OpenVPN n2n / site 2 site feature broken

General questions.
Post Reply
schories
Posts: 6
Joined: April 15th, 2019, 7:07 am

OpenVPN n2n / site 2 site feature broken

Post by schories » April 15th, 2019, 7:16 am

Dear experts,

for many years I successfully used IPFire to connect 2 school locations using n2n. However, this feature is currently (release 129) broken.

Even after

- deleting all config and certs on both IPFire systems
- creating new certs and a new n2n setup

the n2n seems to connect but ends up in a "reconnect" loop because of "inactivity":

MANAGEMENT: Client disconnected
[UNDEF] Inactivity timeout (--ping-restart), restarting
SIGUSR1[soft,ping-restart] received, process restarting

Both systems use public static IPv4 addresses. Also after setting loglevel to 5 no obvious errors or other issues are visible.

I spent a lot of Sunday debugging and reconfiguring from scratch - with no luck.

Any help highly appreciated..

Thanks

:-)

User avatar
MichaelTremer
Core Developer
Core Developer
Posts: 5739
Joined: August 11th, 2005, 9:02 am

Re: OpenVPN n2n / site 2 site feature broken

Post by MichaelTremer » April 16th, 2019, 4:10 pm

You got any more logs and configuration?
Support the project with our Donation Challenge!

Get Commercial Support for IPFire and more from Lightning Wire Labs!

Image

schories
Posts: 6
Joined: April 15th, 2019, 7:07 am

Re: OpenVPN n2n / site 2 site feature broken

Post by schories » April 19th, 2019, 5:41 pm

- OpenVPN works for RoadWarriors. But not n2n.
- Tried IPSec n2n also doesn't work.

OpenVPN n2n "server" conf:

Code: Select all

# IPFire n2n Open VPN Server Config by ummeegge und m.a.d

# User Security
user nobody
group nobody
persist-tun
persist-key
script-security 2
# IP/DNS for remote Server Gateway
remote hq.xxx.yyy
float
# IP adresses of the VPN Subnet
ifconfig 10.100.100.1 10.100.100.2
# Client Gateway Network
route 192.168.101.0 255.255.255.0
up "/etc/init.d/static-routes start"
# tun Device
dev tun
#Logfile for statistics
status-version 1
status /var/run/openvpn/dc1tohq-n2n 10
# Port and Protokol
port 1195
proto udp
# Paketsize
tun-mtu 1500
fragment 1300
mssfix
# Auth. Server
tls-server
ca /var/ipfire/ovpn/ca/cacert.pem
cert /var/ipfire/ovpn/certs/servercert.pem
key /var/ipfire/ovpn/certs/serverkey.pem
dh /var/ipfire/ovpn/ca/dh1024.pem
# Cipher
cipher AES-256-CBC
# HMAC algorithm
auth SHA512
# Debug Level
verb 3
# Tunnel check
keepalive 10 60
# Start as daemon
daemon dc1tohqn2n
writepid /var/run/dc1tohqn2n.pid
# Activate Management Interface and Port
management localhost 1195
OpenVPN n2n "client" conf:

Code: Select all

# IPFire n2n Open VPN Client Config by ummeegge und m.a.d
#
# User Security
user nobody
group nobody
persist-tun
persist-key
script-security 2
# IP/DNS for remote Server Gateway
remote dc1.xxx.yyy
float
# IP adresses of the VPN Subnet
ifconfig 10.100.100.2 10.100.100.1
# Server Gateway Network
route 192.168.102.0 255.255.255.0
# tun Device
dev tun
#Logfile for statistics
status-version 1
status /var/run/openvpn/-n2n 10
# Port and Protokoll
port 1195
proto udp
# Paketsize
tun-mtu 1500
fragment 1300
mssfix
remote-cert-tls server
# Auth. Client
tls-client
# Cipher
cipher AES-256-CBC
pkcs12 /var/ipfire/ovpn/certs/dc1tohq.p12
# HMAC algorithm
auth SHA512
# Debug Level
verb 3
# Tunnel check
keepalive 10 60
# Start as daemon
daemon dc1tohqn2n
writepid /var/run/dc1tohqn2n.pid
# Activate Management Interface and Port
management localhost 1195
# remsub 192.168.101.0/255.255.255.0
# Logfile
status-version 1
status /var/run/openvpn/dc1tohq-n2n 10
Last edited by schories on April 19th, 2019, 6:18 pm, edited 2 times in total.

schories
Posts: 6
Joined: April 15th, 2019, 7:07 am

Re: OpenVPN n2n / site 2 site feature broken

Post by schories » April 19th, 2019, 5:48 pm

Log on OpenVPN "server".

Code: Select all

20:04:46	dc1tohqn2n[20116]: 	Restart pause, 300 second(s)
20:04:46	dc1tohqn2n[20116]: 	SIGUSR1[soft,ping-restart] received, process restarting
20:04:46	dc1tohqn2n[20116]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
20:04:23	dc1tohqn2n[20116]: 	MANAGEMENT: Client disconnected
20:04:22	dc1tohqn2n[20116]: 	MANAGEMENT: CMD 'state'
20:04:22	dc1tohqn2n[20116]: 	MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1195
20:03:46	dc1tohqn2n[20116]: 	UDP link remote: [AF_INET]eee.fff.ggg.hhh:1195
20:03:46	dc1tohqn2n[20116]: 	UDP link local (bound): [AF_INET]aaa.bbb.ccc.ddd:1195
20:03:46	dc1tohqn2n[20116]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
20:03:46	dc1tohqn2n[20116]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]eee.fff.ggg.hhh:1195
20:03:46	dc1tohqn2n[20116]: 	Preserving previous TUN/TAP instance: tun1
20:03:45	dc1tohqn2n[20116]: 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19:58:45	dc1tohqn2n[20116]: 	Restart pause, 300 second(s)
19:58:45	dc1tohqn2n[20116]: 	SIGUSR1[soft,ping-restart] received, process restarting
19:58:45	dc1tohqn2n[20116]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
19:57:45	dc1tohqn2n[20116]: 	UDP link remote: [AF_INET]eee.fff.ggg.hhh:1195
19:57:45	dc1tohqn2n[20116]: 	UDP link local (bound): [AF_INET]aaa.bbb.ccc.ddd:1195
19:57:45	dc1tohqn2n[20116]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:57:45	dc1tohqn2n[20116]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]eee.fff.ggg.hhh:1195
19:57:45	dc1tohqn2n[20116]: 	Preserving previous TUN/TAP instance: tun1
19:57:45	dc1tohqn2n[20116]: 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19:55:05	dc1tohqn2n[20116]: 	Restart pause, 160 second(s)
19:55:05	dc1tohqn2n[20116]: 	SIGUSR1[soft,ping-restart] received, process restarting
19:55:05	dc1tohqn2n[20116]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
19:54:04	dc1tohqn2n[20116]: 	UDP link remote: [AF_INET]eee.fff.ggg.hhh:1195
19:54:04	dc1tohqn2n[20116]: 	UDP link local (bound): [AF_INET]aaa.bbb.ccc.ddd:1195
19:54:04	dc1tohqn2n[20116]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:54:04	dc1tohqn2n[20116]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]eee.fff.ggg.hhh:1195
19:54:04	dc1tohqn2n[20116]: 	Preserving previous TUN/TAP instance: tun1
19:54:04	dc1tohqn2n[20116]: 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19:52:44	dc1tohqn2n[20116]: 	Restart pause, 80 second(s)
19:52:44	dc1tohqn2n[20116]: 	SIGUSR1[soft,ping-restart] received, process restarting
19:52:44	dc1tohqn2n[20116]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
19:51:44	dc1tohqn2n[20116]: 	UDP link remote: [AF_INET]eee.fff.ggg.hhh:1195
19:51:44	dc1tohqn2n[20116]: 	UDP link local (bound): [AF_INET]aaa.bbb.ccc.ddd:1195
19:51:44	dc1tohqn2n[20116]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:51:44	dc1tohqn2n[20116]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]eee.fff.ggg.hhh:1195
19:51:44	dc1tohqn2n[20116]: 	Preserving previous TUN/TAP instance: tun1
19:51:44	dc1tohqn2n[20116]: 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19:51:04	dc1tohqn2n[20116]: 	Restart pause, 40 second(s)
19:51:04	dc1tohqn2n[20116]: 	SIGUSR1[soft,ping-restart] received, process restarting
19:51:04	dc1tohqn2n[20116]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
19:50:04	dc1tohqn2n[20116]: 	UDP link remote: [AF_INET]eee.fff.ggg.hhh:1195
19:50:04	dc1tohqn2n[20116]: 	UDP link local (bound): [AF_INET]aaa.bbb.ccc.ddd:1195
19:50:04	dc1tohqn2n[20116]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:50:04	dc1tohqn2n[20116]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]eee.fff.ggg.hhh:1195
19:50:04	dc1tohqn2n[20116]: 	Preserving previous TUN/TAP instance: tun1
19:50:04	dc1tohqn2n[20116]: 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19:49:44	dc1tohqn2n[20116]: 	Restart pause, 20 second(s)
19:49:44	dc1tohqn2n[20116]: 	SIGUSR1[soft,ping-restart] received, process restarting
19:49:44	dc1tohqn2n[20116]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
19:48:44	dc1tohqn2n[20116]: 	UDP link remote: [AF_INET]eee.fff.ggg.hhh:1195
19:48:44	dc1tohqn2n[20116]: 	UDP link local (bound): [AF_INET]aaa.bbb.ccc.ddd:1195
19:48:44	dc1tohqn2n[20116]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:48:44	dc1tohqn2n[20116]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]eee.fff.ggg.hhh:1195
19:48:44	dc1tohqn2n[20116]: 	Preserving previous TUN/TAP instance: tun1
19:48:44	dc1tohqn2n[20116]: 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19:48:34	dc1tohqn2n[20116]: 	Restart pause, 10 second(s)
19:48:34	dc1tohqn2n[20116]: 	SIGUSR1[soft,ping-restart] received, process restarting
19:48:34	dc1tohqn2n[20116]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
19:47:34	dc1tohqn2n[20116]: 	UDP link remote: [AF_INET]eee.fff.ggg.hhh:1195
19:47:34	dc1tohqn2n[20116]: 	UDP link local (bound): [AF_INET]aaa.bbb.ccc.ddd:1195
19:47:34	dc1tohqn2n[20116]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:47:34	dc1tohqn2n[20116]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]eee.fff.ggg.hhh:1195
19:47:34	dc1tohqn2n[20116]: 	Preserving previous TUN/TAP instance: tun1
19:47:34	dc1tohqn2n[20116]: 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19:47:29	dc1tohqn2n[20116]: 	Restart pause, 5 second(s)
19:47:29	dc1tohqn2n[20116]: 	SIGUSR1[soft,ping-restart] received, process restarting
19:47:29	dc1tohqn2n[20116]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
19:46:29	dc1tohqn2n[20116]: 	UDP link remote: [AF_INET]eee.fff.ggg.hhh:1195
19:46:29	dc1tohqn2n[20116]: 	UDP link local (bound): [AF_INET]aaa.bbb.ccc.ddd:1195
19:46:29	dc1tohqn2n[20116]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:46:29	dc1tohqn2n[20116]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]eee.fff.ggg.hhh:1195
19:46:29	dc1tohqn2n[20116]: 	Preserving previous TUN/TAP instance: tun1
19:46:29	dc1tohqn2n[20116]: 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19:46:24	dc1tohqn2n[20116]: 	Restart pause, 5 second(s)
19:46:24	dc1tohqn2n[20116]: 	SIGUSR1[soft,ping-restart] received, process restarting
19:46:24	dc1tohqn2n[20116]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
19:45:24	dc1tohqn2n[20116]: 	UDP link remote: [AF_INET]eee.fff.ggg.hhh:1195
19:45:24	dc1tohqn2n[20116]: 	UDP link local (bound): [AF_INET]aaa.bbb.ccc.ddd:1195
19:45:24	dc1tohqn2n[20116]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:45:24	dc1tohqn2n[20116]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]eee.fff.ggg.hhh:1195
19:45:24	dc1tohqn2n[20116]: 	Preserving previous TUN/TAP instance: tun1
19:45:24	dc1tohqn2n[20116]: 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19:45:19	dc1tohqn2n[20116]: 	Restart pause, 5 second(s)
19:45:19	dc1tohqn2n[20116]: 	SIGUSR1[soft,ping-restart] received, process restarting
19:45:19	dc1tohqn2n[20116]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
19:44:19	dc1tohqn2n[20116]: 	UDP link remote: [AF_INET]eee.fff.ggg.hhh:1195
19:44:19	dc1tohqn2n[20116]: 	UDP link local (bound): [AF_INET]aaa.bbb.ccc.ddd:1195
19:44:19	dc1tohqn2n[20116]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:44:19	dc1tohqn2n[20116]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]eee.fff.ggg.hhh:1195
19:44:19	dc1tohqn2n[20116]: 	Preserving previous TUN/TAP instance: tun1
19:44:19	dc1tohqn2n[20116]: 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19:44:14	dc1tohqn2n[20116]: 	Restart pause, 5 second(s)
19:44:14	dc1tohqn2n[20116]: 	SIGUSR1[soft,ping-restart] received, process restarting
19:44:14	dc1tohqn2n[20116]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
19:43:17	dc1tohqn2n[20116]: 	MANAGEMENT: Client disconnected
19:43:17	dc1tohqn2n[20116]: 	MANAGEMENT: CMD 'state'
19:43:17	dc1tohqn2n[20116]: 	MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1195
19:43:14	dc1tohqn2n[20116]: 	UID set to nobody
19:43:14	dc1tohqn2n[20116]: 	GID set to nobody
19:43:14	dc1tohqn2n[20116]: 	UDP link remote: [AF_INET]eee.fff.ggg.hhh:1195
19:43:14	dc1tohqn2n[20116]: 	UDP link local (bound): [AF_INET]aaa.bbb.ccc.ddd:1195
19:43:14	dc1tohqn2n[20116]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:43:14	dc1tohqn2n[20116]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]eee.fff.ggg.hhh:1195
19:43:14	dc1tohqn2n[20116]: 	/sbin/ip route add 192.168.101.0/24 via 10.100.100.2
19:43:14	dc1tohqn2n[20116]: 	/etc/init.d/static-routes start tun1 1500 1605 10.100.100.1 10.100.100.2 init
19:43:14	dc1tohqn2n[20116]: 	/sbin/ip addr add dev tun1 local 10.100.100.1 peer 10.100.100.2
19:43:14	dc1tohqn2n[20116]: 	/sbin/ip link set dev tun1 up mtu 1500
19:43:14	dc1tohqn2n[20116]: 	TUN/TAP TX queue length set to 100
19:43:14	dc1tohqn2n[20116]: 	TUN/TAP device tun1 opened
19:43:14	dc1tohqn2n[20116]: 	ROUTE_GATEWAY 89.19.227.65/255.255.255.224 IFACE=red0 HWADDR=fe:13:64:52:18:a0
19:43:14	dc1tohqn2n[20116]: 	Diffie-Hellman initialized with 4096 bit key
19:43:14	dc1tohqn2n[20116]: 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19:43:14	dc1tohqn2n[20116]: 	MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1195
19:43:14	dc1tohqn2n[20115]: 	library versions: OpenSSL 1.1.1b 26 Feb 2019, LZO 2.09
19:43:14	dc1tohqn2n[20115]: 	OpenVPN 2.4.7 i586-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 14 2019
19:43:14	dc1tohqn2n[20115]: 	WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discoura ged and considered insecure
19:43:14	dc1tohqn2n[20115]: 	disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
19:43:10	openvpnserver[20034]: 	Initialization Sequence Completed
19:43:10	openvpnserver[20034]: 	IFCONFIG POOL LIST
19:43:10	openvpnserver[20034]: 	IFCONFIG POOL: base=10.142.66.4 size=62, ipv6=0
19:43:10	openvpnserver[20034]: 	MULTI: multi_init called, r=256 v=256
19:43:10	openvpnserver[20034]: 	UID set to nobody
19:43:10	openvpnserver[20034]: 	GID set to nobody
19:43:10	openvpnserver[20034]: 	UDPv4 link remote: [AF_UNSPEC]
19:43:10	openvpnserver[20034]: 	UDPv4 link local (bound): [AF_INET][undef]:1194
19:43:10	openvpnserver[20034]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:43:10	openvpnserver[20034]: 	Could not determine IPv4/IPv6 protocol. Using AF_INET
19:43:10	openvpnserver[20034]: 	Data Channel MTU parms [ L:1521 D:1450 EF:121 EB:389 ET:0 EL:3 ]
19:43:10	openvpnserver[20034]: 	/sbin/ip route add 10.142.66.0/24 via 10.142.66.2
19:43:10	openvpnserver[20034]: 	/sbin/ip route add 10.200.200.0/24 via 10.142.66.2
19:43:10	openvpnserver[20034]: 	/sbin/ip addr add dev tun0 local 10.142.66.1 peer 10.142.66.2
19:43:10	openvpnserver[20034]: 	/sbin/ip link set dev tun0 up mtu 1400
19:43:10	openvpnserver[20034]: 	do_ifconfig, tt->did_ifconfig_ipv6_setup=0
19:43:10	openvpnserver[20034]: 	TUN/TAP TX queue length set to 100
19:43:10	openvpnserver[20034]: 	TUN/TAP device tun0 opened
19:43:10	openvpnserver[20034]: 	ROUTE_GATEWAY 89.19.227.65/255.255.255.224 IFACE=red0 HWADDR=fe:13:64:52:18:a0
19:43:10	openvpnserver[20034]: 	TLS-Auth MTU parms [ L:1521 D:1140 EF:110 EB:0 ET:0 EL:3 ]
19:43:10	openvpnserver[20034]: 	WARNING: normally if you use --mssfix and/or --fragment, you should also set --t un-mtu 1500 (currently it is 1400)
19:43:10	openvpnserver[20034]: 	Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
19:43:10	openvpnserver[20034]: 	Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
19:43:10	openvpnserver[20034]: 	Diffie-Hellman initialized with 4096 bit key
19:43:10	openvpnserver[20034]: 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19:43:10	openvpnserver[20033]: 	library versions: OpenSSL 1.1.1b 26 Feb 2019, LZO 2.09
19:43:10	openvpnserver[20033]: 	OpenVPN 2.4.7 i586-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 14 2019
19:43:10	openvpnserver[20033]: 	auth_user_pass_file = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	pull = DISABLED
19:43:10	openvpnserver[20033]: 	client = DISABLED
19:43:10	openvpnserver[20033]: 	port_share_port = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	port_share_host = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	auth_token_lifetime = 0
19:43:10	openvpnserver[20033]: 	auth_token_generate = DISABLED
19:43:10	openvpnserver[20033]: 	auth_user_pass_verify_script_via_file = DISABLED
19:43:10	openvpnserver[20033]: 	auth_user_pass_verify_script = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	max_routes_per_client = 256
19:43:10	openvpnserver[20033]: 	max_clients = 100
19:43:10	openvpnserver[20033]: 	cf_per = 0
19:43:10	openvpnserver[20033]: 	cf_max = 0
19:43:10	openvpnserver[20033]: 	duplicate_cn = DISABLED
19:43:10	openvpnserver[20033]: 	enable_c2c = ENABLED
19:43:10	openvpnserver[20033]: 	push_ifconfig_ipv6_remote = ::
19:43:10	openvpnserver[20033]: 	push_ifconfig_ipv6_local = ::/0
19:43:10	openvpnserver[20033]: 	push_ifconfig_ipv6_defined = DISABLED
19:43:10	openvpnserver[20033]: 	push_ifconfig_remote_netmask = 0.0.0.0
19:43:10	openvpnserver[20033]: 	push_ifconfig_local = 0.0.0.0
19:43:10	openvpnserver[20033]: 	push_ifconfig_defined = DISABLED
19:43:10	openvpnserver[20033]: 	tmp_dir = '/tmp'
19:43:10	openvpnserver[20033]: 	ccd_exclusive = DISABLED
19:43:10	openvpnserver[20033]: 	client_config_dir = '/var/ipfire/ovpn/ccd'
19:43:10	openvpnserver[20033]: 	client_disconnect_script = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	learn_address_script = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	client_connect_script = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	virtual_hash_size = 256
19:43:10	openvpnserver[20033]: 	real_hash_size = 256
19:43:10	openvpnserver[20033]: 	tcp_queue_limit = 64
19:43:10	openvpnserver[20033]: 	n_bcast_buf = 256
19:43:10	openvpnserver[20033]: 	ifconfig_ipv6_pool_netbits = 0
19:43:10	openvpnserver[20033]: 	ifconfig_ipv6_pool_base = ::
19:43:10	openvpnserver[20033]: 	ifconfig_ipv6_pool_defined = DISABLED
19:43:10	openvpnserver[20033]: 	ifconfig_pool_persist_refresh_freq = 3600
19:43:10	openvpnserver[20033]: 	ifconfig_pool_persist_filename = '/var/ipfire/ovpn/ovpn-leases.db'
19:43:10	openvpnserver[20033]: 	ifconfig_pool_netmask = 0.0.0.0
19:43:10	openvpnserver[20033]: 	ifconfig_pool_end = 10.142.66.251
19:43:10	openvpnserver[20033]: 	ifconfig_pool_start = 10.142.66.4
19:43:10	openvpnserver[20033]: 	ifconfig_pool_defined = ENABLED
19:43:10	openvpnserver[20033]: 	push_entry = 'ping-restart 60'
19:43:10	openvpnserver[20033]: 	push_entry = 'ping 10'
19:43:10	openvpnserver[20033]: 	push_entry = 'topology net30'
19:43:10	openvpnserver[20033]: 	push_entry = 'route 10.142.66.0 255.255.255.0'
19:43:10	openvpnserver[20033]: 	push_entry = 'dhcp-option DNS 192.168.102.160'
19:43:10	openvpnserver[20033]: 	push_entry = 'dhcp-option DOMAIN verw.3l'
19:43:10	openvpnserver[20033]: 	server_bridge_pool_end = 0.0.0.0
19:43:10	openvpnserver[20033]: 	server_bridge_pool_start = 0.0.0.0
19:43:10	openvpnserver[20033]: 	server_bridge_netmask = 0.0.0.0
19:43:10	openvpnserver[20033]: 	server_bridge_ip = 0.0.0.0
19:43:10	openvpnserver[20033]: 	server_netbits_ipv6 = 0
19:43:10	openvpnserver[20033]: 	server_network_ipv6 = ::
19:43:10	openvpnserver[20033]: 	server_netmask = 255.255.255.0
19:43:10	openvpnserver[20033]: 	server_network = 10.142.66.0
19:43:10	openvpnserver[20033]: 	tls_crypt_file = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	tls_auth_file = '/var/ipfire/ovpn/certs/ta.key'
19:43:10	openvpnserver[20033]: 	tls_exit = DISABLED
19:43:10	openvpnserver[20033]: 	push_peer_info = DISABLED
19:43:10	openvpnserver[20033]: 	single_session = DISABLED
19:43:10	openvpnserver[20033]: 	transition_window = 3600
19:43:10	openvpnserver[20033]: 	handshake_window = 60
19:43:10	openvpnserver[20033]: 	renegotiate_seconds = 3600
19:43:10	openvpnserver[20033]: 	renegotiate_packets = 0
19:43:10	openvpnserver[20033]: 	renegotiate_bytes = -1
19:43:10	openvpnserver[20033]: 	tls_timeout = 2
19:43:10	openvpnserver[20033]: 	ssl_flags = 0
19:43:10	openvpnserver[20033]: 	remote_cert_eku = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	remote_cert_ku[i] = 0
19:43:10	openvpnserver[20033]: 	ns_cert_type = 0
19:43:10	openvpnserver[20033]: 	crl_file = '/var/ipfire/ovpn/crls/cacrl.pem'
19:43:10	openvpnserver[20033]: 	verify_x509_name = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	verify_x509_type = 0
19:43:10	openvpnserver[20033]: 	tls_export_cert = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	tls_verify = '/usr/lib/openvpn/verify'
19:43:10	openvpnserver[20033]: 	tls_cert_profile = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	cipher_list_tls13 = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	cipher_list = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	pkcs12_file = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	priv_key_file = '/var/ipfire/ovpn/certs/serverkey.pem'
19:43:10	openvpnserver[20033]: 	extra_certs_file = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	cert_file = '/var/ipfire/ovpn/certs/servercert.pem'
19:43:10	openvpnserver[20033]: 	dh_file = '/var/ipfire/ovpn/ca/dh1024.pem'
19:43:10	openvpnserver[20033]: 	ca_path = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	ca_file = '/var/ipfire/ovpn/ca/cacert.pem'
19:43:10	openvpnserver[20033]: 	key_method = 2
19:43:10	openvpnserver[20033]: 	tls_client = DISABLED
19:43:10	openvpnserver[20033]: 	tls_server = ENABLED
19:43:10	openvpnserver[20033]: 	test_crypto = DISABLED
19:43:10	openvpnserver[20033]: 	use_iv = ENABLED
19:43:10	openvpnserver[20033]: 	packet_id_file = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	replay_time = 15
19:43:10	openvpnserver[20033]: 	replay_window = 64
19:43:10	openvpnserver[20033]: 	mute_replay_warnings = DISABLED
19:43:10	openvpnserver[20033]: 	replay = ENABLED
19:43:10	openvpnserver[20033]: 	engine = DISABLED
19:43:10	openvpnserver[20033]: 	keysize = 0
19:43:10	openvpnserver[20033]: 	prng_nonce_secret_len = 16
19:43:10	openvpnserver[20033]: 	prng_hash = 'SHA1'
19:43:10	openvpnserver[20033]: 	authname = 'SHA512'
19:43:10	openvpnserver[20033]: 	ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
19:43:10	openvpnserver[20033]: 	ncp_enabled = DISABLED
19:43:10	openvpnserver[20033]: 	ciphername = 'AES-256-CBC'
19:43:10	openvpnserver[20033]: 	key_direction = not set
19:43:10	openvpnserver[20033]: 	shared_secret_file = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	management_flags = 0
19:43:10	openvpnserver[20033]: 	management_client_group = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	management_client_user = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	management_write_peer_info_file = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	management_echo_buffer_size = 100
19:43:10	openvpnserver[20033]: 	management_log_history_cache = 250
19:43:10	openvpnserver[20033]: 	management_user_pass = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	management_port = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	management_addr = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	route 10.200.200.0/255.255.255.0/default (not set)/default (not set)
19:43:10	openvpnserver[20033]: 	route 10.142.66.0/255.255.255.0/default (not set)/default (not set)
19:43:10	openvpnserver[20033]: 	allow_pull_fqdn = DISABLED
19:43:10	openvpnserver[20033]: 	route_gateway_via_dhcp = DISABLED
19:43:10	openvpnserver[20033]: 	route_nopull = DISABLED
19:43:10	openvpnserver[20033]: 	route_delay_defined = DISABLED
19:43:10	openvpnserver[20033]: 	route_delay_window = 30
19:43:10	openvpnserver[20033]: 	route_delay = 0
19:43:10	openvpnserver[20033]: 	route_noexec = DISABLED
19:43:10	openvpnserver[20033]: 	route_default_metric = 0
19:43:10	openvpnserver[20033]: 	route_default_gateway = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	route_script = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	comp.flags = 0
19:43:10	openvpnserver[20033]: 	comp.alg = 0
19:43:10	openvpnserver[20033]: 	fast_io = DISABLED
19:43:10	openvpnserver[20033]: 	sockflags = 0
19:43:10	openvpnserver[20033]: 	mark = 0
19:43:10	openvpnserver[20033]: 	sndbuf = 0
19:43:10	openvpnserver[20033]: 	rcvbuf = 0
19:43:10	openvpnserver[20033]: 	occ = ENABLED
19:43:10	openvpnserver[20033]: 	status_file_update_freq = 30
19:43:10	openvpnserver[20033]: 	status_file_version = 1
19:43:10	openvpnserver[20033]: 	status_file = '/var/run/ovpnserver.log'
19:43:10	openvpnserver[20033]: 	gremlin = 0
19:43:10	openvpnserver[20033]: 	mute = 0
19:43:10	openvpnserver[20033]: 	verbosity = 5
19:43:10	openvpnserver[20033]: 	nice = 0
19:43:10	openvpnserver[20033]: 	machine_readable_output = DISABLED
19:43:10	openvpnserver[20033]: 	suppress_timestamps = DISABLED
19:43:10	openvpnserver[20033]: 	log = DISABLED
19:43:10	openvpnserver[20033]: 	inetd = 0
19:43:10	openvpnserver[20033]: 	daemon = ENABLED
19:43:10	openvpnserver[20033]: 	up_delay = DISABLED
19:43:10	openvpnserver[20033]: 	up_restart = DISABLED
19:43:10	openvpnserver[20033]: 	down_pre = DISABLED
19:43:10	openvpnserver[20033]: 	down_script = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	up_script = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	writepid = '/var/run/openvpn.pid'
19:43:10	openvpnserver[20033]: 	cd_dir = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	chroot_dir = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	groupname = 'nobody'
19:43:10	openvpnserver[20033]: 	username = 'nobody'
19:43:10	openvpnserver[20033]: 	resolve_in_advance = DISABLED
19:43:10	openvpnserver[20033]: 	resolve_retry_seconds = 1000000000
19:43:10	openvpnserver[20033]: 	passtos = DISABLED
19:43:10	openvpnserver[20033]: 	persist_key = ENABLED
19:43:10	openvpnserver[20033]: 	persist_remote_ip = DISABLED
19:43:10	openvpnserver[20033]: 	persist_local_ip = DISABLED
19:43:10	openvpnserver[20033]: 	persist_tun = ENABLED
19:43:10	openvpnserver[20033]: 	remap_sigusr1 = 0
19:43:10	openvpnserver[20033]: 	ping_timer_remote = DISABLED
19:43:10	openvpnserver[20033]: 	ping_rec_timeout_action = 2
19:43:10	openvpnserver[20033]: 	ping_rec_timeout = 120
19:43:10	openvpnserver[20033]: 	ping_send_timeout = 10
19:43:10	openvpnserver[20033]: 	inactivity_timeout = 0
19:43:10	openvpnserver[20033]: 	keepalive_timeout = 60
19:43:10	openvpnserver[20033]: 	keepalive_ping = 10
19:43:10	openvpnserver[20033]: 	mlock = DISABLED
19:43:10	openvpnserver[20033]: 	mtu_test = 0
19:43:10	openvpnserver[20033]: 	shaper = 0
19:43:10	openvpnserver[20033]: 	ifconfig_ipv6_remote = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	ifconfig_ipv6_netbits = 0
19:43:10	openvpnserver[20033]: 	ifconfig_ipv6_local = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	ifconfig_nowarn = DISABLED
19:43:10	openvpnserver[20033]: 	ifconfig_noexec = DISABLED
19:43:10	openvpnserver[20033]: 	ifconfig_remote_netmask = '10.142.66.2'
19:43:10	openvpnserver[20033]: 	ifconfig_local = '10.142.66.1'
19:43:10	openvpnserver[20033]: 	topology = 1
19:43:10	openvpnserver[20033]: 	lladdr = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	dev_node = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	dev_type = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	dev = 'tun'
19:43:10	openvpnserver[20033]: 	ipchange = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	remote_random = DISABLED
19:43:10	openvpnserver[20033]: 	Connection profiles END
19:43:10	openvpnserver[20033]: 	explicit_exit_notification = 0
19:43:10	openvpnserver[20033]: 	mssfix = 1450
19:43:10	openvpnserver[20033]: 	fragment = 0
19:43:10	openvpnserver[20033]: 	mtu_discover_type = -1
19:43:10	openvpnserver[20033]: 	tun_mtu_extra_defined = DISABLED
19:43:10	openvpnserver[20033]: 	tun_mtu_extra = 0
19:43:10	openvpnserver[20033]: 	link_mtu_defined = DISABLED
19:43:10	openvpnserver[20033]: 	link_mtu = 1500
19:43:10	openvpnserver[20033]: 	tun_mtu_defined = ENABLED
19:43:10	openvpnserver[20033]: 	tun_mtu = 1400
19:43:10	openvpnserver[20033]: 	socks_proxy_port = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	socks_proxy_server = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	connect_timeout = 120
19:43:10	openvpnserver[20033]: 	connect_retry_seconds = 5
19:43:10	openvpnserver[20033]: 	bind_ipv6_only = DISABLED
19:43:10	openvpnserver[20033]: 	bind_local = ENABLED
19:43:10	openvpnserver[20033]: 	bind_defined = DISABLED
19:43:10	openvpnserver[20033]: 	remote_float = DISABLED
19:43:10	openvpnserver[20033]: 	remote_port = '1194'
19:43:10	openvpnserver[20033]: 	remote = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	local_port = '1194'
19:43:10	openvpnserver[20033]: 	local = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	proto = udp
19:43:10	openvpnserver[20033]: 	Connection profiles [0]:
19:43:10	openvpnserver[20033]: 	connect_retry_max = 0
19:43:10	openvpnserver[20033]: 	show_tls_ciphers = DISABLED
19:43:10	openvpnserver[20033]: 	key_pass_file = '[UNDEF]'
19:43:10	openvpnserver[20033]: 	genkey = DISABLED
19:43:10	openvpnserver[20033]: 	show_engines = DISABLED
19:43:10	openvpnserver[20033]: 	show_digests = DISABLED
19:43:10	openvpnserver[20033]: 	show_ciphers = DISABLED
19:43:10	openvpnserver[20033]: 	persist_mode = 1
19:43:10	openvpnserver[20033]: 	persist_config = DISABLED
19:43:10	openvpnserver[20033]: 	mode = 1
19:43:10	openvpnserver[20033]: 	config = '/var/ipfire/ovpn/server.conf'
19:43:10	openvpnserver[20033]: 	Current Parameter Settings:
Last edited by schories on April 19th, 2019, 6:10 pm, edited 1 time in total.

schories
Posts: 6
Joined: April 15th, 2019, 7:07 am

Re: OpenVPN n2n / site 2 site feature broken

Post by schories » April 19th, 2019, 5:50 pm

Log on OpenVPN "client".

Code: Select all

20:04:53	dc1tohqn2n[19419]: 	Restart pause, 300 second(s)
20:04:53	dc1tohqn2n[19419]: 	SIGUSR1[soft,ping-restart] received, process restarting
20:04:53	dc1tohqn2n[19419]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
20:04:21	dc1tohqn2n[19419]: 	MANAGEMENT: Client disconnected
20:04:21	dc1tohqn2n[19419]: 	MANAGEMENT: CMD 'state'
20:04:21	dc1tohqn2n[19419]: 	MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1195
20:03:53	dc1tohqn2n[19419]: 	UDP link remote: [AF_INET]aaa.bbb.ccc.ddd:1195
20:03:53	dc1tohqn2n[19419]: 	UDP link local (bound): [AF_INET]eee.fff.ggg.hhh:1195
20:03:53	dc1tohqn2n[19419]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
20:03:53	dc1tohqn2n[19419]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]aaa.bbb.ccc.ddd:1195
20:03:53	dc1tohqn2n[19419]: 	Preserving previous TUN/TAP instance: tun1
19:58:53	dc1tohqn2n[19419]: 	Restart pause, 300 second(s)
19:58:53	dc1tohqn2n[19419]: 	SIGUSR1[soft,ping-restart] received, process restarting
19:58:53	dc1tohqn2n[19419]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
19:57:53	dc1tohqn2n[19419]: 	UDP link remote: [AF_INET]aaa.bbb.ccc.ddd:1195
19:57:53	dc1tohqn2n[19419]: 	UDP link local (bound): [AF_INET]eee.fff.ggg.hhh:1195
19:57:53	dc1tohqn2n[19419]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:57:53	dc1tohqn2n[19419]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]aaa.bbb.ccc.ddd:1195
19:57:53	dc1tohqn2n[19419]: 	Preserving previous TUN/TAP instance: tun1
19:55:13	dc1tohqn2n[19419]: 	Restart pause, 160 second(s)
19:55:13	dc1tohqn2n[19419]: 	SIGUSR1[soft,ping-restart] received, process restarting
19:55:13	dc1tohqn2n[19419]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
19:54:13	dc1tohqn2n[19419]: 	UDP link remote: [AF_INET]aaa.bbb.ccc.ddd:1195
19:54:13	dc1tohqn2n[19419]: 	UDP link local (bound): [AF_INET]eee.fff.ggg.hhh:1195
19:54:13	dc1tohqn2n[19419]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:54:13	dc1tohqn2n[19419]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]aaa.bbb.ccc.ddd:1195
19:54:13	dc1tohqn2n[19419]: 	Preserving previous TUN/TAP instance: tun1
19:52:53	dc1tohqn2n[19419]: 	Restart pause, 80 second(s)
19:52:53	dc1tohqn2n[19419]: 	SIGUSR1[soft,ping-restart] received, process restarting
19:52:53	dc1tohqn2n[19419]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
19:51:53	dc1tohqn2n[19419]: 	UDP link remote: [AF_INET]aaa.bbb.ccc.ddd:1195
19:51:53	dc1tohqn2n[19419]: 	UDP link local (bound): [AF_INET]eee.fff.ggg.hhh:1195
19:51:53	dc1tohqn2n[19419]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:51:53	dc1tohqn2n[19419]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]aaa.bbb.ccc.ddd:1195
19:51:53	dc1tohqn2n[19419]: 	Preserving previous TUN/TAP instance: tun1
19:51:13	dc1tohqn2n[19419]: 	Restart pause, 40 second(s)
19:51:13	dc1tohqn2n[19419]: 	SIGUSR1[soft,ping-restart] received, process restarting
19:51:13	dc1tohqn2n[19419]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
19:50:13	dc1tohqn2n[19419]: 	UDP link remote: [AF_INET]aaa.bbb.ccc.ddd:1195
19:50:13	dc1tohqn2n[19419]: 	UDP link local (bound): [AF_INET]eee.fff.ggg.hhh:1195
19:50:13	dc1tohqn2n[19419]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:50:13	dc1tohqn2n[19419]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]aaa.bbb.ccc.ddd:1195
19:50:13	dc1tohqn2n[19419]: 	Preserving previous TUN/TAP instance: tun1
19:49:53	dc1tohqn2n[19419]: 	Restart pause, 20 second(s)
19:49:53	dc1tohqn2n[19419]: 	SIGUSR1[soft,ping-restart] received, process restarting
19:49:53	dc1tohqn2n[19419]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
19:48:53	dc1tohqn2n[19419]: 	UDP link remote: [AF_INET]aaa.bbb.ccc.ddd:1195
19:48:53	dc1tohqn2n[19419]: 	UDP link local (bound): [AF_INET]eee.fff.ggg.hhh:1195
19:48:53	dc1tohqn2n[19419]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:48:53	dc1tohqn2n[19419]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]aaa.bbb.ccc.ddd:1195
19:48:53	dc1tohqn2n[19419]: 	Preserving previous TUN/TAP instance: tun1
19:48:43	dc1tohqn2n[19419]: 	Restart pause, 10 second(s)
19:48:43	dc1tohqn2n[19419]: 	SIGUSR1[soft,ping-restart] received, process restarting
19:48:43	dc1tohqn2n[19419]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
19:47:43	dc1tohqn2n[19419]: 	UDP link remote: [AF_INET]aaa.bbb.ccc.ddd:1195
19:47:43	dc1tohqn2n[19419]: 	UDP link local (bound): [AF_INET]eee.fff.ggg.hhh:1195
19:47:43	dc1tohqn2n[19419]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:47:43	dc1tohqn2n[19419]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]aaa.bbb.ccc.ddd:1195
19:47:43	dc1tohqn2n[19419]: 	Preserving previous TUN/TAP instance: tun1
19:47:38	dc1tohqn2n[19419]: 	Restart pause, 5 second(s)
19:47:38	dc1tohqn2n[19419]: 	SIGUSR1[soft,ping-restart] received, process restarting
19:47:38	dc1tohqn2n[19419]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
19:46:38	dc1tohqn2n[19419]: 	UDP link remote: [AF_INET]aaa.bbb.ccc.ddd:1195
19:46:38	dc1tohqn2n[19419]: 	UDP link local (bound): [AF_INET]eee.fff.ggg.hhh:1195
19:46:38	dc1tohqn2n[19419]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:46:38	dc1tohqn2n[19419]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]aaa.bbb.ccc.ddd:1195
19:46:38	dc1tohqn2n[19419]: 	Preserving previous TUN/TAP instance: tun1
19:46:33	dc1tohqn2n[19419]: 	Restart pause, 5 second(s)
19:46:33	dc1tohqn2n[19419]: 	SIGUSR1[soft,ping-restart] received, process restarting
19:46:33	dc1tohqn2n[19419]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
19:45:33	dc1tohqn2n[19419]: 	UDP link remote: [AF_INET]aaa.bbb.ccc.ddd:1195
19:45:33	dc1tohqn2n[19419]: 	UDP link local (bound): [AF_INET]eee.fff.ggg.hhh:1195
19:45:33	dc1tohqn2n[19419]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:45:33	dc1tohqn2n[19419]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]aaa.bbb.ccc.ddd:1195
19:45:33	dc1tohqn2n[19419]: 	Preserving previous TUN/TAP instance: tun1
19:45:28	dc1tohqn2n[19419]: 	Restart pause, 5 second(s)
19:45:28	dc1tohqn2n[19419]: 	SIGUSR1[soft,ping-restart] received, process restarting
19:45:28	dc1tohqn2n[19419]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
19:44:28	dc1tohqn2n[19419]: 	UDP link remote: [AF_INET]aaa.bbb.ccc.ddd:1195
19:44:28	dc1tohqn2n[19419]: 	UDP link local (bound): [AF_INET]eee.fff.ggg.hhh:1195
19:44:28	dc1tohqn2n[19419]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:44:28	dc1tohqn2n[19419]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]aaa.bbb.ccc.ddd:1195
19:44:28	dc1tohqn2n[19419]: 	Preserving previous TUN/TAP instance: tun1
19:44:23	dc1tohqn2n[19419]: 	Restart pause, 5 second(s)
19:44:23	dc1tohqn2n[19419]: 	SIGUSR1[soft,ping-restart] received, process restarting
19:44:23	dc1tohqn2n[19419]: 	[UNDEF] Inactivity timeout (--ping-restart), restarting
19:43:25	dc1tohqn2n[19419]: 	MANAGEMENT: Client disconnected
19:43:25	dc1tohqn2n[19419]: 	MANAGEMENT: CMD 'state'
19:43:25	dc1tohqn2n[19419]: 	MANAGEMENT: Client connected from [AF_INET]127.0.0.1:1195
19:43:23	dc1tohqn2n[19419]: 	UID set to nobody
19:43:23	dc1tohqn2n[19419]: 	GID set to nobody
19:43:23	dc1tohqn2n[19419]: 	UDP link remote: [AF_INET]aaa.bbb.ccc.ddd:1195
19:43:23	dc1tohqn2n[19419]: 	UDP link local (bound): [AF_INET]eee.fff.ggg.hhh:1195
19:43:23	dc1tohqn2n[19419]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:43:23	dc1tohqn2n[19419]: 	TCP/UDP: Preserving recently used remote address: [AF_INET]aaa.bbb.ccc.ddd:1195
19:43:23	dc1tohqn2n[19419]: 	/sbin/ip route add 192.168.102.0/24 via 10.100.100.1
19:43:23	dc1tohqn2n[19419]: 	/sbin/ip addr add dev tun1 local 10.100.100.2 peer 10.100.100.1
19:43:22	dc1tohqn2n[19419]: 	/sbin/ip link set dev tun1 up mtu 1500
19:43:22	dc1tohqn2n[19419]: 	TUN/TAP TX queue length set to 100
19:43:22	dc1tohqn2n[19419]: 	TUN/TAP device tun1 opened
19:43:22	dc1tohqn2n[19419]: 	ROUTE_GATEWAY 62.156.244.32
19:43:22	dc1tohqn2n[19419]: 	MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:1195
19:43:22	dc1tohqn2n[19418]: 	library versions: OpenSSL 1.1.1b 26 Feb 2019, LZO 2.09
19:43:22	dc1tohqn2n[19418]: 	OpenVPN 2.4.7 i586-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 14 2019
19:43:22	dc1tohqn2n[19418]: 	WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discoura ged and considered insecure
19:43:22	dc1tohqn2n[19418]: 	disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
19:43:19	openvpnserver[19339]: 	Initialization Sequence Completed
19:43:19	openvpnserver[19339]: 	IFCONFIG POOL LIST
19:43:19	openvpnserver[19339]: 	IFCONFIG POOL: base=10.101.120.4 size=62, ipv6=0
19:43:19	openvpnserver[19339]: 	MULTI: multi_init called, r=256 v=256
19:43:19	openvpnserver[19339]: 	UID set to nobody
19:43:19	openvpnserver[19339]: 	GID set to nobody
19:43:19	openvpnserver[19339]: 	UDPv4 link remote: [AF_UNSPEC]
19:43:19	openvpnserver[19339]: 	UDPv4 link local (bound): [AF_INET][undef]:1194
19:43:19	openvpnserver[19339]: 	Socket Buffers: R=[180224->180224] S=[180224->180224]
19:43:19	openvpnserver[19339]: 	Could not determine IPv4/IPv6 protocol. Using AF_INET
19:43:19	openvpnserver[19339]: 	Data Channel MTU parms [ L:1521 D:1450 EF:121 EB:389 ET:0 EL:3 ]
19:43:19	openvpnserver[19339]: 	/sbin/ip route add 10.101.120.0/24 via 10.101.120.2
19:43:19	openvpnserver[19339]: 	/sbin/ip addr add dev tun0 local 10.101.120.1 peer 10.101.120.2
19:43:19	openvpnserver[19339]: 	/sbin/ip link set dev tun0 up mtu 1400
19:43:19	openvpnserver[19339]: 	do_ifconfig, tt->did_ifconfig_ipv6_setup=0
19:43:19	openvpnserver[19339]: 	TUN/TAP TX queue length set to 100
19:43:19	openvpnserver[19339]: 	TUN/TAP device tun0 opened
19:43:19	openvpnserver[19339]: 	ROUTE_GATEWAY 62.156.244.32
19:43:19	openvpnserver[19339]: 	TLS-Auth MTU parms [ L:1521 D:1140 EF:110 EB:0 ET:0 EL:3 ]
19:43:19	openvpnserver[19339]: 	WARNING: normally if you use --mssfix and/or --fragment, you should also set --t un-mtu 1500 (currently it is 1400)
19:43:19	openvpnserver[19339]: 	Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
19:43:19	openvpnserver[19339]: 	Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
19:43:19	openvpnserver[19339]: 	Diffie-Hellman initialized with 4096 bit key
19:43:19	openvpnserver[19339]: 	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19:43:19	openvpnserver[19338]: 	library versions: OpenSSL 1.1.1b 26 Feb 2019, LZO 2.09
19:43:19	openvpnserver[19338]: 	OpenVPN 2.4.7 i586-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 14 2019
19:43:19	openvpnserver[19338]: 	auth_user_pass_file = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	pull = DISABLED
19:43:19	openvpnserver[19338]: 	client = DISABLED
19:43:19	openvpnserver[19338]: 	port_share_port = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	port_share_host = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	auth_token_lifetime = 0
19:43:19	openvpnserver[19338]: 	auth_token_generate = DISABLED
19:43:19	openvpnserver[19338]: 	auth_user_pass_verify_script_via_file = DISABLED
19:43:19	openvpnserver[19338]: 	auth_user_pass_verify_script = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	max_routes_per_client = 256
19:43:19	openvpnserver[19338]: 	max_clients = 100
19:43:19	openvpnserver[19338]: 	cf_per = 0
19:43:19	openvpnserver[19338]: 	cf_max = 0
19:43:19	openvpnserver[19338]: 	duplicate_cn = DISABLED
19:43:19	openvpnserver[19338]: 	enable_c2c = ENABLED
19:43:19	openvpnserver[19338]: 	push_ifconfig_ipv6_remote = ::
19:43:19	openvpnserver[19338]: 	push_ifconfig_ipv6_local = ::/0
19:43:19	openvpnserver[19338]: 	push_ifconfig_ipv6_defined = DISABLED
19:43:19	openvpnserver[19338]: 	push_ifconfig_remote_netmask = 0.0.0.0
19:43:19	openvpnserver[19338]: 	push_ifconfig_local = 0.0.0.0
19:43:19	openvpnserver[19338]: 	push_ifconfig_defined = DISABLED
19:43:19	openvpnserver[19338]: 	tmp_dir = '/tmp'
19:43:19	openvpnserver[19338]: 	ccd_exclusive = DISABLED
19:43:19	openvpnserver[19338]: 	client_config_dir = '/var/ipfire/ovpn/ccd'
19:43:19	openvpnserver[19338]: 	client_disconnect_script = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	learn_address_script = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	client_connect_script = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	virtual_hash_size = 256
19:43:19	openvpnserver[19338]: 	real_hash_size = 256
19:43:19	openvpnserver[19338]: 	tcp_queue_limit = 64
19:43:19	openvpnserver[19338]: 	n_bcast_buf = 256
19:43:19	openvpnserver[19338]: 	ifconfig_ipv6_pool_netbits = 0
19:43:19	openvpnserver[19338]: 	ifconfig_ipv6_pool_base = ::
19:43:19	openvpnserver[19338]: 	ifconfig_ipv6_pool_defined = DISABLED
19:43:19	openvpnserver[19338]: 	ifconfig_pool_persist_refresh_freq = 3600
19:43:19	openvpnserver[19338]: 	ifconfig_pool_persist_filename = '/var/ipfire/ovpn/ovpn-leases.db'
19:43:19	openvpnserver[19338]: 	ifconfig_pool_netmask = 0.0.0.0
19:43:19	openvpnserver[19338]: 	ifconfig_pool_end = 10.101.120.251
19:43:19	openvpnserver[19338]: 	ifconfig_pool_start = 10.101.120.4
19:43:19	openvpnserver[19338]: 	ifconfig_pool_defined = ENABLED
19:43:19	openvpnserver[19338]: 	push_entry = 'ping-restart 60'
19:43:19	openvpnserver[19338]: 	push_entry = 'ping 10'
19:43:19	openvpnserver[19338]: 	push_entry = 'topology net30'
19:43:19	openvpnserver[19338]: 	push_entry = 'route 10.101.120.0 255.255.255.0'
19:43:19	openvpnserver[19338]: 	push_entry = 'route 192.168.102.0 255.255.255.0'
19:43:19	openvpnserver[19338]: 	server_bridge_pool_end = 0.0.0.0
19:43:19	openvpnserver[19338]: 	server_bridge_pool_start = 0.0.0.0
19:43:19	openvpnserver[19338]: 	server_bridge_netmask = 0.0.0.0
19:43:19	openvpnserver[19338]: 	server_bridge_ip = 0.0.0.0
19:43:19	openvpnserver[19338]: 	server_netbits_ipv6 = 0
19:43:19	openvpnserver[19338]: 	server_network_ipv6 = ::
19:43:19	openvpnserver[19338]: 	server_netmask = 255.255.255.0
19:43:19	openvpnserver[19338]: 	server_network = 10.101.120.0
19:43:19	openvpnserver[19338]: 	tls_crypt_file = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	tls_auth_file = '/var/ipfire/ovpn/certs/ta.key'
19:43:19	openvpnserver[19338]: 	tls_exit = DISABLED
19:43:19	openvpnserver[19338]: 	push_peer_info = DISABLED
19:43:19	openvpnserver[19338]: 	single_session = DISABLED
19:43:19	openvpnserver[19338]: 	transition_window = 3600
19:43:19	openvpnserver[19338]: 	handshake_window = 60
19:43:19	openvpnserver[19338]: 	renegotiate_seconds = 3600
19:43:19	openvpnserver[19338]: 	renegotiate_packets = 0
19:43:19	openvpnserver[19338]: 	renegotiate_bytes = -1
19:43:19	openvpnserver[19338]: 	tls_timeout = 2
19:43:19	openvpnserver[19338]: 	ssl_flags = 0
19:43:19	openvpnserver[19338]: 	remote_cert_eku = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	remote_cert_ku[i] = 0
19:43:19	openvpnserver[19338]: 	ns_cert_type = 0
19:43:19	openvpnserver[19338]: 	crl_file = '/var/ipfire/ovpn/crls/cacrl.pem'
19:43:19	openvpnserver[19338]: 	verify_x509_name = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	verify_x509_type = 0
19:43:19	openvpnserver[19338]: 	tls_export_cert = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	tls_verify = '/usr/lib/openvpn/verify'
19:43:19	openvpnserver[19338]: 	tls_cert_profile = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	cipher_list_tls13 = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	cipher_list = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	pkcs12_file = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	priv_key_file = '/var/ipfire/ovpn/certs/serverkey.pem'
19:43:19	openvpnserver[19338]: 	extra_certs_file = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	cert_file = '/var/ipfire/ovpn/certs/servercert.pem'
19:43:19	openvpnserver[19338]: 	dh_file = '/var/ipfire/ovpn/ca/dh1024.pem'
19:43:19	openvpnserver[19338]: 	ca_path = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	ca_file = '/var/ipfire/ovpn/ca/cacert.pem'
19:43:19	openvpnserver[19338]: 	key_method = 2
19:43:19	openvpnserver[19338]: 	tls_client = DISABLED
19:43:19	openvpnserver[19338]: 	tls_server = ENABLED
19:43:19	openvpnserver[19338]: 	test_crypto = DISABLED
19:43:19	openvpnserver[19338]: 	use_iv = ENABLED
19:43:19	openvpnserver[19338]: 	packet_id_file = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	replay_time = 15
19:43:19	openvpnserver[19338]: 	replay_window = 64
19:43:19	openvpnserver[19338]: 	mute_replay_warnings = DISABLED
19:43:19	openvpnserver[19338]: 	replay = ENABLED
19:43:19	openvpnserver[19338]: 	engine = DISABLED
19:43:19	openvpnserver[19338]: 	keysize = 0
19:43:19	openvpnserver[19338]: 	prng_nonce_secret_len = 16
19:43:19	openvpnserver[19338]: 	prng_hash = 'SHA1'
19:43:19	openvpnserver[19338]: 	authname = 'SHA512'
19:43:19	openvpnserver[19338]: 	ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
19:43:19	openvpnserver[19338]: 	ncp_enabled = DISABLED
19:43:19	openvpnserver[19338]: 	ciphername = 'AES-256-CBC'
19:43:19	openvpnserver[19338]: 	key_direction = not set
19:43:19	openvpnserver[19338]: 	shared_secret_file = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	management_flags = 0
19:43:19	openvpnserver[19338]: 	management_client_group = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	management_client_user = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	management_write_peer_info_file = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	management_echo_buffer_size = 100
19:43:19	openvpnserver[19338]: 	management_log_history_cache = 250
19:43:19	openvpnserver[19338]: 	management_user_pass = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	management_port = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	management_addr = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	route 10.101.120.0/255.255.255.0/default (not set)/default (not set)
19:43:19	openvpnserver[19338]: 	allow_pull_fqdn = DISABLED
19:43:19	openvpnserver[19338]: 	route_gateway_via_dhcp = DISABLED
19:43:19	openvpnserver[19338]: 	route_nopull = DISABLED
19:43:19	openvpnserver[19338]: 	route_delay_defined = DISABLED
19:43:19	openvpnserver[19338]: 	route_delay_window = 30
19:43:19	openvpnserver[19338]: 	route_delay = 0
19:43:19	openvpnserver[19338]: 	route_noexec = DISABLED
19:43:19	openvpnserver[19338]: 	route_default_metric = 0
19:43:19	openvpnserver[19338]: 	route_default_gateway = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	route_script = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	comp.flags = 0
19:43:19	openvpnserver[19338]: 	comp.alg = 0
19:43:19	openvpnserver[19338]: 	fast_io = DISABLED
19:43:19	openvpnserver[19338]: 	sockflags = 0
19:43:19	openvpnserver[19338]: 	mark = 0
19:43:19	openvpnserver[19338]: 	sndbuf = 0
19:43:19	openvpnserver[19338]: 	rcvbuf = 0
19:43:19	openvpnserver[19338]: 	occ = ENABLED
19:43:19	openvpnserver[19338]: 	status_file_update_freq = 30
19:43:19	openvpnserver[19338]: 	status_file_version = 1
19:43:19	openvpnserver[19338]: 	status_file = '/var/run/ovpnserver.log'
19:43:19	openvpnserver[19338]: 	gremlin = 0
19:43:19	openvpnserver[19338]: 	mute = 0
19:43:19	openvpnserver[19338]: 	verbosity = 5
19:43:19	openvpnserver[19338]: 	nice = 0
19:43:19	openvpnserver[19338]: 	machine_readable_output = DISABLED
19:43:19	openvpnserver[19338]: 	suppress_timestamps = DISABLED
19:43:19	openvpnserver[19338]: 	log = DISABLED
19:43:19	openvpnserver[19338]: 	inetd = 0
19:43:19	openvpnserver[19338]: 	daemon = ENABLED
19:43:19	openvpnserver[19338]: 	up_delay = DISABLED
19:43:19	openvpnserver[19338]: 	up_restart = DISABLED
19:43:19	openvpnserver[19338]: 	down_pre = DISABLED
19:43:19	openvpnserver[19338]: 	down_script = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	up_script = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	writepid = '/var/run/openvpn.pid'
19:43:19	openvpnserver[19338]: 	cd_dir = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	chroot_dir = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	groupname = 'nobody'
19:43:19	openvpnserver[19338]: 	username = 'nobody'
19:43:19	openvpnserver[19338]: 	resolve_in_advance = DISABLED
19:43:19	openvpnserver[19338]: 	resolve_retry_seconds = 1000000000
19:43:19	openvpnserver[19338]: 	passtos = DISABLED
19:43:19	openvpnserver[19338]: 	persist_key = ENABLED
19:43:19	openvpnserver[19338]: 	persist_remote_ip = DISABLED
19:43:19	openvpnserver[19338]: 	persist_local_ip = DISABLED
19:43:19	openvpnserver[19338]: 	persist_tun = ENABLED
19:43:19	openvpnserver[19338]: 	remap_sigusr1 = 0
19:43:19	openvpnserver[19338]: 	ping_timer_remote = DISABLED
19:43:19	openvpnserver[19338]: 	ping_rec_timeout_action = 2
19:43:19	openvpnserver[19338]: 	ping_rec_timeout = 120
19:43:19	openvpnserver[19338]: 	ping_send_timeout = 10
19:43:19	openvpnserver[19338]: 	inactivity_timeout = 0
19:43:19	openvpnserver[19338]: 	keepalive_timeout = 60
19:43:19	openvpnserver[19338]: 	keepalive_ping = 10
19:43:19	openvpnserver[19338]: 	mlock = DISABLED
19:43:19	openvpnserver[19338]: 	mtu_test = 0
19:43:19	openvpnserver[19338]: 	shaper = 0
19:43:19	openvpnserver[19338]: 	ifconfig_ipv6_remote = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	ifconfig_ipv6_netbits = 0
19:43:19	openvpnserver[19338]: 	ifconfig_ipv6_local = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	ifconfig_nowarn = DISABLED
19:43:19	openvpnserver[19338]: 	ifconfig_noexec = DISABLED
19:43:19	openvpnserver[19338]: 	ifconfig_remote_netmask = '10.101.120.2'
19:43:19	openvpnserver[19338]: 	ifconfig_local = '10.101.120.1'
19:43:19	openvpnserver[19338]: 	topology = 1
19:43:19	openvpnserver[19338]: 	lladdr = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	dev_node = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	dev_type = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	dev = 'tun'
19:43:19	openvpnserver[19338]: 	ipchange = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	remote_random = DISABLED
19:43:19	openvpnserver[19338]: 	Connection profiles END
19:43:19	openvpnserver[19338]: 	explicit_exit_notification = 0
19:43:19	openvpnserver[19338]: 	mssfix = 1450
19:43:19	openvpnserver[19338]: 	fragment = 0
19:43:19	openvpnserver[19338]: 	mtu_discover_type = -1
19:43:19	openvpnserver[19338]: 	tun_mtu_extra_defined = DISABLED
19:43:19	openvpnserver[19338]: 	tun_mtu_extra = 0
19:43:19	openvpnserver[19338]: 	link_mtu_defined = DISABLED
19:43:19	openvpnserver[19338]: 	link_mtu = 1500
19:43:19	openvpnserver[19338]: 	tun_mtu_defined = ENABLED
19:43:19	openvpnserver[19338]: 	tun_mtu = 1400
19:43:19	openvpnserver[19338]: 	socks_proxy_port = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	socks_proxy_server = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	connect_timeout = 120
19:43:19	openvpnserver[19338]: 	connect_retry_seconds = 5
19:43:19	openvpnserver[19338]: 	bind_ipv6_only = DISABLED
19:43:19	openvpnserver[19338]: 	bind_local = ENABLED
19:43:19	openvpnserver[19338]: 	bind_defined = DISABLED
19:43:19	openvpnserver[19338]: 	remote_float = DISABLED
19:43:19	openvpnserver[19338]: 	remote_port = '1194'
19:43:19	openvpnserver[19338]: 	remote = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	local_port = '1194'
19:43:19	openvpnserver[19338]: 	local = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	proto = udp
19:43:19	openvpnserver[19338]: 	Connection profiles [0]:
19:43:19	openvpnserver[19338]: 	connect_retry_max = 0
19:43:19	openvpnserver[19338]: 	show_tls_ciphers = DISABLED
19:43:19	openvpnserver[19338]: 	key_pass_file = '[UNDEF]'
19:43:19	openvpnserver[19338]: 	genkey = DISABLED
19:43:19	openvpnserver[19338]: 	show_engines = DISABLED
19:43:19	openvpnserver[19338]: 	show_digests = DISABLED
19:43:19	openvpnserver[19338]: 	show_ciphers = DISABLED
19:43:19	openvpnserver[19338]: 	persist_mode = 1
19:43:19	openvpnserver[19338]: 	persist_config = DISABLED
19:43:19	openvpnserver[19338]: 	mode = 1
19:43:19	openvpnserver[19338]: 	config = '/var/ipfire/ovpn/server.conf'
19:43:19	openvpnserver[19338]: 	Current Parameter Settings:
Last edited by schories on April 19th, 2019, 6:12 pm, edited 1 time in total.

