.sourceforge.net/lists/listinfo/openvpn-users > > > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by OSTG. Have you noticed the changes on > Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, > one more big change to announce. We are now OSTG- Open Source Technology > Group. Come see the changes on the new OSTG site. www.ostg.com > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users > -- ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |