Can't connect to the server after updating to 0.7.37 #1488
Unanswered
Makishima
asked this question in
Configuration problems
Replies: 2 comments 6 replies
-
The clinet logs seems to be cut short. What happens? Just a timeout, does the server log say anything about this? |
Beta Was this translation helpful? Give feedback.
3 replies
-
Stumbled upon this same issue. Older client (using OpenSSL 1.1.1) connects, latest (OpenSSL 3.0.3) won't. The server reports Have verified that both server and client support OpenSSL 3 changed some names, may be causing the issue? Server log with show-tls$ openvpn --show-tls Available TLS Ciphers, listed in order of preference: TLS-DHE-RSA-WITH-AES-256-CBC-SHA TLS-DHE-DSS-WITH-AES-256-CBC-SHA TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA TLS-DHE-RSA-WITH-AES-128-CBC-SHA TLS-DHE-DSS-WITH-AES-128-CBC-SHA KRB5-DES-CBC3-MD5 (No IANA name known to OpenVPN, use OpenSSL name.) KRB5-DES-CBC3-SHA (No IANA name known to OpenVPN, use OpenSSL name.) Server configport 1194 proto udp dev tun ca test/ca.crt cert test/test.crt key test/test.key dh test/dh2048.pem server 172.16.0.0 255.255.255.0 ifconfig-pool-persist test.txt push "route 192.168.16.0 255.255.255.0" client-config-dir ccd push "dhcp-option DNS 172.16.0.x" push "dhcp-option DOMAIN xxxxxxxx" keepalive 10 120 tls-auth ta.key 0 # This file is secret tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA auth SHA256 cipher AES-128-CBC comp-lzo max-clients 10 user nobody group nobody persist-key persist-tun status openvpn-status.log verb 6 Server connect log with verb 6Tue May 31 01:38:41 2022 us=2432 MULTI: multi_create_instance called Tue May 31 01:38:41 2022 us=2493 xx.xx.xx.xx:yyyyy Re-using SSL/TLS context Tue May 31 01:38:41 2022 us=2540 xx.xx.xx.xx:yyyyy LZO compression initialized Tue May 31 01:38:41 2022 us=2664 xx.xx.xx.xx:yyyyy Control Channel MTU parms [ L:1570 D:1172 EF:78 EB:0 ET:0 EL:3 ] Tue May 31 01:38:41 2022 us=2680 xx.xx.xx.xx:yyyyy Data Channel MTU parms [ L:1570 D:1450 EF:70 EB:143 ET:0 EL:3 AF:3/1 ] Tue May 31 01:38:41 2022 us=2710 xx.xx.xx.xx:yyyyy Local Options String: 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-server' Tue May 31 01:38:41 2022 us=2720 xx.xx.xx.xx:yyyyy Expected Remote Options String: 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client' Tue May 31 01:38:41 2022 us=2743 xx.xx.xx.xx:yyyyy Local Options hash (VER=V4): '1089825c' Tue May 31 01:38:41 2022 us=2759 xx.xx.xx.xx:yyyyy Expected Remote Options hash (VER=V4): '6907942a' Tue May 31 01:38:41 2022 us=2814 xx.xx.xx.xx:yyyyy UDPv4 READ [54] from [AF_INET]xx.xx.xx.xx:yyyyy: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0 Tue May 31 01:38:41 2022 us=2833 xx.xx.xx.xx:yyyyy TLS: Initial packet from [AF_INET]xx.xx.xx.xx:yyyyy, sid=3df5039b c0e20796 Tue May 31 01:38:41 2022 us=2882 xx.xx.xx.xx:yyyyy UDPv4 WRITE [66] to [AF_INET]xx.xx.xx.xx:yyyyy: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 pid=[ #1 ] [ 0 ] pid=0 DATA len=0 Tue May 31 01:38:41 2022 us=18032 xx.xx.xx.xx:yyyyy UDPv4 READ [343] from [AF_INET]xx.xx.xx.xx:yyyyy: P_CONTROL_V1 kid=0 pid=[ #2 ] [ 0 ] pid=1 DATA len=277 Tue May 31 01:38:41 2022 us=125488 xx.xx.xx.xx:yyyyy UDPv4 WRITE [62] to [AF_INET]xx.xx.xx.xx:yyyyy: P_ACK_V1 kid=0 pid=[ #2 ] [ 1 ] Tue May 31 01:38:41 2022 us=125754 xx.xx.xx.xx:yyyyy UDPv4 WRITE [1148] to [AF_INET]xx.xx.xx.xx:yyyyy: P_CONTROL_V1 kid=0 pid=[ #3 ] [ ] pid=1 DATA len=1094 Tue May 31 01:38:41 2022 us=125970 xx.xx.xx.xx:yyyyy UDPv4 WRITE [1148] to [AF_INET]xx.xx.xx.xx:yyyyy: P_CONTROL_V1 kid=0 pid=[ #4 ] [ ] pid=2 DATA len=1094 Tue May 31 01:38:41 2022 us=126038 xx.xx.xx.xx:yyyyy UDPv4 WRITE [404] to [AF_INET]xx.xx.xx.xx:yyyyy: P_CONTROL_V1 kid=0 pid=[ #5 ] [ ] pid=3 DATA len=350 Tue May 31 01:38:43 2022 us=240156 xx.xx.xx.xx:yyyyy UDPv4 WRITE [1148] to [AF_INET]xx.xx.xx.xx:yyyyy: P_CONTROL_V1 kid=0 pid=[ #6 ] [ ] pid=1 DATA len=1094 Tue May 31 01:38:44 2022 us=360156 xx.xx.xx.xx:yyyyy UDPv4 WRITE [1148] to [AF_INET]xx.xx.xx.xx:yyyyy: P_CONTROL_V1 kid=0 pid=[ #7 ] [ ] pid=2 DATA len=1094 Tue May 31 01:38:45 2022 us=480166 xx.xx.xx.xx:yyyyy UDPv4 WRITE [404] to [AF_INET]xx.xx.xx.xx:yyyyy: P_CONTROL_V1 kid=0 pid=[ #8 ] [ ] pid=3 DATA len=350 Tue May 31 01:38:47 2022 us=720198 xx.xx.xx.xx:yyyyy UDPv4 WRITE [1148] to [AF_INET]xx.xx.xx.xx:yyyyy: P_CONTROL_V1 kid=0 pid=[ #9 ] [ ] pid=1 DATA len=1094 Tue May 31 01:38:48 2022 us=840162 xx.xx.xx.xx:yyyyy UDPv4 WRITE [1148] to [AF_INET]xx.xx.xx.xx:yyyyy: P_CONTROL_V1 kid=0 pid=[ #10 ] [ ] pid=2 DATA len=1094 Tue May 31 01:38:49 2022 us=960157 xx.xx.xx.xx:yyyyy UDPv4 WRITE [404] to [AF_INET]xx.xx.xx.xx:yyyyy: P_CONTROL_V1 kid=0 pid=[ #11 ] [ ] pid=3 DATA len=350 Tue May 31 01:38:55 2022 us=350163 xx.xx.xx.xx:yyyyy UDPv4 WRITE [1148] to [AF_INET]xx.xx.xx.xx:yyyyy: P_CONTROL_V1 kid=0 pid=[ #12 ] [ ] pid=1 DATA len=1094 Tue May 31 01:38:56 2022 us=430159 xx.xx.xx.xx:yyyyy UDPv4 WRITE [1148] to [AF_INET]xx.xx.xx.xx:yyyyy: P_CONTROL_V1 kid=0 pid=[ #13 ] [ ] pid=2 DATA len=1094 Tue May 31 01:38:57 2022 us=510174 xx.xx.xx.xx:yyyyy UDPv4 WRITE [404] to [AF_INET]xx.xx.xx.xx:yyyyy: P_CONTROL_V1 kid=0 pid=[ #14 ] [ ] pid=3 DATA len=350 Tue May 31 01:39:11 2022 us=460189 xx.xx.xx.xx:yyyyy UDPv4 WRITE [1148] to [AF_INET]xx.xx.xx.xx:yyyyy: P_CONTROL_V1 kid=0 pid=[ #15 ] [ ] pid=1 DATA len=1094 Tue May 31 01:39:12 2022 us=670164 xx.xx.xx.xx:yyyyy UDPv4 WRITE [1148] to [AF_INET]xx.xx.xx.xx:yyyyy: P_CONTROL_V1 kid=0 pid=[ #16 ] [ ] pid=2 DATA len=1094 Tue May 31 01:39:13 2022 us=880157 xx.xx.xx.xx:yyyyy UDPv4 WRITE [404] to [AF_INET]xx.xx.xx.xx:yyyyy: P_CONTROL_V1 kid=0 pid=[ #17 ] [ ] pid=3 DATA len=350 Tue May 31 01:39:41 2022 us=480093 xx.xx.xx.xx:yyyyy TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Tue May 31 01:39:41 2022 us=480126 xx.xx.xx.xx:yyyyy TLS Error: TLS handshake failed Tue May 31 01:39:41 2022 us=480270 xx.xx.xx.xx:yyyyy SIGUSR1[soft,tls-error] received, client-instance restarting Client connect log... 2022-05-31 01:38:40 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA2-256,keysize 128,tls-auth,key-method 2,tls-client' 2022-05-31 01:38:40 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1570,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA2-256,keysize 128,tls-auth,key-method 2,tls-server' 2022-05-31 01:38:40 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:yyyyy 2022-05-31 01:38:40 Socket Buffers: R=[212992->212992] S=[212992->212992] 2022-05-31 01:38:40 MANAGEMENT: CMD 'needok 'PROTECTFD' ok' 2022-05-31 01:38:40 UDP link local (bound): [AF_INET][undef]:zzzzz 2022-05-31 01:38:40 UDP link remote: [AF_INET]xx.xx.xx.xx:yyyyy 2022-05-31 01:38:40 MANAGEMENT: >STATE:1653961120,WAIT,,,,,, 2022-05-31 01:38:40 Debug state info: CONNECTED to WIFI "AP", pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 2022-05-31 01:38:41 MANAGEMENT: >STATE:1653961121,AUTH,,,,,, 2022-05-31 01:38:41 TLS: Initial packet from [AF_INET]xx.xx.xx.xx:yyyyy, sid=a4738d32 6371c62d 2022-05-31 01:38:41 TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only 2022-05-31 01:38:41 OpenSSL: error:0A000102:SSL routines::unsupported protocol 2022-05-31 01:38:41 TLS_ERROR: BIO read tls_read_plaintext error 2022-05-31 01:38:41 TLS Error: TLS object -> incoming plaintext read error 2022-05-31 01:38:41 TLS Error: TLS handshake failed 2022-05-31 01:38:41 TCP/UDP: Closing socket 2022-05-31 01:38:41 SIGUSR1[soft,tls-error] received, process restarting 2022-05-31 01:38:41 MANAGEMENT: >STATE:1653961121,RECONNECTING,tls-error,,,,, 2022-05-31 01:38:41 Waiting 2s seconds between connection attempt ... Client log with show-tls2022-05-31 01:58:17 official build 0.7.37 running on Android (MT6753), Android 6.0 (Android_20161226) API 23, ABI arm64-v8a, (alps/full_wtk6753_65u_m0/wtk6753_65u_m0:6.0/MRA58K/1482734689:user/dev-keys) 2022-05-31 01:58:17 Building configuration… 2022-05-31 01:58:17 started Socket Thread 2022-05-31 01:58:17 P:WARNING: linker: /data/user/0/de.blinkt.openvpn/cache/c_pie_openvpn.arm64-v8a: unsupported flags DT_FLAGS_1=0x8000001 2022-05-31 01:58:17 Network Status: CONNECTED to WIFI "AP" 2022-05-31 01:58:17 Debug state info: CONNECTED to WIFI "AP", pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 2022-05-31 01:58:17 Debug state info: CONNECTED to WIFI "AP", pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 2022-05-31 01:58:17 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set. 2022-05-31 01:58:17 P:Available TLS Ciphers, listed in order of preference: 2022-05-31 01:58:17 P: 2022-05-31 01:58:17 P:For TLS 1.3 and newer (--tls-ciphersuites): 2022-05-31 01:58:17 P: 2022-05-31 01:58:17 P:TLS_AES_256_GCM_SHA384 2022-05-31 01:58:17 P:TLS_CHACHA20_POLY1305_SHA256 2022-05-31 01:58:17 P:TLS_AES_128_GCM_SHA256 2022-05-31 01:58:17 P: 2022-05-31 01:58:17 P:For TLS 1.2 and older (--tls-cipher): 2022-05-31 01:58:17 P: 2022-05-31 01:58:17 P:TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 2022-05-31 01:58:17 P:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 2022-05-31 01:58:17 P:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 2022-05-31 01:58:17 P:TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 2022-05-31 01:58:17 P:TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 2022-05-31 01:58:17 P:TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 2022-05-31 01:58:17 P:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 2022-05-31 01:58:17 P:TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 2022-05-31 01:58:17 P:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 2022-05-31 01:58:17 P:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 2022-05-31 01:58:17 P:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 2022-05-31 01:58:17 P:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 2022-05-31 01:58:17 P:TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 2022-05-31 01:58:17 P:TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 2022-05-31 01:58:17 P:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 2022-05-31 01:58:17 P:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA 2022-05-31 01:58:17 P:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA 2022-05-31 01:58:17 P:TLS-DHE-RSA-WITH-AES-256-CBC-SHA 2022-05-31 01:58:17 P:TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA 2022-05-31 01:58:17 P:TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA 2022-05-31 01:58:17 P:TLS-DHE-RSA-WITH-AES-128-CBC-SHA 2022-05-31 01:58:17 P: 2022-05-31 01:58:17 P:Be aware that that whether a cipher suite in this list can actually work 2022-05-31 01:58:17 P:depends on the specific setup of both peers. See the man page entries of 2022-05-31 01:58:17 P:--tls-cipher and --show-tls for more details. 2022-05-31 01:58:17 P: Edit: Also tried with |
Beta Was this translation helpful? Give feedback.
3 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
After installing new version connection stack on
Attempting to establish TCP connection with
My logs
2022-05-17 12:15:38 official build 0.7.37 running on Sony XQ-BC72 (lahaina), Android 12 (61.1.A.7.35) API 31, ABI arm64-v8a, (Sony/XQ-BC72/XQ-BC72:12/61.1.A.7.35/061001A007003503147541197:user/release-keys)
2022-05-17 12:15:38 Building configuration…
2022-05-17 12:15:38 started Socket Thread
2022-05-17 12:15:38 Network Status: CONNECTED to WIFI
2022-05-17 12:15:38 Debug state info: CONNECTED to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2022-05-17 12:15:39 P:WARNING: linker: Warning: "/data/app/~~N5_CVV4SvdGTCpevBccyEA==/de.blinkt.openvpn-6liFEFXDa8LsD2DUTCHtVA==/lib/arm64/libovpnexec.so" is not a directory (ignoring)
2022-05-17 12:15:39 Debug state info: CONNECTED to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2022-05-17 12:15:39 Current Parameter Settings:
2022-05-17 12:15:39 config = 'stdin'
2022-05-17 12:15:39 mode = 0
2022-05-17 12:15:39 show_ciphers = DISABLED
2022-05-17 12:15:39 show_digests = DISABLED
2022-05-17 12:15:39 show_engines = DISABLED
2022-05-17 12:15:39 genkey = DISABLED
2022-05-17 12:15:39 genkey_filename = '[UNDEF]'
2022-05-17 12:15:39 key_pass_file = '[UNDEF]'
2022-05-17 12:15:39 show_tls_ciphers = DISABLED
2022-05-17 12:15:39 connect_retry_max = 0
2022-05-17 12:15:39 Connection profiles [0]:
2022-05-17 12:15:39 proto = tcp-client
2022-05-17 12:15:39 local = '[UNDEF]'
2022-05-17 12:15:39 local_port = '[UNDEF]'
2022-05-17 12:15:39 remote = 'XXXXXXXX'
2022-05-17 12:15:39 remote_port = '11443'
2022-05-17 12:15:39 remote_float = DISABLED
2022-05-17 12:15:39 bind_defined = DISABLED
2022-05-17 12:15:39 bind_local = DISABLED
2022-05-17 12:15:39 bind_ipv6_only = DISABLED
2022-05-17 12:15:39 connect_retry_seconds = 2
2022-05-17 12:15:39 connect_timeout = 120
2022-05-17 12:15:39 socks_proxy_server = '[UNDEF]'
2022-05-17 12:15:39 socks_proxy_port = '[UNDEF]'
2022-05-17 12:15:39 tun_mtu = 1500
2022-05-17 12:15:39 tun_mtu_defined = ENABLED
2022-05-17 12:15:39 link_mtu = 1500
2022-05-17 12:15:39 link_mtu_defined = DISABLED
2022-05-17 12:15:39 tun_mtu_extra = 0
2022-05-17 12:15:39 tun_mtu_extra_defined = DISABLED
2022-05-17 12:15:39 tls_mtu = 1250
2022-05-17 12:15:39 mtu_discover_type = -1
2022-05-17 12:15:39 fragment = 0
2022-05-17 12:15:39 mssfix = 1492
2022-05-17 12:15:39 mssfix_encap = ENABLED
2022-05-17 12:15:39 mssfix_fixed = DISABLED
2022-05-17 12:15:39 explicit_exit_notification = 0
2022-05-17 12:15:39 tls_auth_file = '[UNDEF]'
2022-05-17 12:15:39 key_direction = not set
2022-05-17 12:15:39 tls_crypt_file = '[INLINE]'
2022-05-17 12:15:39 tls_crypt_v2_file = '[UNDEF]'
2022-05-17 12:15:39 Connection profiles END
2022-05-17 12:15:39 remote_random = ENABLED
2022-05-17 12:15:39 ipchange = '[UNDEF]'
2022-05-17 12:15:39 dev = 'tun'
2022-05-17 12:15:39 dev_type = '[UNDEF]'
2022-05-17 12:15:39 dev_node = '[UNDEF]'
2022-05-17 12:15:39 lladdr = '[UNDEF]'
2022-05-17 12:15:39 topology = 1
2022-05-17 12:15:39 ifconfig_local = '[UNDEF]'
2022-05-17 12:15:39 ifconfig_remote_netmask = '[UNDEF]'
2022-05-17 12:15:39 ifconfig_noexec = DISABLED
2022-05-17 12:15:39 ifconfig_nowarn = ENABLED
2022-05-17 12:15:39 ifconfig_ipv6_local = '[UNDEF]'
2022-05-17 12:15:39 ifconfig_ipv6_netbits = 0
2022-05-17 12:15:39 ifconfig_ipv6_remote = '[UNDEF]'
2022-05-17 12:15:39 shaper = 0
2022-05-17 12:15:39 mtu_test = 0
2022-05-17 12:15:39 mlock = DISABLED
2022-05-17 12:15:39 keepalive_ping = 0
2022-05-17 12:15:39 keepalive_timeout = 0
2022-05-17 12:15:39 inactivity_timeout = 0
2022-05-17 12:15:39 inactivity_minimum_bytes = 0
2022-05-17 12:15:39 ping_send_timeout = 0
2022-05-17 12:15:39 ping_rec_timeout = 0
2022-05-17 12:15:39 ping_rec_timeout_action = 0
2022-05-17 12:15:39 ping_timer_remote = DISABLED
2022-05-17 12:15:39 remap_sigusr1 = 0
2022-05-17 12:15:39 persist_tun = ENABLED
2022-05-17 12:15:39 persist_local_ip = DISABLED
2022-05-17 12:15:39 persist_remote_ip = DISABLED
2022-05-17 12:15:39 persist_key = DISABLED
2022-05-17 12:15:39 passtos = DISABLED
2022-05-17 12:15:39 resolve_retry_seconds = 60
2022-05-17 12:15:39 resolve_in_advance = ENABLED
2022-05-17 12:15:39 username = '[UNDEF]'
2022-05-17 12:15:39 groupname = '[UNDEF]'
2022-05-17 12:15:39 chroot_dir = '[UNDEF]'
2022-05-17 12:15:39 cd_dir = '[UNDEF]'
2022-05-17 12:15:39 writepid = '[UNDEF]'
2022-05-17 12:15:39 up_script = '[UNDEF]'
2022-05-17 12:15:39 down_script = '[UNDEF]'
2022-05-17 12:15:39 down_pre = DISABLED
2022-05-17 12:15:39 up_restart = DISABLED
2022-05-17 12:15:39 up_delay = DISABLED
2022-05-17 12:15:39 daemon = DISABLED
2022-05-17 12:15:39 log = DISABLED
2022-05-17 12:15:39 suppress_timestamps = DISABLED
2022-05-17 12:15:39 machine_readable_output = ENABLED
2022-05-17 12:15:39 nice = 0
2022-05-17 12:15:39 verbosity = 4
2022-05-17 12:15:39 mute = 0
2022-05-17 12:15:39 gremlin = 0
2022-05-17 12:15:39 status_file = '[UNDEF]'
2022-05-17 12:15:39 status_file_version = 1
2022-05-17 12:15:39 status_file_update_freq = 60
2022-05-17 12:15:39 occ = ENABLED
2022-05-17 12:15:39 rcvbuf = 0
2022-05-17 12:15:39 sndbuf = 0
2022-05-17 12:15:39 sockflags = 0
2022-05-17 12:15:39 fast_io = DISABLED
2022-05-17 12:15:39 comp.alg = 0
2022-05-17 12:15:39 comp.flags = 0
2022-05-17 12:15:39 route_script = '[UNDEF]'
2022-05-17 12:15:39 route_default_gateway = '[UNDEF]'
2022-05-17 12:15:39 route_default_metric = 0
2022-05-17 12:15:39 route_noexec = DISABLED
2022-05-17 12:15:39 route_delay = 0
2022-05-17 12:15:39 route_delay_window = 30
2022-05-17 12:15:39 route_delay_defined = DISABLED
2022-05-17 12:15:39 route_nopull = DISABLED
2022-05-17 12:15:39 route_gateway_via_dhcp = DISABLED
2022-05-17 12:15:39 allow_pull_fqdn = DISABLED
2022-05-17 12:15:39 management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
2022-05-17 12:15:39 management_port = 'unix'
2022-05-17 12:15:39 management_user_pass = '[UNDEF]'
2022-05-17 12:15:39 management_log_history_cache = 250
2022-05-17 12:15:39 management_echo_buffer_size = 100
2022-05-17 12:15:39 management_write_peer_info_file = '[UNDEF]'
2022-05-17 12:15:39 management_client_user = '[UNDEF]'
2022-05-17 12:15:39 management_client_group = '[UNDEF]'
2022-05-17 12:15:39 management_flags = 16678
2022-05-17 12:15:39 shared_secret_file = '[UNDEF]'
2022-05-17 12:15:39 key_direction = not set
2022-05-17 12:15:39 ciphername = 'AES-256-GCM'
2022-05-17 12:15:39 ncp_ciphers = 'AES-256-GCM'
2022-05-17 12:15:39 authname = 'SHA256'
2022-05-17 12:15:39 engine = DISABLED
2022-05-17 12:15:39 replay = ENABLED
2022-05-17 12:15:39 mute_replay_warnings = DISABLED
2022-05-17 12:15:39 replay_window = 64
2022-05-17 12:15:39 replay_time = 15
2022-05-17 12:15:39 packet_id_file = '[UNDEF]'
2022-05-17 12:15:39 test_crypto = DISABLED
2022-05-17 12:15:39 tls_server = DISABLED
2022-05-17 12:15:39 tls_client = ENABLED
2022-05-17 12:15:39 ca_file = '[INLINE]'
2022-05-17 12:15:39 ca_path = '[UNDEF]'
2022-05-17 12:15:39 dh_file = '[UNDEF]'
2022-05-17 12:15:39 cert_file = '[INLINE]'
2022-05-17 12:15:39 extra_certs_file = '[UNDEF]'
2022-05-17 12:15:39 priv_key_file = '[INLINE]'
2022-05-17 12:15:39 pkcs12_file = '[UNDEF]'
2022-05-17 12:15:39 cipher_list = '[UNDEF]'
2022-05-17 12:15:39 cipher_list_tls13 = '[UNDEF]'
2022-05-17 12:15:39 tls_cert_profile = 'preferred'
2022-05-17 12:15:39 tls_verify = '[UNDEF]'
2022-05-17 12:15:39 tls_export_cert = '[UNDEF]'
2022-05-17 12:15:39 verify_x509_type = 0
2022-05-17 12:15:39 verify_x509_name = '[UNDEF]'
2022-05-17 12:15:39 crl_file = '[UNDEF]'
2022-05-17 12:15:39 ns_cert_type = 0
2022-05-17 12:15:39 remote_cert_ku[i] = 65535
2022-05-17 12:15:39 remote_cert_ku[i] = 0
2022-05-17 12:15:39 remote_cert_ku[i] = 0
2022-05-17 12:15:39 remote_cert_ku[i] = 0
2022-05-17 12:15:39 remote_cert_ku[i] = 0
2022-05-17 12:15:39 remote_cert_ku[i] = 0
2022-05-17 12:15:39 remote_cert_ku[i] = 0
2022-05-17 12:15:39 remote_cert_ku[i] = 0
2022-05-17 12:15:39 remote_cert_ku[i] = 0
2022-05-17 12:15:39 remote_cert_ku[i] = 0
2022-05-17 12:15:39 remote_cert_ku[i] = 0
2022-05-17 12:15:39 remote_cert_ku[i] = 0
2022-05-17 12:15:39 remote_cert_ku[i] = 0
2022-05-17 12:15:39 remote_cert_ku[i] = 0
2022-05-17 12:15:39 remote_cert_ku[i] = 0
2022-05-17 12:15:39 remote_cert_ku[i] = 0
2022-05-17 12:15:39 remote_cert_eku = 'TLS Web Server Authentication'
2022-05-17 12:15:39 ssl_flags = 192
2022-05-17 12:15:39 tls_timeout = 2
2022-05-17 12:15:39 renegotiate_bytes = -1
2022-05-17 12:15:39 renegotiate_packets = 0
2022-05-17 12:15:39 renegotiate_seconds = 3600
2022-05-17 12:15:39 handshake_window = 60
2022-05-17 12:15:39 transition_window = 3600
2022-05-17 12:15:39 single_session = DISABLED
2022-05-17 12:15:39 push_peer_info = ENABLED
2022-05-17 12:15:39 tls_exit = DISABLED
2022-05-17 12:15:39 tls_crypt_v2_metadata = '[UNDEF]'
2022-05-17 12:15:39 server_network = 0.0.0.0
2022-05-17 12:15:39 server_netmask = 0.0.0.0
2022-05-17 12:15:39 server_network_ipv6 = ::
2022-05-17 12:15:39 server_netbits_ipv6 = 0
2022-05-17 12:15:39 server_bridge_ip = 0.0.0.0
2022-05-17 12:15:39 server_bridge_netmask = 0.0.0.0
2022-05-17 12:15:39 server_bridge_pool_start = 0.0.0.0
2022-05-17 12:15:39 server_bridge_pool_end = 0.0.0.0
2022-05-17 12:15:39 ifconfig_pool_defined = DISABLED
2022-05-17 12:15:39 ifconfig_pool_start = 0.0.0.0
2022-05-17 12:15:39 ifconfig_pool_end = 0.0.0.0
2022-05-17 12:15:39 ifconfig_pool_netmask = 0.0.0.0
2022-05-17 12:15:39 ifconfig_pool_persist_filename = '[UNDEF]'
2022-05-17 12:15:39 ifconfig_pool_persist_refresh_freq = 600
2022-05-17 12:15:39 ifconfig_ipv6_pool_defined = DISABLED
2022-05-17 12:15:39 ifconfig_ipv6_pool_base = ::
2022-05-17 12:15:39 ifconfig_ipv6_pool_netbits = 0
2022-05-17 12:15:39 n_bcast_buf = 256
2022-05-17 12:15:39 tcp_queue_limit = 64
2022-05-17 12:15:39 real_hash_size = 256
2022-05-17 12:15:39 virtual_hash_size = 256
2022-05-17 12:15:39 client_connect_script = '[UNDEF]'
2022-05-17 12:15:39 learn_address_script = '[UNDEF]'
2022-05-17 12:15:39 client_disconnect_script = '[UNDEF]'
2022-05-17 12:15:39 client_config_dir = '[UNDEF]'
2022-05-17 12:15:39 ccd_exclusive = DISABLED
2022-05-17 12:15:39 tmp_dir = '/data/data/de.blinkt.openvpn/cache'
2022-05-17 12:15:39 push_ifconfig_defined = DISABLED
2022-05-17 12:15:39 push_ifconfig_local = 0.0.0.0
2022-05-17 12:15:39 push_ifconfig_remote_netmask = 0.0.0.0
2022-05-17 12:15:39 push_ifconfig_ipv6_defined = DISABLED
2022-05-17 12:15:39 push_ifconfig_ipv6_local = ::/0
2022-05-17 12:15:39 push_ifconfig_ipv6_remote = ::
2022-05-17 12:15:39 enable_c2c = DISABLED
2022-05-17 12:15:39 duplicate_cn = DISABLED
2022-05-17 12:15:39 cf_max = 0
2022-05-17 12:15:39 cf_per = 0
2022-05-17 12:15:39 max_clients = 1024
2022-05-17 12:15:39 max_routes_per_client = 256
2022-05-17 12:15:39 auth_user_pass_verify_script = '[UNDEF]'
2022-05-17 12:15:39 auth_user_pass_verify_script_via_file = DISABLED
2022-05-17 12:15:39 auth_token_generate = DISABLED
2022-05-17 12:15:39 auth_token_lifetime = 0
2022-05-17 12:15:39 auth_token_secret_file = '[UNDEF]'
2022-05-17 12:15:39 port_share_host = '[UNDEF]'
2022-05-17 12:15:39 port_share_port = '[UNDEF]'
2022-05-17 12:15:39 vlan_tagging = DISABLED
2022-05-17 12:15:39 vlan_accept = all
2022-05-17 12:15:39 vlan_pvid = 1
2022-05-17 12:15:39 client = ENABLED
2022-05-17 12:15:39 pull = ENABLED
2022-05-17 12:15:39 auth_user_pass_file = '[UNDEF]'
2022-05-17 12:15:39 OpenVPN 2.6-icsopenvpn [git:icsopenvpn/v0.7.37-0-g53560170] arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 7 2022
2022-05-17 12:15:39 library versions: OpenSSL 3.0.3 3 May 2022, LZO 2.10
2022-05-17 12:15:39 Waiting 0s seconds between connection attempt
2022-05-17 12:15:39 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
2022-05-17 12:15:39 MANAGEMENT: CMD 'version 3'
2022-05-17 12:15:39 MANAGEMENT: CMD 'hold release'
2022-05-17 12:15:39 MANAGEMENT: CMD 'bytecount 2'
2022-05-17 12:15:39 MANAGEMENT: CMD 'state on'
2022-05-17 12:15:39 MANAGEMENT: CMD 'proxy NONE'
2022-05-17 12:15:40 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-05-17 12:15:40 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA2-256' for HMAC authentication
2022-05-17 12:15:40 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-05-17 12:15:40 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA2-256' for HMAC authentication
2022-05-17 12:15:40 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 headroom:126 payload:1600 tailroom:126 ET:0 ]
2022-05-17 12:15:40 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 headroom:136 payload:1736 tailroom:557 ET:0 ]
2022-05-17 12:15:40 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1551,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
2022-05-17 12:15:40 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1551,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
2022-05-17 12:15:40 TCP/UDP: Preserving recently used remote address: [AF_INET]XXXXXXXX
2022-05-17 12:15:40 Socket Buffers: R=[1048576->1048576] S=[524288->524288]
2022-05-17 12:15:40 Attempting to establish TCP connection with [AF_INET]XXXXXXXX
2022-05-17 12:15:40 MANAGEMENT: >STATE:1652778940,TCP_CONNECT,,,,,,
2022-05-17 12:15:40 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
OpenVPN Server Version
OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc [email protected]
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=yes enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_maintainer_mode=no enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_sysroot=no
My server config
port 11443
proto tcp
dev tun
ca server/ca.crt
cert server/server.crt
key server/server.key # This file should be kept secret
dh none
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 1.1.1.1"
keepalive 10 120
tls-crypt server/ta.key
cipher AES-256-GCM
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 4
explicit-exit-notify 0
Not sure how I could get app to connect
Beta Was this translation helpful? Give feedback.
All reactions