Hello,
Here are the requested logs at verbage setting of 4.
server.log:
Mon Apr 17 16:50:18 2017 us=115390 Current Parameter Settings:
Mon Apr 17 16:50:18 2017 us=115720 config =
'/usr/local/etc/openvpn/openvpn.conf'
Mon Apr 17 16:50:18 2017 us=115738 mode = 1
Mon Apr 17 16:50:18 2017 us=115750 show_ciphers = DISABLED
Mon Apr 17 16:50:18 2017 us=115761 show_digests = DISABLED
Mon Apr 17 16:50:18 2017 us=115772 NOTE: --mute triggered...
Mon Apr 17 16:50:18 2017 us=115791 278 variation(s) on previous 5
message(s) suppressed by --mute
Mon Apr 17 16:50:18 2017 us=115803 OpenVPN 2.4.1
amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11]
[MH/RECVDA] [AEAD] built on Apr 15 2017
Mon Apr 17 16:50:18 2017 us=115998 library versions: OpenSSL 1.0.2k
26 Jan 2017, LZO 2.10
Mon Apr 17 16:50:18 2017 us=118169 Diffie-Hellman initialized with 4096 bit key
Mon Apr 17 16:50:18 2017 us=119843 Outgoing Control Channel
Authentication: Using 512 bit message hash 'SHA512' for HMAC
authentication
Mon Apr 17 16:50:18 2017 us=119870 Incoming Control Channel
Authentication: Using 512 bit message hash 'SHA512' for HMAC
authentication
Mon Apr 17 16:50:18 2017 us=119891 TLS-Auth MTU parms [ L:1621 D:1140
EF:110 EB:0 ET:0 EL:3 ]
Mon Apr 17 16:50:18 2017 us=119984 TUN/TAP device /dev/tun0 opened
Mon Apr 17 16:50:18 2017 us=120045 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Apr 17 16:50:18 2017 us=120075 /sbin/ifconfig tun0 172.17.0.1
172.17.0.2 mtu 1500 netmask 255.255.255.0 up
Mon Apr 17 16:50:18 2017 us=123463 /sbin/route add -net 172.17.0.0
172.17.0.2 255.255.255.0
add net 172.17.0.0: gateway 172.17.0.2
Mon Apr 17 16:50:18 2017 us=126039 Data Channel MTU parms [ L:1621
D:1450 EF:121 EB:406 ET:0 EL:3 ]
Mon Apr 17 16:50:18 2017 us=126787 Could not determine IPv4/IPv6
protocol. Using AF_INET
Mon Apr 17 16:50:18 2017 us=126833 Socket Buffers: R=[42080->42080]
S=[9216->9216]
Mon Apr 17 16:50:18 2017 us=126869 UDPv4 link local (bound):
[AF_INET]xxx.xxx.xxx.xxx:1194
Mon Apr 17 16:50:18 2017 us=126883 UDPv4 link remote: [AF_UNSPEC]
Mon Apr 17 16:50:18 2017 us=126900 GID set to nobody
Mon Apr 17 16:50:18 2017 us=126922 UID set to nobody
Mon Apr 17 16:50:18 2017 us=126948 MULTI: multi_init called, r=256 v=256
Mon Apr 17 16:50:18 2017 us=126989 IFCONFIG POOL: base=172.17.0.2
size=252, ipv6=0
Mon Apr 17 16:50:18 2017 us=127008 IFCONFIG POOL LIST
Mon Apr 17 16:50:18 2017 us=127055 Initialization Sequence Completed
client.log:
Mon Apr 17 16:59:40 2017 us=577204 Current Parameter Settings:
Mon Apr 17 16:59:40 2017 us=577204 config = 'client.ovpn'
Mon Apr 17 16:59:40 2017 us=577204 mode = 0
Mon Apr 17 16:59:40 2017 us=577204 show_ciphers = DISABLED
Mon Apr 17 16:59:40 2017 us=577204 show_digests = DISABLED
Mon Apr 17 16:59:40 2017 us=577704 NOTE: --mute triggered...
Mon Apr 17 16:59:40 2017 us=577704 286 variation(s) on previous 5
message(s) suppressed by --mute
Mon Apr 17 16:59:40 2017 us=577704 OpenVPN 2.4.1 x86_64-w64-mingw32
[SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 22 2017
Mon Apr 17 16:59:40 2017 us=577704 Windows version 6.2 (Windows 8 or
greater) 64bit
Mon Apr 17 16:59:40 2017 us=577704 library versions: OpenSSL 1.0.2k
26 Jan 2017, LZO 2.09
Enter Management Password:
Mon Apr 17 16:59:40 2017 us=578704 MANAGEMENT: TCP Socket listening on
[AF_INET]127.0.0.1:25340
Mon Apr 17 16:59:40 2017 us=578704 Need hold release from management
interface, waiting...
Mon Apr 17 16:59:40 2017 us=585204 MANAGEMENT: Client connected from
[AF_INET]127.0.0.1:25340
Mon Apr 17 16:59:40 2017 us=703805 MANAGEMENT: CMD 'state on'
Mon Apr 17 16:59:40 2017 us=706809 MANAGEMENT: CMD 'log all on'
Mon Apr 17 16:59:40 2017 us=898214 MANAGEMENT: CMD 'echo all on'
Mon Apr 17 16:59:40 2017 us=912710 MANAGEMENT: CMD 'hold off'
Mon Apr 17 16:59:40 2017 us=925715 MANAGEMENT: CMD 'hold release'
Mon Apr 17 16:59:40 2017 us=925715 WARNING: --ns-cert-type is
DEPRECATED. Use --remote-cert-tls instead.
Mon Apr 17 16:59:41 2017 us=84732 MANAGEMENT: CMD 'password [...]'
Mon Apr 17 16:59:41 2017 us=84732 WARNING: this configuration may
cache passwords in memory -- use the auth-nocache option to prevent
this
Mon Apr 17 16:59:41 2017 us=89733 Outgoing Control Channel
Authentication: Using 512 bit message hash 'SHA512' for HMAC
authentication
Mon Apr 17 16:59:41 2017 us=89733 Incoming Control Channel
Authentication: Using 512 bit message hash 'SHA512' for HMAC
authentication
Mon Apr 17 16:59:41 2017 us=89733 WARNING: normally if you use
--mssfix and/or --fragment, you should also set --tun-mtu 1500
(currently it is 1400)
Mon Apr 17 16:59:41 2017 us=89733 Control Channel MTU parms [ L:1521
D:1140 EF:110 EB:0 ET:0 EL:3 ]
Mon Apr 17 16:59:41 2017 us=89733 Data Channel MTU parms [ L:1521
D:1450 EF:121 EB:389 ET:0 EL:3 ]
Mon Apr 17 16:59:41 2017 us=89733 Local Options String (VER=V4):
'V4,dev-type tun,link-mtu 1449,tun-mtu 1400,proto UDPv4,keydir
1,cipher AES-256-GCM,auth [null-digest],keysize
256,tls-auth,key-method 2,tls-client'
Mon Apr 17 16:59:41 2017 us=89733 Expected Remote Options String
(VER=V4): 'V4,dev-type tun,link-mtu 1449,tun-mtu 1400,proto
UDPv4,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize
256,tls-auth,key-method 2,tls-server'
Mon Apr 17 16:59:41 2017 us=90233 TCP/UDP: Preserving recently used
remote address: [AF_INET]xxx.xxx.xxx.xxx:1194
Mon Apr 17 16:59:41 2017 us=90233 Socket Buffers: R=[65536->65536]
S=[65536->65536]
Mon Apr 17 16:59:41 2017 us=90233 UDP link local: (not bound)
Mon Apr 17 16:59:41 2017 us=90233 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
Mon Apr 17 16:59:41 2017 us=90233 MANAGEMENT: >STATE:1492462781,WAIT,,,,,,
Mon Apr 17 17:00:41 2017 us=144194 TLS Error: TLS key negotiation
failed to occur within 60 seconds (check your network connectivity)
Mon Apr 17 17:00:41 2017 us=144194 TLS Error: TLS handshake failed
Mon Apr 17 17:00:41 2017 us=144194 TCP/UDP: Closing socket
Mon Apr 17 17:00:41 2017 us=144194 SIGUSR1[soft,tls-error] received,
process restarting
Mon Apr 17 17:00:41 2017 us=144693 MANAGEMENT:
>STATE:1492462841,RECONNECTING,tls-error,,,,,
Mon Apr 17 17:00:41 2017 us=144693 Restart pause, 5 second(s)
Mon Apr 17 17:00:46 2017 us=162078 WARNING: --ns-cert-type is
DEPRECATED. Use --remote-cert-tls instead.
Mon Apr 17 17:00:46 2017 us=162078 Re-using SSL/TLS context
Mon Apr 17 17:00:46 2017 us=162078 WARNING: normally if you use
--mssfix and/or --fragment, you should also set --tun-mtu 1500
(currently it is 1400)
Mon Apr 17 17:00:46 2017 us=162078 Control Channel MTU parms [ L:1521
D:1140 EF:110 EB:0 ET:0 EL:3 ]
Mon Apr 17 17:00:46 2017 us=162078 Data Channel MTU parms [ L:1521
D:1450 EF:121 EB:389 ET:0 EL:3 ]
Mon Apr 17 17:00:46 2017 us=162078 Local Options String (VER=V4):
'V4,dev-type tun,link-mtu 1449,tun-mtu 1400,proto UDPv4,keydir
1,cipher AES-256-GCM,auth [null-digest],keysize
256,tls-auth,key-method 2,tls-client'
Mon Apr 17 17:00:46 2017 us=162078 Expected Remote Options String
(VER=V4): 'V4,dev-type tun,link-mtu 1449,tun-mtu 1400,proto
UDPv4,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize
256,tls-auth,key-method 2,tls-server'
Mon Apr 17 17:00:46 2017 us=162078 TCP/UDP: Preserving recently used
remote address: [AF_INET]xxx.xxx.xxx.xxx:1194
Mon Apr 17 17:00:46 2017 us=162078 Socket Buffers: R=[65536->65536]
S=[65536->65536]
Mon Apr 17 17:00:46 2017 us=162078 UDP link local: (not bound)
Mon Apr 17 17:00:46 2017 us=162078 UDP link remote:
[AF_INET]xxx.xxx.xxx.xxx:1194
Mon Apr 17 17:00:46 2017 us=162078 MANAGEMENT: >STATE:1492462846,WAIT,,,,,,
Mon Apr 17 17:01:46 2017 us=347834 TLS Error: TLS key negotiation
failed to occur within 60 seconds (check your network connectivity)
Mon Apr 17 17:01:46 2017 us=347834 TLS Error: TLS handshake failed
Mon Apr 17 17:01:46 2017 us=348266 TCP/UDP: Closing socket
Mon Apr 17 17:01:46 2017 us=348266 SIGUSR1[soft,tls-error] received,
process restarting
Mon Apr 17 17:01:46 2017 us=348266 MANAGEMENT:
>STATE:1492462906,RECONNECTING,tls-error,,,,,
Mon Apr 17 17:01:46 2017 us=348266 Restart pause, 5 second(s)
Mon Apr 17 17:01:51 2017 us=367012 WARNING: --ns-cert-type is
DEPRECATED. Use --remote-cert-tls instead.
Mon Apr 17 17:01:51 2017 us=367012 Re-using SSL/TLS context
Mon Apr 17 17:01:51 2017 us=367012 WARNING: normally if you use
--mssfix and/or --fragment, you should also set --tun-mtu 1500
(currently it is 1400)
Mon Apr 17 17:01:51 2017 us=367012 Control Channel MTU parms [ L:1521
D:1140 EF:110 EB:0 ET:0 EL:3 ]
Mon Apr 17 17:01:51 2017 us=367012 Data Channel MTU parms [ L:1521
D:1450 EF:121 EB:389 ET:0 EL:3 ]
Mon Apr 17 17:01:51 2017 us=367012 Local Options String (VER=V4):
'V4,dev-type tun,link-mtu 1449,tun-mtu 1400,proto UDPv4,keydir
1,cipher AES-256-GCM,auth [null-digest],keysize
256,tls-auth,key-method 2,tls-client'
Mon Apr 17 17:01:51 2017 us=367012 Expected Remote Options String
(VER=V4): 'V4,dev-type tun,link-mtu 1449,tun-mtu 1400,proto
UDPv4,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize
256,tls-auth,key-method 2,tls-server'
Mon Apr 17 17:01:51 2017 us=367012 TCP/UDP: Preserving recently used
remote address: [AF_INET]xxx.xxx.xxx.xxx:1194
Mon Apr 17 17:01:51 2017 us=367012 Socket Buffers: R=[65536->65536]
S=[65536->65536]
Mon Apr 17 17:01:51 2017 us=367012 UDP link local: (not bound)
Mon Apr 17 17:01:51 2017 us=367012 UDP link remote:
[AF_INET]xxx.xxx.xxx.xxx:1194
Mon Apr 17 17:01:51 2017 us=367012 MANAGEMENT: >STATE:1492462911,WAIT,,,,,,
Mon Apr 17 17:02:03 2017 us=314543 TCP/UDP: Closing socket
Mon Apr 17 17:02:03 2017 us=314543 SIGTERM[hard,] received, process exiting
Mon Apr 17 17:02:03 2017 us=314543 MANAGEMENT:
>STATE:1492462923,EXITING,SIGTERM,,,,,
This is a new install of 2.4 on the server and 2.4 on the windows openvpn gui.
Thanks.
Dave.
On 4/17/17, Gert Doering <g...@greenie.muc.de> wrote:
> Hi,
>
> On Mon, Apr 17, 2017 at 03:03:59PM -0400, David Mehler wrote:
>> I've got a FreeBSD 10.3 server running openvpn 2.4. To that I'm trying
>> to connect an external to that network win10 x64 machine running
>> openvpn gui latest 2.4.
>
> Generally speaking, this should work (= this is what I run at
> a customer site, and all clients can connect just fine).
>
> Did it work before upgrading to 2.4? In that case the more strict
> CRL checking in 2.4 might be biting you - server and/or client log
> will tell ("--verb 4").
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
>
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany
> g...@greenie.muc.de
> fax: +49-89-35655025
> g...@net.informatik.tu-muenchen.de
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