schories
Posts: 6
Joined: April 15th, 2019, 7:07 am

Re: OpenVPN n2n / site 2 site feature broken

Post by schories » April 19th, 2019, 6:00 pm

I spent 20h+ over several days:

- deleting all OpenVPN config
- all firewall rules
- configuration from scratch, means: fresh certs, transfer network, ports, etc.
- checked filesystems, time (timezone, ntp), iptables (btw. never set rules via cmd), both IPFire systems can ping and access eachother via public static ipv4 (red)
- both IPFire systems have been installed 3 years ago and are kept up to date since then
- can't fully reinstall the IPFire systems remotely :(

What I can see from "status" page "VPN: Net-to-Net Statistics" on both IPFire systems:

- ONLY outgoing traffic
- NOT A BIT of incoming traffic

While OpenVPN RoadWarrior works - even on both IPFire systems - the n2n connection between doesn't.

I was never as lost as now..

- any way of checking whether the integrity of all files - after 3 years of IPFire updates - is still ok? Any method of comparing other than manually against github or a fresh installation? I did this for many files ...looking good so far.

- any way to make sure that all chains and iptables settings are ok? It seems to me as if OpenVPN n2n isn't available (thus no connection), while OpenVPN RoadWarrior is. These are 2 processes...

Thanks :)

schories
Posts: 6
Joined: April 15th, 2019, 7:07 am

Re: OpenVPN n2n / site 2 site feature broken

Post by schories » April 19th, 2019, 6:24 pm

Btw:

- the n2n client package only contains 2 files: client.p12 and client.conf
- no TLS Auth Key (as for RoadWarriors)

is this correct? Not that I can change that..but..

ummeegge
Community Developer
Community Developer
Posts: 4818
Joined: October 9th, 2010, 10:00 am

Re: OpenVPN n2n / site 2 site feature broken

Post by ummeegge » April 19th, 2019, 6:57 pm

Hi schories,
tls-auth is not available via WUI for N2N this is only a WUI feature for for RoadwarriorI. Your logs are mixed a little with Roadwarrior (openvpnserver) entries and N2N Logs so a potential interesting part can not be seen. Can you use a

Code: Select all

tail -f /var/log/messages | grep n2n
for the connection attempt (stop the connection on both sides and start it again) ? May we get a clearer inside then.

UE
Image
Image

Post Reply