.titleBar { margin-bottom: 5px!important; }

[Gelöst] OpenVPN unter Fritzbox 7390 mit Freetz

Dieses Thema im Forum "Freetz" wurde erstellt von klausgt, 15 Feb. 2012.

  1. klausgt

    klausgt Neuer User

    Registriert seit:
    15 Feb. 2012
    Beiträge:
    5
    Zustimmungen:
    0
    Punkte für Erfolge:
    0
    #1 klausgt, 15 Feb. 2012
    Zuletzt bearbeitet: 16 Feb. 2012
    Hallo,

    ich habe ein Problem mit dem aktuellen Freetz Trunk auf einer Fritzbox 7390 und OpenVPN. OpenVPN ist konfiguriert und der Aufbau des VPN klappt. Vom Client aus kann ich die Netze hinter der Fritzbox erreichen. Von der Fritzbox aus ist nur der Client auf der VPN Adresse erreichbar, obwohl die Route für die Netze hinter dem Client richtig gesetzt ist.

    Ich suche schon ein paar Tage an dem Problem herum und komme nicht weiter. :confused: Alles sieht für mich richtig aus. Kann mir jemand helfen?

    Das Server LAN hat die Adresse 192.168.0.0, Netmask 255.255.255.0.
    Der VPN nutzt das Netz 192.168.1.0, Netmask 255.255.255.0.
    Der Server hat die Adresse 192.168.1.1.
    Der Client verbindet sich mit der Adresse 192.168.1.10.
    Das Client LAN hat die Adresse 192.168.2.1, Netmask 255.255.255.0.

    Die Routing Tabelle der Fritzbox ist:
    Code:
    [email protected]:/var/mod/root# netstat -rn
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
    192.168.180.1   0.0.0.0         255.255.255.255 UH        0 0          0 dsl
    192.168.180.2   0.0.0.0         255.255.255.255 UH        0 0          0 dsl
    84.56.141.253   0.0.0.0         255.255.255.255 UH        0 0          0 dsl
    192.168.179.0   0.0.0.0         255.255.255.0   U         0 0          0 guest
    192.168.2.0     192.168.1.10    255.255.255.0   UG        0 0          0 tun0
    192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 tun0
    192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 lan
    169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 lan
    0.0.0.0         0.0.0.0         0.0.0.0         U         0 0          0 dsl
    
    Code:
    [email protected]:/var/mod/root# ping 192.168.1.10
    PING 192.168.1.10 (192.168.1.10): 56 data bytes
    64 bytes from 192.168.1.10: seq=0 ttl=64 time=36.000 ms
    64 bytes from 192.168.1.10: seq=1 ttl=64 time=36.000 ms
    64 bytes from 192.168.1.10: seq=2 ttl=64 time=28.000 ms
    ^C
    --- 192.168.1.10 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max = 28.000/33.333/36.000 ms
    
    Code:
    [email protected]:/var/mod/root# ping 192.168.2.100
    PING 192.168.2.100 (192.168.2.100): 56 data bytes
    ^C
    --- 192.168.2.100 ping statistics ---
    3 packets transmitted, 0 packets received, 100% packet loss
    
    Die Server Config ist:
    Code:
    [email protected]:/var/mod/root# cat /mod/etc/openvpn.conf
    #  OpenVPN 2.1 Config, Thu Jan  1 01:00:49 CET 1970
    proto udp
    dev tun
    dev-node /dev/tun
    ca /tmp/flash/openvpn/ca.crt
    cert /tmp/flash/openvpn/box.crt
    key /tmp/flash/openvpn/box.key
    dh /tmp/flash/openvpn/dh.pem
    tls-server
    port 1194
    ifconfig 192.168.1.1 255.255.255.0
    push "route-gateway 192.168.1.1"
    topology subnet
    push "topology subnet"
    push "route 192.168.0.0 255.255.255.0"
    max-clients 5
    mode server
    ifconfig-pool 192.168.1.10 192.168.1.20
    push "route 192.168.1.1"
    client-config-dir /clients_openvpn
    route 192.168.2.0 255.255.255.0 192.168.1.10
    push "dhcp-option WINS 192.168.0.100"
    tun-mtu 1500
    mssfix
    verb 3
    daemon
    cipher BF-CBC
    keepalive 10 120
    status /var/log/openvpn.log
    chroot /tmp/openvpn
    user openvpn
    group openvpn
    persist-tun
    persist-key
    
    Der OpenVPN Client läuft auf einem Debian Squeeze mit ARM CPU. Der Level des Clients ist Openvpn 2.1.3-2.
    Die Client Config ist:
    Code:
    client
    dev tun
    tun-mtu 1500
    proto udp
    remote xxxx.dyndns.org 1194
    resolv-retry infinite
    nobind
    user openvpn
    group openvpn
    persist-key
    persist-tun
    ca ca.crt
    cert client.crt
    key client.key
    cipher BF-CBC
    verb 3
    
     
  2. MaxMuster

    MaxMuster IPPF-Promi

    Registriert seit:
    1 Feb. 2005
    Beiträge:
    6,932
    Zustimmungen:
    0
    Punkte für Erfolge:
    36
    Die Route in das Netz beim Client ist über die "Erweiterte Client Config" eingetragen? Das ist erforderlich, um bei einer "Mulit-Client Konfiguration" wie bei dir den entsprechenden Befehl für den Client zu setzen ("iroute" Befehl im Cline-config-dir).
    Kannst du (als ersten Test) die LAN-IP des Clients anpingen (oder ist das schon die 192.168.2.100)?
    Wenn (nur) das geht muss auch noch sicher sein, dass aus Richtung des Client-LAN die Route für VPN und das Server-Lan zu dem VPN-Client gehen? Wäre automatisch gegeben, wenn der VPN-Client das Defaultgateway im Netz ist.
     
  3. klausgt

    klausgt Neuer User

    Registriert seit:
    15 Feb. 2012
    Beiträge:
    5
    Zustimmungen:
    0
    Punkte für Erfolge:
    0
    Die Route in das Netz beim Client ist über die "Erweiterte Client Config" eingetragen? Ja, ist Sie.

    Die 192.168.2.100 ist die LAN-Ip des Clients. Es kommt keine Antwort wenn ich sie anpinge. Auf dem Client kommen keine Packets an. Der Packet Reveive-Counter des Interface ist unverändert. Wenn ich die VPN-Id des Clients anpinge, dann kommen Antworten und der Receive-Counter geht hoch. Für mich sieht es so aus, dass die Route zwar da ist, aber nicht verwendet wird. Firewall habe ich auf komplett auf Duchlass gestellt.

    Der Client bekommt per Push eine Route für das Server Netz. Vom Client aus kann ich alle Systeme im Server LAN erreichen.
     
  4. MaxMuster

    MaxMuster IPPF-Promi

    Registriert seit:
    1 Feb. 2005
    Beiträge:
    6,932
    Zustimmungen:
    0
    Punkte für Erfolge:
    36
    Gut (oder schlecht), die einfachen Fehler sind es nicht...
    Könntest du (für alle Fälle) noch ein "cat /tmp/openvpn/clients_openvpn/<name des CLients im Zertifikat>" machen?
    Dort müsste/sollte in etwa stehen:
    Code:
    ifconfig-push 192.168.1.10 255.255.255.0
    iroute 192.168.2.0 255.255.255.0
    
    Ich würde um es "richtig" zu haben noch den IP-Pool so ändern, dass die "fest vergebene IP" (die in der erweiterten Clientkonfiguration vergeben wird, bei dir die .10) nicht auch im "ifconfig-pool" ist; der ist für Clients, die nicht eine feste IP bekommen. Das wäre noch ein möglicher "Fehler", wenn sich ein anderer Client verbindet, der diese IP bekommen hätte.

    Ansonsten bleibt nur die Analyse von Logfiles auf beiden Seiten, ggf. mit höherem Wert bei "verb"...
     
  5. klausgt

    klausgt Neuer User

    Registriert seit:
    15 Feb. 2012
    Beiträge:
    5
    Zustimmungen:
    0
    Punkte für Erfolge:
    0
    [email protected]:/var/mod/root# cat /tmp/openvpn/clients_openvpn/xxxx
    ifconfig-push 192.168.1.10 255.255.255.0
    iroute 192.168.2.0 255.255.255.0

    Ich hatte ursprünglich die feste Client Adresse außerhalb des Pools genommen. Das war teil meines Debugging eine Adresse aus dem Pool zu nehmen ;-). Ändere ich wieder zurück.
    Ich versuche mal später heute die Logfiles mit "verb 5" zu ziehen und zu posten.
     
  6. klausgt

    klausgt Neuer User

    Registriert seit:
    15 Feb. 2012
    Beiträge:
    5
    Zustimmungen:
    0
    Punkte für Erfolge:
    0
    #6 klausgt, 15 Feb. 2012
    Zuletzt bearbeitet: 16 Feb. 2012
    Ich habe die feste Adresse des Clients auf 192.168.1.9 verschoben. Das ist jetzt außerhalb des DHCP Ranges für andere Clients. Danach habe ich beide runtergefahren und zuerst den Server mit verb=5 und dann den Client mit verb=5 wieder gestartet. Logfiles poste ich unten. Sorry für den langen Post.

    Verbindung wurde aufgebaut. Routen sind da. Aber jetzt kann ich vom Client aus nur noch die VPN Adresse des Servers pingen. Ein ping auf die LAN-Seite der Fritzbox klappt nicht. Ebenso der Zugriff auf das LAN hinter der Box. Vom Server kann ich gar nichts mehr pingen. Weder die VPN Adresse des Clients noch ein LAN Interface.

    Hier die Routing Tabelle der Fritzbox:
    Code:
    [email protected]:/var/mod/root# netstat -rn
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
    192.168.180.1   0.0.0.0         255.255.255.255 UH        0 0          0 dsl
    192.168.180.2   0.0.0.0         255.255.255.255 UH        0 0          0 dsl
    84.56.141.253   0.0.0.0         255.255.255.255 UH        0 0          0 dsl
    192.168.179.0   0.0.0.0         255.255.255.0   U         0 0          0 guest
    192.168.2.0     192.168.1.9     255.255.255.0   UG        0 0          0 tun0
    192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 tun0
    192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 lan
    169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 lan
    0.0.0.0         0.0.0.0         0.0.0.0         U         0 0          0 dsl
    
    Hier der Logfile des OpenVPN Servers auf der Box:
    Code:
    Wed Feb 15 22:27:40 2012 us=671000 OpenVPN 2.2.2 mips-linux [SSL] [LZO2] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Feb 12 2012
    Wed Feb 15 22:27:40 2012 us=671000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Wed Feb 15 22:27:40 2012 us=767000 Diffie-Hellman initialized with 1024 bit key
    Wed Feb 15 22:27:40 2012 us=775000 TLS-Auth MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Wed Feb 15 22:27:40 2012 us=775000 Socket Buffers: R=[135168->131072] S=[135168->131072]
    Wed Feb 15 22:27:40 2012 us=791000 TUN/TAP device tun0 opened
    Wed Feb 15 22:27:40 2012 us=791000 TUN/TAP TX queue length set to 100
    Wed Feb 15 22:27:40 2012 us=791000 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Wed Feb 15 22:27:40 2012 us=791000 /sbin/ifconfig tun0 192.168.1.1 netmask 255.255.255.0 mtu 1500 broadcast 192.168.1.255
    Wed Feb 15 22:27:40 2012 us=807000 /sbin/route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.9
    Wed Feb 15 22:27:40 2012 us=815000 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
    Wed Feb 15 22:27:40 2012 us=819000 chroot to '/tmp/openvpn' and cd to '/' succeeded
    Wed Feb 15 22:27:40 2012 us=819000 GID set to openvpn
    Wed Feb 15 22:27:40 2012 us=819000 UID set to openvpn
    Wed Feb 15 22:27:40 2012 us=819000 UDPv4 link local (bound): [undef]
    Wed Feb 15 22:27:40 2012 us=819000 UDPv4 link remote: [undef]
    Wed Feb 15 22:27:40 2012 us=819000 MULTI: multi_init called, r=256 v=256
    Wed Feb 15 22:27:40 2012 us=823000 IFCONFIG POOL: base=192.168.1.10 size=11, ipv6=0
    Wed Feb 15 22:27:40 2012 us=823000 Initialization Sequence Completed
    Wed Feb 15 22:29:30 2012 us=703000 MULTI: multi_create_instance called
    Wed Feb 15 22:29:30 2012 us=707000 94.217.251.130:47043 Re-using SSL/TLS context
    Wed Feb 15 22:29:30 2012 us=707000 94.217.251.130:47043 Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Wed Feb 15 22:29:30 2012 us=707000 94.217.251.130:47043 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
    RWed Feb 15 22:29:30 2012 us=707000 94.217.251.130:47043 TLS: Initial packet from [AF_INET]94.217.251.130:47043, sid=076cfa7a b876b2cf
    WRRWWWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWed Feb 15 22:29:31 2012 us=239000 94.217.251.130:47043 VERIFY OK: depth=1, /C=DE/ST=BW/L=St
    Wed Feb 15 22:29:31 2012 us=243000 94.217.251.130:47043 VERIFY OK: depth=0, /C=DE/ST=BW/L=Stuttgart/O=xxxx/OU=xxxxxx/CN=xxxxx.dyndns.org/[email protected]
    WRWRWRWRWWWWRWRWRWRWRWRWRWRWRRRRWRWRWRWed Feb 15 22:29:31 2012 us=439000 94.217.251.130:47043 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Wed Feb 15 22:29:31 2012 us=439000 94.217.251.130:47043 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Wed Feb 15 22:29:31 2012 us=439000 94.217.251.130:47043 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Wed Feb 15 22:29:31 2012 us=439000 94.217.251.130:47043 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    WWRRWed Feb 15 22:29:31 2012 us=475000 94.217.251.130:47043 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Wed Feb 15 22:29:31 2012 us=475000 94.217.251.130:47043 [xxxx.dyndns.org] Peer Connection Initiated with [AF_INET]94.217.251.130:47043
    Wed Feb 15 22:29:31 2012 us=475000 xxxx.dyndns.org/94.217.251.130:47043 MULTI_sva: pool returned IPv4=192.168.1.10, IPv6=::7fdf:2330:41:cc80:49:952c
    Wed Feb 15 22:29:31 2012 us=475000 xxxx.dyndns.org/94.217.251.130:47043 MULTI: Learn: 192.168.1.10 -> xxxx.dyndns.org/94.217.251.130:47043
    Wed Feb 15 22:29:31 2012 us=475000 xxxx.dyndns.org/94.217.251.130:47043 MULTI: primary virtual IP for xxxx.dyndns.org/94.217.251.130:47043: 192.168.1.10
    RWed Feb 15 22:29:33 2012 us=855000 xxxx.dyndns.org/94.217.251.130:47043 PUSH: Received control message: 'PUSH_REQUEST'
    Wed Feb 15 22:29:33 2012 us=859000 xxxx.dyndns.org/94.217.251.130:47043 send_push_reply(): safe_cap=960
    Wed Feb 15 22:29:33 2012 us=859000 xxxx.dyndns.org/94.217.251.130:47043 SENT CONTROL [xxxx.dyndns.org]: 'PUSH_REPLY,route-gateway 192.168.1.1,topology subnet,route 192
    WWWWRRRWRRWRWWRWRRWWRWRWRRWWRWRWRRWRwrWRwrWRwrWRwrWRwrWRWWRRWRWWRRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWWed Feb 15 22:40:02 2012 us=25
    Wed Feb 15 22:40:02 2012 us=255000 TCP/UDP: Closing socket
    Wed Feb 15 22:40:02 2012 us=255000 /sbin/route del -net 192.168.2.0 netmask 255.255.255.0
    Wed Feb 15 22:40:02 2012 us=275000 ERROR: Linux route delete command failed: could not execute external program
    Wed Feb 15 22:40:02 2012 us=275000 Closing TUN/TAP interface
    Wed Feb 15 22:40:02 2012 us=275000 /sbin/ifconfig tun0 0.0.0.0
    Wed Feb 15 22:40:02 2012 us=275000 Linux ip addr del failed: could not execute external program
    Wed Feb 15 22:40:02 2012 us=327000 SIGTERM[hard,] received, process exiting
    
    Und noch der Logfile des Clients aus dem Syslog:
    Code:
    Feb 15 22:29:13 srv ovpn-client[6415]: Current Parameter Settings:
    Feb 15 22:29:13 srv ovpn-client[6415]:   config = '/etc/openvpn/client.conf'
    Feb 15 22:29:13 srv ovpn-client[6415]:   mode = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   persist_config = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   persist_mode = 1
    Feb 15 22:29:13 srv ovpn-client[6415]:   show_ciphers = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   show_digests = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   show_engines = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   genkey = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   key_pass_file = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   show_tls_ciphers = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]: Connection profiles [default]:
    Feb 15 22:29:13 srv ovpn-client[6415]:   proto = udp
    Feb 15 22:29:13 srv ovpn-client[6415]:   local = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   local_port = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote = xxxx.dyndns.org'
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote_port = 1194
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote_float = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   bind_defined = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   bind_local = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   connect_retry_seconds = 5
    Feb 15 22:29:13 srv ovpn-client[6415]:   connect_timeout = 10
    Feb 15 22:29:13 srv ovpn-client[6415]:   connect_retry_max = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   socks_proxy_server = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   socks_proxy_port = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   socks_proxy_retry = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]: Connection profiles END
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote_random = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   ipchange = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   dev = 'tun'
    Feb 15 22:29:13 srv ovpn-client[6415]:   dev_type = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   dev_node = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   lladdr = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   topology = 1
    Feb 15 22:29:13 srv ovpn-client[6415]:   tun_ipv6 = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   ifconfig_local = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   ifconfig_remote_netmask = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   ifconfig_noexec = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   ifconfig_nowarn = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   shaper = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   tun_mtu = 1500
    Feb 15 22:29:13 srv ovpn-client[6415]:   tun_mtu_defined = ENABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   link_mtu = 1500
    Feb 15 22:29:13 srv ovpn-client[6415]:   link_mtu_defined = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   tun_mtu_extra = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   tun_mtu_extra_defined = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   fragment = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   mtu_discover_type = -1
    Feb 15 22:29:13 srv ovpn-client[6415]:   mtu_test = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   mlock = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   keepalive_ping = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   keepalive_timeout = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   inactivity_timeout = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   ping_send_timeout = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   ping_rec_timeout = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   ping_rec_timeout_action = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   ping_timer_remote = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   remap_sigusr1 = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   explicit_exit_notification = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   persist_tun = ENABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   persist_local_ip = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   persist_remote_ip = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   persist_key = ENABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   mssfix = 1450
    Feb 15 22:29:13 srv ovpn-client[6415]:   passtos = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   resolve_retry_seconds = 1000000000
    Feb 15 22:29:13 srv ovpn-client[6415]:   username = 'openvpn'
    Feb 15 22:29:13 srv ovpn-client[6415]:   groupname = 'openvpn'
    Feb 15 22:29:13 srv ovpn-client[6415]:   chroot_dir = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   cd_dir = '/etc/openvpn'
    Feb 15 22:29:13 srv ovpn-client[6415]:   writepid = '/var/run/openvpn.client.pid'
    Feb 15 22:29:13 srv ovpn-client[6415]:   up_script = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   down_script = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   down_pre = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   up_restart = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   up_delay = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   daemon = ENABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   inetd = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   log = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   suppress_timestamps = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   nice = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   verbosity = 5
    Feb 15 22:29:13 srv ovpn-client[6415]:   mute = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   gremlin = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   status_file = '/var/run/openvpn.client.status'
    Feb 15 22:29:13 srv ovpn-client[6415]:   status_file_version = 1
    Feb 15 22:29:13 srv ovpn-client[6415]:   status_file_update_freq = 10
    Feb 15 22:29:13 srv ovpn-client[6415]:   occ = ENABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   rcvbuf = 65536
    Feb 15 22:29:13 srv ovpn-client[6415]:   sndbuf = 65536
    Feb 15 22:29:13 srv ovpn-client[6415]:   sockflags = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   fast_io = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   lzo = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   route_script = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   route_default_gateway = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   route_default_metric = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   route_noexec = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   route_delay = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   route_delay_window = 30
    Feb 15 22:29:13 srv ovpn-client[6415]:   route_delay_defined = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   route_nopull = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   route_gateway_via_dhcp = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   max_routes = 100
    Feb 15 22:29:13 srv ovpn-client[6415]:   allow_pull_fqdn = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   management_addr = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   management_port = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   management_user_pass = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   management_log_history_cache = 250
    Feb 15 22:29:13 srv ovpn-client[6415]:   management_echo_buffer_size = 100
    Feb 15 22:29:13 srv ovpn-client[6415]:   management_write_peer_info_file = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   management_client_user = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   management_client_group = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   management_flags = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   shared_secret_file = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   key_direction = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   ciphername_defined = ENABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   ciphername = 'BF-CBC'
    Feb 15 22:29:13 srv ovpn-client[6415]:   authname_defined = ENABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   authname = 'SHA1'
    Feb 15 22:29:13 srv ovpn-client[6415]:   prng_hash = 'SHA1'
    Feb 15 22:29:13 srv ovpn-client[6415]:   prng_nonce_secret_len = 16
    Feb 15 22:29:13 srv ovpn-client[6415]:   keysize = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   engine = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   replay = ENABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   mute_replay_warnings = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   replay_window = 64
    Feb 15 22:29:13 srv ovpn-client[6415]:   replay_time = 15
    Feb 15 22:29:13 srv ovpn-client[6415]:   packet_id_file = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   use_iv = ENABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   test_crypto = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   tls_server = DISABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   tls_client = ENABLED
    Feb 15 22:29:13 srv ovpn-client[6415]:   key_method = 2
    Feb 15 22:29:13 srv ovpn-client[6415]:   ca_file = 'ca.crt'
    Feb 15 22:29:13 srv ovpn-client[6415]:   ca_path = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   dh_file = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   cert_file = 'client.crt'
    Feb 15 22:29:13 srv ovpn-client[6415]:   priv_key_file = 'client.key'
    Feb 15 22:29:13 srv ovpn-client[6415]:   pkcs12_file = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   cipher_list = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   tls_verify = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   tls_remote = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   crl_file = '[UNDEF]'
    Feb 15 22:29:13 srv ovpn-client[6415]:   ns_cert_type = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote_cert_ku[i] = 160
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote_cert_ku[i] = 136
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote_cert_ku[i] = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote_cert_ku[i] = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote_cert_ku[i] = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote_cert_ku[i] = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote_cert_ku[i] = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote_cert_ku[i] = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote_cert_ku[i] = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote_cert_ku[i] = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote_cert_ku[i] = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote_cert_ku[i] = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote_cert_ku[i] = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote_cert_ku[i] = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote_cert_ku[i] = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote_cert_ku[i] = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   remote_cert_eku = 'TLS Web Server Authentication'
    Feb 15 22:29:13 srv ovpn-client[6415]:   tls_timeout = 2
    Feb 15 22:29:13 srv ovpn-client[6415]:   renegotiate_bytes = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   renegotiate_packets = 0
    Feb 15 22:29:13 srv ovpn-client[6415]:   renegotiate_seconds = 3600
    Feb 15 22:29:13 srv ovpn-client[6415]:   handshake_window = 60
    Feb 15 22:29:14 srv ovpn-client[6415]:   transition_window = 3600
    Feb 15 22:29:14 srv ovpn-client[6415]:   single_session = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   push_peer_info = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   tls_exit = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   tls_auth_file = '[UNDEF]'
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_protected_authentication = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_protected_authentication = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_protected_authentication = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_protected_authentication = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_protected_authentication = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_protected_authentication = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_protected_authentication = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_protected_authentication = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_protected_authentication = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_protected_authentication = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_protected_authentication = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_protected_authentication = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_protected_authentication = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_protected_authentication = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_protected_authentication = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_protected_authentication = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_private_mode = 00000000
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_private_mode = 00000000
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_private_mode = 00000000
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_private_mode = 00000000
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_private_mode = 00000000
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_private_mode = 00000000
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_private_mode = 00000000
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_private_mode = 00000000
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_private_mode = 00000000
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_private_mode = 00000000
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_private_mode = 00000000
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_private_mode = 00000000
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_private_mode = 00000000
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_private_mode = 00000000
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_private_mode = 00000000
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_private_mode = 00000000
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_cert_private = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_cert_private = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_cert_private = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_cert_private = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_cert_private = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_cert_private = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_cert_private = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_cert_private = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_cert_private = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_cert_private = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_cert_private = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_cert_private = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_cert_private = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_cert_private = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_cert_private = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_cert_private = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_pin_cache_period = -1
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_id = '[UNDEF]'
    Feb 15 22:29:14 srv ovpn-client[6415]:   pkcs11_id_management = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   server_network = 0.0.0.0
    Feb 15 22:29:14 srv ovpn-client[6415]:   server_netmask = 0.0.0.0
    Feb 15 22:29:14 srv ovpn-client[6415]:   server_bridge_ip = 0.0.0.0
    Feb 15 22:29:14 srv ovpn-client[6415]:   server_bridge_netmask = 0.0.0.0
    Feb 15 22:29:14 srv ovpn-client[6415]:   server_bridge_pool_start = 0.0.0.0
    Feb 15 22:29:14 srv ovpn-client[6415]:   server_bridge_pool_end = 0.0.0.0
    Feb 15 22:29:14 srv ovpn-client[6415]:   ifconfig_pool_defined = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   ifconfig_pool_start = 0.0.0.0
    Feb 15 22:29:14 srv ovpn-client[6415]:   ifconfig_pool_end = 0.0.0.0
    Feb 15 22:29:14 srv ovpn-client[6415]:   ifconfig_pool_netmask = 0.0.0.0
    Feb 15 22:29:14 srv ovpn-client[6415]:   ifconfig_pool_persist_filename = '[UNDEF]'
    Feb 15 22:29:14 srv ovpn-client[6415]:   ifconfig_pool_persist_refresh_freq = 600
    Feb 15 22:29:14 srv ovpn-client[6415]:   n_bcast_buf = 256
    Feb 15 22:29:14 srv ovpn-client[6415]:   tcp_queue_limit = 64
    Feb 15 22:29:14 srv ovpn-client[6415]:   real_hash_size = 256
    Feb 15 22:29:14 srv ovpn-client[6415]:   virtual_hash_size = 256
    Feb 15 22:29:14 srv ovpn-client[6415]:   client_connect_script = '[UNDEF]'
    Feb 15 22:29:14 srv ovpn-client[6415]:   learn_address_script = '[UNDEF]'
    Feb 15 22:29:14 srv ovpn-client[6415]:   client_disconnect_script = '[UNDEF]'
    Feb 15 22:29:14 srv ovpn-client[6415]:   client_config_dir = '[UNDEF]'
    Feb 15 22:29:14 srv ovpn-client[6415]:   ccd_exclusive = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   tmp_dir = '[UNDEF]'
    Feb 15 22:29:14 srv ovpn-client[6415]:   push_ifconfig_defined = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   push_ifconfig_local = 0.0.0.0
    Feb 15 22:29:14 srv ovpn-client[6415]:   push_ifconfig_remote_netmask = 0.0.0.0
    Feb 15 22:29:14 srv ovpn-client[6415]:   enable_c2c = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   duplicate_cn = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   cf_max = 0
    Feb 15 22:29:14 srv ovpn-client[6415]:   cf_per = 0
    Feb 15 22:29:14 srv ovpn-client[6415]:   max_clients = 1024
    Feb 15 22:29:14 srv ovpn-client[6415]:   max_routes_per_client = 256
    Feb 15 22:29:14 srv ovpn-client[6415]:   auth_user_pass_verify_script = '[UNDEF]'
    Feb 15 22:29:14 srv ovpn-client[6415]:   auth_user_pass_verify_script_via_file = DISABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   ssl_flags = 0
    Feb 15 22:29:14 srv ovpn-client[6415]:   port_share_host = '[UNDEF]'
    Feb 15 22:29:14 srv ovpn-client[6415]:   port_share_port = 0
    Feb 15 22:29:14 srv ovpn-client[6415]:   client = ENABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   pull = ENABLED
    Feb 15 22:29:14 srv ovpn-client[6415]:   auth_user_pass_file = '[UNDEF]'
    Feb 15 22:29:14 srv ovpn-client[6415]: OpenVPN 2.1.3 arm-unknown-linux-gnueabi [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Oct 22 2010
    Feb 15 22:29:14 srv ovpn-client[6415]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Feb 15 22:29:14 srv ovpn-client[6415]: /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
    Feb 15 22:29:14 srv ovpn-client[6415]: Control Channel MTU parms [ L:1541 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Feb 15 22:29:14 srv ovpn-client[6415]: Socket Buffers: R=[112640->131072] S=[112640->131072]
    Feb 15 22:29:14 srv ovpn-client[6415]: Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4 ET:0 EL:0 ]
    Feb 15 22:29:14 srv ovpn-client[6415]: Local Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
    Feb 15 22:29:14 srv ovpn-client[6415]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
    Feb 15 22:29:14 srv ovpn-client[6415]: Local Options hash (VER=V4): '3514370b'
    Feb 15 22:29:14 srv ovpn-client[6415]: Expected Remote Options hash (VER=V4): '239669a8'
    Feb 15 22:29:14 srv ovpn-client[6438]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
    Feb 15 22:29:14 srv ovpn-client[6438]: UDPv4 link local: [undef]
    Feb 15 22:29:14 srv ovpn-client[6438]: UDPv4 link remote: [AF_INET]84.56.141.253:1194
    Feb 15 22:29:14 srv ovpn-client[6438]: TLS: Initial packet from [AF_INET]84.56.141.253:1194, sid=a33bbc00 c813f4ca
    Feb 15 22:29:15 srv ovpn-client[6438]: VERIFY OK: depth=1, /C=DE/ST=BW/L=Stuttgart/O=xxxx/CN=xxxx.dyndns.org/[email protected]
    Feb 15 22:29:15 srv ovpn-client[6438]: Validating certificate key usage
    Feb 15 22:29:15 srv ovpn-client[6438]: ++ Certificate has key usage  00a0, expects 00a0
    Feb 15 22:29:15 srv ovpn-client[6438]: VERIFY KU OK
    Feb 15 22:29:15 srv ovpn-client[6438]: Validating certificate extended key usage
    Feb 15 22:29:15 srv ovpn-client[6438]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
    Feb 15 22:29:15 srv ovpn-client[6438]: VERIFY EKU OK
    Feb 15 22:29:15 srv ovpn-client[6438]: VERIFY OK: depth=0, /C=DE/ST=BW/L=Stuttgart/O=xxxx/CN=xxxx.dyndns.org/[email protected]
    Feb 15 22:29:15 srv ovpn-client[6438]: NOTE: Options consistency check may be skewed by version differences
    Feb 15 22:29:15 srv ovpn-client[6438]: WARNING: 'version' is used inconsistently, local='version V4', remote='version V0 UNDEF'
    Feb 15 22:29:15 srv ovpn-client[6438]: WARNING: 'dev-type' is present in local config but missing in remote config, local='dev-type tun'
    Feb 15 22:29:15 srv ovpn-client[6438]: WARNING: 'link-mtu' is present in local config but missing in remote config, local='link-mtu 1541'
    Feb 15 22:29:15 srv ovpn-client[6438]: WARNING: 'tun-mtu' is present in local config but missing in remote config, local='tun-mtu 1500'
    Feb 15 22:29:15 srv ovpn-client[6438]: WARNING: 'proto' is present in local config but missing in remote config, local='proto UDPv4'
    Feb 15 22:29:15 srv ovpn-client[6438]: WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
    Feb 15 22:29:15 srv ovpn-client[6438]: WARNING: 'auth' is present in local config but missing in remote config, local='auth SHA1'
    Feb 15 22:29:15 srv ovpn-client[6438]: WARNING: 'keysize' is present in local config but missing in remote config, local='keysize 128'
    Feb 15 22:29:15 srv ovpn-client[6438]: WARNING: 'key-method' is present in local config but missing in remote config, local='key-method 2'
    Feb 15 22:29:15 srv ovpn-client[6438]: WARNING: 'tls-server' is present in local config but missing in remote config, local='tls-server'
    Feb 15 22:29:15 srv ovpn-client[6438]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Feb 15 22:29:15 srv ovpn-client[6438]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Feb 15 22:29:15 srv ovpn-client[6438]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Feb 15 22:29:15 srv ovpn-client[6438]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Feb 15 22:29:15 srv ovpn-client[6438]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Feb 15 22:29:15 srv ovpn-client[6438]: [xxxx.dyndns.org] Peer Connection Initiated with [AF_INET]84.56.141.253:1194
    Feb 15 22:29:18 srv ovpn-client[6438]: SENT CONTROL [xxxx.dyndns.org]: 'PUSH_REQUEST' (status=1)
    Feb 15 22:29:18 srv ovpn-client[6438]: PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.1.1,topology subnet,route 192.168.0.0 255.255.255.0,route 192.168.1.1,dhcp-option WINS 192.168.0.100,ping 10,ping-restart 120,ifconfig 192.168.1.10 255.255.255.0'
    Feb 15 22:29:18 srv ovpn-client[6438]: OPTIONS IMPORT: timers and/or timeouts modified
    Feb 15 22:29:18 srv ovpn-client[6438]: OPTIONS IMPORT: --ifconfig/up options modified
    Feb 15 22:29:18 srv ovpn-client[6438]: OPTIONS IMPORT: route options modified
    Feb 15 22:29:18 srv ovpn-client[6438]: OPTIONS IMPORT: route-related options modified
    Feb 15 22:29:18 srv ovpn-client[6438]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Feb 15 22:29:18 srv ovpn-client[6438]: ROUTE default_gateway=192.168.2.1
    Feb 15 22:29:18 srv ovpn-client[6438]: TUN/TAP device tun0 opened
    Feb 15 22:29:18 srv ovpn-client[6438]: TUN/TAP TX queue length set to 100
    Feb 15 22:29:18 srv ovpn-client[6438]: /sbin/ifconfig tun0 192.168.1.10 netmask 255.255.255.0 mtu 1500 broadcast 192.168.1.255
    Feb 15 22:29:18 srv ovpn-client[6438]: /sbin/route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.1.1
    Feb 15 22:29:18 srv ovpn-client[6438]: GID set to openvpn
    Feb 15 22:29:18 srv ovpn-client[6438]: UID set to openvpn
    Feb 15 22:29:18 srv ovpn-client[6438]: Initialization Sequence Completed
    Feb 15 22:39:39 srv ovpn-client[6438]: event_wait : Interrupted system call (code=4)
    Feb 15 22:39:39 srv ovpn-client[6438]: TCP/UDP: Closing socket
    Feb 15 22:39:39 srv ovpn-client[6438]: /sbin/route del -net 192.168.0.0 netmask 255.255.255.0
    Feb 15 22:39:39 srv ovpn-client[6438]: ERROR: Linux route delete command failed: external program exited with error status: 7
    Feb 15 22:39:39 srv ovpn-client[6438]: Closing TUN/TAP interface
    Feb 15 22:39:39 srv ovpn-client[6438]: /sbin/ifconfig tun0 0.0.0.0
    Feb 15 22:39:39 srv ovpn-client[6438]: Linux ip addr del failed: external program exited with error status: 255
    Feb 15 22:39:39 srv ovpn-client[6438]: SIGTERM[hard,] received, process exiting
    
     
  7. olistudent

    olistudent IPPF-Urgestein

    Registriert seit:
    19 Okt. 2004
    Beiträge:
    14,779
    Zustimmungen:
    10
    Punkte für Erfolge:
    38
    Beruf:
    Softwareentwickler
    Ort:
    Kaiserslautern
    Würdest du bitte code-Tags für solche Ausgaben verwenden?

    Gruß
    Oliver
     
  8. MaxMuster

    MaxMuster IPPF-Promi

    Registriert seit:
    1 Feb. 2005
    Beiträge:
    6,932
    Zustimmungen:
    0
    Punkte für Erfolge:
    36
    Hui, meine Vermutung lag vermutlich richtig ;-):
    Der Client hat nicht die IP aus der "erweiterten Config" bekommen, sondern aus dem Pool. Du siehst im Log, dass er nicht .9 sondern .10 bekommen hat!
    Du hast mit ziemlich großer Wahrscheinlichkeit beim "Clientname" in der erweiterten Config nicht den exakten Namen des Clients aus dem CN stehen ("xxxx.dyndns.org").
     
  9. klausgt

    klausgt Neuer User

    Registriert seit:
    15 Feb. 2012
    Beiträge:
    5
    Zustimmungen:
    0
    Punkte für Erfolge:
    0
    Super! Das war das Problem. Ich hatte in der erweiterten Config nur den Hostnamen "xxxx" ohne die Domain (statt "xxxx.dyndns.org") als Clientname angegeben. Respekt und vielen Dank!