Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: alt-network on August 09, 2006, 05:43:48 AM
-
Does anyone have openvpv fully working on sme 7.0?
If so what are you using?
Thanks!!!! :-o
-
This how to works great http://sme.swerts-knudsen.com/index.html?frame=http://sme.swerts-knudsen.com/howtos/howto_30.htm
-
I have tried his and it does not work with 7.0.
He also posted on his site that he has not found one for 7.0.
Revision History
April 29, 2006 Updated to OpenVPN 2.0.7 for SME 6.x (haven't found the package for SME7)
Thanks
-
I have been using openvpn on SME 7 for at least a couple of months and used the how to mentioned above.
Tony
-
Are you using sme 7.0 finial release and are you using the rpm's from his site?
Thanks :-?
-
Yes I am using SME 7 final.
The rpms used were:.
lzo-1.08-4.2.el4.rf.i386.rpm
openvpn-2.0.2-1.2.el4.rf.i386.rpm
smeserver-openvpn-0.0.1-2.noarch.rpm
Hope this helps.
Tony
-
If you're looking for the bridge mode, you can use my contrib, based on swerts's job
http://sme.firewall-services.com/files/openvpn/smeserver-openvpn-bridge_beta1.tar.gz
and its how-to
http://sme.firewall-services.com/files/openvpn/smeserver-openvpn-bridge_beta1.pdf
It's a beta but I use it on several production server and I hadn't any problems for now.
With this, there's a simple panel to configure some parameters (specify a cipher, enable the compression, enable the user/pass authentication etc..), you can also generate the client config file according to the server config. You can also download from the server-manager the client.key, client.crt and ca.crt file, if you use the same certificate for all the clients.
I'm working hard on the next version wich will include a routed and a client mode and maybe a certificate generator so that it would be easier to use one certificate per client.
-
Hi VIP-ire,
Does this new version you are working on maybe include multiple connections/site-to-site (server-to-server) connections ?! I've got your contrib installed and it's working brilliantly for road-warrior login's... but i'm also in need of connecting the same server to a remote site.
Kind regards,
jester.
-
Yes, I'm working on this feature but I cant say when it would be ready, in a few weeks I think.
I will include a client configuration section where you'll be able to copy/past the auto-genereted client config from another server with the same contrib, or any configuration you like. With this you should be able to connect as many SME server as you want to a central SME server.
I will post as soon as it will be ready for testing
-
If you're looking for the bridge mode, you can use my contrib, based on swerts's job
http://sme.firewall-services.com/files/openvpn/smeserver-openvpn-bridge_beta1.tar.gz
............
Hi VIP-ire, I'm using the Swerts-Knudsen routing openvpn solution at work. I wanted to implement the same solution at home to let play LAN games for friends over Internet and vpn. I think that with routing configuration of openvpn broadcast data are stopped and this is a problem for games that don't have direct ip access.
So i wanted to try your bridge solution. Do you think I can solve my problem in this way?
And what about to change my actually configuration of routing vpn to bridge configuration?
Thanx a lot Fred
-
Well, that's not the first time I heard routed mode is not the best for gamers. The main difference between routed and bridge is that in bridge mode, you're connected through the VPN in the same network as the other client, as if you were connected to the same switch. That mean that even layer 2 can pass through the tunnel (ARP for example).
I use bridge mode at home 'cause I find it more convinient, for example, samba's share are browsable without WINS server.
The answer to your question is yes, I think configuring a bridge mode openvpn server will solve your problem but there're at least two disadvantages:
* You cannot filter the communication as finely because you're on the same subnet
* The usefull bandwidth is a little reduced
I use my contrib on production servers in server & gataway mode and it works quite well, but I heard there's a problem in server-only mode, I havn't corrected it yet.
-
Thank you for your answer, I'm using the server in gateway/server mode too so I'll try your solution.
I only have a question to the best way to "migrate" to bridge mode from Swerts routing solution to your.
It's better that I unistall Swerts installation and execute your contrib from the biginning or can I arrange the installation? Maybe is enough to change the server.conf file?
Thank again, Fred
-
hi trying to install on a sme 7 final with serveronly mode. i got the ff error upon building key client.
[root@smeserver7 easy-rsa]# ./build-key client
Generating a 1024 bit RSA private key
.......................++++++
.....................++++++
writing new private key to 'client.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) [XX]:
Locality Name (eg, city) [XX]:
Organization Name (eg, company) [VPN]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:Server
Email Address [admin@xxxxxxxxxxxx.xxx.xx]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'XX'
stateOrProvinceName :PRINTABLE:'XX'
localityName :PRINTABLE:'XX'
organizationName :PRINTABLE:'VPN'
commonName :PRINTABLE:'Server'
emailAddress :IA5STRING:'admin@xxxxxxx.xxx.xx'
Certificate is to be certified until Aug 14 05:24:14 2016 GMT (3650 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
[root@smeserver7 easy-rsa]#
anyone can help me please.
thanks,
-
Thank you for your answer, I'm using the server in gateway/server mode too so I'll try your solution.
I only have a question to the best way to "migrate" to bridge mode from Swerts routing solution to your.
It's better that I unistall Swerts installation and execute your contrib from the biginning or can I arrange the installation? Maybe is enough to change the server.conf file?
Thank again, Fred
Yes, it's better to uninstall swertz installation as my contrib install everything that is needed. The server.conf file is generated by templates, so you won't have to edit it, just remove the two rpm, save the directory /etc/openvpn if you wan't to come back to the routed mode and then delete it. run the install script and it should be ok, you'll just have to enable the service with the new panel.
-
hi trying to install on a sme 7 final with serveronly mode. i got the ff error upon building key client.
[root@smeserver7 easy-rsa]# ./build-key client
Generating a 1024 bit RSA private key
.......................++++++
.....................++++++
writing new private key to 'client.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) [XX]:
Locality Name (eg, city) [XX]:
Organization Name (eg, company) [VPN]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:Server
Email Address [admin@xxxxxxxxxxxx.xxx.xx]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'XX'
stateOrProvinceName :PRINTABLE:'XX'
localityName :PRINTABLE:'XX'
organizationName :PRINTABLE:'VPN'
commonName :PRINTABLE:'Server'
emailAddress :IA5STRING:'admin@xxxxxxx.xxx.xx'
Certificate is to be certified until Aug 14 05:24:14 2016 GMT (3650 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
[root@smeserver7 easy-rsa]#
anyone can help me please.
thanks,
Well, I haven't seen this error before. You should try to run the script ./clean-all and restart from the begining, be carefull to enter the same Organizational Unit Name for the CA, the server certificate and the client certificate
-
thanks, i just tried and still the same error...
how can i change the vpn ip from 192.168.100.0 tp 192.168.2.0?
thanks,
-
If you use my contrib, you can't change the VPN IP as the bridge interface (br0) will take your internal IP automatically. If you want to setup a specific IP for the tunnel, that mean you want to use routed mode, you should have a look at
http://sme.swerts-knudsen.dk/index.html?frame=http%3A//sme.swerts-knudsen.dk/howtos/howto_30.htm
-
Hi VIP-ire, I unistalled all rpm of openvpn and deleted all the configuration before to install your bridge solution.
I got no error, and all worked fine. But I got a problem trying to connect from the remote pc connected via vpn to my server or client in the real lan.
The server is 192.168.0.1, client in my network goes via dhcp from 192.168.0.10 to 192.168.0.25.
In server control panel I set that vpn use ip from 192.168.0.200 to 192.168.0.225.
The client via vpn got address 192.168.0.200 and gateway 192.168.0.1 and connect without problem but than no way to ping clients or server, no way to connect to any pc.
The option in control panel client-to-client is enabled.
I tried to enable and disable the option redirect gateway but nothing.
Any suggestion?
Thank you again Fred
-
Well, strange. It could be a firewall issue (on the client side). Which OS your client is running linux, Win XP ... ?
Have you try to ping the client from the server?
Do you ping the IP or the name?
If you got an IP on the client side, that means authentication is ok (certificate and/or login), so it should be ok for the rest. Can you copy the log of the client after the connexion is established?
-
Here is the log of the windows xp sp2, firewall turned off client.
Thu Aug 17 15:38:09 2006 us=888859 Current Parameter Settings:
Thu Aug 17 15:38:09 2006 us=889158 config = 'VPN.ovpn'
Thu Aug 17 15:38:09 2006 us=889202 mode = 0
Thu Aug 17 15:38:09 2006 us=889240 show_ciphers = DISABLED
Thu Aug 17 15:38:09 2006 us=889278 show_digests = DISABLED
Thu Aug 17 15:38:09 2006 us=889317 show_engines = DISABLED
Thu Aug 17 15:38:09 2006 us=889355 genkey = DISABLED
Thu Aug 17 15:38:09 2006 us=889394 key_pass_file = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=889432 show_tls_ciphers = DISABLED
Thu Aug 17 15:38:09 2006 us=889470 proto = 0
Thu Aug 17 15:38:09 2006 us=889509 local = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=889551 remote_list[0] = {'xxxxxx.xx', 1194}
Thu Aug 17 15:38:09 2006 us=889594 remote_random = DISABLED
Thu Aug 17 15:38:09 2006 us=889633 local_port = 1194
Thu Aug 17 15:38:09 2006 us=889671 remote_port = 1194
Thu Aug 17 15:38:09 2006 us=889709 remote_float = DISABLED
Thu Aug 17 15:38:09 2006 us=889747 ipchange = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=889785 bind_local = ENABLED
Thu Aug 17 15:38:09 2006 us=889823 dev = 'tap'
Thu Aug 17 15:38:09 2006 us=889859 dev_type = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=889896 dev_node = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=889933 tun_ipv6 = DISABLED
Thu Aug 17 15:38:09 2006 us=889971 ifconfig_local = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=890010 ifconfig_remote_netmask = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=890050 ifconfig_noexec = DISABLED
Thu Aug 17 15:38:09 2006 us=890088 ifconfig_nowarn = DISABLED
Thu Aug 17 15:38:09 2006 us=890125 shaper = 0
Thu Aug 17 15:38:09 2006 us=890163 tun_mtu = 1500
Thu Aug 17 15:38:09 2006 us=890201 tun_mtu_defined = ENABLED
Thu Aug 17 15:38:09 2006 us=890238 link_mtu = 1500
Thu Aug 17 15:38:09 2006 us=890275 link_mtu_defined = DISABLED
Thu Aug 17 15:38:09 2006 us=890314 tun_mtu_extra = 32
Thu Aug 17 15:38:09 2006 us=890353 tun_mtu_extra_defined = ENABLED
Thu Aug 17 15:38:09 2006 us=890393 fragment = 1400
Thu Aug 17 15:38:09 2006 us=890429 mtu_discover_type = -1
Thu Aug 17 15:38:09 2006 us=890466 mtu_test = 1
Thu Aug 17 15:38:09 2006 us=890502 mlock = DISABLED
Thu Aug 17 15:38:09 2006 us=890539 keepalive_ping = 0
Thu Aug 17 15:38:09 2006 us=890577 keepalive_timeout = 0
Thu Aug 17 15:38:09 2006 us=890614 inactivity_timeout = 0
Thu Aug 17 15:38:09 2006 us=890652 ping_send_timeout = 0
Thu Aug 17 15:38:09 2006 us=890690 ping_rec_timeout = 120
Thu Aug 17 15:38:09 2006 us=890729 ping_rec_timeout_action = 2
Thu Aug 17 15:38:09 2006 us=890766 ping_timer_remote = DISABLED
Thu Aug 17 15:38:09 2006 us=890804 remap_sigusr1 = 0
Thu Aug 17 15:38:09 2006 us=890842 explicit_exit_notification = 0
Thu Aug 17 15:38:09 2006 us=890880 persist_tun = DISABLED
Thu Aug 17 15:38:09 2006 us=890919 persist_local_ip = DISABLED
Thu Aug 17 15:38:09 2006 us=890995 persist_remote_ip = DISABLED
Thu Aug 17 15:38:09 2006 us=891036 persist_key = DISABLED
Thu Aug 17 15:38:09 2006 us=891075 mssfix = 1450
Thu Aug 17 15:38:09 2006 us=891115 resolve_retry_seconds = 1000000000
Thu Aug 17 15:38:09 2006 us=891156 connect_retry_seconds = 5
Thu Aug 17 15:38:09 2006 us=891193 username = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=891231 groupname = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=891269 chroot_dir = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=891308 cd_dir = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=891344 writepid = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=891382 up_script = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=891419 down_script = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=891457 down_pre = DISABLED
Thu Aug 17 15:38:09 2006 us=891494 up_restart = DISABLED
Thu Aug 17 15:38:09 2006 us=891532 up_delay = DISABLED
Thu Aug 17 15:38:09 2006 us=891568 daemon = DISABLED
Thu Aug 17 15:38:09 2006 us=891606 inetd = 0
Thu Aug 17 15:38:09 2006 us=891641 log = DISABLED
Thu Aug 17 15:38:09 2006 us=891680 suppress_timestamps = DISABLED
Thu Aug 17 15:38:09 2006 us=891716 nice = 0
Thu Aug 17 15:38:09 2006 us=891753 verbosity = 4
Thu Aug 17 15:38:09 2006 us=891790 mute = 0
Thu Aug 17 15:38:09 2006 us=900287 gremlin = 0
Thu Aug 17 15:38:09 2006 us=900382 status_file = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=900418 status_file_version = 1
Thu Aug 17 15:38:09 2006 us=900454 status_file_update_freq = 60
Thu Aug 17 15:38:09 2006 us=900488 occ = ENABLED
Thu Aug 17 15:38:09 2006 us=900522 rcvbuf = 0
Thu Aug 17 15:38:09 2006 us=900556 sndbuf = 0
Thu Aug 17 15:38:09 2006 us=900594 socks_proxy_server = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=900660 socks_proxy_port = 0
Thu Aug 17 15:38:09 2006 us=900697 socks_proxy_retry = DISABLED
Thu Aug 17 15:38:09 2006 us=900732 fast_io = DISABLED
Thu Aug 17 15:38:09 2006 us=900766 comp_lzo = ENABLED
Thu Aug 17 15:38:09 2006 us=900802 comp_lzo_adaptive = ENABLED
Thu Aug 17 15:38:09 2006 us=900837 route_script = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=900873 route_default_gateway = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=900912 route_noexec = DISABLED
Thu Aug 17 15:38:09 2006 us=900947 route_delay = 0
Thu Aug 17 15:38:09 2006 us=964107 route_delay_window = 30
Thu Aug 17 15:38:09 2006 us=964190 route_delay_defined = ENABLED
Thu Aug 17 15:38:09 2006 us=964229 management_addr = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=964267 management_port = 0
Thu Aug 17 15:38:09 2006 us=964303 management_user_pass = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=964340 management_log_history_cache = 250
Thu Aug 17 15:38:09 2006 us=964380 management_echo_buffer_size = 100
Thu Aug 17 15:38:09 2006 us=964422 management_query_passwords = DISABLED
Thu Aug 17 15:38:09 2006 us=964462 management_hold = DISABLED
Thu Aug 17 15:38:09 2006 us=964498 shared_secret_file = '[UNDEF]'
Thu Aug 17 15:38:09 2006 us=964536 key_direction = 0
Thu Aug 17 15:38:09 2006 us=964571 ciphername_defined = ENABLED
Thu Aug 17 15:38:09 2006 us=964606 ciphername = 'BF-CBC'
Thu Aug 17 15:38:09 2006 us=964643 authname_defined = ENABLED
Thu Aug 17 15:38:09 2006 us=964677 authname = 'SHA1'
Thu Aug 17 15:38:09 2006 us=964712 keysize = 0
Thu Aug 17 15:38:10 2006 us=111159 engine = DISABLED
Thu Aug 17 15:38:10 2006 us=111256 replay = ENABLED
Thu Aug 17 15:38:10 2006 us=111294 mute_replay_warnings = DISABLED
Thu Aug 17 15:38:10 2006 us=111329 replay_window = 64
Thu Aug 17 15:38:10 2006 us=111364 replay_time = 15
Thu Aug 17 15:38:10 2006 us=111401 packet_id_file = '[UNDEF]'
Thu Aug 17 15:38:10 2006 us=111438 use_iv = ENABLED
Thu Aug 17 15:38:10 2006 us=111474 test_crypto = DISABLED
Thu Aug 17 15:38:10 2006 us=111509 tls_server = DISABLED
Thu Aug 17 15:38:10 2006 us=111545 tls_client = ENABLED
Thu Aug 17 15:38:10 2006 us=111580 key_method = 2
Thu Aug 17 15:38:10 2006 us=111615 ca_file = 'ca.crt'
Thu Aug 17 15:38:10 2006 us=111651 dh_file = '[UNDEF]'
Thu Aug 17 15:38:10 2006 us=111686 cert_file = 'client.crt'
Thu Aug 17 15:38:10 2006 us=111722 priv_key_file = 'client.key'
Thu Aug 17 15:38:10 2006 us=111758 pkcs12_file = '[UNDEF]'
Thu Aug 17 15:38:10 2006 us=111793 cryptoapi_cert = '[UNDEF]'
Thu Aug 17 15:38:10 2006 us=247857 cipher_list = '[UNDEF]'
Thu Aug 17 15:38:10 2006 us=247960 tls_verify = '[UNDEF]'
Thu Aug 17 15:38:10 2006 us=247995 tls_remote = '[UNDEF]'
Thu Aug 17 15:38:10 2006 us=248030 crl_file = '[UNDEF]'
Thu Aug 17 15:38:10 2006 us=248066 ns_cert_type = 0
Thu Aug 17 15:38:10 2006 us=248101 tls_timeout = 2
Thu Aug 17 15:38:10 2006 us=248136 renegotiate_bytes = 0
Thu Aug 17 15:38:10 2006 us=248172 renegotiate_packets = 0
Thu Aug 17 15:38:10 2006 us=248208 renegotiate_seconds = 3600
Thu Aug 17 15:38:10 2006 us=248244 handshake_window = 60
Thu Aug 17 15:38:10 2006 us=248280 transition_window = 3600
Thu Aug 17 15:38:10 2006 us=248317 single_session = DISABLED
Thu Aug 17 15:38:10 2006 us=248357 tls_exit = DISABLED
Thu Aug 17 15:38:10 2006 us=248394 tls_auth_file = '[UNDEF]'
Thu Aug 17 15:38:10 2006 us=248525 server_network = 0.0.0.0
Thu Aug 17 15:38:10 2006 us=248614 server_netmask = 0.0.0.0
Thu Aug 17 15:38:10 2006 us=397822 server_bridge_ip = 0.0.0.0
Thu Aug 17 15:38:10 2006 us=397911 server_bridge_netmask = 0.0.0.0
Thu Aug 17 15:38:10 2006 us=397955 server_bridge_pool_start = 0.0.0.0
Thu Aug 17 15:38:10 2006 us=397996 server_bridge_pool_end = 0.0.0.0
Thu Aug 17 15:38:10 2006 us=398037 ifconfig_pool_defined = DISABLED
Thu Aug 17 15:38:10 2006 us=398077 ifconfig_pool_start = 0.0.0.0
Thu Aug 17 15:38:10 2006 us=398116 ifconfig_pool_end = 0.0.0.0
Thu Aug 17 15:38:10 2006 us=398157 ifconfig_pool_netmask = 0.0.0.0
Thu Aug 17 15:38:10 2006 us=398203 ifconfig_pool_persist_filename = '[UNDEF]'
Thu Aug 17 15:38:10 2006 us=398245 ifconfig_pool_persist_refresh_freq = 600
Thu Aug 17 15:38:10 2006 us=398284 ifconfig_pool_linear = DISABLED
Thu Aug 17 15:38:10 2006 us=398322 n_bcast_buf = 256
Thu Aug 17 15:38:10 2006 us=398358 tcp_queue_limit = 64
Thu Aug 17 15:38:10 2006 us=398395 real_hash_size = 256
Thu Aug 17 15:38:10 2006 us=398430 virtual_hash_size = 256
Thu Aug 17 15:38:10 2006 us=541733 client_connect_script = '[UNDEF]'
Thu Aug 17 15:38:10 2006 us=541837 learn_address_script = '[UNDEF]'
Thu Aug 17 15:38:10 2006 us=541879 client_disconnect_script = '[UNDEF]'
Thu Aug 17 15:38:10 2006 us=541915 client_config_dir = '[UNDEF]'
Thu Aug 17 15:38:10 2006 us=541952 ccd_exclusive = DISABLED
Thu Aug 17 15:38:10 2006 us=541986 tmp_dir = '[UNDEF]'
Thu Aug 17 15:38:10 2006 us=542024 push_ifconfig_defined = DISABLED
Thu Aug 17 15:38:10 2006 us=542075 push_ifconfig_local = 0.0.0.0
Thu Aug 17 15:38:10 2006 us=542117 push_ifconfig_remote_netmask = 0.0.0.0
Thu Aug 17 15:38:10 2006 us=542163 enable_c2c = DISABLED
Thu Aug 17 15:38:10 2006 us=542197 duplicate_cn = DISABLED
Thu Aug 17 15:38:10 2006 us=542233 cf_max = 0
Thu Aug 17 15:38:10 2006 us=542269 cf_per = 0
Thu Aug 17 15:38:10 2006 us=542304 max_clients = 1024
Thu Aug 17 15:38:10 2006 us=542340 max_routes_per_client = 256
Thu Aug 17 15:38:10 2006 us=667311 client_cert_not_required = DISABLED
Thu Aug 17 15:38:10 2006 us=667412 username_as_common_name = DISABLED
Thu Aug 17 15:38:10 2006 us=667455 auth_user_pass_verify_script = '[UNDEF]'
Thu Aug 17 15:38:10 2006 us=667503 auth_user_pass_verify_script_via_file = DISABLED
Thu Aug 17 15:38:10 2006 us=667541 client = DISABLED
Thu Aug 17 15:38:10 2006 us=667576 pull = ENABLED
Thu Aug 17 15:38:10 2006 us=667611 auth_user_pass_file = 'stdin'
Thu Aug 17 15:38:10 2006 us=667664 show_net_up = DISABLED
Thu Aug 17 15:38:10 2006 us=667700 route_method = 0
Thu Aug 17 15:38:10 2006 us=667736 ip_win32_defined = DISABLED
Thu Aug 17 15:38:10 2006 us=667771 ip_win32_type = 3
Thu Aug 17 15:38:10 2006 us=667809 dhcp_masq_offset = 0
Thu Aug 17 15:38:10 2006 us=667847 dhcp_lease_time = 31536000
Thu Aug 17 15:38:10 2006 us=667882 tap_sleep = 0
Thu Aug 17 15:38:10 2006 us=667917 dhcp_options = DISABLED
Thu Aug 17 15:38:10 2006 us=667953 dhcp_renew = DISABLED
Thu Aug 17 15:38:10 2006 us=826569 dhcp_pre_release = DISABLED
Thu Aug 17 15:38:10 2006 us=826667 dhcp_release = DISABLED
Thu Aug 17 15:38:10 2006 us=826704 domain = '[UNDEF]'
Thu Aug 17 15:38:10 2006 us=826739 netbios_scope = '[UNDEF]'
Thu Aug 17 15:38:10 2006 us=826774 netbios_node_type = 0
Thu Aug 17 15:38:10 2006 us=826810 disable_nbt = DISABLED
Thu Aug 17 15:38:10 2006 us=826912 OpenVPN 2.0.7 Win32-MinGW [SSL] [LZO] built on Apr 12 2006
Thu Aug 17 15:38:26 2006 us=387931 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Aug 17 15:38:26 2006 us=411068 LZO compression initialized
Thu Aug 17 15:38:26 2006 us=411252 WARNING: using --fragment and --mtu-test together may produce an inaccurate MTU test result
Thu Aug 17 15:38:26 2006 us=411689 Control Channel MTU parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Aug 17 15:38:26 2006 us=470561 Data Channel MTU parms [ L:1578 D:1450 EF:46 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Aug 17 15:38:26 2006 us=470732 Fragmentation MTU parms [ L:1578 D:1400 EF:45 EB:135 ET:33 EL:0 AF:3/1 ]
Thu Aug 17 15:38:26 2006 us=470916 Local Options String: 'V4,dev-type tap,link-mtu 1578,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu Aug 17 15:38:26 2006 us=470981 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1578,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu Aug 17 15:38:26 2006 us=471114 Local Options hash (VER=V4): '9a22532e'
Thu Aug 17 15:38:26 2006 us=471201 Expected Remote Options hash (VER=V4): 'e2a912d8'
Thu Aug 17 15:38:26 2006 us=471347 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Aug 17 15:38:26 2006 us=482419 UDPv4 link local (bound): [undef]:1194
Thu Aug 17 15:38:26 2006 us=482599 UDPv4 link remote: 84.74.34.47:1194
Thu Aug 17 15:38:26 2006 us=494610 TLS: Initial packet from 84.74.34.47:1194, sid=daeb9a14 47cd98f2
Thu Aug 17 15:38:26 2006 us=559840 VERIFY OK: depth=1, /C=CH/ST=EDIT/L=EDIT/O=EDIT/OU=VPN77/CN=Server77/emailAddress=EDIT
Thu Aug 17 15:38:26 2006 us=565675 VERIFY OK: depth=0, /C=CH/ST=EDIT/O=EDIT/OU=VPN77/CN=Server77/emailAddress=EDIT
Thu Aug 17 15:38:27 2006 us=227652 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1578', remote='link-mtu 1577'
Thu Aug 17 15:38:27 2006 us=227927 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Thu Aug 17 15:38:27 2006 us=229395 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Aug 17 15:38:27 2006 us=229456 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 17 15:38:27 2006 us=229688 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Aug 17 15:38:27 2006 us=229742 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 17 15:38:27 2006 us=242592 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Aug 17 15:38:27 2006 us=242814 [Server77] Peer Connection Initiated with 84.74.34.47:1194
Thu Aug 17 15:38:28 2006 us=315044 SENT CONTROL [Server77]: 'PUSH_REQUEST' (status=1)
Thu Aug 17 15:38:28 2006 us=320989 AUTH: Received AUTH_FAILED control message
Thu Aug 17 15:38:28 2006 us=323080 TCP/UDP: Closing socket
Thu Aug 17 15:38:28 2006 us=323617 SIGTERM[soft,auth-failure] received, process exiting
Thu Aug 17 15:38:28 2006 us=816713 Current Parameter Settings:
Thu Aug 17 15:38:28 2006 us=817030 config = 'VPN.ovpn'
Thu Aug 17 15:38:28 2006 us=817072 mode = 0
Thu Aug 17 15:38:28 2006 us=817110 show_ciphers = DISABLED
Thu Aug 17 15:38:28 2006 us=817148 show_digests = DISABLED
Thu Aug 17 15:38:28 2006 us=817185 show_engines = DISABLED
Thu Aug 17 15:38:28 2006 us=817222 genkey = DISABLED
Thu Aug 17 15:38:28 2006 us=817259 key_pass_file = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=817297 show_tls_ciphers = DISABLED
Thu Aug 17 15:38:28 2006 us=817334 proto = 0
Thu Aug 17 15:38:28 2006 us=817369 local = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=817411 remote_list[0] = {'xxxx.xx', 1194}
Thu Aug 17 15:38:28 2006 us=817451 remote_random = DISABLED
Thu Aug 17 15:38:28 2006 us=817489 local_port = 1194
Thu Aug 17 15:38:28 2006 us=817527 remote_port = 1194
Thu Aug 17 15:38:28 2006 us=817563 remote_float = DISABLED
Thu Aug 17 15:38:28 2006 us=817601 ipchange = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=817637 bind_local = ENABLED
Thu Aug 17 15:38:28 2006 us=817673 dev = 'tap'
Thu Aug 17 15:38:28 2006 us=817709 dev_type = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=817745 dev_node = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=817781 tun_ipv6 = DISABLED
Thu Aug 17 15:38:28 2006 us=817818 ifconfig_local = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=817855 ifconfig_remote_netmask = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=817893 ifconfig_noexec = DISABLED
Thu Aug 17 15:38:28 2006 us=817930 ifconfig_nowarn = DISABLED
Thu Aug 17 15:38:28 2006 us=817965 shaper = 0
Thu Aug 17 15:38:28 2006 us=818001 tun_mtu = 1500
Thu Aug 17 15:38:28 2006 us=818037 tun_mtu_defined = ENABLED
Thu Aug 17 15:38:28 2006 us=818073 link_mtu = 1500
Thu Aug 17 15:38:28 2006 us=818110 link_mtu_defined = DISABLED
Thu Aug 17 15:38:28 2006 us=818147 tun_mtu_extra = 32
Thu Aug 17 15:38:28 2006 us=818184 tun_mtu_extra_defined = ENABLED
Thu Aug 17 15:38:28 2006 us=818221 fragment = 1400
Thu Aug 17 15:38:28 2006 us=818257 mtu_discover_type = -1
Thu Aug 17 15:38:28 2006 us=818292 mtu_test = 1
Thu Aug 17 15:38:28 2006 us=818327 mlock = DISABLED
Thu Aug 17 15:38:28 2006 us=818363 keepalive_ping = 0
Thu Aug 17 15:38:28 2006 us=818400 keepalive_timeout = 0
Thu Aug 17 15:38:28 2006 us=818437 inactivity_timeout = 0
Thu Aug 17 15:38:28 2006 us=818473 ping_send_timeout = 0
Thu Aug 17 15:38:28 2006 us=818510 ping_rec_timeout = 120
Thu Aug 17 15:38:28 2006 us=818547 ping_rec_timeout_action = 2
Thu Aug 17 15:38:28 2006 us=818583 ping_timer_remote = DISABLED
Thu Aug 17 15:38:28 2006 us=818620 remap_sigusr1 = 0
Thu Aug 17 15:38:28 2006 us=818656 explicit_exit_notification = 0
Thu Aug 17 15:38:28 2006 us=818693 persist_tun = DISABLED
Thu Aug 17 15:38:28 2006 us=818729 persist_local_ip = DISABLED
Thu Aug 17 15:38:28 2006 us=818802 persist_remote_ip = DISABLED
Thu Aug 17 15:38:28 2006 us=818842 persist_key = DISABLED
Thu Aug 17 15:38:28 2006 us=818878 mssfix = 1450
Thu Aug 17 15:38:28 2006 us=818918 resolve_retry_seconds = 1000000000
Thu Aug 17 15:38:28 2006 us=818955 connect_retry_seconds = 5
Thu Aug 17 15:38:28 2006 us=818992 username = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=819028 groupname = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=819069 chroot_dir = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=819105 cd_dir = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=819143 writepid = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=819181 up_script = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=819219 down_script = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=819256 down_pre = DISABLED
Thu Aug 17 15:38:28 2006 us=819294 up_restart = DISABLED
Thu Aug 17 15:38:28 2006 us=819331 up_delay = DISABLED
Thu Aug 17 15:38:28 2006 us=819368 daemon = DISABLED
Thu Aug 17 15:38:28 2006 us=819404 inetd = 0
Thu Aug 17 15:38:28 2006 us=819439 log = DISABLED
Thu Aug 17 15:38:28 2006 us=819477 suppress_timestamps = DISABLED
Thu Aug 17 15:38:28 2006 us=819513 nice = 0
Thu Aug 17 15:38:28 2006 us=819549 verbosity = 4
Thu Aug 17 15:38:28 2006 us=819584 mute = 0
Thu Aug 17 15:38:28 2006 us=824562 gremlin = 0
Thu Aug 17 15:38:28 2006 us=824657 status_file = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=824693 status_file_version = 1
Thu Aug 17 15:38:28 2006 us=824730 status_file_update_freq = 60
Thu Aug 17 15:38:28 2006 us=824766 occ = ENABLED
Thu Aug 17 15:38:28 2006 us=824801 rcvbuf = 0
Thu Aug 17 15:38:28 2006 us=824834 sndbuf = 0
Thu Aug 17 15:38:28 2006 us=824875 socks_proxy_server = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=824953 socks_proxy_port = 0
Thu Aug 17 15:38:28 2006 us=824991 socks_proxy_retry = DISABLED
Thu Aug 17 15:38:28 2006 us=825026 fast_io = DISABLED
Thu Aug 17 15:38:28 2006 us=825060 comp_lzo = ENABLED
Thu Aug 17 15:38:28 2006 us=825095 comp_lzo_adaptive = ENABLED
Thu Aug 17 15:38:28 2006 us=825131 route_script = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=825167 route_default_gateway = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=825203 route_noexec = DISABLED
Thu Aug 17 15:38:28 2006 us=825239 route_delay = 0
Thu Aug 17 15:38:28 2006 us=850657 route_delay_window = 30
Thu Aug 17 15:38:28 2006 us=850744 route_delay_defined = ENABLED
Thu Aug 17 15:38:28 2006 us=850781 management_addr = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=850819 management_port = 0
Thu Aug 17 15:38:28 2006 us=850855 management_user_pass = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=850893 management_log_history_cache = 250
Thu Aug 17 15:38:28 2006 us=850931 management_echo_buffer_size = 100
Thu Aug 17 15:38:28 2006 us=850968 management_query_passwords = DISABLED
Thu Aug 17 15:38:28 2006 us=851005 management_hold = DISABLED
Thu Aug 17 15:38:28 2006 us=851041 shared_secret_file = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=851078 key_direction = 0
Thu Aug 17 15:38:28 2006 us=851113 ciphername_defined = ENABLED
Thu Aug 17 15:38:28 2006 us=851148 ciphername = 'BF-CBC'
Thu Aug 17 15:38:28 2006 us=851185 authname_defined = ENABLED
Thu Aug 17 15:38:28 2006 us=851220 authname = 'SHA1'
Thu Aug 17 15:38:28 2006 us=851254 keysize = 0
Thu Aug 17 15:38:28 2006 us=879235 engine = DISABLED
Thu Aug 17 15:38:28 2006 us=879327 replay = ENABLED
Thu Aug 17 15:38:28 2006 us=879364 mute_replay_warnings = DISABLED
Thu Aug 17 15:38:28 2006 us=879399 replay_window = 64
Thu Aug 17 15:38:28 2006 us=879435 replay_time = 15
Thu Aug 17 15:38:28 2006 us=879472 packet_id_file = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=879510 use_iv = ENABLED
Thu Aug 17 15:38:28 2006 us=879545 test_crypto = DISABLED
Thu Aug 17 15:38:28 2006 us=879580 tls_server = DISABLED
Thu Aug 17 15:38:28 2006 us=879616 tls_client = ENABLED
Thu Aug 17 15:38:28 2006 us=879652 key_method = 2
Thu Aug 17 15:38:28 2006 us=879686 ca_file = 'ca.crt'
Thu Aug 17 15:38:28 2006 us=879722 dh_file = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=879758 cert_file = 'client.crt'
Thu Aug 17 15:38:28 2006 us=879793 priv_key_file = 'client.key'
Thu Aug 17 15:38:28 2006 us=879829 pkcs12_file = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=879864 cryptoapi_cert = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=903037 cipher_list = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=903118 tls_verify = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=903153 tls_remote = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=903190 crl_file = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=903224 ns_cert_type = 0
Thu Aug 17 15:38:28 2006 us=903259 tls_timeout = 2
Thu Aug 17 15:38:28 2006 us=903295 renegotiate_bytes = 0
Thu Aug 17 15:38:28 2006 us=903330 renegotiate_packets = 0
Thu Aug 17 15:38:28 2006 us=903366 renegotiate_seconds = 3600
Thu Aug 17 15:38:28 2006 us=903401 handshake_window = 60
Thu Aug 17 15:38:28 2006 us=903437 transition_window = 3600
Thu Aug 17 15:38:28 2006 us=903473 single_session = DISABLED
Thu Aug 17 15:38:28 2006 us=903516 tls_exit = DISABLED
Thu Aug 17 15:38:28 2006 us=903553 tls_auth_file = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=903667 server_network = 0.0.0.0
Thu Aug 17 15:38:28 2006 us=903710 server_netmask = 0.0.0.0
Thu Aug 17 15:38:28 2006 us=930007 server_bridge_ip = 0.0.0.0
Thu Aug 17 15:38:28 2006 us=930115 server_bridge_netmask = 0.0.0.0
Thu Aug 17 15:38:28 2006 us=930157 server_bridge_pool_start = 0.0.0.0
Thu Aug 17 15:38:28 2006 us=930199 server_bridge_pool_end = 0.0.0.0
Thu Aug 17 15:38:28 2006 us=930240 ifconfig_pool_defined = DISABLED
Thu Aug 17 15:38:28 2006 us=930280 ifconfig_pool_start = 0.0.0.0
Thu Aug 17 15:38:28 2006 us=930319 ifconfig_pool_end = 0.0.0.0
Thu Aug 17 15:38:28 2006 us=930360 ifconfig_pool_netmask = 0.0.0.0
Thu Aug 17 15:38:28 2006 us=930402 ifconfig_pool_persist_filename = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=930443 ifconfig_pool_persist_refresh_freq = 600
Thu Aug 17 15:38:28 2006 us=930481 ifconfig_pool_linear = DISABLED
Thu Aug 17 15:38:28 2006 us=930517 n_bcast_buf = 256
Thu Aug 17 15:38:28 2006 us=930553 tcp_queue_limit = 64
Thu Aug 17 15:38:28 2006 us=930590 real_hash_size = 256
Thu Aug 17 15:38:28 2006 us=930626 virtual_hash_size = 256
Thu Aug 17 15:38:28 2006 us=955115 client_connect_script = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=955193 learn_address_script = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=955235 client_disconnect_script = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=955271 client_config_dir = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=955308 ccd_exclusive = DISABLED
Thu Aug 17 15:38:28 2006 us=955342 tmp_dir = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=955379 push_ifconfig_defined = DISABLED
Thu Aug 17 15:38:28 2006 us=955428 push_ifconfig_local = 0.0.0.0
Thu Aug 17 15:38:28 2006 us=955524 push_ifconfig_remote_netmask = 0.0.0.0
Thu Aug 17 15:38:28 2006 us=955564 enable_c2c = DISABLED
Thu Aug 17 15:38:28 2006 us=955599 duplicate_cn = DISABLED
Thu Aug 17 15:38:28 2006 us=955634 cf_max = 0
Thu Aug 17 15:38:28 2006 us=955669 cf_per = 0
Thu Aug 17 15:38:28 2006 us=955704 max_clients = 1024
Thu Aug 17 15:38:28 2006 us=955740 max_routes_per_client = 256
Thu Aug 17 15:38:28 2006 us=978663 client_cert_not_required = DISABLED
Thu Aug 17 15:38:28 2006 us=978754 username_as_common_name = DISABLED
Thu Aug 17 15:38:28 2006 us=978797 auth_user_pass_verify_script = '[UNDEF]'
Thu Aug 17 15:38:28 2006 us=978838 auth_user_pass_verify_script_via_file = DISABLED
Thu Aug 17 15:38:28 2006 us=978876 client = DISABLED
Thu Aug 17 15:38:28 2006 us=978910 pull = ENABLED
Thu Aug 17 15:38:28 2006 us=978947 auth_user_pass_file = 'stdin'
Thu Aug 17 15:38:28 2006 us=978997 show_net_up = DISABLED
Thu Aug 17 15:38:28 2006 us=979033 route_method = 0
Thu Aug 17 15:38:28 2006 us=979069 ip_win32_defined = DISABLED
Thu Aug 17 15:38:28 2006 us=979104 ip_win32_type = 3
Thu Aug 17 15:38:28 2006 us=979141 dhcp_masq_offset = 0
Thu Aug 17 15:38:28 2006 us=979178 dhcp_lease_time = 31536000
Thu Aug 17 15:38:28 2006 us=979214 tap_sleep = 0
Thu Aug 17 15:38:28 2006 us=979248 dhcp_options = DISABLED
Thu Aug 17 15:38:28 2006 us=979283 dhcp_renew = DISABLED
Thu Aug 17 15:38:29 2006 us=4019 dhcp_pre_release = DISABLED
Thu Aug 17 15:38:29 2006 us=4094 dhcp_release = DISABLED
Thu Aug 17 15:38:29 2006 us=4129 domain = '[UNDEF]'
Thu Aug 17 15:38:29 2006 us=4164 netbios_scope = '[UNDEF]'
Thu Aug 17 15:38:29 2006 us=4199 netbios_node_type = 0
Thu Aug 17 15:38:29 2006 us=4233 disable_nbt = DISABLED
Thu Aug 17 15:38:29 2006 us=4315 OpenVPN 2.0.7 Win32-MinGW [SSL] [LZO] built on Apr 12 2006
Thu Aug 17 15:38:37 2006 us=177356 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Aug 17 15:38:37 2006 us=186985 LZO compression initialized
Thu Aug 17 15:38:37 2006 us=187151 WARNING: using --fragment and --mtu-test together may produce an inaccurate MTU test result
Thu Aug 17 15:38:37 2006 us=192015 Control Channel MTU parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Aug 17 15:38:37 2006 us=218459 Data Channel MTU parms [ L:1578 D:1450 EF:46 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Aug 17 15:38:37 2006 us=218629 Fragmentation MTU parms [ L:1578 D:1400 EF:45 EB:135 ET:33 EL:0 AF:3/1 ]
Thu Aug 17 15:38:37 2006 us=218812 Local Options String: 'V4,dev-type tap,link-mtu 1578,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu Aug 17 15:38:37 2006 us=218873 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1578,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu Aug 17 15:38:37 2006 us=219005 Local Options hash (VER=V4): '9a22532e'
Thu Aug 17 15:38:37 2006 us=219093 Expected Remote Options hash (VER=V4): 'e2a912d8'
Thu Aug 17 15:38:37 2006 us=219239 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Aug 17 15:38:37 2006 us=232482 UDPv4 link local (bound): [undef]:1194
Thu Aug 17 15:38:37 2006 us=232640 UDPv4 link remote: 84.74.34.47:1194
Thu Aug 17 15:38:37 2006 us=235282 TLS: Initial packet from 84.74.34.47:1194, sid=64675f6c 0c534536
Thu Aug 17 15:38:37 2006 us=288901 VERIFY OK: depth=1, /C=CH/ST=EDIT/L=EDIT/O=EDIT/OU=VPN77/CN=Server77/emailAddress=EDIT
Thu Aug 17 15:38:37 2006 us=291395 VERIFY OK: depth=0, /C=CH/ST=EDIT/O=EDIT/OU=VPN77/CN=Server77/emailAddress=EDIT
Thu Aug 17 15:38:37 2006 us=974447 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1578', remote='link-mtu 1577'
Thu Aug 17 15:38:37 2006 us=974722 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Thu Aug 17 15:38:37 2006 us=976208 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Aug 17 15:38:37 2006 us=976269 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 17 15:38:37 2006 us=976503 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Aug 17 15:38:37 2006 us=976559 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 17 15:38:37 2006 us=990056 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Aug 17 15:38:37 2006 us=990291 [Server77] Peer Connection Initiated with 84.74.34.47:1194
Thu Aug 17 15:38:39 2006 us=60503 SENT CONTROL [Server77]: 'PUSH_REQUEST' (status=1)
Thu Aug 17 15:38:39 2006 us=66486 AUTH: Received AUTH_FAILED control message
Thu Aug 17 15:38:39 2006 us=68615 TCP/UDP: Closing socket
Thu Aug 17 15:38:39 2006 us=69169 SIGTERM[soft,auth-failure] received, process exiting
Thu Aug 17 15:38:38 2006 us=563849 Current Parameter Settings:
Thu Aug 17 15:38:38 2006 us=564180 config = 'VPN.ovpn'
Thu Aug 17 15:38:38 2006 us=564223 mode = 0
Thu Aug 17 15:38:38 2006 us=564261 show_ciphers = DISABLED
Thu Aug 17 15:38:38 2006 us=564299 show_digests = DISABLED
Thu Aug 17 15:38:38 2006 us=564336 show_engines = DISABLED
Thu Aug 17 15:38:38 2006 us=564373 genkey = DISABLED
Thu Aug 17 15:38:38 2006 us=564410 key_pass_file = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=564447 show_tls_ciphers = DISABLED
Thu Aug 17 15:38:38 2006 us=564482 proto = 0
Thu Aug 17 15:38:38 2006 us=564518 local = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=564562 remote_list[0] = {'xxxx.xx', 1194}
Thu Aug 17 15:38:38 2006 us=564602 remote_random = DISABLED
Thu Aug 17 15:38:38 2006 us=564639 local_port = 1194
Thu Aug 17 15:38:38 2006 us=564677 remote_port = 1194
Thu Aug 17 15:38:38 2006 us=564714 remote_float = DISABLED
Thu Aug 17 15:38:38 2006 us=564750 ipchange = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=564787 bind_local = ENABLED
Thu Aug 17 15:38:38 2006 us=564823 dev = 'tap'
Thu Aug 17 15:38:38 2006 us=564859 dev_type = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=564896 dev_node = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=564932 tun_ipv6 = DISABLED
Thu Aug 17 15:38:38 2006 us=564970 ifconfig_local = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=565009 ifconfig_remote_netmask = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=565046 ifconfig_noexec = DISABLED
Thu Aug 17 15:38:38 2006 us=565083 ifconfig_nowarn = DISABLED
Thu Aug 17 15:38:38 2006 us=565120 shaper = 0
Thu Aug 17 15:38:38 2006 us=565155 tun_mtu = 1500
Thu Aug 17 15:38:38 2006 us=565191 tun_mtu_defined = ENABLED
Thu Aug 17 15:38:38 2006 us=565227 link_mtu = 1500
Thu Aug 17 15:38:38 2006 us=565265 link_mtu_defined = DISABLED
Thu Aug 17 15:38:38 2006 us=565301 tun_mtu_extra = 32
Thu Aug 17 15:38:38 2006 us=565339 tun_mtu_extra_defined = ENABLED
Thu Aug 17 15:38:38 2006 us=565376 fragment = 1400
Thu Aug 17 15:38:38 2006 us=565412 mtu_discover_type = -1
Thu Aug 17 15:38:38 2006 us=565448 mtu_test = 1
Thu Aug 17 15:38:38 2006 us=565483 mlock = DISABLED
Thu Aug 17 15:38:38 2006 us=565519 keepalive_ping = 0
Thu Aug 17 15:38:38 2006 us=565555 keepalive_timeout = 0
Thu Aug 17 15:38:38 2006 us=565592 inactivity_timeout = 0
Thu Aug 17 15:38:38 2006 us=565629 ping_send_timeout = 0
Thu Aug 17 15:38:38 2006 us=565666 ping_rec_timeout = 120
Thu Aug 17 15:38:38 2006 us=565703 ping_rec_timeout_action = 2
Thu Aug 17 15:38:38 2006 us=565739 ping_timer_remote = DISABLED
Thu Aug 17 15:38:38 2006 us=565776 remap_sigusr1 = 0
Thu Aug 17 15:38:38 2006 us=565812 explicit_exit_notification = 0
Thu Aug 17 15:38:38 2006 us=565849 persist_tun = DISABLED
Thu Aug 17 15:38:38 2006 us=565886 persist_local_ip = DISABLED
Thu Aug 17 15:38:38 2006 us=565964 persist_remote_ip = DISABLED
Thu Aug 17 15:38:38 2006 us=566005 persist_key = DISABLED
Thu Aug 17 15:38:38 2006 us=566044 mssfix = 1450
Thu Aug 17 15:38:38 2006 us=566084 resolve_retry_seconds = 1000000000
Thu Aug 17 15:38:38 2006 us=566121 connect_retry_seconds = 5
Thu Aug 17 15:38:38 2006 us=566159 username = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=566195 groupname = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=566232 chroot_dir = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=566269 cd_dir = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=566305 writepid = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=566343 up_script = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=566382 down_script = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=566421 down_pre = DISABLED
Thu Aug 17 15:38:38 2006 us=566457 up_restart = DISABLED
Thu Aug 17 15:38:38 2006 us=566495 up_delay = DISABLED
Thu Aug 17 15:38:38 2006 us=566532 daemon = DISABLED
Thu Aug 17 15:38:38 2006 us=566568 inetd = 0
Thu Aug 17 15:38:38 2006 us=566604 log = DISABLED
Thu Aug 17 15:38:38 2006 us=566642 suppress_timestamps = DISABLED
Thu Aug 17 15:38:38 2006 us=566678 nice = 0
Thu Aug 17 15:38:38 2006 us=566715 verbosity = 4
Thu Aug 17 15:38:38 2006 us=566751 mute = 0
Thu Aug 17 15:38:38 2006 us=575515 gremlin = 0
Thu Aug 17 15:38:38 2006 us=575634 status_file = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=575672 status_file_version = 1
Thu Aug 17 15:38:38 2006 us=575709 status_file_update_freq = 60
Thu Aug 17 15:38:38 2006 us=575746 occ = ENABLED
Thu Aug 17 15:38:38 2006 us=575781 rcvbuf = 0
Thu Aug 17 15:38:38 2006 us=575815 sndbuf = 0
Thu Aug 17 15:38:38 2006 us=575854 socks_proxy_server = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=575910 socks_proxy_port = 0
Thu Aug 17 15:38:38 2006 us=575948 socks_proxy_retry = DISABLED
Thu Aug 17 15:38:38 2006 us=575982 fast_io = DISABLED
Thu Aug 17 15:38:38 2006 us=576019 comp_lzo = ENABLED
Thu Aug 17 15:38:38 2006 us=576055 comp_lzo_adaptive = ENABLED
Thu Aug 17 15:38:38 2006 us=576091 route_script = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=576128 route_default_gateway = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=576165 route_noexec = DISABLED
Thu Aug 17 15:38:38 2006 us=576201 route_delay = 0
Thu Aug 17 15:38:38 2006 us=603418 route_delay_window = 30
Thu Aug 17 15:38:38 2006 us=603497 route_delay_defined = ENABLED
Thu Aug 17 15:38:38 2006 us=603535 management_addr = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=603573 management_port = 0
Thu Aug 17 15:38:38 2006 us=603608 management_user_pass = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=603647 management_log_history_cache = 250
Thu Aug 17 15:38:38 2006 us=603685 management_echo_buffer_size = 100
Thu Aug 17 15:38:38 2006 us=603724 management_query_passwords = DISABLED
Thu Aug 17 15:38:38 2006 us=603767 management_hold = DISABLED
Thu Aug 17 15:38:38 2006 us=603803 shared_secret_file = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=603842 key_direction = 0
Thu Aug 17 15:38:38 2006 us=603877 ciphername_defined = ENABLED
Thu Aug 17 15:38:38 2006 us=603913 ciphername = 'BF-CBC'
Thu Aug 17 15:38:38 2006 us=603950 authname_defined = ENABLED
Thu Aug 17 15:38:38 2006 us=603985 authname = 'SHA1'
Thu Aug 17 15:38:38 2006 us=604019 keysize = 0
Thu Aug 17 15:38:38 2006 us=628938 engine = DISABLED
Thu Aug 17 15:38:38 2006 us=629008 replay = ENABLED
Thu Aug 17 15:38:38 2006 us=629045 mute_replay_warnings = DISABLED
Thu Aug 17 15:38:38 2006 us=629080 replay_window = 64
Thu Aug 17 15:38:38 2006 us=629115 replay_time = 15
Thu Aug 17 15:38:38 2006 us=629152 packet_id_file = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=629190 use_iv = ENABLED
Thu Aug 17 15:38:38 2006 us=629226 test_crypto = DISABLED
Thu Aug 17 15:38:38 2006 us=629260 tls_server = DISABLED
Thu Aug 17 15:38:38 2006 us=629295 tls_client = ENABLED
Thu Aug 17 15:38:38 2006 us=629331 key_method = 2
Thu Aug 17 15:38:38 2006 us=629366 ca_file = 'ca.crt'
Thu Aug 17 15:38:38 2006 us=629402 dh_file = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=629438 cert_file = 'client.crt'
Thu Aug 17 15:38:38 2006 us=629474 priv_key_file = 'client.key'
Thu Aug 17 15:38:38 2006 us=629509 pkcs12_file = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=629544 cryptoapi_cert = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=652975 cipher_list = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=653043 tls_verify = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=653078 tls_remote = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=653114 crl_file = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=653148 ns_cert_type = 0
Thu Aug 17 15:38:38 2006 us=653183 tls_timeout = 2
Thu Aug 17 15:38:38 2006 us=653218 renegotiate_bytes = 0
Thu Aug 17 15:38:38 2006 us=653254 renegotiate_packets = 0
Thu Aug 17 15:38:38 2006 us=653290 renegotiate_seconds = 3600
Thu Aug 17 15:38:38 2006 us=653326 handshake_window = 60
Thu Aug 17 15:38:38 2006 us=653362 transition_window = 3600
Thu Aug 17 15:38:38 2006 us=653398 single_session = DISABLED
Thu Aug 17 15:38:38 2006 us=653441 tls_exit = DISABLED
Thu Aug 17 15:38:38 2006 us=653478 tls_auth_file = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=653588 server_network = 0.0.0.0
Thu Aug 17 15:38:38 2006 us=653631 server_netmask = 0.0.0.0
Thu Aug 17 15:38:38 2006 us=690306 server_bridge_ip = 0.0.0.0
Thu Aug 17 15:38:38 2006 us=690418 server_bridge_netmask = 0.0.0.0
Thu Aug 17 15:38:38 2006 us=690462 server_bridge_pool_start = 0.0.0.0
Thu Aug 17 15:38:38 2006 us=690504 server_bridge_pool_end = 0.0.0.0
Thu Aug 17 15:38:38 2006 us=690545 ifconfig_pool_defined = DISABLED
Thu Aug 17 15:38:38 2006 us=690585 ifconfig_pool_start = 0.0.0.0
Thu Aug 17 15:38:38 2006 us=690624 ifconfig_pool_end = 0.0.0.0
Thu Aug 17 15:38:38 2006 us=690666 ifconfig_pool_netmask = 0.0.0.0
Thu Aug 17 15:38:38 2006 us=690714 ifconfig_pool_persist_filename = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=690756 ifconfig_pool_persist_refresh_freq = 600
Thu Aug 17 15:38:38 2006 us=690792 ifconfig_pool_linear = DISABLED
Thu Aug 17 15:38:38 2006 us=690831 n_bcast_buf = 256
Thu Aug 17 15:38:38 2006 us=690867 tcp_queue_limit = 64
Thu Aug 17 15:38:38 2006 us=691053 real_hash_size = 256
Thu Aug 17 15:38:38 2006 us=691092 virtual_hash_size = 256
Thu Aug 17 15:38:38 2006 us=716733 client_connect_script = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=716810 learn_address_script = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=716851 client_disconnect_script = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=716887 client_config_dir = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=716924 ccd_exclusive = DISABLED
Thu Aug 17 15:38:38 2006 us=716958 tmp_dir = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=716996 push_ifconfig_defined = DISABLED
Thu Aug 17 15:38:38 2006 us=717046 push_ifconfig_local = 0.0.0.0
Thu Aug 17 15:38:38 2006 us=717088 push_ifconfig_remote_netmask = 0.0.0.0
Thu Aug 17 15:38:38 2006 us=717124 enable_c2c = DISABLED
Thu Aug 17 15:38:38 2006 us=717159 duplicate_cn = DISABLED
Thu Aug 17 15:38:38 2006 us=717195 cf_max = 0
Thu Aug 17 15:38:38 2006 us=717231 cf_per = 0
Thu Aug 17 15:38:38 2006 us=717266 max_clients = 1024
Thu Aug 17 15:38:38 2006 us=717302 max_routes_per_client = 256
Thu Aug 17 15:38:38 2006 us=739917 client_cert_not_required = DISABLED
Thu Aug 17 15:38:38 2006 us=739990 username_as_common_name = DISABLED
Thu Aug 17 15:38:38 2006 us=740032 auth_user_pass_verify_script = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=740074 auth_user_pass_verify_script_via_file = DISABLED
Thu Aug 17 15:38:38 2006 us=740112 client = DISABLED
Thu Aug 17 15:38:38 2006 us=740146 pull = ENABLED
Thu Aug 17 15:38:38 2006 us=740182 auth_user_pass_file = 'stdin'
Thu Aug 17 15:38:38 2006 us=740234 show_net_up = DISABLED
Thu Aug 17 15:38:38 2006 us=740269 route_method = 0
Thu Aug 17 15:38:38 2006 us=740306 ip_win32_defined = DISABLED
Thu Aug 17 15:38:38 2006 us=740342 ip_win32_type = 3
Thu Aug 17 15:38:38 2006 us=740379 dhcp_masq_offset = 0
Thu Aug 17 15:38:38 2006 us=740416 dhcp_lease_time = 31536000
Thu Aug 17 15:38:38 2006 us=740451 tap_sleep = 0
Thu Aug 17 15:38:38 2006 us=740485 dhcp_options = DISABLED
Thu Aug 17 15:38:38 2006 us=740522 dhcp_renew = DISABLED
Thu Aug 17 15:38:38 2006 us=767015 dhcp_pre_release = DISABLED
Thu Aug 17 15:38:38 2006 us=767096 dhcp_release = DISABLED
Thu Aug 17 15:38:38 2006 us=767132 domain = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=767167 netbios_scope = '[UNDEF]'
Thu Aug 17 15:38:38 2006 us=767203 netbios_node_type = 0
Thu Aug 17 15:38:38 2006 us=767238 disable_nbt = DISABLED
Thu Aug 17 15:38:38 2006 us=767319 OpenVPN 2.0.7 Win32-MinGW [SSL] [LZO] built on Apr 12 2006
Thu Aug 17 15:38:45 2006 us=904176 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Aug 17 15:38:45 2006 us=915136 LZO compression initialized
Thu Aug 17 15:38:45 2006 us=915321 WARNING: using --fragment and --mtu-test together may produce an inaccurate MTU test result
Thu Aug 17 15:38:45 2006 us=915750 Control Channel MTU parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Aug 17 15:38:45 2006 us=949249 Data Channel MTU parms [ L:1578 D:1450 EF:46 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Aug 17 15:38:45 2006 us=949418 Fragmentation MTU parms [ L:1578 D:1400 EF:45 EB:135 ET:33 EL:0 AF:3/1 ]
Thu Aug 17 15:38:45 2006 us=949596 Local Options String: 'V4,dev-type tap,link-mtu 1578,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Thu Aug 17 15:38:45 2006 us=949658 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1578,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Thu Aug 17 15:38:45 2006 us=949788 Local Options hash (VER=V4): '9a22532e'
Thu Aug 17 15:38:45 2006 us=949876 Expected Remote Options hash (VER=V4): 'e2a912d8'
Thu Aug 17 15:38:45 2006 us=950020 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Aug 17 15:38:45 2006 us=961792 UDPv4 link local (bound): [undef]:1194
Thu Aug 17 15:38:45 2006 us=961940 UDPv4 link remote: 84.74.34.47:1194
Thu Aug 17 15:38:45 2006 us=975605 TLS: Initial packet from 84.74.34.47:1194, sid=f0eaf085 1505f13b
Thu Aug 17 15:38:46 2006 us=25476 VERIFY OK: depth=1, /C=CH/ST=EDIT/L=EDIT/O=EDIT/OU=VPN77/CN=Server77/emailAddress=EDIT
Thu Aug 17 15:38:46 2006 us=27948 VERIFY OK: depth=0, /C=CH/ST=EDIT/O=EDIT/OU=VPN77/CN=Server77/emailAddress=EDIT
Thu Aug 17 15:38:46 2006 us=681169 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1578', remote='link-mtu 1577'
Thu Aug 17 15:38:46 2006 us=681444 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Thu Aug 17 15:38:46 2006 us=687489 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Aug 17 15:38:46 2006 us=687622 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 17 15:38:46 2006 us=687856 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Aug 17 15:38:46 2006 us=687912 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Aug 17 15:38:46 2006 us=696244 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Aug 17 15:38:46 2006 us=696459 [Server77] Peer Connection Initiated with 84.74.34.47:1194
Thu Aug 17 15:38:47 2006 us=814538 SENT CONTROL [Server77]: 'PUSH_REQUEST' (status=1)
Thu Aug 17 15:38:47 2006 us=820652 PUSH: Received control message: 'PUSH_REPLY,ping 10,ping-restart 120,dhcp-option DOMAIN xxxx.xx,dhcp-option DNS 192.168.0.1,dhcp-option WINS 192.168.0.1,route-gateway 192.168.0.1,ifconfig 192.168.0.200 255.255.255.0'
Thu Aug 17 15:38:47 2006 us=821053 OPTIONS IMPORT: timers and/or timeouts modified
Thu Aug 17 15:38:47 2006 us=821103 OPTIONS IMPORT: --ifconfig/up options modified
Thu Aug 17 15:38:47 2006 us=821146 OPTIONS IMPORT: route options modified
Thu Aug 17 15:38:47 2006 us=821190 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Aug 17 15:38:47 2006 us=842888 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{432212A5-868E-4798-8FF3-DBDC53124403}.tap
Thu Aug 17 15:38:47 2006 us=845383 TAP-Win32 Driver Version 8.1
Thu Aug 17 15:38:47 2006 us=847355 TAP-Win32 MTU=1500
Thu Aug 17 15:38:47 2006 us=849319 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.0.200/255.255.255.0 on interface {432212A5-868E-4798-8FF3-DBDC53124403} [DHCP-serv: 192.168.0.0, lease-time: 31536000]
Thu Aug 17 15:38:47 2006 us=849488 DHCP option string: 0f0d6265 726e6172 646f6e69 2e636806 04c0a800 012c04c0 a80001
Thu Aug 17 15:38:47 2006 us=880573 Successful ARP Flush on interface [4] {432212A5-868E-4798-8FF3-DBDC53124403}
Thu Aug 17 15:38:48 2006 us=127997 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Aug 17 15:38:48 2006 us=128140 Route: Waiting for TUN/TAP interface to come up...
Thu Aug 17 15:38:49 2006 us=250380 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Aug 17 15:38:49 2006 us=250517 Route: Waiting for TUN/TAP interface to come up...
Thu Aug 17 15:38:49 2006 us=250602 NOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.
Thu Aug 17 15:38:50 2006 us=382157 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
Thu Aug 17 15:38:50 2006 us=382322 Route: Waiting for TUN/TAP interface to come up...
Thu Aug 17 15:38:51 2006 us=511250 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Thu Aug 17 15:38:51 2006 us=511412 Initialization Sequence Completed
Thu Aug 17 15:38:57 2006 us=744991 Bad LZO decompression header byte: 42
-
looks like you have configured your client to use lzo compression and you disabled it on the server side:
'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Once you have set your server like you want, you should use the auto generated client config file from the panel, it should work then
-
You are right! Now it's working perfectly.
Thanks a lot for your help and for your nice job with contrib and how-to.
Cheers, Fred
-
VIP-ire,
i have tried still the teh error the same, will have to test it in a pc as it is running in a vmware.
i also have a ipvpn already and its ip 192.168.0.1.0 connected to the network would this complicate with the your openvpn?
please advice?
-
hi trying to install on a sme 7 final with serveronly mode. i got the ff error upon building key client.
[root@smeserver7 easy-rsa]# ./build-key client
Generating a 1024 bit RSA private key
.......................++++++
.....................++++++
writing new private key to 'client.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) [XX]:
Locality Name (eg, city) [XX]:
Organization Name (eg, company) [VPN]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:Server
Email Address [admin@xxxxxxxxxxxx.xxx.xx]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'XX'
stateOrProvinceName :PRINTABLE:'XX'
localityName :PRINTABLE:'XX'
organizationName :PRINTABLE:'VPN'
commonName :PRINTABLE:'Server'
emailAddress :IA5STRING:'admin@xxxxxxx.xxx.xx'
Certificate is to be certified until Aug 14 05:24:14 2016 GMT (3650 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
[root@smeserver7 easy-rsa]#
anyone can help me please.
thanks,
You need to have a FQDN as the commonName eg. server.domain.com
that will turf the errror.
-
VIP-Ire
I used your howto, which helped... but I'm getting connection errors that I cannot explain. My Client Log is shown below:
Mon Nov 06 08:46:16 2006 us=90503 Current Parameter Settings:
Mon Nov 06 08:46:16 2006 us=90594 config = 'VPN.ovpn'
Mon Nov 06 08:46:16 2006 us=90605 mode = 0
Mon Nov 06 08:46:16 2006 us=90615 show_ciphers = DISABLED
Mon Nov 06 08:46:16 2006 us=90625 show_digests = DISABLED
Mon Nov 06 08:46:16 2006 us=90634 show_engines = DISABLED
Mon Nov 06 08:46:16 2006 us=90643 genkey = DISABLED
Mon Nov 06 08:46:16 2006 us=90652 key_pass_file = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=90660 show_tls_ciphers = DISABLED
Mon Nov 06 08:46:16 2006 us=90668 proto = 0
Mon Nov 06 08:46:16 2006 us=90676 local = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=90686 remote_list[0] = {'XXXXXX', 1194}
Mon Nov 06 08:46:16 2006 us=90697 remote_random = DISABLED
Mon Nov 06 08:46:16 2006 us=90706 local_port = 1194
Mon Nov 06 08:46:16 2006 us=90714 remote_port = 1194
Mon Nov 06 08:46:16 2006 us=90723 remote_float = DISABLED
Mon Nov 06 08:46:16 2006 us=90737 ipchange = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=90746 bind_local = ENABLED
Mon Nov 06 08:46:16 2006 us=90754 dev = 'tap'
Mon Nov 06 08:46:16 2006 us=90762 dev_type = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=90770 dev_node = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=90778 tun_ipv6 = DISABLED
Mon Nov 06 08:46:16 2006 us=90787 ifconfig_local = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=90796 ifconfig_remote_netmask = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=90807 ifconfig_noexec = DISABLED
Mon Nov 06 08:46:16 2006 us=90815 ifconfig_nowarn = DISABLED
Mon Nov 06 08:46:16 2006 us=90824 shaper = 0
Mon Nov 06 08:46:16 2006 us=90831 tun_mtu = 1500
Mon Nov 06 08:46:16 2006 us=90839 tun_mtu_defined = ENABLED
Mon Nov 06 08:46:16 2006 us=90847 link_mtu = 1500
Mon Nov 06 08:46:16 2006 us=90856 link_mtu_defined = DISABLED
Mon Nov 06 08:46:16 2006 us=90865 tun_mtu_extra = 32
Mon Nov 06 08:46:16 2006 us=90874 tun_mtu_extra_defined = ENABLED
Mon Nov 06 08:46:16 2006 us=90884 fragment = 1400
Mon Nov 06 08:46:16 2006 us=90893 mtu_discover_type = -1
Mon Nov 06 08:46:16 2006 us=90901 mtu_test = 1
Mon Nov 06 08:46:16 2006 us=90910 mlock = DISABLED
Mon Nov 06 08:46:16 2006 us=90919 keepalive_ping = 0
Mon Nov 06 08:46:16 2006 us=90928 keepalive_timeout = 0
Mon Nov 06 08:46:16 2006 us=90936 inactivity_timeout = 0
Mon Nov 06 08:46:16 2006 us=90945 ping_send_timeout = 0
Mon Nov 06 08:46:16 2006 us=90967 ping_rec_timeout = 120
Mon Nov 06 08:46:16 2006 us=90977 ping_rec_timeout_action = 2
Mon Nov 06 08:46:16 2006 us=90985 ping_timer_remote = DISABLED
Mon Nov 06 08:46:16 2006 us=90993 remap_sigusr1 = 0
Mon Nov 06 08:46:16 2006 us=91002 explicit_exit_notification = 0
Mon Nov 06 08:46:16 2006 us=91010 persist_tun = DISABLED
Mon Nov 06 08:46:16 2006 us=91021 persist_local_ip = DISABLED
Mon Nov 06 08:46:16 2006 us=91029 persist_remote_ip = DISABLED
Mon Nov 06 08:46:16 2006 us=91037 persist_key = DISABLED
Mon Nov 06 08:46:16 2006 us=91046 mssfix = 1450
Mon Nov 06 08:46:16 2006 us=91056 resolve_retry_seconds = 1000000000
Mon Nov 06 08:46:16 2006 us=91065 connect_retry_seconds = 5
Mon Nov 06 08:46:16 2006 us=91073 username = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=91084 groupname = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=91093 chroot_dir = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=91102 cd_dir = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=91110 writepid = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=91117 up_script = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=91126 down_script = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=91135 down_pre = DISABLED
Mon Nov 06 08:46:16 2006 us=91144 up_restart = DISABLED
Mon Nov 06 08:46:16 2006 us=91152 up_delay = DISABLED
Mon Nov 06 08:46:16 2006 us=91167 daemon = DISABLED
Mon Nov 06 08:46:16 2006 us=91175 inetd = 0
Mon Nov 06 08:46:16 2006 us=91183 log = DISABLED
Mon Nov 06 08:46:16 2006 us=91192 suppress_timestamps = DISABLED
Mon Nov 06 08:46:16 2006 us=91200 nice = 0
Mon Nov 06 08:46:16 2006 us=91209 verbosity = 4
Mon Nov 06 08:46:16 2006 us=91217 mute = 0
Mon Nov 06 08:46:16 2006 us=295010 gremlin = 0
Mon Nov 06 08:46:16 2006 us=295029 status_file = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=295037 status_file_version = 1
Mon Nov 06 08:46:16 2006 us=295044 status_file_update_freq = 60
Mon Nov 06 08:46:16 2006 us=295051 occ = ENABLED
Mon Nov 06 08:46:16 2006 us=295057 rcvbuf = 0
Mon Nov 06 08:46:16 2006 us=295065 sndbuf = 0
Mon Nov 06 08:46:16 2006 us=295073 socks_proxy_server = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=295089 socks_proxy_port = 0
Mon Nov 06 08:46:16 2006 us=295097 socks_proxy_retry = DISABLED
Mon Nov 06 08:46:16 2006 us=295103 fast_io = DISABLED
Mon Nov 06 08:46:16 2006 us=295110 comp_lzo = ENABLED
Mon Nov 06 08:46:16 2006 us=295117 comp_lzo_adaptive = ENABLED
Mon Nov 06 08:46:16 2006 us=295124 route_script = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=295131 route_default_gateway = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=295139 route_noexec = DISABLED
Mon Nov 06 08:46:16 2006 us=295146 route_delay = 0
Mon Nov 06 08:46:16 2006 us=306715 route_delay_window = 30
Mon Nov 06 08:46:16 2006 us=306731 route_delay_defined = ENABLED
Mon Nov 06 08:46:16 2006 us=306739 management_addr = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=306746 management_port = 0
Mon Nov 06 08:46:16 2006 us=306754 management_user_pass = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=306762 management_log_history_cache = 250
Mon Nov 06 08:46:16 2006 us=306769 management_echo_buffer_size = 100
Mon Nov 06 08:46:16 2006 us=306777 management_query_passwords = DISABLED
Mon Nov 06 08:46:16 2006 us=306785 management_hold = DISABLED
Mon Nov 06 08:46:16 2006 us=306807 shared_secret_file = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=306827 key_direction = 0
Mon Nov 06 08:46:16 2006 us=306835 ciphername_defined = ENABLED
Mon Nov 06 08:46:16 2006 us=306842 ciphername = 'AES-128-CBC'
Mon Nov 06 08:46:16 2006 us=306849 authname_defined = ENABLED
Mon Nov 06 08:46:16 2006 us=306856 authname = 'SHA1'
Mon Nov 06 08:46:16 2006 us=306863 keysize = 0
Mon Nov 06 08:46:16 2006 us=320127 engine = DISABLED
Mon Nov 06 08:46:16 2006 us=320160 replay = ENABLED
Mon Nov 06 08:46:16 2006 us=320181 mute_replay_warnings = DISABLED
Mon Nov 06 08:46:16 2006 us=320192 replay_window = 64
Mon Nov 06 08:46:16 2006 us=320199 replay_time = 15
Mon Nov 06 08:46:16 2006 us=320206 packet_id_file = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=320213 use_iv = ENABLED
Mon Nov 06 08:46:16 2006 us=320220 test_crypto = DISABLED
Mon Nov 06 08:46:16 2006 us=320227 tls_server = DISABLED
Mon Nov 06 08:46:16 2006 us=320235 tls_client = ENABLED
Mon Nov 06 08:46:16 2006 us=320242 key_method = 2
Mon Nov 06 08:46:16 2006 us=320249 ca_file = 'ca.crt'
Mon Nov 06 08:46:16 2006 us=320256 dh_file = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=320264 cert_file = 'client.crt'
Mon Nov 06 08:46:16 2006 us=320271 priv_key_file = 'client.key'
Mon Nov 06 08:46:16 2006 us=320278 pkcs12_file = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=320285 cryptoapi_cert = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=331680 cipher_list = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=331691 tls_verify = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=331698 tls_remote = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=331708 crl_file = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=331725 ns_cert_type = 0
Mon Nov 06 08:46:16 2006 us=331744 tls_timeout = 2
Mon Nov 06 08:46:16 2006 us=331752 renegotiate_bytes = 0
Mon Nov 06 08:46:16 2006 us=331759 renegotiate_packets = 0
Mon Nov 06 08:46:16 2006 us=331767 renegotiate_seconds = 3600
Mon Nov 06 08:46:16 2006 us=331775 handshake_window = 60
Mon Nov 06 08:46:16 2006 us=331782 transition_window = 3600
Mon Nov 06 08:46:16 2006 us=331789 single_session = DISABLED
Mon Nov 06 08:46:16 2006 us=331796 tls_exit = DISABLED
Mon Nov 06 08:46:16 2006 us=331803 tls_auth_file = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=331826 server_network = 0.0.0.0
Mon Nov 06 08:46:16 2006 us=331835 server_netmask = 0.0.0.0
Mon Nov 06 08:46:16 2006 us=430214 server_bridge_ip = 0.0.0.0
Mon Nov 06 08:46:16 2006 us=430261 server_bridge_netmask = 0.0.0.0
Mon Nov 06 08:46:16 2006 us=430273 server_bridge_pool_start = 0.0.0.0
Mon Nov 06 08:46:16 2006 us=430281 server_bridge_pool_end = 0.0.0.0
Mon Nov 06 08:46:16 2006 us=430290 ifconfig_pool_defined = DISABLED
Mon Nov 06 08:46:16 2006 us=430300 ifconfig_pool_start = 0.0.0.0
Mon Nov 06 08:46:16 2006 us=430308 ifconfig_pool_end = 0.0.0.0
Mon Nov 06 08:46:16 2006 us=430316 ifconfig_pool_netmask = 0.0.0.0
Mon Nov 06 08:46:16 2006 us=430326 ifconfig_pool_persist_filename = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=430334 ifconfig_pool_persist_refresh_freq = 600
Mon Nov 06 08:46:16 2006 us=430342 ifconfig_pool_linear = DISABLED
Mon Nov 06 08:46:16 2006 us=430349 n_bcast_buf = 256
Mon Nov 06 08:46:16 2006 us=430356 tcp_queue_limit = 64
Mon Nov 06 08:46:16 2006 us=430363 real_hash_size = 256
Mon Nov 06 08:46:16 2006 us=430370 virtual_hash_size = 256
Mon Nov 06 08:46:16 2006 us=442026 client_connect_script = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=442038 learn_address_script = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=442046 client_disconnect_script = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=442057 client_config_dir = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=442074 ccd_exclusive = DISABLED
Mon Nov 06 08:46:16 2006 us=442094 tmp_dir = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=442103 push_ifconfig_defined = DISABLED
Mon Nov 06 08:46:16 2006 us=442113 push_ifconfig_local = 0.0.0.0
Mon Nov 06 08:46:16 2006 us=442121 push_ifconfig_remote_netmask = 0.0.0.0
Mon Nov 06 08:46:16 2006 us=442129 enable_c2c = DISABLED
Mon Nov 06 08:46:16 2006 us=442136 duplicate_cn = DISABLED
Mon Nov 06 08:46:16 2006 us=442143 cf_max = 0
Mon Nov 06 08:46:16 2006 us=442150 cf_per = 0
Mon Nov 06 08:46:16 2006 us=442157 max_clients = 1024
Mon Nov 06 08:46:16 2006 us=442164 max_routes_per_client = 256
Mon Nov 06 08:46:16 2006 us=452525 client_cert_not_required = DISABLED
Mon Nov 06 08:46:16 2006 us=452536 username_as_common_name = DISABLED
Mon Nov 06 08:46:16 2006 us=452543 auth_user_pass_verify_script = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=452565 auth_user_pass_verify_script_via_file = DISABLED
Mon Nov 06 08:46:16 2006 us=445740 client = DISABLED
Mon Nov 06 08:46:16 2006 us=452593 pull = ENABLED
Mon Nov 06 08:46:16 2006 us=452601 auth_user_pass_file = 'stdin'
Mon Nov 06 08:46:16 2006 us=452611 show_net_up = DISABLED
Mon Nov 06 08:46:16 2006 us=452618 route_method = 0
Mon Nov 06 08:46:16 2006 us=452625 ip_win32_defined = DISABLED
Mon Nov 06 08:46:16 2006 us=452632 ip_win32_type = 3
Mon Nov 06 08:46:16 2006 us=452639 dhcp_masq_offset = 0
Mon Nov 06 08:46:16 2006 us=452646 dhcp_lease_time = 31536000
Mon Nov 06 08:46:16 2006 us=452653 tap_sleep = 0
Mon Nov 06 08:46:16 2006 us=452660 dhcp_options = DISABLED
Mon Nov 06 08:46:16 2006 us=452667 dhcp_renew = DISABLED
Mon Nov 06 08:46:16 2006 us=511559 dhcp_pre_release = DISABLED
Mon Nov 06 08:46:16 2006 us=511593 dhcp_release = DISABLED
Mon Nov 06 08:46:16 2006 us=511614 domain = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=511622 netbios_scope = '[UNDEF]'
Mon Nov 06 08:46:16 2006 us=511629 netbios_node_type = 0
Mon Nov 06 08:46:16 2006 us=511636 disable_nbt = DISABLED
Mon Nov 06 08:46:16 2006 us=511657 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Mon Nov 06 08:46:21 2006 us=101413 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Nov 06 08:46:21 2006 us=101810 Cannot load certificate file client.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Mon Nov 06 08:46:21 2006 us=101847 Exiting
Server Log:
Mon Nov 6 08:44:47 2006 OpenVPN 2.0.7 i386-redhat-linux-gnu [SSL] [LZO] [EPOLL] built on Apr 29 2006
Mon Nov 6 08:44:47 2006 WARNING: --keepalive option is missing from server config
Mon Nov 6 08:44:47 2006 Diffie-Hellman initialized with 1024 bit key
Mon Nov 6 08:44:47 2006 TLS-Auth MTU parms [ L:1590 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Nov 6 08:44:47 2006 TUN/TAP device tap0 opened
Mon Nov 6 08:44:47 2006 Data Channel MTU parms [ L:1590 D:1400 EF:58 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Nov 6 08:44:47 2006 UDPv4 link local (bound): [undef]:1194
Mon Nov 6 08:44:47 2006 UDPv4 link remote: [undef]
Mon Nov 6 08:44:47 2006 MULTI: multi_init called, r=256 v=256
Mon Nov 6 08:44:47 2006 IFCONFIG POOL: base=10.10.1.200 size=51
Mon Nov 6 08:44:47 2006 Initialization Sequence Completed
I went through, I even reinstalled the Server, then a fresh install of your solution..and still get these symptoms. Help?
-
This happened to me as well. It worked when I used a different Distinguish Name when creating for each client cert.
-
OK, thanks for the DN tip.. tried that and it seems to have solved one problem. Thing is, now I can't finish the connection. here's my Client Log (abridged a bit):
Mon Nov 06 12:11:25 2006 us=316878 Current Parameter Settings:
Mon Nov 06 12:11:25 2006 us=316922 config = 'VPN.ovpn'
Mon Nov 06 12:11:25 2006 us=316930 mode = 0
Mon Nov 06 12:11:25 2006 us=316938 show_ciphers = DISABLED
Mon Nov 06 12:11:25 2006 us=316945 show_digests = DISABLED
Mon Nov 06 12:11:25 2006 us=316952 show_engines = DISABLED
Mon Nov 06 12:11:25 2006 us=316961 genkey = DISABLED
Mon Nov 06 12:11:25 2006 us=316968 key_pass_file = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=316976 show_tls_ciphers = DISABLED
Mon Nov 06 12:11:25 2006 us=316984 proto = 0
Mon Nov 06 12:11:25 2006 us=316996 local = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=317005 remote_list[0] = {'XXX.XXX.XXX.XXX', 1194}
Mon Nov 06 12:11:25 2006 us=317013 remote_random = DISABLED
Mon Nov 06 12:11:25 2006 us=317020 local_port = 1194
Mon Nov 06 12:11:25 2006 us=317028 remote_port = 1194
Mon Nov 06 12:11:25 2006 us=317035 remote_float = DISABLED
Mon Nov 06 12:11:25 2006 us=317042 ipchange = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=317049 bind_local = ENABLED
Mon Nov 06 12:11:25 2006 us=317056 dev = 'tap'
Mon Nov 06 12:11:25 2006 us=317064 dev_type = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=317071 dev_node = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=317079 tun_ipv6 = DISABLED
Mon Nov 06 12:11:25 2006 us=317086 ifconfig_local = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=317094 ifconfig_remote_netmask = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=317102 ifconfig_noexec = DISABLED
Mon Nov 06 12:11:25 2006 us=317109 ifconfig_nowarn = DISABLED
Mon Nov 06 12:11:25 2006 us=317116 shaper = 0
Mon Nov 06 12:11:25 2006 us=317124 tun_mtu = 1500
Mon Nov 06 12:11:25 2006 us=317132 tun_mtu_defined = ENABLED
Mon Nov 06 12:11:25 2006 us=317139 link_mtu = 1500
Mon Nov 06 12:11:25 2006 us=317146 link_mtu_defined = DISABLED
Mon Nov 06 12:11:25 2006 us=317154 tun_mtu_extra = 32
Mon Nov 06 12:11:25 2006 us=317162 tun_mtu_extra_defined = ENABLED
Mon Nov 06 12:11:25 2006 us=317169 fragment = 1400
Mon Nov 06 12:11:25 2006 us=317176 mtu_discover_type = -1
Mon Nov 06 12:11:25 2006 us=317184 mtu_test = 1
Mon Nov 06 12:11:25 2006 us=317191 mlock = DISABLED
Mon Nov 06 12:11:25 2006 us=317199 keepalive_ping = 0
Mon Nov 06 12:11:25 2006 us=317206 keepalive_timeout = 0
Mon Nov 06 12:11:25 2006 us=317213 inactivity_timeout = 0
Mon Nov 06 12:11:25 2006 us=317221 ping_send_timeout = 0
Mon Nov 06 12:11:25 2006 us=317231 ping_rec_timeout = 120
Mon Nov 06 12:11:25 2006 us=317239 ping_rec_timeout_action = 2
Mon Nov 06 12:11:25 2006 us=317247 ping_timer_remote = DISABLED
Mon Nov 06 12:11:25 2006 us=317254 remap_sigusr1 = 0
Mon Nov 06 12:11:25 2006 us=317262 explicit_exit_notification = 0
Mon Nov 06 12:11:25 2006 us=317269 persist_tun = DISABLED
Mon Nov 06 12:11:25 2006 us=317277 persist_local_ip = DISABLED
Mon Nov 06 12:11:25 2006 us=317285 persist_remote_ip = DISABLED
Mon Nov 06 12:11:25 2006 us=317293 persist_key = DISABLED
Mon Nov 06 12:11:25 2006 us=317300 mssfix = 1450
Mon Nov 06 12:11:25 2006 us=317308 resolve_retry_seconds = 1000000000
Mon Nov 06 12:11:25 2006 us=317316 connect_retry_seconds = 5
Mon Nov 06 12:11:25 2006 us=317323 username = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=317331 groupname = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=317338 chroot_dir = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=317346 cd_dir = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=317353 writepid = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=317360 up_script = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=317368 down_script = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=317375 down_pre = DISABLED
Mon Nov 06 12:11:25 2006 us=317382 up_restart = DISABLED
Mon Nov 06 12:11:25 2006 us=317390 up_delay = DISABLED
Mon Nov 06 12:11:25 2006 us=317397 daemon = DISABLED
Mon Nov 06 12:11:25 2006 us=317404 inetd = 0
Mon Nov 06 12:11:25 2006 us=317411 log = DISABLED
Mon Nov 06 12:11:25 2006 us=317423 suppress_timestamps = DISABLED
Mon Nov 06 12:11:25 2006 us=317430 nice = 0
Mon Nov 06 12:11:25 2006 us=317437 verbosity = 9
Mon Nov 06 12:11:25 2006 us=512640 mute = 0
Mon Nov 06 12:11:25 2006 us=512697 gremlin = 0
Mon Nov 06 12:11:25 2006 us=512706 status_file = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=512715 status_file_version = 1
Mon Nov 06 12:11:25 2006 us=512723 status_file_update_freq = 60
Mon Nov 06 12:11:25 2006 us=512730 occ = ENABLED
Mon Nov 06 12:11:25 2006 us=512738 rcvbuf = 0
Mon Nov 06 12:11:25 2006 us=512746 sndbuf = 0
Mon Nov 06 12:11:25 2006 us=512755 socks_proxy_server = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=512771 socks_proxy_port = 0
Mon Nov 06 12:11:25 2006 us=512779 socks_proxy_retry = DISABLED
Mon Nov 06 12:11:25 2006 us=512787 fast_io = DISABLED
Mon Nov 06 12:11:25 2006 us=512794 comp_lzo = ENABLED
Mon Nov 06 12:11:25 2006 us=512802 comp_lzo_adaptive = ENABLED
Mon Nov 06 12:11:25 2006 us=512809 route_script = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=512818 route_default_gateway = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=512825 route_noexec = DISABLED
Mon Nov 06 12:11:25 2006 us=537079 route_delay = 0
Mon Nov 06 12:11:25 2006 us=537095 route_delay_window = 30
Mon Nov 06 12:11:25 2006 us=537102 route_delay_defined = ENABLED
Mon Nov 06 12:11:25 2006 us=537109 management_addr = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=537117 management_port = 0
Mon Nov 06 12:11:25 2006 us=537125 management_user_pass = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=537132 management_log_history_cache = 250
Mon Nov 06 12:11:25 2006 us=537140 management_echo_buffer_size = 100
Mon Nov 06 12:11:25 2006 us=537147 management_query_passwords = DISABLED
Mon Nov 06 12:11:25 2006 us=537154 management_hold = DISABLED
Mon Nov 06 12:11:25 2006 us=537177 shared_secret_file = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=537202 key_direction = 0
Mon Nov 06 12:11:25 2006 us=537211 ciphername_defined = ENABLED
Mon Nov 06 12:11:25 2006 us=537218 ciphername = 'AES-128-CBC'
Mon Nov 06 12:11:25 2006 us=537226 authname_defined = ENABLED
Mon Nov 06 12:11:25 2006 us=537234 authname = 'SHA1'
Mon Nov 06 12:11:25 2006 us=548984 keysize = 0
Mon Nov 06 12:11:25 2006 us=548994 engine = DISABLED
Mon Nov 06 12:11:25 2006 us=549001 replay = ENABLED
Mon Nov 06 12:11:25 2006 us=549012 mute_replay_warnings = DISABLED
Mon Nov 06 12:11:25 2006 us=549030 replay_window = 64
Mon Nov 06 12:11:25 2006 us=549050 replay_time = 15
Mon Nov 06 12:11:25 2006 us=549058 packet_id_file = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=549065 use_iv = ENABLED
Mon Nov 06 12:11:25 2006 us=549072 test_crypto = DISABLED
Mon Nov 06 12:11:25 2006 us=549079 tls_server = DISABLED
Mon Nov 06 12:11:25 2006 us=549087 tls_client = ENABLED
Mon Nov 06 12:11:25 2006 us=549095 key_method = 2
Mon Nov 06 12:11:25 2006 us=549103 ca_file = 'ca.crt'
Mon Nov 06 12:11:25 2006 us=549111 dh_file = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=549119 cert_file = 'client.crt'
Mon Nov 06 12:11:25 2006 us=549126 priv_key_file = 'client.key'
Mon Nov 06 12:11:25 2006 us=549133 pkcs12_file = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=559686 cryptoapi_cert = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=559697 cipher_list = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=559704 tls_verify = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=559713 tls_remote = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=559731 crl_file = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=559753 ns_cert_type = 0
Mon Nov 06 12:11:25 2006 us=559761 tls_timeout = 2
Mon Nov 06 12:11:25 2006 us=559768 renegotiate_bytes = 0
Mon Nov 06 12:11:25 2006 us=559775 renegotiate_packets = 0
Mon Nov 06 12:11:25 2006 us=559782 renegotiate_seconds = 3600
Mon Nov 06 12:11:25 2006 us=559790 handshake_window = 60
Mon Nov 06 12:11:25 2006 us=559798 transition_window = 3600
Mon Nov 06 12:11:25 2006 us=559806 single_session = DISABLED
Mon Nov 06 12:11:25 2006 us=559813 tls_exit = DISABLED
Mon Nov 06 12:11:25 2006 us=559821 tls_auth_file = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=559845 server_network = 0.0.0.0
Mon Nov 06 12:11:25 2006 us=698033 server_netmask = 0.0.0.0
Mon Nov 06 12:11:25 2006 us=698074 server_bridge_ip = 0.0.0.0
Mon Nov 06 12:11:25 2006 us=698090 server_bridge_netmask = 0.0.0.0
Mon Nov 06 12:11:25 2006 us=698099 server_bridge_pool_start = 0.0.0.0
Mon Nov 06 12:11:25 2006 us=698108 server_bridge_pool_end = 0.0.0.0
Mon Nov 06 12:11:25 2006 us=698117 ifconfig_pool_defined = DISABLED
Mon Nov 06 12:11:25 2006 us=698125 ifconfig_pool_start = 0.0.0.0
Mon Nov 06 12:11:25 2006 us=698133 ifconfig_pool_end = 0.0.0.0
Mon Nov 06 12:11:25 2006 us=698141 ifconfig_pool_netmask = 0.0.0.0
Mon Nov 06 12:11:25 2006 us=698150 ifconfig_pool_persist_filename = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=698160 ifconfig_pool_persist_refresh_freq = 600
Mon Nov 06 12:11:25 2006 us=698169 ifconfig_pool_linear = DISABLED
Mon Nov 06 12:11:25 2006 us=698177 n_bcast_buf = 256
Mon Nov 06 12:11:25 2006 us=698184 tcp_queue_limit = 64
Mon Nov 06 12:11:25 2006 us=698192 real_hash_size = 256
Mon Nov 06 12:11:25 2006 us=709618 virtual_hash_size = 256
Mon Nov 06 12:11:25 2006 us=709631 client_connect_script = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=709659 learn_address_script = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=709681 client_disconnect_script = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=709689 client_config_dir = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=709696 ccd_exclusive = DISABLED
Mon Nov 06 12:11:25 2006 us=709703 tmp_dir = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=709711 push_ifconfig_defined = DISABLED
Mon Nov 06 12:11:25 2006 us=709720 push_ifconfig_local = 0.0.0.0
Mon Nov 06 12:11:25 2006 us=709728 push_ifconfig_remote_netmask = 0.0.0.0
Mon Nov 06 12:11:25 2006 us=709737 enable_c2c = DISABLED
Mon Nov 06 12:11:25 2006 us=709744 duplicate_cn = DISABLED
Mon Nov 06 12:11:25 2006 us=709752 cf_max = 0
Mon Nov 06 12:11:25 2006 us=709759 cf_per = 0
Mon Nov 06 12:11:25 2006 us=709766 max_clients = 1024
Mon Nov 06 12:11:25 2006 us=726545 max_routes_per_client = 256
Mon Nov 06 12:11:25 2006 us=726580 client_cert_not_required = DISABLED
Mon Nov 06 12:11:25 2006 us=726602 username_as_common_name = DISABLED
Mon Nov 06 12:11:25 2006 us=726611 auth_user_pass_verify_script = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=726620 auth_user_pass_verify_script_via_file = DISABLED
Mon Nov 06 12:11:25 2006 us=726628 client = DISABLED
Mon Nov 06 12:11:25 2006 us=726635 pull = ENABLED
Mon Nov 06 12:11:25 2006 us=726642 auth_user_pass_file = 'stdin'
Mon Nov 06 12:11:25 2006 us=726652 show_net_up = DISABLED
Mon Nov 06 12:11:25 2006 us=726659 route_method = 0
Mon Nov 06 12:11:25 2006 us=726668 ip_win32_defined = DISABLED
Mon Nov 06 12:11:25 2006 us=726676 ip_win32_type = 3
Mon Nov 06 12:11:25 2006 us=726684 dhcp_masq_offset = 0
Mon Nov 06 12:11:25 2006 us=726692 dhcp_lease_time = 31536000
Mon Nov 06 12:11:25 2006 us=726700 tap_sleep = 0
Mon Nov 06 12:11:25 2006 us=726707 dhcp_options = DISABLED
Mon Nov 06 12:11:25 2006 us=738175 dhcp_renew = DISABLED
Mon Nov 06 12:11:25 2006 us=738185 dhcp_pre_release = DISABLED
Mon Nov 06 12:11:25 2006 us=738192 dhcp_release = DISABLED
Mon Nov 06 12:11:25 2006 us=738202 domain = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=738220 netbios_scope = '[UNDEF]'
Mon Nov 06 12:11:25 2006 us=738240 netbios_node_type = 0
Mon Nov 06 12:11:25 2006 us=738247 disable_nbt = DISABLED
Mon Nov 06 12:11:25 2006 us=738267 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Mon Nov 06 12:11:30 2006 us=765261 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Mon Nov 06 12:11:30 2006 us=765444 WE_INIT maxevents=4 flags=0x00000002
Mon Nov 06 12:11:30 2006 us=765487 WE_INIT maxevents=4 capacity=8
Mon Nov 06 12:11:30 2006 us=778038 LZO compression initialized
Mon Nov 06 12:11:30 2006 us=778067 WARNING: using --fragment and --mtu-test together may produce an inaccurate MTU test result
Mon Nov 06 12:11:30 2006 us=778084 MTU DYNAMIC mtu=0, flags=1, 0 -> 138
Mon Nov 06 12:11:30 2006 us=778100 TLS: tls_session_init: entry
Mon Nov 06 12:11:30 2006 us=778117 PID packet_id_init seq_backtrack=64 time_backtrack=15
Mon Nov 06 12:11:30 2006 us=778184 PID packet_id_init seq_backtrack=64 time_backtrack=15
Mon Nov 06 12:11:30 2006 us=778216 TLS: tls_session_init: new session object, sid=57644ade 82ff8e36
Mon Nov 06 12:11:30 2006 us=778232 TLS: tls_session_init: entry
Mon Nov 06 12:11:30 2006 us=778241 PID packet_id_init seq_backtrack=64 time_backtrack=15
Mon Nov 06 12:11:30 2006 us=778275 PID packet_id_init seq_backtrack=64 time_backtrack=15
Mon Nov 06 12:11:30 2006 us=778286 TLS: tls_session_init: new session object, sid=99080840 4f2f4ac6
Mon Nov 06 12:11:30 2006 us=778299 Control Channel MTU parms [ L:1594 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Nov 06 12:11:30 2006 us=778317 MTU DYNAMIC mtu=1400, flags=2, 1594 -> 1400
Mon Nov 06 12:11:30 2006 us=778361 MTU DYNAMIC mtu=1450, flags=2, 1594 -> 1450
Mon Nov 06 12:11:30 2006 us=778372 REMOTE_LIST len=1 current=0
Mon Nov 06 12:11:30 2006 us=778379
Mon Nov 06 12:11:30 2006 us=782977 RESOLVE_REMOTE flags=0x0001 phase=1 rrs=0 sig=-1 status=1
Mon Nov 06 12:11:30 2006 us=783005 Data Channel MTU parms [ L:1594 D:1450 EF:62 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Nov 06 12:11:30 2006 us=783016 Fragmentation MTU parms [ L:1594 D:1400 EF:61 EB:135 ET:33 EL:0 AF:3/1 ]
Mon Nov 06 12:11:30 2006 us=783074 Local Options String: 'V4,dev-type tap,link-mtu 1594,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Nov 06 12:11:30 2006 us=783095 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1594,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,cipher AES-128-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Nov 06 12:11:30 2006 us=783120 Local Options hash (VER=V4): '78bea45a'
Mon Nov 06 12:11:30 2006 us=783135 Expected Remote Options hash (VER=V4): '1374d8b5'
Mon Nov 06 12:11:30 2006 us=783169 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Nov 06 12:11:30 2006 us=783186 UDPv4 link local (bound): [undef]:1194
Mon Nov 06 12:11:30 2006 us=783196 UDPv4 link remote: XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:30 2006 us=783210 TIMER: coarse timer wakeup 1 seconds
Mon Nov 06 12:11:30 2006 us=783241 TLS: tls_multi_process: i=0 state=S_INITIAL, mysid=57644ade 82ff8e36, stored-sid=00000000 00000000, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:30 2006 us=783252 TLS: tls_process: chg=0 ks=S_INITIAL lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:30 2006 us=783263 ACK mark active outgoing ID 0
Mon Nov 06 12:11:30 2006 us=783275 TLS: Initial Handshake, sid=57644ade 82ff8e36
Mon Nov 06 12:11:30 2006 us=783285 ACK reliable_can_send active=1 current=1 : [1] 0
Mon Nov 06 12:11:30 2006 us=783293 ACK reliable_send ID 0 (size=4 to=2)
Mon Nov 06 12:11:30 2006 us=783303 Reliable -> TCP/UDP
Mon Nov 06 12:11:30 2006 us=783311 ACK reliable_send_timeout 2 [1] 0
Mon Nov 06 12:11:30 2006 us=783319 TLS: tls_process: timeout set to 2
Mon Nov 06 12:11:30 2006 us=783333 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=99080840 4f2f4ac6, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:30 2006 us=783349 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:30 2006 us=783370 RANDOM USEC=179611
Mon Nov 06 12:11:30 2006 us=783379 WE_CTL n=0 ev=0x00469984 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:30 2006 us=783444 WIN32 I/O: Socket Receive queued [1594]
Mon Nov 06 12:11:30 2006 us=783453 WE_CTL n=1 ev=0x00a25264 rwflags=0x0003 arg=0x00453558
Mon Nov 06 12:11:30 2006 us=783466 I/O WAIT T?|T?|SRQ|SW0 [1/179611]
Mon Nov 06 12:11:30 2006 us=783488 WE_WAIT enter n=3 to=1180
Mon Nov 06 12:11:30 2006 us=783507 - ev=0x00000750 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:30 2006 us=783517 [1] ev=0x0000073c rwflags=0x0002 arg=0x00453558
Mon Nov 06 12:11:30 2006 us=783525 [2] ev=0x00000748 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:30 2006 us=783537 WE_WAIT leave [1,0] rwflags=0x0002 arg=0x00453558
Mon Nov 06 12:11:30 2006 us=783546 event_wait returned 1
Mon Nov 06 12:11:30 2006 us=783553 I/O WAIT status=0x0002
Mon Nov 06 12:11:30 2006 us=783575 UDPv4 WRITE [14] to XXX.XXX.XXX.XXX:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=57644ade 82ff8e36 [ ] pid=0 DATA
Mon Nov 06 12:11:30 2006 us=783641 WIN32 I/O: Socket Send immediate return [14,14]
Mon Nov 06 12:11:30 2006 us=783649 UDPv4 write returned 14
Mon Nov 06 12:11:30 2006 us=783666 TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=57644ade 82ff8e36, stored-sid=00000000 00000000, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:30 2006 us=783676 TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:30 2006 us=783685 ACK reliable_can_send active=1 current=0 : [1] 0
Mon Nov 06 12:11:30 2006 us=783775 SSL state (connect): before/connect initialization
Mon Nov 06 12:11:30 2006 us=789283 SSL state (connect): SSLv3 write client hello A
Mon Nov 06 12:11:30 2006 us=789313 ACK reliable_send_timeout 2 [1] 0
Mon Nov 06 12:11:30 2006 us=789321 TLS: tls_process: timeout set to 2
Mon Nov 06 12:11:30 2006 us=789339 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=99080840 4f2f4ac6, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:30 2006 us=789354 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:30 2006 us=789369 WE_CTL n=0 ev=0x00469984 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:30 2006 us=789378 WE_CTL n=1 ev=0x00a25264 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:30 2006 us=789390 I/O WAIT T?|T?|SRQ|Sw1 [1/179611]
Mon Nov 06 12:11:30 2006 us=789399 WE_WAIT enter n=2 to=1180
Mon Nov 06 12:11:30 2006 us=789407 - ev=0x00000750 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:30 2006 us=795619 [1] ev=0x00000748 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=230066 WE_WAIT leave rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=230093 event_wait returned 1
Mon Nov 06 12:11:31 2006 us=230102 I/O WAIT status=0x0001
Mon Nov 06 12:11:31 2006 us=230132 WIN32 I/O: Socket Completion success [26]
Mon Nov 06 12:11:31 2006 us=230141 UDPv4 read returned 26
Mon Nov 06 12:11:31 2006 us=230167 UDPv4 READ [26] from XXX.XXX.XXX.XXX:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=859e87dd 3e16709c [ 0 sid=57644ade 82ff8e36 ] pid=0 DATA
Mon Nov 06 12:11:31 2006 us=230185 TLS: control channel, op=P_CONTROL_HARD_RESET_SERVER_V2, IP=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=230208 TLS: initial packet test, i=0 state=S_PRE_START, mysid=57644ade 82ff8e36, rec-sid=859e87dd 3e16709c, rec-ip=XXX.XXX.XXX.XXX:1194, stored-sid=00000000 00000000, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=230229 TLS: initial packet test, i=1 state=S_INITIAL, mysid=99080840 4f2f4ac6, rec-sid=859e87dd 3e16709c, rec-ip=XXX.XXX.XXX.XXX:1194, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=230268 TLS: initial packet test, i=2 state=S_UNDEF, mysid=00000000 00000000, rec-sid=859e87dd 3e16709c, rec-ip=XXX.XXX.XXX.XXX:1194, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=230306 TLS: Initial packet from XXX.XXX.XXX.XXX:1194, sid=859e87dd 3e16709c
Mon Nov 06 12:11:31 2006 us=230319 TLS: received control channel packet s#=0 sid=859e87dd 3e16709c
Mon Nov 06 12:11:31 2006 us=230326 ACK reliable_schedule_now
Mon Nov 06 12:11:31 2006 us=230334 ACK received for pid 0, deleting from send buffer
Mon Nov 06 12:11:31 2006 us=230341 ACK read ID 0 (buf->len=0)
Mon Nov 06 12:11:31 2006 us=230349 ACK mark active incoming ID 0
Mon Nov 06 12:11:31 2006 us=230356 ACK acknowledge ID 0 (ack->len=1)
Mon Nov 06 12:11:31 2006 us=230386 TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=57644ade 82ff8e36, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=230397 TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=230406 ACK reliable_can_send active=0 current=0 : [1]
Mon Nov 06 12:11:31 2006 us=230414 Incoming Ciphertext -> TLS
Mon Nov 06 12:11:31 2006 us=230450 TLS: tls_process: chg=1 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=230459 ACK reliable_can_send active=0 current=0 : [1]
Mon Nov 06 12:11:31 2006 us=230471 ACK write ID 0 (ack->len=1, n=1)
Mon Nov 06 12:11:31 2006 us=230478 Dedicated ACK -> TCP/UDP
Mon Nov 06 12:11:31 2006 us=230486 ACK reliable_send_timeout 604800 [1]
Mon Nov 06 12:11:31 2006 us=230493 TLS: tls_process: timeout set to 60
Mon Nov 06 12:11:31 2006 us=230507 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=99080840 4f2f4ac6, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=230520 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=230532 WE_CTL n=0 ev=0x00469984 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=230557 WIN32 I/O: Socket Receive queued [1594]
Mon Nov 06 12:11:31 2006 us=230565 WE_CTL n=1 ev=0x00a25264 rwflags=0x0003 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=230577 I/O WAIT T?|T?|SRQ|SW1 [1/179611]
Mon Nov 06 12:11:31 2006 us=230586 WE_WAIT enter n=3 to=1180
Mon Nov 06 12:11:31 2006 us=230594 - ev=0x00000750 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=230602 [1] ev=0x0000073c rwflags=0x0002 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=230609 [2] ev=0x00000748 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=230621 WE_WAIT leave [1,0] rwflags=0x0002 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=230629 event_wait returned 1
Mon Nov 06 12:11:31 2006 us=230635 I/O WAIT status=0x0002
Mon Nov 06 12:11:31 2006 us=230653 UDPv4 WRITE [22] to XXX.XXX.XXX.XXX:1194: P_ACK_V1 kid=0 sid=57644ade 82ff8e36 [ 0 sid=859e87dd 3e16709c ]
Mon Nov 06 12:11:31 2006 us=230663 WIN32 I/O: Socket Completion non-queued success [14]
Mon Nov 06 12:11:31 2006 us=230726 WIN32 I/O: Socket Send immediate return [22,22]
Mon Nov 06 12:11:31 2006 us=231168 UDPv4 write returned 22
Mon Nov 06 12:11:31 2006 us=231188 TLS: tls_multi_process: i=0 state=S_PRE_START, mysid=57644ade 82ff8e36, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=231201 TLS: tls_process: chg=0 ks=S_PRE_START lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=231219 STATE S_START
Mon Nov 06 12:11:31 2006 us=231241 ACK reliable_can_send active=0 current=0 : [1]
Mon Nov 06 12:11:31 2006 us=231276 STATE S_SENT_KEY
Mon Nov 06 12:11:31 2006 us=231291 BIO read tls_read_ciphertext 88 bytes
Mon Nov 06 12:11:31 2006 us=231298 ACK mark active outgoing ID 1
Mon Nov 06 12:11:31 2006 us=231303 Outgoing Ciphertext -> Reliable
Mon Nov 06 12:11:31 2006 us=231311 TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=231320 ACK reliable_can_send active=1 current=1 : [2] 1
Mon Nov 06 12:11:31 2006 us=231329 ACK reliable_send ID 1 (size=92 to=2)
Mon Nov 06 12:11:31 2006 us=237286 Reliable -> TCP/UDP
Mon Nov 06 12:11:31 2006 us=237295 ACK reliable_send_timeout 2 [2] 1
Mon Nov 06 12:11:31 2006 us=237301 TLS: tls_process: timeout set to 2
Mon Nov 06 12:11:31 2006 us=237328 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=99080840 4f2f4ac6, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=237355 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=237368 WE_CTL n=0 ev=0x00469984 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=237376 WE_CTL n=1 ev=0x00a25264 rwflags=0x0003 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=237387 I/O WAIT T?|T?|SRQ|SW1 [1/179611]
Mon Nov 06 12:11:31 2006 us=237395 WE_WAIT enter n=3 to=1180
Mon Nov 06 12:11:31 2006 us=237402 - ev=0x00000750 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=237410 [1] ev=0x0000073c rwflags=0x0002 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=243761 [2] ev=0x00000748 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=243773 WE_WAIT leave [1,0] rwflags=0x0002 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=243780 event_wait returned 1
Mon Nov 06 12:11:31 2006 us=243787 I/O WAIT status=0x0002
Mon Nov 06 12:11:31 2006 us=243854 UDPv4 WRITE [102] to XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 sid=57644ade 82ff8e36 [ ] pid=1 DATA 16030100 53010000 4f030145 4f88e350 2acd7077 43bed7de 0f563acb 74eb4f7[more...]
Mon Nov 06 12:11:31 2006 us=243865 WIN32 I/O: Socket Completion non-queued success [22]
Mon Nov 06 12:11:31 2006 us=243892 WIN32 I/O: Socket Send immediate return [102,102]
Mon Nov 06 12:11:31 2006 us=243901 UDPv4 write returned 102
Mon Nov 06 12:11:31 2006 us=243916 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=57644ade 82ff8e36, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=243926 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=251458 ACK reliable_can_send active=1 current=0 : [2] 1
Mon Nov 06 12:11:31 2006 us=251571 ACK reliable_send_timeout 2 [2] 1
Mon Nov 06 12:11:31 2006 us=251581 TLS: tls_process: timeout set to 2
Mon Nov 06 12:11:31 2006 us=251598 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=99080840 4f2f4ac6, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=251614 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=251630 WE_CTL n=0 ev=0x00469984 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=251641 WE_CTL n=1 ev=0x00a25264 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=251656 I/O WAIT T?|T?|SRQ|Sw1 [1/179611]
Mon Nov 06 12:11:31 2006 us=251664 WE_WAIT enter n=2 to=1180
Mon Nov 06 12:11:31 2006 us=260851 - ev=0x00000750 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=260861 [1] ev=0x00000748 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=348346 WE_WAIT leave rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=348381 event_wait returned 1
Mon Nov 06 12:11:31 2006 us=348389 I/O WAIT status=0x0001
Mon Nov 06 12:11:31 2006 us=348408 WIN32 I/O: Socket Completion success [126]
Mon Nov 06 12:11:31 2006 us=348416 UDPv4 read returned 126
Mon Nov 06 12:11:31 2006 us=348476 UDPv4 READ [126] from XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 sid=859e87dd 3e16709c [ 1 sid=57644ade 82ff8e36 ] pid=1 DATA 16030100 2a020000 26030145 4f88fd2d 30a322fd bd693ac4 56a15cbe 593e87e[more...]
Mon Nov 06 12:11:31 2006 us=348489 TLS: control channel, op=P_CONTROL_V1, IP=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=348511 TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=57644ade 82ff8e36, rec-sid=859e87dd 3e16709c, rec-ip=XXX.XXX.XXX.XXX:1194, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=348524 TLS: found match, session[0], sid=859e87dd 3e16709c
Mon Nov 06 12:11:31 2006 us=348536 TLS: received control channel packet s#=0 sid=859e87dd 3e16709c
Mon Nov 06 12:11:31 2006 us=348544 ACK received for pid 1, deleting from send buffer
Mon Nov 06 12:11:31 2006 us=348552 ACK read ID 1 (buf->len=100)
Mon Nov 06 12:11:31 2006 us=348561 ACK mark active incoming ID 1
Mon Nov 06 12:11:31 2006 us=348569 ACK acknowledge ID 1 (ack->len=1)
Mon Nov 06 12:11:31 2006 us=348600 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=57644ade 82ff8e36, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=348613 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=348622 ACK reliable_can_send active=0 current=0 : [2]
Mon Nov 06 12:11:31 2006 us=348635 BIO write tls_write_ciphertext 100 bytes
Mon Nov 06 12:11:31 2006 us=348643 Incoming Ciphertext -> TLS
Mon Nov 06 12:11:31 2006 us=348720 SSL state (connect): SSLv3 read server hello A
Mon Nov 06 12:11:31 2006 us=348740 TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=348750 ACK reliable_can_send active=0 current=0 : [2]
Mon Nov 06 12:11:31 2006 us=348765 ACK write ID 1 (ack->len=1, n=1)
Mon Nov 06 12:11:31 2006 us=348773 Dedicated ACK -> TCP/UDP
Mon Nov 06 12:11:31 2006 us=348781 ACK reliable_send_timeout 604800 [2]
Mon Nov 06 12:11:31 2006 us=348800 TLS: tls_process: timeout set to 60
Mon Nov 06 12:11:31 2006 us=348816 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=99080840 4f2f4ac6, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=348830 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=351607 WE_CTL n=0 ev=0x00469984 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=351644 WIN32 I/O: Socket Receive immediate return [1594,114]
Mon Nov 06 12:11:31 2006 us=351666 WE_CTL n=1 ev=0x00a25264 rwflags=0x0003 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=351680 I/O WAIT T?|T?|SR1|SW1 [1/179611]
Mon Nov 06 12:11:31 2006 us=351688 WE_WAIT enter n=3 to=1180
Mon Nov 06 12:11:31 2006 us=351696 - ev=0x00000750 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=351704 [1] ev=0x0000073c rwflags=0x0002 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=351711 [2] ev=0x00000748 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=351725 WE_WAIT leave [1,0] rwflags=0x0002 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=351734 WE_WAIT leave [2,1] rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=351741 event_wait returned 2
Mon Nov 06 12:11:31 2006 us=351747 I/O WAIT status=0x0003
Mon Nov 06 12:11:31 2006 us=358330 UDPv4 WRITE [22] to XXX.XXX.XXX.XXX:1194: P_ACK_V1 kid=0 sid=57644ade 82ff8e36 [ 1 sid=859e87dd 3e16709c ]
Mon Nov 06 12:11:31 2006 us=358340 WIN32 I/O: Socket Completion non-queued success [102]
Mon Nov 06 12:11:31 2006 us=358424 WIN32 I/O: Socket Send immediate return [22,22]
Mon Nov 06 12:11:31 2006 us=358433 UDPv4 write returned 22
Mon Nov 06 12:11:31 2006 us=358450 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=57644ade 82ff8e36, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=358460 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=358468 ACK reliable_can_send active=0 current=0 : [2]
Mon Nov 06 12:11:31 2006 us=358484 ACK reliable_send_timeout 604800 [2]
Mon Nov 06 12:11:31 2006 us=358491 TLS: tls_process: timeout set to 60
Mon Nov 06 12:11:31 2006 us=358504 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=99080840 4f2f4ac6, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=366377 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=366391 WE_CTL n=0 ev=0x00469984 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=366412 WE_CTL n=1 ev=0x00a25264 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=366436 I/O WAIT T?|T?|SR1|Sw1 [1/179611]
Mon Nov 06 12:11:31 2006 us=366445 WE_WAIT enter n=2 to=1180
Mon Nov 06 12:11:31 2006 us=366452 - ev=0x00000750 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=366460 [1] ev=0x00000748 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=366470 WE_WAIT leave [1,0] rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=366477 event_wait returned 1
Mon Nov 06 12:11:31 2006 us=413372 I/O WAIT status=0x0001
Mon Nov 06 12:11:31 2006 us=413391 WIN32 I/O: Socket Completion non-queued success [114]
Mon Nov 06 12:11:31 2006 us=413411 UDPv4 read returned 114
Mon Nov 06 12:11:31 2006 us=413477 UDPv4 READ [114] from XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 sid=859e87dd 3e16709c [ ] pid=2 DATA 06035504 06130243 41311030 0e060355 04081307 416c6265 72746131 11300f0[more...]
Mon Nov 06 12:11:31 2006 us=413489 TLS: control channel, op=P_CONTROL_V1, IP=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=413509 TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=57644ade 82ff8e36, rec-sid=859e87dd 3e16709c, rec-ip=XXX.XXX.XXX.XXX:1194, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=413523 TLS: found match, session[0], sid=859e87dd 3e16709c
Mon Nov 06 12:11:31 2006 us=413534 TLS: received control channel packet s#=0 sid=859e87dd 3e16709c
Mon Nov 06 12:11:31 2006 us=421583 ACK read ID 2 (buf->len=100)
Mon Nov 06 12:11:31 2006 us=421594 ACK mark active incoming ID 2
Mon Nov 06 12:11:31 2006 us=421600 ACK acknowledge ID 2 (ack->len=1)
Mon Nov 06 12:11:31 2006 us=421628 TIMER: coarse timer wakeup 1 seconds
Mon Nov 06 12:11:31 2006 us=421662 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=57644ade 82ff8e36, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=421674 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=421682 ACK reliable_can_send active=0 current=0 : [2]
Mon Nov 06 12:11:31 2006 us=421692 BIO write tls_write_ciphertext 100 bytes
Mon Nov 06 12:11:31 2006 us=421699 Incoming Ciphertext -> TLS
Mon Nov 06 12:11:31 2006 us=421734 TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=421742 ACK reliable_can_send active=0 current=0 : [2]
Mon Nov 06 12:11:31 2006 us=429781 ACK write ID 2 (ack->len=1, n=1)
Mon Nov 06 12:11:31 2006 us=429790 Dedicated ACK -> TCP/UDP
Mon Nov 06 12:11:31 2006 us=429810 ACK reliable_send_timeout 604800 [2]
Mon Nov 06 12:11:31 2006 us=429819 TLS: tls_process: timeout set to 59
Mon Nov 06 12:11:31 2006 us=429846 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=99080840 4f2f4ac6, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=429860 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=429873 WE_CTL n=0 ev=0x00469984 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=429899 WIN32 I/O: Socket Receive immediate return [1594,114]
Mon Nov 06 12:11:31 2006 us=429907 WE_CTL n=1 ev=0x00a25264 rwflags=0x0003 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=429918 I/O WAIT T?|T?|SR1|SW1 [1/179611]
Mon Nov 06 12:11:31 2006 us=429926 WE_WAIT enter n=3 to=1180
Mon Nov 06 12:11:31 2006 us=429933 - ev=0x00000750 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=437112 [1] ev=0x0000073c rwflags=0x0002 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=437122 [2] ev=0x00000748 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=437135 WE_WAIT leave [1,0] rwflags=0x0002 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=437154 WE_WAIT leave [2,1] rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=437162 event_wait returned 2
Mon Nov 06 12:11:31 2006 us=437168 I/O WAIT status=0x0003
Mon Nov 06 12:11:31 2006 us=437201 UDPv4 WRITE [22] to XXX.XXX.XXX.XXX:1194: P_ACK_V1 kid=0 sid=57644ade 82ff8e36 [ 2 sid=859e87dd 3e16709c ]
Mon Nov 06 12:11:31 2006 us=437224 WIN32 I/O: Socket Completion non-queued success [22]
Mon Nov 06 12:11:31 2006 us=437288 WIN32 I/O: Socket Send immediate return [22,22]
Mon Nov 06 12:11:31 2006 us=437297 UDPv4 write returned 22
Mon Nov 06 12:11:31 2006 us=437314 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=57644ade 82ff8e36, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=489655 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=489700 ACK reliable_can_send active=0 current=0 : [2]
Mon Nov 06 12:11:31 2006 us=489749 ACK reliable_send_timeout 604800 [2]
Mon Nov 06 12:11:31 2006 us=489759 TLS: tls_process: timeout set to 59
Mon Nov 06 12:11:31 2006 us=489775 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=99080840 4f2f4ac6, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=489790 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=489805 WE_CTL n=0 ev=0x00469984 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=489814 WE_CTL n=1 ev=0x00a25264 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=496150 I/O WAIT T?|T?|SR1|Sw1 [1/179611]
Mon Nov 06 12:11:31 2006 us=496159 WE_WAIT enter n=2 to=1180
Mon Nov 06 12:11:31 2006 us=496166 - ev=0x00000750 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=496210 [1] ev=0x00000748 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=496237 WE_WAIT leave [1,0] rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=496245 event_wait returned 1
Mon Nov 06 12:11:31 2006 us=496251 I/O WAIT status=0x0001
Mon Nov 06 12:11:31 2006 us=496261 WIN32 I/O: Socket Completion non-queued success [114]
Mon Nov 06 12:11:31 2006 us=496269 UDPv4 read returned 114
Mon Nov 06 12:11:31 2006 us=496317 UDPv4 READ [114] from XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 sid=859e87dd 3e16709c [ ] pid=3 DATA 30150603 55040313 0e6f7065 6e76706e 2e65636c 2e636131 1d301b06 092a864[more...]
Mon Nov 06 12:11:31 2006 us=503025 TLS: control channel, op=P_CONTROL_V1, IP=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=503062 TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=57644ade 82ff8e36, rec-sid=859e87dd 3e16709c, rec-ip=XXX.XXX.XXX.XXX:1194, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=503088 TLS: found match, session[0], sid=859e87dd 3e16709c
Mon Nov 06 12:11:31 2006 us=503100 TLS: received control channel packet s#=0 sid=859e87dd 3e16709c
Mon Nov 06 12:11:31 2006 us=503109 ACK read ID 3 (buf->len=100)
Mon Nov 06 12:11:31 2006 us=503117 ACK mark active incoming ID 3
Mon Nov 06 12:11:31 2006 us=503123 ACK acknowledge ID 3 (ack->len=1)
Mon Nov 06 12:11:31 2006 us=503143 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=57644ade 82ff8e36, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=503152 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=551095 ACK reliable_can_send active=0 current=0 : [2]
Mon Nov 06 12:11:31 2006 us=551110 BIO write tls_write_ciphertext 100 bytes
Mon Nov 06 12:11:31 2006 us=551133 Incoming Ciphertext -> TLS
Mon Nov 06 12:11:31 2006 us=551186 TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=551195 ACK reliable_can_send active=0 current=0 : [2]
Mon Nov 06 12:11:31 2006 us=551212 ACK write ID 3 (ack->len=1, n=1)
Mon Nov 06 12:11:31 2006 us=551219 Dedicated ACK -> TCP/UDP
Mon Nov 06 12:11:31 2006 us=551226 ACK reliable_send_timeout 604800 [2]
Mon Nov 06 12:11:31 2006 us=551233 TLS: tls_process: timeout set to 59
Mon Nov 06 12:11:31 2006 us=551247 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=99080840 4f2f4ac6, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=551261 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=559975 WE_CTL n=0 ev=0x00469984 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=560014 WIN32 I/O: Socket Receive immediate return [1594,114]
Mon Nov 06 12:11:31 2006 us=560036 WE_CTL n=1 ev=0x00a25264 rwflags=0x0003 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=560048 I/O WAIT T?|T?|SR1|SW1 [1/179611]
Mon Nov 06 12:11:31 2006 us=560056 WE_WAIT enter n=3 to=1180
Mon Nov 06 12:11:31 2006 us=560064 - ev=0x00000750 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=560071 [1] ev=0x0000073c rwflags=0x0002 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=560079 [2] ev=0x00000748 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=560094 WE_WAIT leave [1,0] rwflags=0x0002 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=560104 WE_WAIT leave [2,1] rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=560112 event_wait returned 2
Mon Nov 06 12:11:31 2006 us=567326 I/O WAIT status=0x0003
Mon Nov 06 12:11:31 2006 us=567390 UDPv4 WRITE [22] to XXX.XXX.XXX.XXX:1194: P_ACK_V1 kid=0 sid=57644ade 82ff8e36 [ 3 sid=859e87dd 3e16709c ]
Mon Nov 06 12:11:31 2006 us=567402 WIN32 I/O: Socket Completion non-queued success [22]
Mon Nov 06 12:11:31 2006 us=567466 WIN32 I/O: Socket Send immediate return [22,22]
Mon Nov 06 12:11:31 2006 us=567474 UDPv4 write returned 22
Mon Nov 06 12:11:31 2006 us=567496 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=57644ade 82ff8e36, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=567508 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=567517 ACK reliable_can_send active=0 current=0 : [2]
Mon Nov 06 12:11:31 2006 us=567555 ACK reliable_send_timeout 604800 [2]
Mon Nov 06 12:11:31 2006 us=567562 TLS: tls_process: timeout set to 59
Mon Nov 06 12:11:31 2006 us=617316 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=99080840 4f2f4ac6, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=617362 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=617380 WE_CTL n=0 ev=0x00469984 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=617390 WE_CTL n=1 ev=0x00a25264 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=617405 I/O WAIT T?|T?|SR1|Sw1 [1/179611]
Mon Nov 06 12:11:31 2006 us=617414 WE_WAIT enter n=2 to=1180
Mon Nov 06 12:11:31 2006 us=617423 - ev=0x00000750 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=617430 [1] ev=0x00000748 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=617445 WE_WAIT leave [1,0] rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=617455 event_wait returned 1
Mon Nov 06 12:11:31 2006 us=624243 I/O WAIT status=0x0001
Mon Nov 06 12:11:31 2006 us=624254 WIN32 I/O: Socket Completion non-queued success [114]
Mon Nov 06 12:11:31 2006 us=624261 UDPv4 read returned 114
Mon Nov 06 12:11:31 2006 us=624338 UDPv4 READ [114] from XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 sid=859e87dd 3e16709c [ ] pid=4 DATA 43413110 300e0603 55040813 07416c62 65727461 31243022 06035504 0a131b4[more...]
Mon Nov 06 12:11:31 2006 us=624350 TLS: control channel, op=P_CONTROL_V1, IP=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=624370 TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=57644ade 82ff8e36, rec-sid=859e87dd 3e16709c, rec-ip=XXX.XXX.XXX.XXX:1194, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=624382 TLS: found match, session[0], sid=859e87dd 3e16709c
Mon Nov 06 12:11:31 2006 us=624392 TLS: received control channel packet s#=0 sid=859e87dd 3e16709c
Mon Nov 06 12:11:31 2006 us=624401 ACK read ID 4 (buf->len=100)
Mon Nov 06 12:11:31 2006 us=624408 ACK mark active incoming ID 4
Mon Nov 06 12:11:31 2006 us=633889 ACK acknowledge ID 4 (ack->len=1)
Mon Nov 06 12:11:31 2006 us=633954 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=57644ade 82ff8e36, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=633967 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=633976 ACK reliable_can_send active=0 current=0 : [2]
Mon Nov 06 12:11:31 2006 us=633988 BIO write tls_write_ciphertext 100 bytes
Mon Nov 06 12:11:31 2006 us=633996 Incoming Ciphertext -> TLS
Mon Nov 06 12:11:31 2006 us=634037 TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=634045 ACK reliable_can_send active=0 current=0 : [2]
Mon Nov 06 12:11:31 2006 us=634060 ACK write ID 4 (ack->len=1, n=1)
Mon Nov 06 12:11:31 2006 us=634067 Dedicated ACK -> TCP/UDP
Mon Nov 06 12:11:31 2006 us=634074 ACK reliable_send_timeout 604800 [2]
Mon Nov 06 12:11:31 2006 us=685803 TLS: tls_process: timeout set to 59
Mon Nov 06 12:11:31 2006 us=685832 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=99080840 4f2f4ac6, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=685852 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=685894 WE_CTL n=0 ev=0x00469984 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=685928 WIN32 I/O: Socket Receive immediate return [1594,114]
Mon Nov 06 12:11:31 2006 us=685937 WE_CTL n=1 ev=0x00a25264 rwflags=0x0003 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=685949 I/O WAIT T?|T?|SR1|SW1 [1/179611]
Mon Nov 06 12:11:31 2006 us=685957 WE_WAIT enter n=3 to=1180
Mon Nov 06 12:11:31 2006 us=685965 - ev=0x00000750 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=685972 [1] ev=0x0000073c rwflags=0x0002 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=696307 [2] ev=0x00000748 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=696355 WE_WAIT leave [1,0] rwflags=0x0002 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=696366 WE_WAIT leave [2,1] rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=696373 event_wait returned 2
Mon Nov 06 12:11:31 2006 us=696381 I/O WAIT status=0x0003
Mon Nov 06 12:11:31 2006 us=696406 UDPv4 WRITE [22] to XXX.XXX.XXX.XXX:1194: P_ACK_V1 kid=0 sid=57644ade 82ff8e36 [ 4 sid=859e87dd 3e16709c ]
Mon Nov 06 12:11:31 2006 us=696416 WIN32 I/O: Socket Completion non-queued success [22]
Mon Nov 06 12:11:31 2006 us=696472 WIN32 I/O: Socket Send immediate return [22,22]
Mon Nov 06 12:11:31 2006 us=696480 UDPv4 write returned 22
Mon Nov 06 12:11:31 2006 us=696501 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=57644ade 82ff8e36, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=705804 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=705815 ACK reliable_can_send active=0 current=0 : [2]
Mon Nov 06 12:11:31 2006 us=705886 ACK reliable_send_timeout 604800 [2]
Mon Nov 06 12:11:31 2006 us=705894 TLS: tls_process: timeout set to 59
Mon Nov 06 12:11:31 2006 us=705907 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=99080840 4f2f4ac6, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=705922 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=705935 WE_CTL n=0 ev=0x00469984 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=705944 WE_CTL n=1 ev=0x00a25264 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=705955 I/O WAIT T?|T?|SR1|Sw1 [1/179611]
Mon Nov 06 12:11:31 2006 us=705962 WE_WAIT enter n=2 to=1180
Mon Nov 06 12:11:31 2006 us=766092 - ev=0x00000750 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=766113 [1] ev=0x00000748 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=766140 WE_WAIT leave [1,0] rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=766163 event_wait returned 1
Mon Nov 06 12:11:31 2006 us=766174 I/O WAIT status=0x0001
Mon Nov 06 12:11:31 2006 us=766184 WIN32 I/O: Socket Completion non-queued success [114]
Mon Nov 06 12:11:31 2006 us=766192 UDPv4 read returned 114
Mon Nov 06 12:11:31 2006 us=766244 UDPv4 READ [114] from XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 sid=859e87dd 3e16709c [ ] pid=5 DATA 1b06092a 864886f7 0d010901 160e616e 64726577 72406563 6c2e6361 3082012[more...]
Mon Nov 06 12:11:31 2006 us=766257 TLS: control channel, op=P_CONTROL_V1, IP=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=775395 TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=57644ade 82ff8e36, rec-sid=859e87dd 3e16709c, rec-ip=XXX.XXX.XXX.XXX:1194, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=775423 TLS: found match, session[0], sid=859e87dd 3e16709c
Mon Nov 06 12:11:31 2006 us=775448 TLS: received control channel packet s#=0 sid=859e87dd 3e16709c
Mon Nov 06 12:11:31 2006 us=775458 ACK read ID 5 (buf->len=100)
Mon Nov 06 12:11:31 2006 us=775467 ACK mark active incoming ID 5
Mon Nov 06 12:11:31 2006 us=775474 ACK acknowledge ID 5 (ack->len=1)
Mon Nov 06 12:11:31 2006 us=775499 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=57644ade 82ff8e36, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=775511 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=775520 ACK reliable_can_send active=0 current=0 : [2]
Mon Nov 06 12:11:31 2006 us=786095 BIO write tls_write_ciphertext 100 bytes
Mon Nov 06 12:11:31 2006 us=786126 Incoming Ciphertext -> TLS
Mon Nov 06 12:11:31 2006 us=786185 TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=786197 ACK reliable_can_send active=0 current=0 : [2]
Mon Nov 06 12:11:31 2006 us=786212 ACK write ID 5 (ack->len=1, n=1)
Mon Nov 06 12:11:31 2006 us=786219 Dedicated ACK -> TCP/UDP
Mon Nov 06 12:11:31 2006 us=786226 ACK reliable_send_timeout 604800 [2]
Mon Nov 06 12:11:31 2006 us=786233 TLS: tls_process: timeout set to 59
Mon Nov 06 12:11:31 2006 us=786250 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=99080840 4f2f4ac6, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=786265 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=786279 WE_CTL n=0 ev=0x00469984 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=845774 WIN32 I/O: Socket Receive immediate return [1594,114]
Mon Nov 06 12:11:31 2006 us=845805 WE_CTL n=1 ev=0x00a25264 rwflags=0x0003 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=845820 I/O WAIT T?|T?|SR1|SW1 [1/179611]
Mon Nov 06 12:11:31 2006 us=845827 WE_WAIT enter n=3 to=1180
Mon Nov 06 12:11:31 2006 us=845835 - ev=0x00000750 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=845843 [1] ev=0x0000073c rwflags=0x0002 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=845850 [2] ev=0x00000748 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=845862 WE_WAIT leave [1,0] rwflags=0x0002 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=845870 WE_WAIT leave [2,1] rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=845878 event_wait returned 2
Mon Nov 06 12:11:31 2006 us=845885 I/O WAIT status=0x0003
Mon Nov 06 12:11:31 2006 us=845909 UDPv4 WRITE [22] to XXX.XXX.XXX.XXX:1194: P_ACK_V1 kid=0 sid=57644ade 82ff8e36 [ 5 sid=859e87dd 3e16709c ]
Mon Nov 06 12:11:31 2006 us=856664 WIN32 I/O: Socket Completion non-queued success [22]
Mon Nov 06 12:11:31 2006 us=856737 WIN32 I/O: Socket Send immediate return [22,22]
Mon Nov 06 12:11:31 2006 us=856745 UDPv4 write returned 22
Mon Nov 06 12:11:31 2006 us=856768 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=57644ade 82ff8e36, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=856779 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=856788 ACK reliable_can_send active=0 current=0 : [2]
Mon Nov 06 12:11:31 2006 us=856829 ACK reliable_send_timeout 604800 [2]
Mon Nov 06 12:11:31 2006 us=856836 TLS: tls_process: timeout set to 59
Mon Nov 06 12:11:31 2006 us=856849 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=99080840 4f2f4ac6, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=913263 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=913278 WE_CTL n=0 ev=0x00469984 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=913301 WE_CTL n=1 ev=0x00a25264 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=913327 I/O WAIT T?|T?|SR1|Sw1 [1/179611]
Mon Nov 06 12:11:31 2006 us=913334 WE_WAIT enter n=2 to=1180
Mon Nov 06 12:11:31 2006 us=913342 - ev=0x00000750 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=913349 [1] ev=0x00000748 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=913359 WE_WAIT leave [1,0] rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=913366 event_wait returned 1
Mon Nov 06 12:11:31 2006 us=913373 I/O WAIT status=0x0001
Mon Nov 06 12:11:31 2006 us=913381 WIN32 I/O: Socket Completion non-queued success [114]
Mon Nov 06 12:11:31 2006 us=913389 UDPv4 read returned 114
Mon Nov 06 12:11:31 2006 us=921862 UDPv4 READ [114] from XXX.XXX.XXX.XXX:1194: P_CONTROL_V1 kid=0 sid=859e87dd 3e16709c [ ] pid=6 DATA 4fbf90f6 7e166d85 7b7678cb cd577ee2 32e19162 304a8bec a0e56545 2ed2a5c[more...]
Mon Nov 06 12:11:31 2006 us=921874 TLS: control channel, op=P_CONTROL_V1, IP=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=921894 TLS: initial packet test, i=0 state=S_SENT_KEY, mysid=57644ade 82ff8e36, rec-sid=859e87dd 3e16709c, rec-ip=XXX.XXX.XXX.XXX:1194, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=921906 TLS: found match, session[0], sid=859e87dd 3e16709c
Mon Nov 06 12:11:31 2006 us=921918 TLS: received control channel packet s#=0 sid=859e87dd 3e16709c
Mon Nov 06 12:11:31 2006 us=921926 ACK read ID 6 (buf->len=100)
Mon Nov 06 12:11:31 2006 us=921934 ACK mark active incoming ID 6
Mon Nov 06 12:11:31 2006 us=921940 ACK acknowledge ID 6 (ack->len=1)
Mon Nov 06 12:11:31 2006 us=932062 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=57644ade 82ff8e36, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=932077 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=932097 ACK reliable_can_send active=0 current=0 : [2]
Mon Nov 06 12:11:31 2006 us=932120 BIO write tls_write_ciphertext 100 bytes
Mon Nov 06 12:11:31 2006 us=932128 Incoming Ciphertext -> TLS
Mon Nov 06 12:11:31 2006 us=932151 TLS: tls_process: chg=1 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:31 2006 us=932159 ACK reliable_can_send active=0 current=0 : [2]
Mon Nov 06 12:11:31 2006 us=932174 ACK write ID 6 (ack->len=1, n=1)
Mon Nov 06 12:11:31 2006 us=932181 Dedicated ACK -> TCP/UDP
Mon Nov 06 12:11:31 2006 us=932188 ACK reliable_send_timeout 604800 [2]
Mon Nov 06 12:11:31 2006 us=932195 TLS: tls_process: timeout set to 59
Mon Nov 06 12:11:31 2006 us=988619 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=99080840 4f2f4ac6, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=988652 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:31 2006 us=988669 WE_CTL n=0 ev=0x00469984 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=988696 WIN32 I/O: Socket Receive immediate return [1594,114]
Mon Nov 06 12:11:31 2006 us=988704 WE_CTL n=1 ev=0x00a25264 rwflags=0x0003 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=988717 I/O WAIT T?|T?|SR1|SW1 [1/179611]
Mon Nov 06 12:11:31 2006 us=988724 WE_WAIT enter n=3 to=1180
Mon Nov 06 12:11:31 2006 us=988732 - ev=0x00000750 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:31 2006 us=988739 [1] ev=0x0000073c rwflags=0x0002 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=988747 [2] ev=0x00000748 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=998114 WE_WAIT leave [1,0] rwflags=0x0002 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=998124 WE_WAIT leave [2,1] rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:31 2006 us=998131 event_wait returned 2
Mon Nov 06 12:11:31 2006 us=998140 I/O WAIT status=0x0003
Mon Nov 06 12:11:31 2006 us=998186 UDPv4 WRITE [22] to XXX.XXX.XXX.XXX:1194: P_ACK_V1 kid=0 sid=57644ade 82ff8e36 [ 6 sid=859e87dd 3e16709c ]
Mon Nov 06 12:11:31 2006 us=998196 WIN32 I/O: Socket Completion non-queued success [22]
Mon Nov 06 12:11:31 2006 us=998246 WIN32 I/O: Socket Send immediate return [22,22]
Mon Nov 06 12:11:31 2006 us=998253 UDPv4 write returned 22
Mon Nov 06 12:11:31 2006 us=998273 TLS: tls_multi_process: i=0 state=S_SENT_KEY, mysid=57644ade 82ff8e36, stored-sid=859e87dd 3e16709c, stored-ip=XXX.XXX.XXX.XXX:1194
Mon Nov 06 12:11:31 2006 us=998283 TLS: tls_process: chg=0 ks=S_SENT_KEY lame=S_UNDEF to_link->len=0 wakeup=604800
Mon Nov 06 12:11:32 2006 us=53839 ACK reliable_can_send active=0 current=0 : [2]
Mon Nov 06 12:11:32 2006 us=53914 ACK reliable_send_timeout 604800 [2]
Mon Nov 06 12:11:32 2006 us=53923 TLS: tls_process: timeout set to 59
Mon Nov 06 12:11:32 2006 us=53937 TLS: tls_multi_process: i=1 state=S_INITIAL, mysid=99080840 4f2f4ac6, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:32 2006 us=53951 TLS: tls_multi_process: i=2 state=S_UNDEF, mysid=00000000 00000000, stored-sid=00000000 00000000, stored-ip=[undef]
Mon Nov 06 12:11:32 2006 us=53962 WE_CTL n=0 ev=0x00469984 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:32 2006 us=53970 WE_CTL n=1 ev=0x00a25264 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:32 2006 us=53981 I/O WAIT T?|T?|SR1|Sw1 [1/179611]
Mon Nov 06 12:11:32 2006 us=53988 WE_WAIT enter n=2 to=1180
Mon Nov 06 12:11:32 2006 us=53995 - ev=0x00000750 rwflags=0x0001 arg=0x00453560
Mon Nov 06 12:11:32 2006 us=54002 [1] ev=0x00000748 rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:32 2006 us=62839 WE_WAIT leave [1,0] rwflags=0x0001 arg=0x00453558
Mon Nov 06 12:11:32 2006 us=62849 event_wait returned 1
Server Log:
Mon Nov 6 12:11:57 2006 MULTI: multi_create_instance called
Mon Nov 6 12:11:57 2006 HOST:33477 Re-using SSL/TLS context
Mon Nov 6 12:11:57 2006 HOST:33477 LZO compression initialized
Mon Nov 6 12:11:57 2006 HOST:33477 Control Channel MTU parms [ L:1594 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Nov 6 12:11:57 2006 HOST:33477 Data Channel MTU parms [ L:1594 D:1400 EF:62 EB:135 ET:32 EL:0 AF:3/1 ]
Mon Nov 6 12:11:57 2006 HOST:33477 Fragmentation MTU parms [ L:1594 D:1400 EF:61 EB:135 ET:33 EL:0 AF:3/1 ]
Mon Nov 6 12:11:57 2006 HOST:33477 Local Options hash (VER=V4): '1374d8b5'
Mon Nov 6 12:11:57 2006 HOST:33477 Expected Remote Options hash (VER=V4): '78bea45a'
Mon Nov 6 12:11:57 2006 HOST:33477 TLS: Initial packet from 68.148.4.247:33477, sid=57644ade 82ff8e36
Mon Nov 6 12:12:04 2006 HOST:33477 TLS: new session incoming connection from HOST:33477
Mon Nov 6 12:12:11 2006 6HOST:33477 TLS: new session incoming connection from HOST:33477
Mon Nov 6 12:12:57 2006 HOST:33477 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Nov 6 12:12:57 2006 HOST:33477 TLS Error: TLS handshake failed
Mon Nov 6 12:12:57 2006 HOST:33477 SIGUSR1[soft,tls-error] received, client-instance restarting
So.. If I compare the two logs.. it looks like a TLS problem, no? Great.. any idea how I fix that?
-
VIP, I don't know what else you changed.. but I uninstalled 3 and went to beta4, and now my VPN server works! I was actually able to login using a user account, connect, and access the network using OpenVPN. Beta4 is much slicker... the Certificate Manager is excellent. One feature Request, specific to the Certificate Manager: allow us to delete the Certificates as well from the panel. Would make it easier.
Thanks a bunch!
-
Ok, I have one question / problem..and in comparison to what I have been going through, it's a minor one.
I want to add the lines
user nobody
group nobody
to the server config file so that root privileges are removed upon login etc... just for extra security.
Problem is, if I modify the server.conf file, it just gets overwritten with the Control Panel applet... is there a way to add it permanently? VIP, how would I do such a thing?
-
One feature Request, specific to the Certificate Manager: allow us to delete the Certificates as well from the panel. Would make it easier.
Well, I first made a function to delete the certificate but I removed it. I think it's better to just revoke it. For example, if one of your certificate is stollen and you don't know it, you remove the certificate without revoking it and the person who have your certificate can still have access.
I want to add the lines
user nobody
group nobody
to the server config file so that root privileges are removed upon login etc... just for extra security.
Problem is, if I modify the server.conf file, it just gets overwritten with the Control Panel applet... is there a way to add it permanently? VIP, how would I do such a thing?
I thought a little about adding this in the configuration file but with this, user authentication (login/password) does not work anymore. I also wanted to add chroot /etc/openvpn but it's the same. I need to search a bit more, maybe a simple setuid bit on the verification script will work. If you wan't to try you can. To add this permanently, edit one of the templates, for example edit /etc/e-smith/templates-custom/etc/openvpn/server.conf/30cert and modify it this way:
# Certificates config
dh dh1024.pem
ca ca.crt
cert server.crt
key server.key
tls-server
# Clients config dir for persistent IP
client-config-dir ccd
# CRL file for certificates verification
crl-verify /etc/openvpn/easy-rsa/keys/crl.pem
user nobody
group nobody
# Duplicate CN
{
if ((${'openvpn'}{userAuth} eq '2') || (${'openvpn'}{userAuth} eq '3')){
$OUT .= "duplicate-cn\n";
}
$OUT .= '';
}[/code]
-
Well, I first made a function to delete the certificate but I removed it. I think it's better to just revoke it. For example, if one of your certificate is stollen and you don't know it, you remove the certificate without revoking it and the person who have your certificate can still have access.
Ok, now I see your logic here. That makes sense. But maybe then with the revoked Certificates, remove them from the list of certificates.. or perhaps change the color to RED or something (similar to the user panel where a locked user account has a RED link for it). Just for ease of visual distinguishing. Perhaps with Deletion.. only allow deletion if the certificates have already been revoked. Otherwise the panel will not allow for Deletion?
-
Well ok, I'll try to add an option, not to remove the certificate from the server, but just from the list.
-
VIP, I don't know what else you changed.. but I uninstalled 3 and went to beta4, and now my VPN server works! I was actually able to login using a user account, connect, and access the network using OpenVPN
I tried to get this to run but I keep getting uninstall command not found however it is in my directory
ls
init.d install~ lzo-1.08-4.2.el4.rf.i386.rpm panel sme-openssl.cnf.template templates uninstall~ upgrade_from_beta3
install local openvpn-2.0.7-1.el4.rf.i386.rpm scripts_sme smeserver-openvpn-0.0.1-2.noarch.rpm uninstall upgrade_from_beta1~ upgrade_from_beta3~
Am I missing something? Help please
-
The uninstall script must be run this way:
[root@sme #] sh uninstall
You must be in the directory smeserver-openvpn-bridge_betaxx depending on your release
-
Thanks for the reply, everything seems to have run properly
[root@server1 smeserver-openvpn-bridge_beta3.1]# sh uninstall
stoping the service
Shutting down openvpn: br0: unknown interface: No such device
bridge br0 doesn't exist; can't delete it
Wed Nov 8 06:23:04 2006 TUN/TAP device tap0 opened
Wed Nov 8 06:23:04 2006 Persist state set to: OFF
Stopping dhcpd: [ OK ]
Shutting down IP masquerade and firewall rules: Done!
Enabling IP masquerading: done
Starting dhcpd: [ OK ]
[ OK ]
ok
removing openvpn entries from the configuration db
ok
removing rpms
ok
removing scripts
ok
removing templates
ok
removing log file
ok
removing the panel
ok
removing db entries
-
There's a small how-to for the configuration of an SME as client of another SME running smeserver-openvpn-bridge here (http://sme.firewall-services.com/spip.php?article25)
-
Daniel;
Thx. I am trying to muddle through things now, but actually have to get on the program vis a vis work. I will continue tonight and let you know.
Ian
-
VIP-ire;
When I was settingup the certificates, it asks for an email address. What is the significance of this? I do not have mail running off my server so an "internal" address won't work if it actually needs to do anything. I can give it a working address but from my ISP that I should get if the server needs to send anything.
Let me know. Thx in advance.
Ian
-
Vip-ire;
I went through your instructions (http://sme.firewall-services.com/spip.php?article4 ) and I have some problems with the configuration. Some of this might seem like nitpicking but actually is my noobiness on full display.
1) On the server side, I completed the configuration but there are some things that I did not know if I answered correctly.
a) The bridge interface. Is this the name of the nic on the internet side of my server. As I recall when I set this up, it should be eth1.
b) Tap Interface is a software construct so I will leave this alone. (?)
c) I picked authentication method 5 but did not get a place to enter username/password. Did I miss something?
d) A bit confused by the "Do you want to use your server as default gateway..." I am using only one server that is in gateway and server mode. I will vpn in from the outside using client machine, so the answer to this is yes (?). I am not sure how to answer the Redirect Gateway question. I picked disabled but is this correct.
2) On the client side, I have my work laptop at home . As per instructions, for windows 2K/XP clients, download the openvpn GUI at http://openvpn.se/files/install_pac... and install it. Everything seems in place.
I then logged into the SME Server admin. As instructed I downloaded the ca.crt file, the Ian_McIntyre.crt file and the Ian_McIntyre.key to my laptop into the appropriate directory. The next instructions were
Put these files in the C:\Program Files\OpenVPN\config folder and create a new text file called VPN.ovpn (in the same C:\Program_Files\OpenVPN\config folder). Copy the generated config in this file and save it.
Which of the three files is the generated config file or did I miss something.
Thanks in advance for your help.
-
VIP-ire;
When I was settingup the certificates, it asks for an email address. What is the significance of this? I do not have mail running off my server so an "internal" address won't work if it actually needs to do anything. I can give it a working address but from my ISP that I should get if the server needs to send anything.
Let me know. Thx in advance.
Ian
Well, the mail address is just a required field for a X.509 certificate. You can put the address you want, not necessary a mail account of this server. You can enter anything you want.
a) The bridge interface. Is this the name of the nic on the internet side of my server. As I recall when I set this up, it should be eth1.
b) Tap Interface is a software construct so I will leave this alone. (?)
No, you shouldn't have to change the 3 interfaces, I just put this in the panel for some specific configurations but, most of the time:
the bridge interface is br0 (it's a virtual interface in which we will enslave the 2 others)
the local interface to be bridge is the interface of your local network, not the internet side one. it's normally allways eth0
the Tap interface is the virtual interface of the VPN, it's always tap0
c) I picked authentication method 5 but did not get a place to enter username/password. Did I miss something?
When you choose a method with login/passwords, it refers to the login/passwords of the differents users accounts.
d) A bit confused by the "Do you want to use your server as default gateway..." I am using only one server that is in gateway and server mode. I will vpn in from the outside using client machine, so the answer to this is yes (?). I am not sure how to answer the Redirect Gateway question. I picked disabled but is this correct.
If redirect the gateway is enabled, that means that when a client connect to your server via VPN, your VPN server will become his default gateway, so all the communications of the client will pass through the VPN.
Which of the three files is the generated config file or did I miss something.
None of this 3 files is the configuration file, these are the certificates and the private key of the client (which are needed by the authentication method you choose). To view the configuration file, go in the certificate manager and click on the 'display' link of the certificate of the client you wan't, you will see the configuraiton file and that you need to do then is to copy/past these lines to the vpn.ovpn file.
Hope this will help you
-
I've installed openvpn beta 4, following the how to. When I ran the installation script I got the following error message :
"copying templates
ERROR: No templates were found for /etc/openvpn/persist-pool. at /sbin/e-smith/expand-template line 45
ok ".
Everything seemed ok afterwards. I've configured openvpn, through server-manager, leaving all the default options and choosing authentication method 3. I created a certificate for my clients (ip and user fields left blank).
When I try to connect to the server I get a "Connection reset by peer" error right after I am asked for my user and password. I have vpn access granted in server-manager for this user.
Any ideas?
And by the way, thanks for this contrib!
Edit: I had no other previous versions of this contrib installed.
-
I've installed openvpn beta 4, following the how to. When I ran the installation script I got the following error message :
"copying templates
ERROR: No templates were found for /etc/openvpn/persist-pool. at /sbin/e-smith/expand-template line 45
ok ".
oups, that's my fault. I just forgot to remove a line from the install script, but it's not verry important.
Everything seemed ok afterwards. I've configured openvpn, through server-manager, leaving all the default options and choosing authentification method 3. I created a certificate for my clients (ip and user fields left blank).
When I try to connect to the server I get a "Connection reset by peer" error right after I am asked for my user and password. I have vpn access granted in server-manager for this user.
You say you let the default options, but have you enabled the service (in the panel)?
Did you used the config file from the panel?
Have you checked that the 2 certificates (ca.crt and client.crt) and the private key (client.key) are not empty (they normally shouldn't but in previous release, it could appen)
Can you give me the output of
tail /var/log/openvpn/logins and
tail /var/log/openvpn/openvpn.log
after trying to login.
-
You say you let the default options, but have you enabled the service (in the panel)?
Yes, I did.
Did you used the config file from the panel?
Have you checked that the 2 certificates (ca.crt and client.crt) and the private key (client.key) are not empty (they normally shouldn't but in previous release, it could happen)
Yes I used the config file from the panel. I needed to modify the hostname of the server from mrm.ro to server.mrm.ro (I don't have a dns record for mrm.ro).
I checked the certificates and they are not empty. I did modify the name of the ca.crt to ca-mrm.crt, and I modified the client ovpn configuration file accordingly (this shouldn't be a problem I think).
Can you give me the output of
tail /var/log/openvpn/logins and
tail /var/log/openvpn/openvpn.log
after trying to login.
There is no logins log, and checking the openvpn.log I've seen the following error:
"Options error: --server-bridge IP addresses 192.168.57.1 and 192.168.200.25 are not in the same 255.255.255.0 subnet"
It seems that I forgot to modify the ip's for openvpn clients to be in the same network as my local network. Once I did this everything worked like a charm.
Thanks for this great contrib, and for the quick replies . :)
-
VIP-ire;
Got everything reinstalled and set up on laptop. Will probably test tomorrow when I am not on site. I tried it on site and it failed which is not surprising since I am already on the network I am trying to vpn into.
One concern I have is last night I noticed the following entry at the bottom of my sme server admin manage page.
Collaboration
Users
Groups
Quotas
Pseudonyms
Information bays
Administration
Backup or restore
View log files
Mail log file analysis
Reboot or shutdown
Security
Remote access
Local networks
Port forwarding
Proxy settings
Configuration
OpenVPN
Software installer
Date and time
Workgroup
Directory
Printers
Hostnames and addresses
Domains
E-mail
Antivirus (ClamAV)
Review configuration
Crontab Manager
Miscellaneous
Support and licensing
Create starter web site
Unknown
.rnd
When I click on the .rnd option, I get the following message.
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, admin and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
I searched through the log files you get when you go into the "view Log files" feature. I looked for "error" and ".rnd" and could not find anything. Googled ".rnd" and could not see anything relevant.
I thought about rebooting server but am supposed to be working at home later today and am not so inclined to be without internet access.
Any insight? Thx in advance for your help.
-
Ok, i've just saw that I have the same problem. This file is created during certificates generation. Anyway, I'm working on beta5 and it'll be corrected. This beta will seriously improve the security and will correct the last little problems like the .rnd one
-
This file is created during certificates generation. Anyway, I'm working on beta5 and it'll be corrected. This beta will seriously improve the security and will correct the last little problems like the .rnd one
I was wondering where that came from...
VIP-ire, you mentioned a post or two ago about sometimes the client certificate is blank. I have tried repeatedly to regenerate the certificates, but everytime the client.crt is 0bytes. Is the best way to fix this by uninstalling and installing your latest? I don't even know which version I have though...
Thanks.
-
Haymann;
I tried the uninstall/reinstall trick and it did not resolve the problem. I had beta 3 installed, then beta 4 when I noticed the problem. Thinking I had done something foolish (still completely plausible :o ), I uninstalled and reinstalled and the problem was still there. I did not reboot, (see previous post by me) but apparently that won't help either.
-
VIP ire;
Stoopid question time :oops: . My vpn connection did not work and I was pondering that and it occurred to me that I had not entered in the name of my site or the IP address anywhere that I remember. When I vpn into work, I know where the ip address is stored and could change it if I wanted. Shouldn't I have to tell the openvpn gui where I would like to vpn to?
To further complicate things, I have a dynamic address. I use zone edit to find my site.
Thx in advance for your help and your hard work.
-
Thanks imcintyre, maybe I'll wait a bit before uninstalling...
Just to see what happened (even though it appears my client.crt is blank) I installed OpenVPN on a remote computer and copied over the files that I downloaded from my OpenVPN panel in server-manager. When I try to connect it get this error:Options error: Unrecognized option or missing parameter(s) in vpn.ovpn:10: fragment (2.0.5)
Use --help for more information.I noticed that vpn.ovpn has an entry "fragment" so for kicks I removed it. Then when I tried to connect it prompted me for my username and password. When those were supplied, I got this error:Fri Nov 10 14:06:29 2006 us=978827 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Nov 10 14:06:29 2006 us=982909 Cannot load certificate file client.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Fri Nov 10 14:06:29 2006 us=982941 ExitingI don't know what to make of that first error, but I am guessing that the second error is because my client.crt is blank...
-
VIP ire;
Stoopid question time :oops: . My vpn connection did not work and I was pondering that and it occurred to me that I had not entered in the name of my site or the IP address anywhere that I remember. When I vpn into work, I know where the ip address is stored and could change it if I wanted. Shouldn't I have to tell the openvpn gui where I would like to vpn to?
To further complicate things, I have a dynamic address. I use zone edit to find my site.
Thx in advance for your help and your hard work.
The address of your vpn server is in the config file of the client. It's generated with the domain name of your server, you should have something like
remote yourdomain.com
If you have a dynamic IP addres, maybe you will have to change it. For example, on my personal server, I use dyndns, my internal domain is domain.org but from the internet, it's accessible with domain.dyndns.org.
So the panel generate a file with domain.org wich I changed in domain.dyndns.org.
Just to see what happened (even though it appears my client.crt is blank) I installed OpenVPN on a remote computer and copied over the files that I downloaded from my OpenVPN panel in server-manager. When I try to connect it get this error:
Code:
Options error: Unrecognized option or missing parameter(s) in vpn.ovpn:10: fragment (2.0.5)
Use --help for more information.
I noticed that vpn.ovpn has an entry "fragment" so for kicks I removed it. Then when I tried to connect it prompted me for my username and password. When those were supplied, I got this error:
Code:
Fri Nov 10 14:06:29 2006 us=978827 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Nov 10 14:06:29 2006 us=982909 Cannot load certificate file client.crt: error:0906D06C:PEM routines:PEM_read_bio:no start line: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Fri Nov 10 14:06:29 2006 us=982941 Exiting
I don't know what to make of that first error, but I am guessing that the second error is because my client.crt is blank...
It looks like you're using beta 3. Those two problems (blank certif and fragment error) are known problems of beta3. You should upgrade to beta 4 or wait for beta 5 (next week I hope)
-
It looks like you're using beta 3. Those two problems (blank certif and fragment error) are known problems of beta3. You should upgrade to beta 4 or wait for beta 5 (next week I hope)
Excellent! I'll give it a shot tonight. Thank you for your effort on this, I appreciate it very much.
Ryan
-
The address of your vpn server is in the config file of the client. It's generated with the domain name of your server, you should have something like
remote yourdomain.com
If you have a dynamic IP addres, maybe you will have to change it. For example, on my personal server, I use dyndns, my internal domain is domain.org but from the internet, it's accessible with domain.dyndns.org.
So the panel generate a file with domain.org wich I changed in domain.dyndns.org.
I use zoneedit and I can get through on the internet with mysite.ca In my vpn.ovpn I have the line remote mysite.ca. I get the log on screen but apparently I don't know the login/password. I created the profile while I was logged in as admin. How do I link the profile to a user and password or did I miss something.
Thx in advance.
-
I use zoneedit and I can get through on the internet with mysite.ca In my vpn.ovpn I have the line remote mysite.ca. I get the log on screen but apparently I don't know the login/password. I created the profile while I was logged in as admin. How do I link the profile to a user and password or did I miss something.
Thx in advance.
The login/passwords are the same as the main users accounts. If you create one certificate by client, use the same common name as the login he haves. don't forget to set VPNaccess to yes in the users page. By tha way, this will certainly change in the next release as all the login system will change.
-
*Solved* I took out the space in the name and everything is ok.
I tried to create a profile using "my name" and got the following error. If it is of any use, there is a space between "my" and "name". Also, "my name" is not a user account
Software error:
Bad caracteres in My Name at /etc/e-smith/web/panels/manager/cgi-bin/openvpn line 955.
For help, please send mail to the webmaster (admin), giving this error message and the time and date of the error.
any insight into this?
Thx
-
When creating a new profile (new X.509 certificate with an IP address optionnaly associated), you should use the login for the common name. Anyway, if you don't want to use the login as common name, spaces are not allowed in the common name, so don't use it.
-
Okay, here we go again (please bear with me).
I created a new user profile, generated a new ca.crt, user.crt, user.key.
I am going to their house, where I will install openvpn, and put the ca.crt and user.crt in the directory, C:\Program Files\OpenVPN\config.
I copied the generated file that starts "port 1194..." using notebook to create the file VPN.ovpn. I copy that into the directory, C:\Program Files\OpenVPN\config.
I take the file "user.key" and put it in the same directory. Should I do anything else with it?
Thx.
-
Works Great, forgot to enable VPN access for user ( :oops: )
very awesome, <~~listening to tunes from my house while at my mom's
Rare Earth... I just want to celebrate
-
smeserver-openvpn-bridge_beta5 is available. Have a look at http://sme.firewall-services.com/spip.php?rubrique3
-
smeserver-openvpn-bridge_beta5 is available. Have a look at http://sme.firewall-services.com/spip.php?rubrique3
That's all fine and good.. problem is, the upgrade broke my VPN. I was using Beta4, but when I attempt to connect using an existing client (after updating the configuration changes) this is what I get:
Fri Dec 01 16:08:16 2006 us=923573 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Fri Dec 01 16:08:16 2006 us=923611 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Dec 01 16:08:16 2006 us=923623 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Dec 01 16:08:16 2006 us=923662 LZO compression initialized
Fri Dec 01 16:08:16 2006 us=923712 Control Channel MTU parms [ L:1594 D:166 EF:66 EB:0 ET:0 EL:0 ]
Fri Dec 01 16:08:16 2006 us=924482 Data Channel MTU parms [ L:1594 D:1450 EF:62 EB:135 ET:32 EL:0 AF:3/1 ]
Fri Dec 01 16:08:16 2006 us=924510 Fragmentation MTU parms [ L:1594 D:1400 EF:61 EB:135 ET:33 EL:0 AF:3/1 ]
Fri Dec 01 16:08:16 2006 us=924545 Local Options String: 'V4,dev-type tap,link-mtu 1594,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Fri Dec 01 16:08:16 2006 us=924555 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1594,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Fri Dec 01 16:08:16 2006 us=924580 Local Options hash (VER=V4): '29f2fd82'
Fri Dec 01 16:08:16 2006 us=924596 Expected Remote Options hash (VER=V4): 'b35f3855'
Fri Dec 01 16:08:16 2006 us=924631 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Dec 01 16:08:16 2006 us=924647 UDPv4 link local: [undef]
Fri Dec 01 16:08:16 2006 us=924657 UDPv4 link remote: 209.89.132.81:1194
Fri Dec 01 16:08:16 2006 us=966217 TLS: Initial packet from 209.89.132.81:1194, sid=b416c8e3 bdcf3e5a
Fri Dec 01 16:08:17 2006 us=319696 VERIFY OK: depth=1, /C=CA/ST=France/L=Edmonton/O=Electronic_Connections/OU=VPN/CN=server.ecl.ca/emailAddress=andrewr@ecl.ca
Fri Dec 01 16:08:17 2006 us=320916 VERIFY nsCertType ERROR: /C=CA/ST=France/O=Electronic_Connections/OU=VPN/CN=server.ecl.ca/emailAddress=andrewr@ecl.ca, require nsCertType=SERVER
Fri Dec 01 16:08:17 2006 us=321123 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Fri Dec 01 16:08:17 2006 us=321135 TLS Error: TLS object -> incoming plaintext read error
Fri Dec 01 16:08:17 2006 us=321143 TLS Error: TLS handshake failed
Fri Dec 01 16:08:17 2006 us=321507 TCP/UDP: Closing socket
Fri Dec 01 16:08:17 2006 us=321744 SIGUSR1[soft,tls-error] received, process restarting
Fri Dec 01 16:08:17 2006 us=322020 Restart pause, 2 second(s)
For now, I am restoring back to v4... (thank god I did a backup). I would like to use the new features in beta5, namely the increased authentication.. but not at the expense of stability.
Ideas?
-
it looks like you have updated the configuration file of the client but you use the old certificates. You should erease all the certificates (in the panel of the server-manager) and regenerate them. Download the new one on your client and also the ta.key file and I think it'll work.
-
I installed your openvpn.
Installing was with no errors.
i added a client key for the server these keys i downloaded and put them in de openvpn/config dir.
I can connect with openvpn gui (the icon stays yellow) the following error i find in the log file of my windows xp client
####
Sun Dec 10 10:31:25 2006 us=558304 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Dec 10 10:31:25 2006 us=558357 TLS Error: TLS handshake failed
Sun Dec 10 10:31:25 2006 us=559674 TCP/UDP: Closing socket
Sun Dec 10 10:31:25 2006 us=560422 SIGUSR1[soft,tls-error] received, process restarting
Sun Dec 10 10:31:25 2006 us=560460 Restart pause, 2 second(s)
Sun Dec 10 10:31:27 2006 us=562564 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sun Dec 10 10:31:27 2006 us=562631 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 10 10:31:27 2006 us=562651 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 10 10:31:27 2006 us=562711 LZO compression initialized
Sun Dec 10 10:31:27 2006 us=562807 Control Channel MTU parms [ L:1578 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Dec 10 10:31:27 2006 us=564544 Data Channel MTU parms [ L:1578 D:1450 EF:46 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Dec 10 10:31:27 2006 us=565147 Fragmentation MTU parms [ L:1578 D:1400 EF:45 EB:135 ET:33 EL:0 AF:3/1 ]
Sun Dec 10 10:31:27 2006 us=565215 Local Options String: 'V4,dev-type tap,link-mtu 1578,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Sun Dec 10 10:31:27 2006 us=565232 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1578,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Sun Dec 10 10:31:27 2006 us=565269 Local Options hash (VER=V4): 'a257ef04'
Sun Dec 10 10:31:27 2006 us=565294 Expected Remote Options hash (VER=V4): '8f3da10b'
Sun Dec 10 10:31:27 2006 us=565360 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Dec 10 10:31:27 2006 us=566249 UDPv4 link local: [undef]
Sun Dec 10 10:31:27 2006 us=566276 UDPv4 link remote: 86.87.210.220:1194
####
log file of server
#####
Sun Dec 10 00:37:38 2006 MULTI: multi_init called, r=256 v=256
Sun Dec 10 00:37:38 2006 IFCONFIG POOL: base=192.168.1.201 size=50
Sun Dec 10 00:37:38 2006 Initialization Sequence Completed
Sun Dec 10 08:02:45 2006 event_wait : Interrupted system call (code=4)
Sun Dec 10 08:02:45 2006 TCP/UDP: Closing socket
Sun Dec 10 08:02:45 2006 Closing TUN/TAP interface
Sun Dec 10 08:02:45 2006 PLUGIN_CLOSE: /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so
Sun Dec 10 08:02:45 2006 SIGTERM[hard,] received, process exiting
Sun Dec 10 10:27:53 2006 OpenVPN 2.0.7 i386-redhat-linux-gnu [SSL] [LZO] [EPOLL] built on Apr 29 2006
Sun Dec 10 10:27:53 2006 PLUGIN_INIT: POST /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so 'login' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY
Sun Dec 10 10:27:53 2006 Diffie-Hellman initialized with 2048 bit key
Sun Dec 10 10:27:53 2006 WARNING: file 'easy-rsa/keys/bridge/server.key' is group or others accessible
Sun Dec 10 10:27:53 2006 WARNING: file 'easy-rsa/keys/bridge/ta.key' is group or others accessible
Sun Dec 10 10:27:53 2006 Control Channel Authentication: using 'easy-rsa/keys/bridge/ta.key' as a OpenVPN static key file
Sun Dec 10 10:27:53 2006 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 10 10:27:53 2006 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Dec 10 10:27:53 2006 TLS-Auth MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Dec 10 10:27:53 2006 TUN/TAP device tap0 opened
Sun Dec 10 10:27:53 2006 Data Channel MTU parms [ L:1574 D:1400 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Dec 10 10:27:54 2006 chroot to '/etc/openvpn' and cd to '/' succeeded
Sun Dec 10 10:27:54 2006 GID set to nobody
Sun Dec 10 10:27:54 2006 UID set to nobody
Sun Dec 10 10:27:54 2006 UDPv4 link local (bound): [undef]:1194
Sun Dec 10 10:27:54 2006 UDPv4 link remote: [undef]
Sun Dec 10 10:27:54 2006 MULTI: multi_init called, r=256 v=256
Sun Dec 10 10:27:54 2006 IFCONFIG POOL: base=192.168.1.201 size=50
Sun Dec 10 10:27:54 2006 Initialization Sequence Completed
Sun Dec 10 10:28:32 2006 MULTI: multi_create_instance called
Sun Dec 10 10:28:32 2006 192.168.1.7:1504 Re-using SSL/TLS context
Sun Dec 10 10:28:32 2006 192.168.1.7:1504 LZO compression initialized
Sun Dec 10 10:28:32 2006 192.168.1.7:1504 Control Channel MTU parms [ L:1578 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sun Dec 10 10:28:32 2006 192.168.1.7:1504 Data Channel MTU parms [ L:1578 D:1400 EF:46 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Dec 10 10:28:32 2006 192.168.1.7:1504 Fragmentation MTU parms [ L:1578 D:1400 EF:45 EB:135 ET:33 EL:0 AF:3/1 ]
Sun Dec 10 10:28:32 2006 192.168.1.7:1504 Local Options hash (VER=V4): '8f3da10b'
Sun Dec 10 10:28:32 2006 192.168.1.7:1504 Expected Remote Options hash (VER=V4): 'a257ef04'
Sun Dec 10 10:28:32 2006 192.168.1.7:1504 TLS: Initial packet from 192.168.1.7:1504, sid=25afa51e 66b6cc6a
Sun Dec 10 10:28:33 2006 192.168.1.7:1504 CRL: cannot read: easy-rsa/keys/bridge/crl.pem: Permission denied (errno=13)
Sun Dec 10 10:28:33 2006 192.168.1.7:1504 Exiting
#####
It was a clean install on a sme 7.0
sme server only
port 1194 openen on my router to sme
Can you help me with this
Can you help me with this problem
-
Can you try to give read acces to everyone on the crl.pem file
chmod +r /etc/openvpn/easy-rsa/keys/bridge/crl.pem
Then try again to connect. If it's working, I know where the error comes from and I will release the patch tomorow
-
i still have same error..
server log:
Mon Jun 18 12:43:39 2007 WARNING: file 'easy-rsa/keys/bridge/server.key' is group or others accessible
Mon Jun 18 12:43:39 2007 WARNING: file 'easy-rsa/keys/bridge/ta.key' is group or others accessible
Mon Jun 18 12:43:39 2007 Control Channel Authentication: using 'easy-rsa/keys/bridge/ta.key' as a OpenVPN static key file
Mon Jun 18 12:43:39 2007 TUN/TAP device tap0 opened
Mon Jun 18 12:43:39 2007 chroot to '/etc/openvpn' and cd to '/' succeeded
Mon Jun 18 12:43:39 2007 GID set to nobody
Mon Jun 18 12:43:39 2007 UID set to nobody
Mon Jun 18 12:43:39 2007 UDPv4 link local (bound): [undef]:2000
Mon Jun 18 12:43:39 2007 UDPv4 link remote: [undef]
Mon Jun 18 12:43:39 2007 Initialization Sequence Completed
Mon Jun 18 12:58:44 2007 60.52.32.142:1127 Re-using SSL/TLS context
Mon Jun 18 12:58:44 2007 60.52.32.142:1127 LZO compression initialized
Mon Jun 18 12:58:44 2007 60.52.32.142:1127 CRL: cannot read: easy-rsa/keys/bridge/crl.pem: Permission denied (errno=13)
Mon Jun 18 12:58:44 2007 60.52.32.142:1127 Exiting
-
Mon Jun 18 12:43:39 2007 chroot to '/etc/openvpn' and cd to '/' succeeded
i think problem on this? CD to '/'
-
Mon Jun 18 12:43:39 2007 chroot to '/etc/openvpn' and cd to '/' succeeded
i think problem on this? CD to '/'
There's no problem with CD '/'.
First, the daemon is chrooted in /etc/openvpn, so /etc/openvpn becomes the '/' for openvpn, then in the config file, there's a directive to select /etc/openvpn as the current directory, which means '/' for openvpn daemon.
I think you're having some others problem. Try to delete all the certificates and restart from scratch
-
already start from scratch.. but still same..
-
Hello,
was there any resolve to this problem?
I am having the same issue
Sat Mar 29 22:51:18 2008 MULTI: multi_create_instance called
Sat Mar 29 22:51:18 2008 124.187.35.13:16667 Re-using SSL/TLS context
Sat Mar 29 22:51:18 2008 124.187.35.13:16667 LZO compression initialized
Sat Mar 29 22:51:18 2008 124.187.35.13:16667 Control Channel MTU parms [ L:1574 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Mar 29 22:51:18 2008 124.187.35.13:16667 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Sat Mar 29 22:51:18 2008 124.187.35.13:16667 Local Options hash (VER=V4): '360696c5'
Sat Mar 29 22:51:18 2008 124.187.35.13:16667 Expected Remote Options hash (VER=V4): '13a273ba'
Sat Mar 29 22:51:18 2008 124.187.35.13:16667 TLS: Initial packet from 124.187.35.13:16667, sid=2a267552 e23b9dbe
Sat Mar 29 22:51:19 2008 124.187.35.13:16667 CRL: cannot read: easy-rsa/keys/bridge/crl.pem: Permission denied (errno=13)
Sat Mar 29 22:51:19 2008 124.187.35.13:16667 Exiting
Appreciate any help, I have deleted and regenerated keys many times but always have no success.