|
|
Sorry for another logfile analysis request, I would just appreciate some additional clarification/nuancing over this logfile sequence: Aug 9 17:33:58 knight openvpn[18671]: cpm-t30/1.2.3.4:5000 [cpm-t30] Inactivity timeout (--ping-restart), restarting Aug 9 17:33:58 knight openvpn[18671]: cpm-t30/1.2.3.4:5000 MULTI: multi_close_instance called Aug 9 17:34:09 knight openvpn[18671]: TLS Error: Unknown opcode (6) received from 1.2.3.4:5000 Aug 9 17:34:24 knight openvpn[18671]: TLS Error: Unknown opcode (6) received from 1.2.3.4:5000 Aug 9 17:34:40 knight openvpn[18671]: TLS Error: Unknown opcode (6) received from 1.2.3.4:5000 Aug 9 17:34:44 knight openvpn[18671]: MULTI: multi_create_instance called Thank you for your patience with this. I have discovered that only one OpenVPN client session can be established at a time from the network identified as IP address 1.2.3.4 above (the machine immediately stops responding to pings as soon as the second machine successfully logs in). I realize that my issues may not be technially be caused by OpenVPN, but the UDP protocol involved is definately causing some strange voodoo to occur. ----- Original Message ----- From: "James Yonan" <jim@xxxxxxxxx> To: "Erik Anderson" <erikba@xxxxxxxxxxxxxxxxx>; <openvpn-users@xxxxxxxxxxxxxxxxxxxxx> Sent: Sunday, August 01, 2004 10:14 PM Subject: Re: [Openvpn-users] trying to improve connection stability > Erik Anderson <erikba@xxxxxxxxxxxxxxxxx> said: > > > Okay, update on my situation (if helpful). Thank you for your support > > in helping to get this running more smoothly :-) > > > > There are two machines currently at the satellite office. I was > > concentrating on the more critical one which was having very bad > > connectivity issues. I had someone go over and restart the OpenVPN > > service and grab the logs, the connection improved and is now near > > 100%. The logs showed a connection failure once a minute (described > > below, I call this an "UNDEF timeout") > > The "UNDEF timeout" usually means that a client started the initial process of > authenticating with the server, but the handshake failed before it could be > completed for network reasons. The "UNDEF" means that the client common name > was undefined at the point that the server timed out and deleted the client > object instance. > > This usually indicates some kind of network or firewall problem. For example, > if the client was able to send UDP packets to the server, but the server was > not able to send UDP packets back to the client, you would see this behavior. > > James > > > The other machine (less critical at the moment) is from the server's > > perspective connecting once every ten minutes, grabbing an address off > > of the DHCP server (on the same machine as the OpenVPN server), and then > > disconnecting seconds later (timing out after about 30sec). I have > > asked for the logs from that machine, they also show this UNDEF timeout > > error. This error may indicate a simple failure to connect, but the > > only failure to connect errors I've seen so far are the "TLS key > > negotiation failure" and "IPv4 read failed: invalid argument"; I haven't > > seen this particular error before. > > > > Sun Aug 01 13:05:08 2004 Preserving previous TUN/TAP instance: VPN > > Sun Aug 01 13:05:08 2004 UDPv4 link local (bound): [undef]:5000 > > Sun Aug 01 13:05:08 2004 UDPv4 link remote: 2.3.4.5:5009 > > Sun Aug 01 13:05:53 2004 [UNDEF] Inactivity timeout (--ping-restart), > > restarting > > Sun Aug 01 13:05:53 2004 SIGUSR1[soft,ping-restart] received, process > > restarting > > Sun Aug 01 13:05:53 2004 Re-using SSL/TLS context > > Sun Aug 01 13:05:53 2004 LZO compression initialized > > Sun Aug 01 13:05:53 2004 Preserving previous TUN/TAP instance: VPN > > Sun Aug 01 13:05:53 2004 UDPv4 link local (bound): [undef]:5000 > > Sun Aug 01 13:05:53 2004 UDPv4 link remote: 2.3.4.5:5009 > > Sun Aug 01 13:06:39 2004 [UNDEF] Inactivity timeout (--ping-restart), > > restarting > > Sun Aug 01 13:06:39 2004 SIGUSR1[soft,ping-restart] received, process > > restarting > > Sun Aug 01 13:06:39 2004 Re-using SSL/TLS context > > Sun Aug 01 13:06:39 2004 LZO compression initialized > > Sun Aug 01 13:06:39 2004 Preserving previous TUN/TAP instance: VPN > > Sun Aug 01 13:06:39 2004 UDPv4 link local (bound): [undef]:5000 > > Sun Aug 01 13:06:39 2004 UDPv4 link remote: 2.3.4.5:5009 > > Sun Aug 01 13:07:24 2004 [UNDEF] Inactivity timeout (--ping-restart), > > restarting > > Sun Aug 01 13:07:24 2004 SIGUSR1[soft,ping-restart] received, process > > restarting > > Sun Aug 01 13:07:24 2004 Re-using SSL/TLS context > > Sun Aug 01 13:07:24 2004 LZO compression initialized > > Sun Aug 01 13:07:24 2004 Preserving previous TUN/TAP instance: VPN > > Sun Aug 01 13:07:24 2004 UDPv4 link local (bound): [undef]:5000 > > Sun Aug 01 13:07:24 2004 UDPv4 link remote: 2.3.4.5:5009 > > Sun Aug 01 13:08:09 2004 [UNDEF] Inactivity timeout (--ping-restart), > > restarting > > Sun Aug 01 13:08:09 2004 SIGUSR1[soft,ping-restart] received, process > > restarting > > Sun Aug 01 13:08:09 2004 Re-using SSL/TLS context > > Sun Aug 01 13:08:09 2004 LZO compression initialized > > Sun Aug 01 13:08:09 2004 Preserving previous TUN/TAP instance: VPN > > Sun Aug 01 13:08:09 2004 UDPv4 link local (bound): [undef]:5000 > > Sun Aug 01 13:08:09 2004 UDPv4 link remote: 2.3.4.5:5009 > > Sun Aug 01 13:08:55 2004 [UNDEF] Inactivity timeout (--ping-restart), > > restarting > > Sun Aug 01 13:08:55 2004 SIGUSR1[soft,ping-restart] received, process > > restarting > > Sun Aug 01 13:08:55 2004 Re-using SSL/TLS context > > Sun Aug 01 13:08:55 2004 LZO compression initialized > > Sun Aug 01 13:08:55 2004 Preserving previous TUN/TAP instance: VPN > > Sun Aug 01 13:08:55 2004 UDPv4 link local (bound): [undef]:5000 > > Sun Aug 01 13:08:55 2004 UDPv4 link remote: 2.3.4.5:5009 > > Sun Aug 01 13:09:40 2004 [UNDEF] Inactivity timeout (--ping-restart), > > restarting > > Sun Aug 01 13:09:40 2004 SIGUSR1[soft,ping-restart] received, process > > restarting > > Sun Aug 01 13:09:40 2004 Re-using SSL/TLS context > > Sun Aug 01 13:09:40 2004 LZO compression initialized > > Sun Aug 01 13:09:40 2004 Preserving previous TUN/TAP instance: VPN > > Sun Aug 01 13:09:40 2004 UDPv4 link local (bound): [undef]:5000 > > Sun Aug 01 13:09:40 2004 UDPv4 link remote: 2.3.4.5:5009 > > Sun Aug 01 13:09:43 2004 [knight] Peer Connection Initiated with > > 2.3.4.5:5009 > > > > James Yonan wrote: > > > > >On Saturday 31 July 2004 01:43, Erik Anderson wrote: > > > > > > > > >>I've been using OpenVPN to connect several machines, but I have been rathar > > >>concerned about stability, especially as it is necessary to maintain a > > >>stable connection between the VPN hub and a satellite machine on the other > > >>side of the country. The machine here is on a frac-T1 link, the satellite > > >>is on a DSL connection. > > >> > > >>I have recently (this afternoon) upgraded the satellite from 1.6, it is now > > >>running 2.0b8 against a 2.0b5 server (will upgrade soon), but now that it > > >>is connecting on the newer protocol (and I'm receiving hourly status > > >>reports) I'm seeing an awful lot of connection instabilities. Here's one > > >>excerpt from the logs. Note that the configuration files are nearly > > >>identical on both sides. > > >> > > >>I think part of me is wondering (1) is this normal and to be expected, and > > >>(2) if not, what are good ways to look at improving things. I have not had > > >>any significant problems with the actual connections themselves, So I don't > > >>believe this to be an MTU problem (at least not obviously). I had > > >>previously noticed that significant use of the VPN (remote desktop) would > > >>cause 10-min outages, but I believe that this was a rathar old router > > >>(which was replaced last week because of these strange outages) > > >> > > >>-- > > >> > > >>Security Events > > >>=-=-=-=-=-=-=-= > > >>Jul 30 22:15:52 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 > > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > > >> > > >> > > > > > >These messages (above) usually mean one of three things: > > > > > >(1) You are using different static or --tls-auth keys on both sides of the > > >connection. > > > > > >(2) Packets are getting corrupted somewhere. > > > > > >(3) OpenVPN is receiving packets sent by another program, not OpenVPN. > > > > > > > > > > > >>Jul 30 22:15:53 knight openvpn[2844]: cpmt40/1.2.3.4:15009 > > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > > >>Jul 30 22:16:08 knight openvpn[2844]: cpmt40/1.2.3.4:15009 > > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > > >>Jul 30 22:16:08 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 > > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > > >>Jul 30 22:16:22 knight openvpn[2844]: cpmt40/1.2.3.4:15009 > > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > > >>Jul 30 22:16:22 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 > > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > > >>Jul 30 22:25:57 knight qmail: 1091251557.952852 delivery 8598: deferral: > > >>Connected_to_68.6.19.3_but_sender_was_rejected./Remote_host_said:_450_Unab l > > >>e _to_find_aafinder.com/ > > >>Jul 30 22:27:49 knight openvpn[2844]: cpmt40/1.2.3.4:5009 > > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > > >>Jul 30 22:27:55 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 > > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > > >>Jul 30 22:28:05 knight openvpn[2844]: cpmt40/1.2.3.4:5009 > > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > > >>Jul 30 22:28:10 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 > > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > > >>Jul 30 22:39:55 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 > > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > > >>Jul 30 22:39:56 knight openvpn[2844]: cpmt40/1.2.3.4:15009 > > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > > >>Jul 30 22:40:11 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 > > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > > >>Jul 30 22:40:12 knight openvpn[2844]: cpmt40/1.2.3.4:15009 > > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > > >>Jul 30 22:40:26 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 > > >>Authenticate/Decrypt packet error: packet HMAC authentication failed > > >> > > >>System Events > > >>=-=-=-=-=-=-= > > >>Jul 30 22:16:24 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 [cpm-t30] > > >>Inactivity timeout (--ping-restart), restarting > > >>Jul 30 22:16:24 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 MULTI: > > >>multi_close_instance called > > >>Jul 30 22:16:33 knight openvpn[2844]: MULTI: multi_create_instance called > > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 Re-using SSL/TLS context > > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 LZO compression > > >>initialized > > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 Control Channel MTU > > >>parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ] > > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 Data Channel MTU parms > > >>[ L:1578 D:1450 EF:46 EB:19 ET:32 EL:0 ] > > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 Fragmentation MTU parms > > >>[ L:1578 D:1450 EF:45 EB:19 ET:33 EL:0 ] > > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 Local Options hash > > >>(VER=V3): '72712ff8' > > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 Expected Remote Options > > >>hash (VER=V3): 'bfef2756' > > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:5009 TLS: Initial packet from > > >>1.2.3.4:5009, sid=88ca26cf 25b307e0 > > >>Jul 30 22:16:33 knight openvpn[2844]: MULTI: multi_create_instance called > > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 Re-using SSL/TLS > > >>context Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 LZO compression > > >>initialized > > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 Control Channel MTU > > >>parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ] > > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 Data Channel MTU parms > > >>[ L:1578 D:1450 EF:46 EB:19 ET:32 EL:0 ] > > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 Fragmentation MTU parms > > >>[ L:1578 D:1450 EF:45 EB:19 ET:33 EL:0 ] > > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 Local Options hash > > >>(VER=V3): '72712ff8' > > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 Expected Remote Options > > >>hash (VER=V3): 'bfef2756' > > >>Jul 30 22:16:33 knight openvpn[2844]: 1.2.3.4:15009 TLS: Initial packet > > >>from 1.2.3.4:15009, sid=418ede80 9d15316a > > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=2, > > >>/OU=Security.Management/CN=Organizational.Root/emailAddress=erikba@teamwor k > > >>g roup.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham Jul 30 > > >>22:16:36 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=1, > > >>/OU=Security.Management/CN=OpenVPN.Access.CA/emailAddress=erikba@teamworkg r > > >>o up.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham > > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=0, > > >>/CN=cpm-t30/emailAddress=cpmonteiro@xxxxxxxxxxxxxxxxx/C=US/ST=Virginia/L=A l > > >>e xandria/O=The.TeamWork.Group..Inc./OU=Security.Management > > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=2, > > >>/OU=Security.Management/CN=Organizational.Root/emailAddress=erikba@teamwor k > > >>g roup.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham Jul 30 > > >>22:16:36 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=1, > > >>/OU=Security.Management/CN=OpenVPN.Access.CA/emailAddress=erikba@teamworkg r > > >>o up.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham > > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=0, > > >>/CN=cpmt40/emailAddress=cpmonteiro@xxxxxxxxxxxxxxxxx/C=US/ST=Virginia/L=Al e > > >>x andria/O=The.TeamWork.Group..Inc./OU=Security.Management > > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Encrypt: > > >>Cipher 'BF-CBC' initialized with 128 bit key > > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Encrypt: > > >>Using 160 bit message hash 'SHA1' for HMAC authentication > > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Decrypt: > > >>Cipher 'BF-CBC' initialized with 128 bit key > > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Decrypt: > > >>Using 160 bit message hash 'SHA1' for HMAC authentication > > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 Control Channel: TLSv1, > > >>cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA > > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:15009 [cpm-t30] Peer > > >>Connection Initiated with 1.2.3.4:15009 > > >>Jul 30 22:16:36 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 MULTI: no > > >>dynamic or static remote --ifconfig address is available for > > >>cpm-t30/1.2.3.4:15009 > > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Encrypt: > > >>Cipher 'BF-CBC' initialized with 128 bit key > > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Encrypt: > > >>Using 160 bit message hash 'SHA1' for HMAC authentication > > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Decrypt: > > >>Cipher 'BF-CBC' initialized with 128 bit key > > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Decrypt: > > >>Using 160 bit message hash 'SHA1' for HMAC authentication > > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 Control Channel: TLSv1, > > >>cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA > > >>Jul 30 22:16:36 knight openvpn[2844]: 1.2.3.4:5009 [cpmt40] Peer Connection > > >>Initiated with 1.2.3.4:5009 > > >>Jul 30 22:16:36 knight openvpn[2844]: cpmt40/1.2.3.4:5009 MULTI: no dynamic > > >>or static remote --ifconfig address is available for cpmt40/1.2.3.4:5009 > > >>Jul 30 22:16:58 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 MULTI: Learn: > > >>00:ff:87:46:55:70 -> cpm-t30/1.2.3.4:15009 > > >>Jul 30 22:17:51 knight openvpn[2844]: cpmt40/1.2.3.4:5009 MULTI: Learn: > > >>00:ff:86:0e:c0:45 -> cpmt40/1.2.3.4:5009 > > >>Jul 30 22:28:18 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 [cpm-t30] > > >>Inactivity timeout (--ping-restart), restarting > > >>Jul 30 22:28:18 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 MULTI: > > >>multi_close_instance called > > >>Jul 30 22:28:21 knight openvpn[2844]: cpmt40/1.2.3.4:5009 TLS: new session > > >>incoming connection from 1.2.3.4:5009 > > >>Jul 30 22:28:21 knight openvpn[2844]: MULTI: multi_create_instance called > > >>Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 Re-using SSL/TLS > > >>context Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 LZO compression > > >>initialized > > >>Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 Control Channel MTU > > >>parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ] > > >>Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 Data Channel MTU parms > > >>[ L:1578 D:1450 EF:46 EB:19 ET:32 EL:0 ] > > >>Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 Fragmentation MTU parms > > >>[ L:1578 D:1450 EF:45 EB:19 ET:33 EL:0 ] > > >>Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 Local Options hash > > >>(VER=V3): '72712ff8' > > >>Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 Expected Remote Options > > >>hash (VER=V3): 'bfef2756' > > >>Jul 30 22:28:21 knight openvpn[2844]: 1.2.3.4:15009 TLS: Initial packet > > >>from 1.2.3.4:15009, sid=0d8c60b8 ea61aef8 > > >>Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=2, > > >>/OU=Security.Management/CN=Organizational.Root/emailAddress=erikba@teamwor k > > >>g roup.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham Jul 30 > > >>22:28:24 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=1, > > >>/OU=Security.Management/CN=OpenVPN.Access.CA/emailAddress=erikba@teamworkg r > > >>o up.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham > > >>Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=0, > > >>/CN=cpmt40/emailAddress=cpmonteiro@xxxxxxxxxxxxxxxxx/C=US/ST=Virginia/L=Al e > > >>x andria/O=The.TeamWork.Group..Inc./OU=Security.Management > > >>Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Encrypt: > > >>Cipher 'BF-CBC' initialized with 128 bit key > > >>Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Encrypt: > > >>Using 160 bit message hash 'SHA1' for HMAC authentication > > >>Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Decrypt: > > >>Cipher 'BF-CBC' initialized with 128 bit key > > >>Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Decrypt: > > >>Using 160 bit message hash 'SHA1' for HMAC authentication > > >>Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 Control Channel: TLSv1, > > >>cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA > > >>Jul 30 22:28:24 knight openvpn[2844]: 1.2.3.4:15009 [cpmt40] Peer > > >>Connection Initiated with 1.2.3.4:15009 > > >>Jul 30 22:28:24 knight openvpn[2844]: cpmt40/1.2.3.4:15009 MULTI: > > >>multi_close_instance called > > >>Jul 30 22:28:24 knight openvpn[2844]: MULTI: no dynamic or static > > >>remote --ifconfig address is available for cpmt40/1.2.3.4:15009 > > >> > > >> > > > > > >This may be the problem (above). Unless you're using DHCP or not interested > > >in tunneling the IP protocol, make sure that the OpenVPN server has enough > > >information so that it can push a virtual address (or ifconfig address) to > > >the client. Normally, that means using either --ifconfig-pool, DHCP, or > > >fixed IPs assigned to specific client certificates using --ifconfig-push. > > > > > >James > > > > > > > > > > > >>Jul 30 22:28:48 knight openvpn[2844]: cpmt40/1.2.3.4:15009 MULTI: Learn: > > >>00:ff:86:0e:c0:45 -> cpmt40/1.2.3.4:15009 > > >>Jul 30 22:29:08 knight openvpn[2844]: MULTI: multi_create_instance called > > >>Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 Re-using SSL/TLS context > > >>Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 LZO compression > > >>initialized > > >>Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 Control Channel MTU > > >>parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ] > > >>Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 Data Channel MTU parms > > >>[ L:1578 D:1450 EF:46 EB:19 ET:32 EL:0 ] > > >>Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 Fragmentation MTU parms > > >>[ L:1578 D:1450 EF:45 EB:19 ET:33 EL:0 ] > > >>Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 Local Options hash > > >>(VER=V3): '72712ff8' > > >>Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 Expected Remote Options > > >>hash (VER=V3): 'bfef2756' > > >>Jul 30 22:29:08 knight openvpn[2844]: 1.2.3.4:5009 TLS: Initial packet from > > >>1.2.3.4:5009, sid=d5e53b24 fb1a75b4 > > >>Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=2, > > >>/OU=Security.Management/CN=Organizational.Root/emailAddress=erikba@teamwor k > > >>g roup.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham Jul 30 > > >>22:29:11 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=1, > > >>/OU=Security.Management/CN=OpenVPN.Access.CA/emailAddress=erikba@teamworkg r > > >>o up.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham > > >>Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=0, > > >>/CN=cpm-t30/emailAddress=cpmonteiro@xxxxxxxxxxxxxxxxx/C=US/ST=Virginia/L=A l > > >>e xandria/O=The.TeamWork.Group..Inc./OU=Security.Management > > >>Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Encrypt: > > >>Cipher 'BF-CBC' initialized with 128 bit key > > >>Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Encrypt: > > >>Using 160 bit message hash 'SHA1' for HMAC authentication > > >>Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Decrypt: > > >>Cipher 'BF-CBC' initialized with 128 bit key > > >>Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Decrypt: > > >>Using 160 bit message hash 'SHA1' for HMAC authentication > > >>Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 Control Channel: TLSv1, > > >>cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA > > >>Jul 30 22:29:11 knight openvpn[2844]: 1.2.3.4:5009 [cpm-t30] Peer > > >>Connection Initiated with 1.2.3.4:5009 > > >>Jul 30 22:29:11 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 MULTI: no > > >>dynamic or static remote --ifconfig address is available for > > >>cpm-t30/1.2.3.4:5009 Jul 30 22:31:59 knight openvpn[2844]: > > >>cpm-t30/1.2.3.4:5009 MULTI: Learn: 00:ff:87:46:55:70 -> > > >>cpm-t30/1.2.3.4:5009 > > >>Jul 30 22:40:26 knight openvpn[2844]: cpmt40/1.2.3.4:15009 [cpmt40] > > >>Inactivity timeout (--ping-restart), restarting > > >>Jul 30 22:40:26 knight openvpn[2844]: cpmt40/1.2.3.4:15009 MULTI: > > >>multi_close_instance called > > >>Jul 30 22:40:27 knight openvpn[2844]: MULTI: multi_create_instance called > > >>Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 Re-using SSL/TLS > > >>context Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 LZO compression > > >>initialized > > >>Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 Control Channel MTU > > >>parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ] > > >>Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 Data Channel MTU parms > > >>[ L:1578 D:1450 EF:46 EB:19 ET:32 EL:0 ] > > >>Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 Fragmentation MTU parms > > >>[ L:1578 D:1450 EF:45 EB:19 ET:33 EL:0 ] > > >>Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 Local Options hash > > >>(VER=V3): '72712ff8' > > >>Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 Expected Remote Options > > >>hash (VER=V3): 'bfef2756' > > >>Jul 30 22:40:27 knight openvpn[2844]: 1.2.3.4:15009 TLS Error: Unknown data > > >>channel key ID or IP address received from 1.2.3.4:15009: 0 (see FAQ for > > >>more info on this error) > > >>Jul 30 22:40:28 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 [cpm-t30] > > >>Inactivity timeout (--ping-restart), restarting > > >>Jul 30 22:40:28 knight openvpn[2844]: cpm-t30/1.2.3.4:5009 MULTI: > > >>multi_close_instance called > > >>Jul 30 22:40:35 knight openvpn[2844]: MULTI: multi_create_instance called > > >>Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 Re-using SSL/TLS context > > >>Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 LZO compression > > >>initialized > > >>Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 Control Channel MTU > > >>parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ] > > >>Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 Data Channel MTU parms > > >>[ L:1578 D:1450 EF:46 EB:19 ET:32 EL:0 ] > > >>Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 Fragmentation MTU parms > > >>[ L:1578 D:1450 EF:45 EB:19 ET:33 EL:0 ] > > >>Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 Local Options hash > > >>(VER=V3): '72712ff8' > > >>Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 Expected Remote Options > > >>hash (VER=V3): 'bfef2756' > > >>Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:5009 TLS: Initial packet from > > >>1.2.3.4:5009, sid=bd8ac68d 6132a999 > > >>Jul 30 22:40:35 knight openvpn[2844]: 1.2.3.4:15009 TLS: Initial packet > > >>from 1.2.3.4:15009, sid=eb68f5e7 29652858 > > >>Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=2, > > >>/OU=Security.Management/CN=Organizational.Root/emailAddress=erikba@teamwor k > > >>g roup.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham Jul 30 > > >>22:40:37 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=1, > > >>/OU=Security.Management/CN=OpenVPN.Access.CA/emailAddress=erikba@teamworkg r > > >>o up.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham > > >>Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 VERIFY OK: depth=0, > > >>/CN=cpm-t30/emailAddress=cpmonteiro@xxxxxxxxxxxxxxxxx/C=US/ST=Virginia/L=A l > > >>e xandria/O=The.TeamWork.Group..Inc./OU=Security.Management > > >>Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Encrypt: > > >>Cipher 'BF-CBC' initialized with 128 bit key > > >>Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Encrypt: > > >>Using 160 bit message hash 'SHA1' for HMAC authentication > > >>Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Decrypt: > > >>Cipher 'BF-CBC' initialized with 128 bit key > > >>Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 Data Channel Decrypt: > > >>Using 160 bit message hash 'SHA1' for HMAC authentication > > >>Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=2, > > >>/OU=Security.Management/CN=Organizational.Root/emailAddress=erikba@teamwor k > > >>g roup.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham Jul 30 > > >>22:40:37 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=1, > > >>/OU=Security.Management/CN=OpenVPN.Access.CA/emailAddress=erikba@teamworkg r > > >>o up.com/O=The.TeamWork.Group..Inc./C=US/ST=Washington/L=Bellingham > > >>Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:5009 VERIFY OK: depth=0, > > >>/CN=cpmt40/emailAddress=cpmonteiro@xxxxxxxxxxxxxxxxx/C=US/ST=Virginia/L=Al e > > >>x andria/O=The.TeamWork.Group..Inc./OU=Security.Management > > >>Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 Control Channel: TLSv1, > > >>cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA > > >>Jul 30 22:40:37 knight openvpn[2844]: 1.2.3.4:15009 [cpm-t30] Peer > > >>Connection Initiated with 1.2.3.4:15009 > > >>Jul 30 22:40:37 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 MULTI: no > > >>dynamic or static remote --ifconfig address is available for > > >>cpm-t30/1.2.3.4:15009 > > >>Jul 30 22:40:38 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Encrypt: > > >>Cipher 'BF-CBC' initialized with 128 bit key > > >>Jul 30 22:40:38 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Encrypt: > > >>Using 160 bit message hash 'SHA1' for HMAC authentication > > >>Jul 30 22:40:38 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Decrypt: > > >>Cipher 'BF-CBC' initialized with 128 bit key > > >>Jul 30 22:40:38 knight openvpn[2844]: 1.2.3.4:5009 Data Channel Decrypt: > > >>Using 160 bit message hash 'SHA1' for HMAC authentication > > >>Jul 30 22:40:38 knight openvpn[2844]: 1.2.3.4:5009 Control Channel: TLSv1, > > >>cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA > > >>Jul 30 22:40:38 knight openvpn[2844]: 1.2.3.4:5009 [cpmt40] Peer Connection > > >>Initiated with 1.2.3.4:5009 > > >>Jul 30 22:40:38 knight openvpn[2844]: cpmt40/1.2.3.4:5009 MULTI: no dynamic > > >>or static remote --ifconfig address is available for cpmt40/1.2.3.4:5009 > > >>Jul 30 22:41:52 knight openvpn[2844]: cpmt40/1.2.3.4:5009 MULTI: Learn: > > >>00:ff:86:0e:c0:45 -> cpmt40/1.2.3.4:5009 > > >>Jul 30 22:41:59 knight openvpn[2844]: cpm-t30/1.2.3.4:15009 MULTI: Learn: > > >>00:ff:87:46:55:70 -> cpm-t30/1.2.3.4:15009 > > >> > > >> > > >> > > >>------------------------------------------------------- > > >>This SF.Net email is sponsored by OSTG. Have you noticed the changes on > > >>Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, > > >>one more big change to announce. We are now OSTG- Open Source Technology > > >>Group. Come see the changes on the new OSTG site. www.ostg.com > > >>_______________________________________________ > > >>Openvpn-users mailing list > > >>Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > > >>https://lists.sourceforge.net/lists/listinfo/openvpn-users > > >> > > >> > > > > > > > > >------------------------------------------------------- > > >This SF.Net email is sponsored by OSTG. Have you noticed the changes on > > >Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, > > >one more big change to announce. We are now OSTG- Open Source Technology > > >Group. Come see the changes on the new OSTG site. www.ostg.com > > >_______________________________________________ > > >Openvpn-users mailing list > > >Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > > >https://lists.sourceforge.net/lists/listinfo/openvpn-users > > > > > > > > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by OSTG. Have you noticed the changes on > > Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, > > one more big change to announce. We are now OSTG- Open Source Technology > > Group. Come see the changes on the new OSTG site. www.ostg.com > > _______________________________________________ > > Openvpn-users mailing list > > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > > https://lists.sourceforge.net/lists/listinfo/openvpn-users > > > > > > -- > > > ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |