Ticket #850: vpn.log

File vpn.log, 12.8 KB (added by mario.lipinski, 5 years ago)
Line 
1Fri Mar 03 22:33:36 2017 Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
2Fri Mar 03 22:33:36 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017
3Fri Mar 03 22:33:36 2017 Windows version 6.2 (Windows 8 or greater) 64bit
4Fri Mar 03 22:33:36 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
5Enter Management Password:
6Fri Mar 03 22:33:36 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
7Fri Mar 03 22:33:36 2017 Need hold release from management interface, waiting...
8Fri Mar 03 22:33:36 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
9Fri Mar 03 22:33:36 2017 MANAGEMENT: CMD 'state on'
10Fri Mar 03 22:33:36 2017 MANAGEMENT: CMD 'log all on'
11Fri Mar 03 22:33:36 2017 MANAGEMENT: CMD 'hold off'
12Fri Mar 03 22:33:36 2017 MANAGEMENT: CMD 'hold release'
13Fri Mar 03 22:33:46 2017 MANAGEMENT: CMD 'username "Auth" "mario.lipinski"'
14Fri Mar 03 22:33:46 2017 MANAGEMENT: CMD 'password [...]'
15Fri Mar 03 22:33:46 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
16Fri Mar 03 22:33:46 2017 MANAGEMENT: >STATE:1488576826,RESOLVE,,,,,,
17Fri Mar 03 22:33:46 2017 TCP/UDP: Preserving recently used remote address: [AF_INET6]2003:a:FFFF:3b00::1:1195
18Fri Mar 03 22:33:46 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
19Fri Mar 03 22:33:46 2017 UDP link local: (not bound)
20Fri Mar 03 22:33:46 2017 UDP link remote: [AF_INET6]2003:a:FFFF:3b00::1:1195
21Fri Mar 03 22:33:46 2017 MANAGEMENT: >STATE:1488576826,WAIT,,,,,,
22Fri Mar 03 22:33:46 2017 MANAGEMENT: >STATE:1488576826,AUTH,,,,,,
23Fri Mar 03 22:33:46 2017 TLS: Initial packet from [AF_INET6]2003:a:FFFF:3b00::1:1195, sid=a478481e 3b89de46
24Fri Mar 03 22:33:46 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
25Fri Mar 03 22:33:47 2017 VERIFY OK: depth=2, O=Digital Signature Trust Co., CN=DST Root CA X3
26Fri Mar 03 22:33:47 2017 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
27Fri Mar 03 22:33:47 2017 VERIFY OK: depth=0, CN=router.XXXXX.eu
28Fri Mar 03 22:33:47 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
29Fri Mar 03 22:33:47 2017 [router.XXXXX.eu] Peer Connection Initiated with [AF_INET6]2003:a:FFFF:3b00::1:1195
30Fri Mar 03 22:33:48 2017 MANAGEMENT: >STATE:1488576828,GET_CONFIG,,,,,,
31Fri Mar 03 22:33:48 2017 SENT CONTROL [router.XXXXX.eu]: 'PUSH_REQUEST' (status=1)
32Fri Mar 03 22:33:48 2017 PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 fdb9:5c47:ABCD:fe03::1001/64 fdb9:5c47:ABCD:fe03::1,route 10.0.0.0 255.255.0.0,route-ipv6 fdb9:5c47:ABCD::/48,route-ipv6 2003:a:FFFF:3b00::/56,dhcp-option DNS 172.21.3.1,dhcp-option DNS fdb9:5c47:ABCD:fe03::1,tun-ipv6,route 172.21.3.1,topology net30,ping 30,ping-restart 120,ifconfig 172.21.3.10 172.21.3.9'
33Fri Mar 03 22:33:48 2017 Options error: dhcp-option parameter DNS 'fdb9:5c47:ABCD:fe03::1' must be an IP address
34Fri Mar 03 22:33:48 2017 Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
35Fri Mar 03 22:33:48 2017 OPTIONS IMPORT: timers and/or timeouts modified
36Fri Mar 03 22:33:48 2017 OPTIONS IMPORT: --ifconfig/up options modified
37Fri Mar 03 22:33:48 2017 OPTIONS IMPORT: route options modified
38Fri Mar 03 22:33:48 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
39Fri Mar 03 22:33:48 2017 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
40Fri Mar 03 22:33:48 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
41Fri Mar 03 22:33:48 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
42Fri Mar 03 22:33:48 2017 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
43Fri Mar 03 22:33:48 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
44Fri Mar 03 22:33:48 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
45Fri Mar 03 22:33:48 2017 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
46Fri Mar 03 22:33:48 2017 interactive service msg_channel=608
47Fri Mar 03 22:33:48 2017 ROUTE_GATEWAY 192.168.83.1/255.255.255.0 I=8 HWADDR=f0:de:f1:9b:01:fa
48Fri Mar 03 22:33:48 2017 GDG6: remote_host_ipv6=2003:a:FFFF:3b00::1
49Fri Mar 03 22:33:48 2017 GetBestInterfaceEx() returned if=8
50Fri Mar 03 22:33:48 2017 GDG6: II=8 DP=::/0 NH=fe80::1
51Fri Mar 03 22:33:48 2017 GDG6: Metric=16, Loopback=0, AA=1, I=0
52Fri Mar 03 22:33:48 2017 ROUTE6_GATEWAY fe80::1 I=8
53Fri Mar 03 22:33:48 2017 ROUTE6: 2003:a:FFFF:3b00::/56 overlaps IPv6 remote 2003:a:FFFF:3b00::1, adding host route to VPN endpoint
54Fri Mar 03 22:33:48 2017 open_tun
55Fri Mar 03 22:33:48 2017 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{B8C82604-F99B-4C8E-856F-A18ADAC98159}.tap
56Fri Mar 03 22:33:48 2017 TAP-Windows Driver Version 9.21
57Fri Mar 03 22:33:48 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.21.3.10/255.255.255.252 on interface {B8C82604-F99B-4C8E-856F-A18ADAC98159} [DHCP-serv: 172.21.3.9, lease-time: 31536000]
58Fri Mar 03 22:33:48 2017 Successful ARP Flush on interface [46] {B8C82604-F99B-4C8E-856F-A18ADAC98159}
59Fri Mar 03 22:33:48 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
60Fri Mar 03 22:33:48 2017 MANAGEMENT: >STATE:1488576828,ASSIGN_IP,,172.21.3.10,,,,,fdb9:5c47:ABCD:fe03::1001
61Fri Mar 03 22:33:48 2017 add_route_ipv6(fdb9:5c47:ABCD:fe03::/64 -> fdb9:5c47:ABCD:fe03::1001 metric 0) dev Ethernet 2
62Fri Mar 03 22:33:48 2017 IPv6 route addition via service succeeded
63Fri Mar 03 22:33:54 2017 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
64Fri Mar 03 22:33:54 2017 MANAGEMENT: >STATE:1488576834,ADD_ROUTES,,,,,,
65Fri Mar 03 22:33:54 2017 C:\WINDOWS\system32\route.exe ADD 10.0.0.0 MASK 255.255.0.0 172.21.3.9
66Fri Mar 03 22:33:54 2017 Route addition via service succeeded
67Fri Mar 03 22:33:54 2017 C:\WINDOWS\system32\route.exe ADD 172.21.3.1 MASK 255.255.255.255 172.21.3.9
68Fri Mar 03 22:33:54 2017 Route addition via service succeeded
69Fri Mar 03 22:33:54 2017 add_route_ipv6(2003:a:FFFF:3b00::1/128 -> fe80::1 metric 1) dev Ethernet 2
70Fri Mar 03 22:33:54 2017 IPv6 route addition via service succeeded
71Fri Mar 03 22:33:54 2017 add_route_ipv6(fdb9:5c47:ABCD::/48 -> fdb9:5c47:ABCD:fe03::1 metric -1) dev Ethernet 2
72Fri Mar 03 22:33:54 2017 IPv6 route addition via service succeeded
73Fri Mar 03 22:33:54 2017 add_route_ipv6(2003:a:FFFF:3b00::/56 -> fdb9:5c47:ABCD:fe03::1 metric -1) dev Ethernet 2
74Fri Mar 03 22:33:54 2017 IPv6 route addition via service succeeded
75Fri Mar 03 22:33:54 2017 Initialization Sequence Completed
76Fri Mar 03 22:33:54 2017 MANAGEMENT: >STATE:1488576834,CONNECTED,SUCCESS,172.21.3.10,2003:a:FFFF:3b00::1,1195,,,fdb9:5c47:ABCD:fe03::1001
77Fri Mar 03 22:39:48 2017 [router.XXXXX.eu] Inactivity timeout (--ping-restart), restarting
78Fri Mar 03 22:39:48 2017 SIGUSR1[soft,ping-restart] received, process restarting
79Fri Mar 03 22:39:48 2017 MANAGEMENT: >STATE:1488577188,RECONNECTING,ping-restart,,,,,
80Fri Mar 03 22:39:48 2017 Restart pause, 5 second(s)
81Fri Mar 03 22:39:53 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
82Fri Mar 03 22:39:53 2017 TCP/UDP: Preserving recently used remote address: [AF_INET6]2003:a:FFFF:3b00::1:1195
83Fri Mar 03 22:39:53 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
84Fri Mar 03 22:39:53 2017 UDP link local: (not bound)
85Fri Mar 03 22:39:53 2017 UDP link remote: [AF_INET6]2003:a:FFFF:3b00::1:1195
86Fri Mar 03 22:39:53 2017 MANAGEMENT: >STATE:1488577193,WAIT,,,,,,
87Fri Mar 03 22:40:54 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
88Fri Mar 03 22:40:54 2017 TLS Error: TLS handshake failed
89Fri Mar 03 22:40:54 2017 SIGUSR1[soft,tls-error] received, process restarting
90Fri Mar 03 22:40:54 2017 MANAGEMENT: >STATE:1488577254,RECONNECTING,tls-error,,,,,
91Fri Mar 03 22:40:54 2017 Restart pause, 5 second(s)
92Fri Mar 03 22:40:59 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
93Fri Mar 03 22:40:59 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]217.91.34.93:1195
94Fri Mar 03 22:40:59 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
95Fri Mar 03 22:40:59 2017 UDP link local: (not bound)
96Fri Mar 03 22:40:59 2017 UDP link remote: [AF_INET]217.91.34.93:1195
97Fri Mar 03 22:40:59 2017 MANAGEMENT: >STATE:1488577259,WAIT,,,,,,
98Fri Mar 03 22:40:59 2017 MANAGEMENT: >STATE:1488577259,AUTH,,,,,,
99Fri Mar 03 22:40:59 2017 TLS: Initial packet from [AF_INET]217.91.34.93:1195, sid=6044809d fe48e399
100Fri Mar 03 22:40:59 2017 VERIFY OK: depth=2, O=Digital Signature Trust Co., CN=DST Root CA X3
101Fri Mar 03 22:40:59 2017 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
102Fri Mar 03 22:40:59 2017 VERIFY OK: depth=0, CN=router.XXXXX.eu
103Fri Mar 03 22:40:59 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
104Fri Mar 03 22:40:59 2017 [router.XXXXX.eu] Peer Connection Initiated with [AF_INET]217.91.34.93:1195
105Fri Mar 03 22:41:00 2017 MANAGEMENT: >STATE:1488577260,GET_CONFIG,,,,,,
106Fri Mar 03 22:41:00 2017 SENT CONTROL [router.XXXXX.eu]: 'PUSH_REQUEST' (status=1)
107Fri Mar 03 22:41:00 2017 PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 fdb9:5c47:ABCD:fe03::1001/64 fdb9:5c47:ABCD:fe03::1,route 10.0.0.0 255.255.0.0,route-ipv6 fdb9:5c47:ABCD::/48,route-ipv6 2003:a:FFFF:3b00::/56,dhcp-option DNS 172.21.3.1,dhcp-option DNS fdb9:5c47:ABCD:fe03::1,tun-ipv6,route 172.21.3.1,topology net30,ping 30,ping-restart 120,ifconfig 172.21.3.10 172.21.3.9'
108Fri Mar 03 22:41:00 2017 Options error: dhcp-option parameter DNS 'fdb9:5c47:ABCD:fe03::1' must be an IP address
109Fri Mar 03 22:41:00 2017 Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
110Fri Mar 03 22:41:00 2017 OPTIONS IMPORT: timers and/or timeouts modified
111Fri Mar 03 22:41:00 2017 OPTIONS IMPORT: --ifconfig/up options modified
112Fri Mar 03 22:41:00 2017 OPTIONS IMPORT: route options modified
113Fri Mar 03 22:41:00 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
114Fri Mar 03 22:41:00 2017 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
115Fri Mar 03 22:41:00 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
116Fri Mar 03 22:41:00 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
117Fri Mar 03 22:41:00 2017 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
118Fri Mar 03 22:41:00 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
119Fri Mar 03 22:41:00 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
120Fri Mar 03 22:41:00 2017 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
121Fri Mar 03 22:41:00 2017 Preserving previous TUN/TAP instance: Ethernet 2
122Fri Mar 03 22:41:00 2017 Initialization Sequence Completed
123Fri Mar 03 22:41:00 2017 MANAGEMENT: >STATE:1488577260,CONNECTED,SUCCESS,172.21.3.10,217.91.34.93,1195,,,fdb9:5c47:ABCD:fe03::1001
124Fri Mar 03 23:40:59 2017 TLS: soft reset sec=0 bytes=185359/67108864 pkts=1143/0
125Fri Mar 03 23:40:59 2017 VERIFY OK: depth=2, O=Digital Signature Trust Co., CN=DST Root CA X3
126Fri Mar 03 23:40:59 2017 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
127Fri Mar 03 23:40:59 2017 VERIFY OK: depth=0, CN=router.XXXXX.eu
128Fri Mar 03 23:40:59 2017 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
129Fri Mar 03 23:40:59 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
130Fri Mar 03 23:40:59 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
131Fri Mar 03 23:40:59 2017 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
132Fri Mar 03 23:40:59 2017 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
133Fri Mar 03 23:40:59 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
134Fri Mar 03 23:40:59 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA