Jump to content


Photo

one more about OpenVPN

Started by volk2003, 24 Nov 2017 14:33

  • Please log in to reply
20 replies to this topic

#1 volk2003

  • Member
  • 13 posts

0
Neutral

Posted 24 November 2017 - 14:33

Hello

I have myself openvpn server. I have made it for my friends and clients for update enigma2 set-tot-boxes. This vpn network has about 50 clients in any OS (enigma2 based on OpenPli4 and some on android). Now I wanted upgrade software to Open Pli6, or last OpenPli4,where OpenVPN not work. There are two ways - after start of OpenVPN, I can see vpn address (on screen - openvpn plugin) but disapears main network connection, or after start openvpn no vpn ip address.

 

there is config of client:

 

port 1194 #LISTEN PORT default 1194
remote my_server_ip_address #SERVER IP OR URL
proto udp #OPENVPN PROTOCOL
dev tun
tls-client
ns-cert-type server
tun-mtu 1500
tun-mtu-extra 32
cipher DES-CBC
user nobody
group nogroup
dh /etc/openvpn/keys/dh1024.pem
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn//keys/client_crt.crt
key /etc/openvpn//keys/client_crt.key
verb 2
mute 20
keepalive 10 120
persist-key
comp-lzo
resolv-retry infinite
nobind
float
pull

 

 

 

Can I have a log of start openvpn? How should I start openvpn from telnet?

May be in config something is wrong

 


Re: one more about OpenVPN #2 Pippin

  • Senior Member
  • 103 posts

+2
Neutral

Posted 24 November 2017 - 15:00

To log add

log /var/log/openvpn.log
verb 4

to the config file.

/var/log can off course be a different location.

Same can be done for the server.

 

If possible move away from this:

cipher DES-CBC
dh1024.pem

https://community.op...pn/wiki/SWEET32


Today's scientists have substituted mathematics for experiments, and they wander off through equation after equation, and eventually build a structure which has no relation to reality. Nikola Tesla

Re: one more about OpenVPN #3 volk2003

  • Member
  • 13 posts

0
Neutral

Posted 29 November 2017 - 13:23

Log of start openvpn client

 

............
............
Wed Nov 29 13:16:25 2017 us=359509 TUN/TAP device tun0 opened
Wed Nov 29 13:16:25 2017 us=359647 TUN/TAP TX queue length set to 100
Wed Nov 29 13:16:25 2017 us=359753 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Nov 29 13:16:25 2017 us=359931 /sbin/ifconfig tun0 10.0.0.38 pointopoint 10.0.0.37 mtu 1500
Wed Nov 29 13:16:25 2017 us=366145 /sbin/route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.0.0.37
Wed Nov 29 13:16:25 2017 us=371067 /sbin/route add -net 10.0.0.0 netmask 255.255.240.0 gw 10.0.0.37
Wed Nov 29 13:16:25 2017 us=375417 GID set to nogroup
Wed Nov 29 13:16:25 2017 us=375569 UID set to nobody
Wed Nov 29 13:16:25 2017 us=375643 Initialization Sequence Completed
Wed Nov 29 13:16:40 2017 us=51297 TCP/UDP: Closing socket
Wed Nov 29 13:16:40 2017 us=51590 /sbin/route del -net 10.0.0.0 netmask 255.255.240.0
route: SIOCDELRT: Operation not permitted
Wed Nov 29 13:16:40 2017 us=55844 ERROR: Linux route delete command failed: external program exited with error status: 1
Wed Nov 29 13:16:40 2017 us=56020 /sbin/route del -net 192.168.0.0 netmask 255.255.255.0
route: SIOCDELRT: Operation not permitted
Wed Nov 29 13:16:40 2017 us=60127 ERROR: Linux route delete command failed: external program exited with error status: 1
Wed Nov 29 13:16:40 2017 us=60322 Closing TUN/TAP interface
Wed Nov 29 13:16:40 2017 us=60415 /sbin/ifconfig tun0 0.0.0.0
ifconfig: SIOCSIFADDR: Operation not permitted
Wed Nov 29 13:16:40 2017 us=64405 Linux ip addr del failed: external program exited with error status: 1
Wed Nov 29 13:16:40 2017 us=72556 SIGTERM[hard,] received, process exiting

