1 | Fri Mar 03 22:33:36 2017 Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore. |
---|
2 | Fri Mar 03 22:33:36 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017 |
---|
3 | Fri Mar 03 22:33:36 2017 Windows version 6.2 (Windows 8 or greater) 64bit |
---|
4 | Fri Mar 03 22:33:36 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09 |
---|
5 | Enter Management Password: |
---|
6 | Fri Mar 03 22:33:36 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340 |
---|
7 | Fri Mar 03 22:33:36 2017 Need hold release from management interface, waiting... |
---|
8 | Fri Mar 03 22:33:36 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340 |
---|
9 | Fri Mar 03 22:33:36 2017 MANAGEMENT: CMD 'state on' |
---|
10 | Fri Mar 03 22:33:36 2017 MANAGEMENT: CMD 'log all on' |
---|
11 | Fri Mar 03 22:33:36 2017 MANAGEMENT: CMD 'hold off' |
---|
12 | Fri Mar 03 22:33:36 2017 MANAGEMENT: CMD 'hold release' |
---|
13 | Fri Mar 03 22:33:46 2017 MANAGEMENT: CMD 'username "Auth" "mario.lipinski"' |
---|
14 | Fri Mar 03 22:33:46 2017 MANAGEMENT: CMD 'password [...]' |
---|
15 | Fri Mar 03 22:33:46 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. |
---|
16 | Fri Mar 03 22:33:46 2017 MANAGEMENT: >STATE:1488576826,RESOLVE,,,,,, |
---|
17 | Fri Mar 03 22:33:46 2017 TCP/UDP: Preserving recently used remote address: [AF_INET6]2003:a:FFFF:3b00::1:1195 |
---|
18 | Fri Mar 03 22:33:46 2017 Socket Buffers: R=[65536->65536] S=[65536->65536] |
---|
19 | Fri Mar 03 22:33:46 2017 UDP link local: (not bound) |
---|
20 | Fri Mar 03 22:33:46 2017 UDP link remote: [AF_INET6]2003:a:FFFF:3b00::1:1195 |
---|
21 | Fri Mar 03 22:33:46 2017 MANAGEMENT: >STATE:1488576826,WAIT,,,,,, |
---|
22 | Fri Mar 03 22:33:46 2017 MANAGEMENT: >STATE:1488576826,AUTH,,,,,, |
---|
23 | Fri Mar 03 22:33:46 2017 TLS: Initial packet from [AF_INET6]2003:a:FFFF:3b00::1:1195, sid=a478481e 3b89de46 |
---|
24 | Fri Mar 03 22:33:46 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this |
---|
25 | Fri Mar 03 22:33:47 2017 VERIFY OK: depth=2, O=Digital Signature Trust Co., CN=DST Root CA X3 |
---|
26 | Fri Mar 03 22:33:47 2017 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 |
---|
27 | Fri Mar 03 22:33:47 2017 VERIFY OK: depth=0, CN=router.XXXXX.eu |
---|
28 | Fri Mar 03 22:33:47 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA |
---|
29 | Fri Mar 03 22:33:47 2017 [router.XXXXX.eu] Peer Connection Initiated with [AF_INET6]2003:a:FFFF:3b00::1:1195 |
---|
30 | Fri Mar 03 22:33:48 2017 MANAGEMENT: >STATE:1488576828,GET_CONFIG,,,,,, |
---|
31 | Fri Mar 03 22:33:48 2017 SENT CONTROL [router.XXXXX.eu]: 'PUSH_REQUEST' (status=1) |
---|
32 | Fri Mar 03 22:33:48 2017 PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 fdb9:5c47:ABCD:fe03::1001/64 fdb9:5c47:ABCD:fe03::1,route 10.0.0.0 255.255.0.0,route-ipv6 fdb9:5c47:ABCD::/48,route-ipv6 2003:a:FFFF:3b00::/56,dhcp-option DNS 172.21.3.1,dhcp-option DNS fdb9:5c47:ABCD:fe03::1,tun-ipv6,route 172.21.3.1,topology net30,ping 30,ping-restart 120,ifconfig 172.21.3.10 172.21.3.9' |
---|
33 | Fri Mar 03 22:33:48 2017 Options error: dhcp-option parameter DNS 'fdb9:5c47:ABCD:fe03::1' must be an IP address |
---|
34 | Fri Mar 03 22:33:48 2017 Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore. |
---|
35 | Fri Mar 03 22:33:48 2017 OPTIONS IMPORT: timers and/or timeouts modified |
---|
36 | Fri Mar 03 22:33:48 2017 OPTIONS IMPORT: --ifconfig/up options modified |
---|
37 | Fri Mar 03 22:33:48 2017 OPTIONS IMPORT: route options modified |
---|
38 | Fri Mar 03 22:33:48 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified |
---|
39 | Fri Mar 03 22:33:48 2017 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key |
---|
40 | Fri Mar 03 22:33:48 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). |
---|
41 | Fri Mar 03 22:33:48 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication |
---|
42 | Fri Mar 03 22:33:48 2017 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key |
---|
43 | Fri Mar 03 22:33:48 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). |
---|
44 | Fri Mar 03 22:33:48 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication |
---|
45 | Fri Mar 03 22:33:48 2017 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks. |
---|
46 | Fri Mar 03 22:33:48 2017 interactive service msg_channel=608 |
---|
47 | Fri Mar 03 22:33:48 2017 ROUTE_GATEWAY 192.168.83.1/255.255.255.0 I=8 HWADDR=f0:de:f1:9b:01:fa |
---|
48 | Fri Mar 03 22:33:48 2017 GDG6: remote_host_ipv6=2003:a:FFFF:3b00::1 |
---|
49 | Fri Mar 03 22:33:48 2017 GetBestInterfaceEx() returned if=8 |
---|
50 | Fri Mar 03 22:33:48 2017 GDG6: II=8 DP=::/0 NH=fe80::1 |
---|
51 | Fri Mar 03 22:33:48 2017 GDG6: Metric=16, Loopback=0, AA=1, I=0 |
---|
52 | Fri Mar 03 22:33:48 2017 ROUTE6_GATEWAY fe80::1 I=8 |
---|
53 | Fri Mar 03 22:33:48 2017 ROUTE6: 2003:a:FFFF:3b00::/56 overlaps IPv6 remote 2003:a:FFFF:3b00::1, adding host route to VPN endpoint |
---|
54 | Fri Mar 03 22:33:48 2017 open_tun |
---|
55 | Fri Mar 03 22:33:48 2017 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{B8C82604-F99B-4C8E-856F-A18ADAC98159}.tap |
---|
56 | Fri Mar 03 22:33:48 2017 TAP-Windows Driver Version 9.21 |
---|
57 | Fri Mar 03 22:33:48 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.21.3.10/255.255.255.252 on interface {B8C82604-F99B-4C8E-856F-A18ADAC98159} [DHCP-serv: 172.21.3.9, lease-time: 31536000] |
---|
58 | Fri Mar 03 22:33:48 2017 Successful ARP Flush on interface [46] {B8C82604-F99B-4C8E-856F-A18ADAC98159} |
---|
59 | Fri Mar 03 22:33:48 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=1 |
---|
60 | Fri Mar 03 22:33:48 2017 MANAGEMENT: >STATE:1488576828,ASSIGN_IP,,172.21.3.10,,,,,fdb9:5c47:ABCD:fe03::1001 |
---|
61 | Fri Mar 03 22:33:48 2017 add_route_ipv6(fdb9:5c47:ABCD:fe03::/64 -> fdb9:5c47:ABCD:fe03::1001 metric 0) dev Ethernet 2 |
---|
62 | Fri Mar 03 22:33:48 2017 IPv6 route addition via service succeeded |
---|
63 | Fri Mar 03 22:33:54 2017 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up |
---|
64 | Fri Mar 03 22:33:54 2017 MANAGEMENT: >STATE:1488576834,ADD_ROUTES,,,,,, |
---|
65 | Fri Mar 03 22:33:54 2017 C:\WINDOWS\system32\route.exe ADD 10.0.0.0 MASK 255.255.0.0 172.21.3.9 |
---|
66 | Fri Mar 03 22:33:54 2017 Route addition via service succeeded |
---|
67 | Fri Mar 03 22:33:54 2017 C:\WINDOWS\system32\route.exe ADD 172.21.3.1 MASK 255.255.255.255 172.21.3.9 |
---|
68 | Fri Mar 03 22:33:54 2017 Route addition via service succeeded |
---|
69 | Fri Mar 03 22:33:54 2017 add_route_ipv6(2003:a:FFFF:3b00::1/128 -> fe80::1 metric 1) dev Ethernet 2 |
---|
70 | Fri Mar 03 22:33:54 2017 IPv6 route addition via service succeeded |
---|
71 | Fri Mar 03 22:33:54 2017 add_route_ipv6(fdb9:5c47:ABCD::/48 -> fdb9:5c47:ABCD:fe03::1 metric -1) dev Ethernet 2 |
---|
72 | Fri Mar 03 22:33:54 2017 IPv6 route addition via service succeeded |
---|
73 | Fri Mar 03 22:33:54 2017 add_route_ipv6(2003:a:FFFF:3b00::/56 -> fdb9:5c47:ABCD:fe03::1 metric -1) dev Ethernet 2 |
---|
74 | Fri Mar 03 22:33:54 2017 IPv6 route addition via service succeeded |
---|
75 | Fri Mar 03 22:33:54 2017 Initialization Sequence Completed |
---|
76 | Fri Mar 03 22:33:54 2017 MANAGEMENT: >STATE:1488576834,CONNECTED,SUCCESS,172.21.3.10,2003:a:FFFF:3b00::1,1195,,,fdb9:5c47:ABCD:fe03::1001 |
---|
77 | Fri Mar 03 22:39:48 2017 [router.XXXXX.eu] Inactivity timeout (--ping-restart), restarting |
---|
78 | Fri Mar 03 22:39:48 2017 SIGUSR1[soft,ping-restart] received, process restarting |
---|
79 | Fri Mar 03 22:39:48 2017 MANAGEMENT: >STATE:1488577188,RECONNECTING,ping-restart,,,,, |
---|
80 | Fri Mar 03 22:39:48 2017 Restart pause, 5 second(s) |
---|
81 | Fri Mar 03 22:39:53 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. |
---|
82 | Fri Mar 03 22:39:53 2017 TCP/UDP: Preserving recently used remote address: [AF_INET6]2003:a:FFFF:3b00::1:1195 |
---|
83 | Fri Mar 03 22:39:53 2017 Socket Buffers: R=[65536->65536] S=[65536->65536] |
---|
84 | Fri Mar 03 22:39:53 2017 UDP link local: (not bound) |
---|
85 | Fri Mar 03 22:39:53 2017 UDP link remote: [AF_INET6]2003:a:FFFF:3b00::1:1195 |
---|
86 | Fri Mar 03 22:39:53 2017 MANAGEMENT: >STATE:1488577193,WAIT,,,,,, |
---|
87 | Fri Mar 03 22:40:54 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) |
---|
88 | Fri Mar 03 22:40:54 2017 TLS Error: TLS handshake failed |
---|
89 | Fri Mar 03 22:40:54 2017 SIGUSR1[soft,tls-error] received, process restarting |
---|
90 | Fri Mar 03 22:40:54 2017 MANAGEMENT: >STATE:1488577254,RECONNECTING,tls-error,,,,, |
---|
91 | Fri Mar 03 22:40:54 2017 Restart pause, 5 second(s) |
---|
92 | Fri Mar 03 22:40:59 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. |
---|
93 | Fri Mar 03 22:40:59 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]217.91.34.93:1195 |
---|
94 | Fri Mar 03 22:40:59 2017 Socket Buffers: R=[65536->65536] S=[65536->65536] |
---|
95 | Fri Mar 03 22:40:59 2017 UDP link local: (not bound) |
---|
96 | Fri Mar 03 22:40:59 2017 UDP link remote: [AF_INET]217.91.34.93:1195 |
---|
97 | Fri Mar 03 22:40:59 2017 MANAGEMENT: >STATE:1488577259,WAIT,,,,,, |
---|
98 | Fri Mar 03 22:40:59 2017 MANAGEMENT: >STATE:1488577259,AUTH,,,,,, |
---|
99 | Fri Mar 03 22:40:59 2017 TLS: Initial packet from [AF_INET]217.91.34.93:1195, sid=6044809d fe48e399 |
---|
100 | Fri Mar 03 22:40:59 2017 VERIFY OK: depth=2, O=Digital Signature Trust Co., CN=DST Root CA X3 |
---|
101 | Fri Mar 03 22:40:59 2017 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 |
---|
102 | Fri Mar 03 22:40:59 2017 VERIFY OK: depth=0, CN=router.XXXXX.eu |
---|
103 | Fri Mar 03 22:40:59 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA |
---|
104 | Fri Mar 03 22:40:59 2017 [router.XXXXX.eu] Peer Connection Initiated with [AF_INET]217.91.34.93:1195 |
---|
105 | Fri Mar 03 22:41:00 2017 MANAGEMENT: >STATE:1488577260,GET_CONFIG,,,,,, |
---|
106 | Fri Mar 03 22:41:00 2017 SENT CONTROL [router.XXXXX.eu]: 'PUSH_REQUEST' (status=1) |
---|
107 | Fri Mar 03 22:41:00 2017 PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 fdb9:5c47:ABCD:fe03::1001/64 fdb9:5c47:ABCD:fe03::1,route 10.0.0.0 255.255.0.0,route-ipv6 fdb9:5c47:ABCD::/48,route-ipv6 2003:a:FFFF:3b00::/56,dhcp-option DNS 172.21.3.1,dhcp-option DNS fdb9:5c47:ABCD:fe03::1,tun-ipv6,route 172.21.3.1,topology net30,ping 30,ping-restart 120,ifconfig 172.21.3.10 172.21.3.9' |
---|
108 | Fri Mar 03 22:41:00 2017 Options error: dhcp-option parameter DNS 'fdb9:5c47:ABCD:fe03::1' must be an IP address |
---|
109 | Fri Mar 03 22:41:00 2017 Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore. |
---|
110 | Fri Mar 03 22:41:00 2017 OPTIONS IMPORT: timers and/or timeouts modified |
---|
111 | Fri Mar 03 22:41:00 2017 OPTIONS IMPORT: --ifconfig/up options modified |
---|
112 | Fri Mar 03 22:41:00 2017 OPTIONS IMPORT: route options modified |
---|
113 | Fri Mar 03 22:41:00 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified |
---|
114 | Fri Mar 03 22:41:00 2017 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key |
---|
115 | Fri Mar 03 22:41:00 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). |
---|
116 | Fri Mar 03 22:41:00 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication |
---|
117 | Fri Mar 03 22:41:00 2017 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key |
---|
118 | Fri Mar 03 22:41:00 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). |
---|
119 | Fri Mar 03 22:41:00 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication |
---|
120 | Fri Mar 03 22:41:00 2017 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks. |
---|
121 | Fri Mar 03 22:41:00 2017 Preserving previous TUN/TAP instance: Ethernet 2 |
---|
122 | Fri Mar 03 22:41:00 2017 Initialization Sequence Completed |
---|
123 | Fri Mar 03 22:41:00 2017 MANAGEMENT: >STATE:1488577260,CONNECTED,SUCCESS,172.21.3.10,217.91.34.93,1195,,,fdb9:5c47:ABCD:fe03::1001 |
---|
124 | Fri Mar 03 23:40:59 2017 TLS: soft reset sec=0 bytes=185359/67108864 pkts=1143/0 |
---|
125 | Fri Mar 03 23:40:59 2017 VERIFY OK: depth=2, O=Digital Signature Trust Co., CN=DST Root CA X3 |
---|
126 | Fri Mar 03 23:40:59 2017 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 |
---|
127 | Fri Mar 03 23:40:59 2017 VERIFY OK: depth=0, CN=router.XXXXX.eu |
---|
128 | Fri Mar 03 23:40:59 2017 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key |
---|
129 | Fri Mar 03 23:40:59 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). |
---|
130 | Fri Mar 03 23:40:59 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication |
---|
131 | Fri Mar 03 23:40:59 2017 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key |
---|
132 | Fri Mar 03 23:40:59 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). |
---|
133 | Fri Mar 03 23:40:59 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication |
---|
134 | Fri Mar 03 23:40:59 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA |
---|