Can You explain me where is mistake.
After start openvpn is stopping main network eth0, and I will not  have ftp, telnet and other. I will have those back when I stop openvpn from remote control

Re: one more about OpenVPN #4 Pippin

  • Senior Member
  • 103 posts

+2
Neutral

Posted 29 November 2017 - 15:39

Remove these two and try again.

user nobody
group nogroup

Today's scientists have substituted mathematics for experiments, and they wander off through equation after equation, and eventually build a structure which has no relation to reality. Nikola Tesla

Re: one more about OpenVPN #5 volk2003

  • Member
  • 13 posts

0
Neutral

Posted 30 November 2017 - 09:24

OK, thanks

I'removed two strings

 

the same result, but another log
 

......

......

Thu Nov 30 09:20:09 2017 us=844731 [Casino] Peer Connection Initiated with [AF_INET]192.168.0.1:1194
Thu Nov 30 09:20:12 2017 us=293650 SENT CONTROL [name_my_vpn]: 'PUSH_REQUEST' (status=1)
Thu Nov 30 09:20:12 2017 us=296913 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 10.0.0.0 255.255.240.0,topology net30,ping 10,ping-restart 120,ifconfig 10.0.0.34 10.0.0.33'
Thu Nov 30 09:20:12 2017 us=297423 OPTIONS IMPORT: timers and/or timeouts modified
Thu Nov 30 09:20:12 2017 us=297511 OPTIONS IMPORT: --ifconfig/up options modified
Thu Nov 30 09:20:12 2017 us=297553 OPTIONS IMPORT: route options modified
Thu Nov 30 09:20:12 2017 us=298076 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=eth0 HWADDR=00:1d:ec:0f:41:e2
Thu Nov 30 09:20:12 2017 us=305366 TUN/TAP device tun0 opened
Thu Nov 30 09:20:12 2017 us=305519 TUN/TAP TX queue length set to 100
Thu Nov 30 09:20:12 2017 us=305659 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Nov 30 09:20:12 2017 us=305862 /sbin/ifconfig tun0 10.0.0.34 pointopoint 10.0.0.33 mtu 1500
Thu Nov 30 09:20:12 2017 us=316754 /sbin/route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.0.0.33
Thu Nov 30 09:20:12 2017 us=320756 /sbin/route add -net 10.0.0.0 netmask 255.255.240.0 gw 10.0.0.33
Thu Nov 30 09:20:12 2017 us=324784 Initialization Sequence Completed
Thu Nov 30 09:20:49 2017 us=529812 TCP/UDP: Closing socket
Thu Nov 30 09:20:49 2017 us=530239 /sbin/route del -net 10.0.0.0 netmask 255.255.240.0
Thu Nov 30 09:20:49 2017 us=534105 /sbin/route del -net 192.168.0.0 netmask 255.255.255.0
Thu Nov 30 09:20:49 2017 us=538010 Closing TUN/TAP interface
Thu Nov 30 09:20:49 2017 us=538256 /sbin/ifconfig tun0 0.0.0.0
Thu Nov 30 09:20:49 2017 us=551515 SIGTERM[hard,] received, process exiting

 


Edited by volk2003, 30 November 2017 - 09:24.

Re: one more about OpenVPN #6 WanWizard

  • PLi® Core member
  • 70,874 posts

+1,832
Excellent

Posted 30 November 2017 - 15:17

And the log from the other end? It looks like it doesn't accept or setup the connection.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.

Re: one more about OpenVPN #7 volk2003

  • Member
  • 13 posts

0
Neutral

Posted 30 November 2017 - 15:34

there full log from start openvpn untill stop openvpn from remote control (because telnet more not work)

 

Thu Nov 30 15:26:56 2017 us=325609 Current Parameter Settings:
Thu Nov 30 15:26:56 2017 us=327076   config = '/etc/openvpn/openvpn.conf'
Thu Nov 30 15:26:56 2017 us=327119   mode = 0
Thu Nov 30 15:26:56 2017 us=327618   persist_config = DISABLED
Thu Nov 30 15:26:56 2017 us=327663   persist_mode = 1
Thu Nov 30 15:26:56 2017 us=327690   show_ciphers = DISABLED
Thu Nov 30 15:26:56 2017 us=327717   show_digests = DISABLED
Thu Nov 30 15:26:56 2017 us=327743   show_engines = DISABLED
Thu Nov 30 15:26:56 2017 us=327769   genkey = DISABLED
Thu Nov 30 15:26:56 2017 us=327795   key_pass_file = '[UNDEF]'
Thu Nov 30 15:26:56 2017 us=327821   show_tls_ciphers = DISABLED
Thu Nov 30 15:26:56 2017 us=327847 Connection profiles [default]:
Thu Nov 30 15:26:56 2017 us=327874   proto = udp
Thu Nov 30 15:26:56 2017 us=327902   local = '[UNDEF]'
Thu Nov 30 15:26:56 2017 us=327928   local_port = 0
Thu Nov 30 15:26:56 2017 us=327955   remote = 'ip.of .my.vpn.network'
Thu Nov 30 15:26:56 2017 us=327981   remote_port = 1194
Thu Nov 30 15:26:56 2017 us=328007   remote_float = ENABLED
Thu Nov 30 15:26:56 2017 us=328033   bind_defined = DISABLED
Thu Nov 30 15:26:56 2017 us=328059   bind_local = DISABLED
Thu Nov 30 15:26:56 2017 us=328084 NOTE: --mute triggered...
Thu Nov 30 15:26:56 2017 us=328580 204 variation(s) on previous 20 message(s) suppressed by --mute
Thu Nov 30 15:26:56 2017 us=328625 OpenVPN 2.3.2 mipsel-oe-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Oct 14 2017
Thu Nov 30 15:26:56 2017 us=374038 WARNING: file '/etc/openvpn//keys/acc_for_test.key' is group or others accessible
Thu Nov 30 15:26:56 2017 us=381428 LZO compression initialized
Thu Nov 30 15:26:56 2017 us=384290 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Nov 30 15:26:56 2017 us=385810 Socket Buffers: R=[163840->131072] S=[163840->131072]
Thu Nov 30 15:26:56 2017 us=432098 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 30 15:26:56 2017 us=432726 Local Options String: 'V4,dev-type tun,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher DES-CBC,auth SHA1,keysize 64,key-method 2,tls-client'
Thu Nov 30 15:26:56 2017 us=432775 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher DES-CBC,auth SHA1,keysize 64,key-method 2,tls-server'
Thu Nov 30 15:26:56 2017 us=433557 Local Options hash (VER=V4): '516615cf'
Thu Nov 30 15:26:56 2017 us=433650 Expected Remote Options hash (VER=V4): '2468f6dc'
Thu Nov 30 15:26:56 2017 us=439508 UDPv4 link local: [undef]
Thu Nov 30 15:26:56 2017 us=441125 UDPv4 link remote: [AF_INET]my_ip_address:1194
Thu Nov 30 15:26:56 2017 us=457445 TLS: Initial packet from [AF_INET]192.168.0.1:1194, sid=43830e31 ba49eaa9
Thu Nov 30 15:26:56 2017 us=643505 VERIFY OK: depth=1, C=GV, ST=City, L=City, O=test_org, OU=test, CN=test, name=test, emailAddress=root@localhost
Thu Nov 30 15:26:56 2017 us=652196 VERIFY OK: nsCertType=SERVER
Thu Nov 30 15:26:56 2017 us=652321 VERIFY OK: depth=0, C=GV, ST=City, L=City, O=test_org, OU=test, CN=Name_ntw, name=test, emailAddress=root@localhost
Thu Nov 30 15:26:56 2017 us=950350 NOTE: Options consistency check may be skewed by version differences
Thu Nov 30 15:26:56 2017 us=951713 WARNING: 'version' is used inconsistently, local='version V4', remote='version V0 UNDEF'
Thu Nov 30 15:26:56 2017 us=951799 WARNING: 'dev-type' is present in local config but missing in remote config, local='dev-type tun'
Thu Nov 30 15:26:56 2017 us=951844 WARNING: 'link-mtu' is present in local config but missing in remote config, local='link-mtu 1574'
Thu Nov 30 15:26:56 2017 us=951888 WARNING: 'tun-mtu' is present in local config but missing in remote config, local='tun-mtu 1532'
Thu Nov 30 15:26:56 2017 us=951931 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Thu Nov 30 15:26:56 2017 us=951973 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher DES-CBC'
Thu Nov 30 15:26:56 2017 us=952014 WARNING: 'auth' is present in local config but missing in remote config, local='auth SHA1'
Thu Nov 30 15:26:56 2017 us=952071 WARNING: 'keysize' is present in local config but missing in remote config, local='keysize 64'
Thu Nov 30 15:26:56 2017 us=952113 WARNING: 'key-method' is present in local config but missing in remote config, local='key-method 2'
Thu Nov 30 15:26:56 2017 us=952155 WARNING: 'tls-server' is present in local config but missing in remote config, local='tls-server'
Thu Nov 30 15:26:56 2017 us=953986 Data Channel Encrypt: Cipher 'DES-CBC' initialized with 64 bit key
Thu Nov 30 15:26:56 2017 us=954073 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 30 15:26:56 2017 us=954112 Data Channel Decrypt: Cipher 'DES-CBC' initialized with 64 bit key
Thu Nov 30 15:26:56 2017 us=954150 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 30 15:26:56 2017 us=954431 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Nov 30 15:26:56 2017 us=954546 [Casino] Peer Connection Initiated with [AF_INET]192.168.0.1:1194
Thu Nov 30 15:26:59 2017 us=23512 SENT CONTROL [Casino]: 'PUSH_REQUEST' (status=1)
Thu Nov 30 15:26:59 2017 us=27393 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 10.0.0.0 255.255.240.0,topology net30,ping 10,ping-restart 120,ifconfig 10.0.0.34 10.0.0.33'
Thu Nov 30 15:26:59 2017 us=28442 OPTIONS IMPORT: timers and/or timeouts modified
Thu Nov 30 15:26:59 2017 us=28503 OPTIONS IMPORT: --ifconfig/up options modified
Thu Nov 30 15:26:59 2017 us=28529 OPTIONS IMPORT: route options modified
Thu Nov 30 15:26:59 2017 us=30189 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=eth0 HWADDR=00:1d:ec:0f:41:e2
Thu Nov 30 15:26:59 2017 us=39469 TUN/TAP device tun0 opened
Thu Nov 30 15:26:59 2017 us=39598 TUN/TAP TX queue length set to 100
Thu Nov 30 15:26:59 2017 us=39691 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Nov 30 15:26:59 2017 us=39866 /sbin/ifconfig tun0 10.0.0.34 pointopoint 10.0.0.33 mtu 1500
Thu Nov 30 15:26:59 2017 us=49486 /sbin/route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.0.0.33
Thu Nov 30 15:26:59 2017 us=54013 /sbin/route add -net 10.0.0.0 netmask 255.255.240.0 gw 10.0.0.33
Thu Nov 30 15:26:59 2017 us=58466 Initialization Sequence Completed
Thu Nov 30 15:27:17 2017 us=747504 TCP/UDP: Closing socket
Thu Nov 30 15:27:17 2017 us=747794 /sbin/route del -net 10.0.0.0 netmask 255.255.240.0
Thu Nov 30 15:27:17 2017 us=751970 /sbin/route del -net 192.168.0.0 netmask 255.255.255.0
Thu Nov 30 15:27:17 2017 us=756024 Closing TUN/TAP interface
Thu Nov 30 15:27:17 2017 us=756171 /sbin/ifconfig tun0 0.0.0.0
Thu Nov 30 15:27:17 2017 us=770114 SIGTERM[hard,] received, process exiting

 


Re: one more about OpenVPN #8 WanWizard

  • PLi® Core member
  • 70,874 posts

+1,832
Excellent

Posted 30 November 2017 - 15:48

Session starts succesfully, and is then closed 18 seconds later. Presumably by the remote end, since no disconnect messages are present in this log.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.

Re: one more about OpenVPN #9 volk2003

  • Member
  • 13 posts

0
Neutral

Posted 30 November 2017 - 16:08

another log with more long work openvpn

 

Thu Nov 30 16:00:36 2017 us=624044 Current Parameter Settings:
Thu Nov 30 16:00:36 2017 us=624370   config = '/etc/openvpn/openvpn.conf'
Thu Nov 30 16:00:36 2017 us=624435   mode = 0
Thu Nov 30 16:00:36 2017 us=624485   persist_config = DISABLED
Thu Nov 30 16:00:36 2017 us=624527   persist_mode = 1
Thu Nov 30 16:00:36 2017 us=624568   show_ciphers = DISABLED
Thu Nov 30 16:00:36 2017 us=624606   show_digests = DISABLED
Thu Nov 30 16:00:36 2017 us=624644   show_engines = DISABLED
Thu Nov 30 16:00:36 2017 us=624681   genkey = DISABLED
Thu Nov 30 16:00:36 2017 us=624719   key_pass_file = '[UNDEF]'
Thu Nov 30 16:00:36 2017 us=624757   show_tls_ciphers = DISABLED
Thu Nov 30 16:00:36 2017 us=624795 Connection profiles [default]:
Thu Nov 30 16:00:36 2017 us=624833   proto = udp
Thu Nov 30 16:00:36 2017 us=624870   local = '[UNDEF]'
Thu Nov 30 16:00:36 2017 us=624906   local_port = 0
Thu Nov 30 16:00:36 2017 us=624943   remote = 'ip_address_myvpn'
Thu Nov 30 16:00:36 2017 us=624980   remote_port = 1194
Thu Nov 30 16:00:36 2017 us=625016   remote_float = ENABLED
Thu Nov 30 16:00:36 2017 us=625053   bind_defined = DISABLED
Thu Nov 30 16:00:36 2017 us=625089   bind_local = DISABLED
Thu Nov 30 16:00:36 2017 us=625125 NOTE: --mute triggered...
Thu Nov 30 16:00:36 2017 us=625184 204 variation(s) on previous 20 message(s) suppressed by --mute
Thu Nov 30 16:00:36 2017 us=625307 OpenVPN 2.3.2 mipsel-oe-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Oct 14 2017
Thu Nov 30 16:00:36 2017 us=628106 WARNING: file '/etc/openvpn//keys/acc_for_test.key' is group or others accessible
Thu Nov 30 16:00:36 2017 us=629273 LZO compression initialized
Thu Nov 30 16:00:36 2017 us=629763 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]
Thu Nov 30 16:00:36 2017 us=629984 Socket Buffers: R=[163840->131072] S=[163840->131072]
Thu Nov 30 16:00:36 2017 us=676973 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 30 16:00:36 2017 us=677173 Local Options String: 'V4,dev-type tun,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher DES-CBC,auth SHA1,keysize 64,key-method 2,tls-client'
Thu Nov 30 16:00:36 2017 us=677296 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1574,tun-mtu 1532,proto UDPv4,comp-lzo,cipher DES-CBC,auth SHA1,keysize 64,key-method 2,tls-server'
Thu Nov 30 16:00:36 2017 us=677437 Local Options hash (VER=V4): '516615cf'
Thu Nov 30 16:00:36 2017 us=677523 Expected Remote Options hash (VER=V4): '2468f6dc'
Thu Nov 30 16:00:36 2017 us=678856 UDPv4 link local: [undef]
Thu Nov 30 16:00:36 2017 us=679288 UDPv4 link remote: [AF_INET]my_ip_addr:1194
Thu Nov 30 16:00:36 2017 us=685441 TLS: Initial packet from [AF_INET]192.168.0.1:1194, sid=73888a01 704aa0e1
Thu Nov 30 16:00:36 2017 us=916003 VERIFY OK: depth=1, C=GV, ST=City, L=City, O=test_org, OU=test, CN=test, name=test, emailAddress=root@localhost
Thu Nov 30 16:00:36 2017 us=917614 VERIFY OK: nsCertType=SERVER
Thu Nov 30 16:00:36 2017 us=917723 VERIFY OK: depth=0, C=GV, ST=City, L=City, O=test_org, OU=test, CN=Casino, name=test, emailAddress=root@localhost
Thu Nov 30 16:00:37 2017 us=239574 NOTE: Options consistency check may be skewed by version differences
Thu Nov 30 16:00:37 2017 us=239739 WARNING: 'version' is used inconsistently, local='version V4', remote='version V0 UNDEF'
Thu Nov 30 16:00:37 2017 us=239800 WARNING: 'dev-type' is present in local config but missing in remote config, local='dev-type tun'
Thu Nov 30 16:00:37 2017 us=239855 WARNING: 'link-mtu' is present in local config but missing in remote config, local='link-mtu 1574'
Thu Nov 30 16:00:37 2017 us=239908 WARNING: 'tun-mtu' is present in local config but missing in remote config, local='tun-mtu 1532'
Thu Nov 30 16:00:37 2017 us=239961 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Thu Nov 30 16:00:37 2017 us=240013 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher DES-CBC'
Thu Nov 30 16:00:37 2017 us=240063 WARNING: 'auth' is present in local config but missing in remote config, local='auth SHA1'
Thu Nov 30 16:00:37 2017 us=240143 WARNING: 'keysize' is present in local config but missing in remote config, local='keysize 64'
Thu Nov 30 16:00:37 2017 us=240198 WARNING: 'key-method' is present in local config but missing in remote config, local='key-method 2'
Thu Nov 30 16:00:37 2017 us=240320 WARNING: 'tls-server' is present in local config but missing in remote config, local='tls-server'
Thu Nov 30 16:00:37 2017 us=240967 Data Channel Encrypt: Cipher 'DES-CBC' initialized with 64 bit key
Thu Nov 30 16:00:37 2017 us=241062 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 30 16:00:37 2017 us=241115 Data Channel Decrypt: Cipher 'DES-CBC' initialized with 64 bit key
Thu Nov 30 16:00:37 2017 us=241168 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 30 16:00:37 2017 us=241496 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Nov 30 16:00:37 2017 us=241650 [Casino] Peer Connection Initiated with [AF_INET]192.168.0.1:1194
Thu Nov 30 16:00:39 2017 us=642592 SENT CONTROL [Casino]: 'PUSH_REQUEST' (status=1)
Thu Nov 30 16:00:39 2017 us=647869 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 10.0.0.0 255.255.240.0,topology net30,ping 10,ping-restart 120,ifconfig 10.0.0.34 10.0.0.33'
Thu Nov 30 16:00:39 2017 us=648285 OPTIONS IMPORT: timers and/or timeouts modified
Thu Nov 30 16:00:39 2017 us=648368 OPTIONS IMPORT: --ifconfig/up options modified
Thu Nov 30 16:00:39 2017 us=648406 OPTIONS IMPORT: route options modified
Thu Nov 30 16:00:39 2017 us=648921 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=eth0 HWADDR=00:1d:ec:0f:41:e2
Thu Nov 30 16:00:39 2017 us=658625 TUN/TAP device tun0 opened
Thu Nov 30 16:00:39 2017 us=658782 TUN/TAP TX queue length set to 100
Thu Nov 30 16:00:39 2017 us=658914 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Nov 30 16:00:39 2017 us=659121 /sbin/ifconfig tun0 10.0.0.34 pointopoint 10.0.0.33 mtu 1500
Thu Nov 30 16:00:39 2017 us=667390 /sbin/route add -net 192.168.0.0 netmask 255.255.255.0 gw 10.0.0.33
Thu Nov 30 16:00:39 2017 us=671171 /sbin/route add -net 10.0.0.0 netmask 255.255.240.0 gw 10.0.0.33
Thu Nov 30 16:00:39 2017 us=674991 Initialization Sequence Completed
Thu Nov 30 16:03:18 2017 us=17681 TCP/UDP: Closing socket                                                                                THERE I have stopped OpenVPN with remote control
Thu Nov 30 16:03:18 2017 us=18031 /sbin/route del -net 10.0.0.0 netmask 255.255.240.0
Thu Nov 30 16:03:18 2017 us=21724 /sbin/route del -net 192.168.0.0 netmask 255.255.255.0
Thu Nov 30 16:03:18 2017 us=25588 Closing TUN/TAP interface
Thu Nov 30 16:03:18 2017 us=25787 /sbin/ifconfig tun0 0.0.0.0
Thu Nov 30 16:03:18 2017 us=39597 SIGTERM[hard,] received, process exiting

 


Edited by volk2003, 30 November 2017 - 16:09.

Re: one more about OpenVPN #10 WanWizard

  • PLi® Core member
  • 70,874 posts

+1,832
Excellent

Posted 30 November 2017 - 17:23

And have you done something about all the warnings?

Thu Nov 30 16:00:37 2017 us=239800 WARNING: 'dev-type' is present in local config but missing in remote config, local='dev-type tun'
Thu Nov 30 16:00:37 2017 us=239855 WARNING: 'link-mtu' is present in local config but missing in remote config, local='link-mtu 1574'
Thu Nov 30 16:00:37 2017 us=239908 WARNING: 'tun-mtu' is present in local config but missing in remote config, local='tun-mtu 1532'
Thu Nov 30 16:00:37 2017 us=239961 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Thu Nov 30 16:00:37 2017 us=240013 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher DES-CBC'
Thu Nov 30 16:00:37 2017 us=240063 WARNING: 'auth' is present in local config but missing in remote config, local='auth SHA1'
Thu Nov 30 16:00:37 2017 us=240143 WARNING: 'keysize' is present in local config but missing in remote config, local='keysize 64'
Thu Nov 30 16:00:37 2017 us=240198 WARNING: 'key-method' is present in local config but missing in remote config, local='key-method 2'
Thu Nov 30 16:00:37 2017 us=240320 WARNING: 'tls-server' is present in local config but missing in remote config, local='tls-server'

for example, if you configure LZO compression locally, but it is not configured remotely, the tunnel will never work.


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.

Re: one more about OpenVPN #11 Pippin

  • Senior Member
  • 103 posts

+2
Neutral

Posted 30 November 2017 - 19:20

I have myself openvpn server.

 

1. Please post current server and client config, substitute external IP with x.x.x.x.

2. OpenVPN version of server. (client in this case is 2.3.2  :wacko:  )


Today's scientists have substituted mathematics for experiments, and they wander off through equation after equation, and eventually build a structure which has no relation to reality. Nikola Tesla

Re: one more about OpenVPN #12 volk2003

  • Member
  • 13 posts

0
Neutral

Posted 1 December 2017 - 11:21

Hello, thanks for help

about server

server is on router

 

Netgear n300, mode WNR3500L v.2
Tomato Firmware 1.28.0000 MIPSR2-102 K26 USB AIO
Tomato VPN vpn3.6 release

Basic configuration:
 

Start with WAN Yes
Interface Type TUN
Protocol UDP
Port 1194
Firewall Automatic
Autorization Mode TLS
Extra HMAC autorization Disabled
VPN subnet/mask 10.0.0.0 255.255.240.0

 

Advanced configuration:

Poll Interval 0
Push LAN to clients Yes
Direct clients to
redirect Internet traffic No
Respond to DNS No
Encryption cipher DES-CBC
Compression Adaptive
TLS Renegotiation Time     -1(in seconds, -1 for default)
Manage Client-Specific Options No

 

 

Custom Configuration:

client-config-dir /opt/openvpn/ccd
verb 2
mute 20
keepalive 10 120
client-to-client
comp-lzo
persist-key
persist-tun

 

and four keys:
Certificate Authority    (key)
Server Certificate        (key)
Server Key                  (key)
Diffie Hellman parameters (key)

 


Re: one more about OpenVPN #13 WanWizard

  • PLi® Core member
  • 70,874 posts

+1,832
Excellent

Posted 1 December 2017 - 11:25

Weird that the client complains about a configuration mismatch, while that doesn't seem to be the case. For example, "comp-lzo" is configured, although the client says it isn't. Is this config active?


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.

Re: one more about OpenVPN #14 volk2003

  • Member
  • 13 posts

0
Neutral

Posted 1 December 2017 - 11:38

Yes, this config is active, and this server has about 50 clients, based on openPLi 4 (about 1 year old) and VTI (dated may-june 2016) and I have a client on android.

All clients have those client config.

If I try to update openPLi 4.0, or install openPLi 6.0, client doesn't work


Re: one more about OpenVPN #15 WanWizard

  • PLi® Core member
  • 70,874 posts

+1,832
Excellent

Posted 1 December 2017 - 11:41

Smells like you're busy with illegal affairs... We don't like that on our forums...


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.

Re: one more about OpenVPN #16 volk2003

  • Member
  • 13 posts

0
Neutral

Posted 1 December 2017 - 12:28

Hello, WanWizard,

I'm sorry that You found here some unlegal.

I cannot understand, what is illegal here?

I just wanted update to openPLi6. and I'm not a specialist in networking.


Re: one more about OpenVPN #17 WanWizard

  • PLi® Core member
  • 70,874 posts

+1,832
Excellent

Posted 1 December 2017 - 14:17

Let's just say that there isn't any normal use for having dozens of boxes connected to your OpenVPN router. There is however a lot of illegal sharing going on, it is the main use of the OpenVPN client on the box.

 

And if there is something we absolutely hate over here, then it is illegal sharing!


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.

Re: one more about OpenVPN #18 volk2003

  • Member
  • 13 posts

0
Neutral

Posted 1 December 2017 - 14:41

I will not argue about why private networks are needed. Open VLN is one of the components of the enigma2. I use to manage telnet and ftp boxes of my clients, even if they do not have a real ip address. sharing can be managed without openvpn. Sorry, if I ask for help on the wrong address. With best wishes.


Re: one more about OpenVPN #19 Erik Slagter

  • PLi® Core member
  • 46,969 posts

+542
Excellent

Posted 1 December 2017 - 15:10

Why would you need to have a dozen settopboxes to be controlled in the first place? This sounds like business and these businesses are almost always illegal, learned our experience. So please go ahead and explain why you'd need this for legal activities and we will gladly help you.


* Wavefrontier T90 with 28E/23E/19E/13E via SCR switches 2 x 2 x 6 user bands
I don't read PM -> if you have something to ask or to report, do it in the forum so others can benefit. I don't take freelance jobs.
Ik lees geen PM -> als je iets te vragen of te melden hebt, doe het op het forum, zodat anderen er ook wat aan hebben.

Re: one more about OpenVPN #20 Pippin

  • Senior Member
  • 103 posts

+2
Neutral

Posted 1 December 2017 - 21:56

@volk2003

You can always ask for support here:

https://forums.openvpn.net/index.php

But first read how to request help:

https://forums.openv...hp?f=30&t=22603


Today's scientists have substituted mathematics for experiments, and they wander off through equation after equation, and eventually build a structure which has no relation to reality. Nikola Tesla
Back to [EN] Enduser support

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Forums
  2. PLi® Support
  3. [EN] Enduser support