Tue Aug 15 17:07:31 2017 OpenVPN 2.4.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 20 2017 Tue Aug 15 17:07:31 2017 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Tue Aug 15 17:07:31 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Tue Aug 15 17:07:31 2017 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication Tue Aug 15 17:07:31 2017 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication Tue Aug 15 17:07:31 2017 nice 5 succeeded Tue Aug 15 17:07:31 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]SERVER_IP_HERE:443 Tue Aug 15 17:07:31 2017 Socket Buffers: R=[212992->212992] S=[212992->212992] Tue Aug 15 17:07:31 2017 UDPv4 link local: (not bound) Tue Aug 15 17:07:31 2017 UDPv4 link remote: [AF_INET]SERVER_IP_HERE:443 Tue Aug 15 17:07:31 2017 TLS: Initial packet from [AF_INET]SERVER_IP_HERE:443, sid=4660fc3a fd328279 Tue Aug 15 17:07:31 2017 VERIFY OK: depth=1, CN=Easy-RSA CA Tue Aug 15 17:07:31 2017 VERIFY KU OK Tue Aug 15 17:07:31 2017 Validating certificate extended key usage Tue Aug 15 17:07:31 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Tue Aug 15 17:07:31 2017 VERIFY EKU OK Tue Aug 15 17:07:31 2017 VERIFY OK: depth=0, CN=server Tue Aug 15 17:07:32 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Tue Aug 15 17:07:32 2017 [server] Peer Connection Initiated with [AF_INET]SERVER_IP_HERE:443 Tue Aug 15 17:07:33 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Tue Aug 15 17:07:33 2017 PUSH: Received control message: 'PUSH_REPLY,comp-lzo adaptive,route-gateway 172.16.16.1,topology subnet,ping 10,ping-restart 40,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 208.67.222.222,ifconfig 172.16.16.2 255.255.255.0,peer-id 1,cipher AES-256-GCM' Tue Aug 15 17:07:33 2017 OPTIONS IMPORT: timers and/or timeouts modified Tue Aug 15 17:07:33 2017 OPTIONS IMPORT: compression parms modified Tue Aug 15 17:07:33 2017 OPTIONS IMPORT: --ifconfig/up options modified Tue Aug 15 17:07:33 2017 OPTIONS IMPORT: route options modified Tue Aug 15 17:07:33 2017 OPTIONS IMPORT: route-related options modified Tue Aug 15 17:07:33 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Tue Aug 15 17:07:33 2017 OPTIONS IMPORT: peer-id set Tue Aug 15 17:07:33 2017 OPTIONS IMPORT: WARNING: peer-id set, but link-mtu fixed by config - reducing tun-mtu to 1295, expect MTU problems Tue Aug 15 17:07:33 2017 OPTIONS IMPORT: data channel crypto options modified Tue Aug 15 17:07:33 2017 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key Tue Aug 15 17:07:33 2017 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key Tue Aug 15 17:07:33 2017 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=eth0 HWADDR=34:23:87:96:6d:cf Tue Aug 15 17:07:33 2017 TUN/TAP device tun0 opened Tue Aug 15 17:07:33 2017 TUN/TAP TX queue length set to 100 Tue Aug 15 17:07:33 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Tue Aug 15 17:07:33 2017 /sbin/ip link set dev tun0 up mtu 1367 Tue Aug 15 17:07:33 2017 /sbin/ip addr add dev tun0 172.16.16.2/24 broadcast 172.16.16.255 Tue Aug 15 17:07:33 2017 up.sh tun0 1367 1420 172.16.16.2 255.255.255.0 init BASH=/bin/bash BASHOPTS=cmdhist:complete_fullquote:extquote:force_fignore:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath BASH_ALIASES=() BASH_ARGC=([0]="6") BASH_ARGV=([0]="init" [1]="255.255.255.0" [2]="172.16.16.2" [3]="1420" [4]="1367" [5]="tun0") BASH_CMDS=() BASH_LINENO=([0]="0") BASH_SOURCE=([0]="up.sh") BASH_VERSINFO=([0]="4" [1]="3" [2]="48" [3]="1" [4]="release" [5]="x86_64-pc-linux-gnu") BASH_VERSION='4.3.48(1)-release' DIRSTACK=() EUID=0 GROUPS=() HOSTNAME=SOMEHOST HOSTTYPE=x86_64 IFS=' ' MACHTYPE=x86_64-pc-linux-gnu OPTERR=1 OPTIND=1 OSTYPE=linux-gnu PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:. PIPESTATUS=([0]="0") POSIXLY_CORRECT=y PPID=16131 PS4='+ ' PWD=/some/path SHELL=/bin/bash SHELLOPTS=braceexpand:hashall:interactive-comments:posix SHLVL=1 TERM=dumb UID=0 X509_0_CN=server X509_1_CN='Easy-RSA CA' _=posix common_name=server config=client.conf daemon=0 daemon_log_redirect=0 daemon_pid=16131 daemon_start_time=1502791651 dev=tun0 dev_type=tun foreign_option_1='dhcp-option DNS 8.8.8.8' foreign_option_2='dhcp-option DNS 208.67.222.222' ifconfig_broadcast=172.16.16.255 ifconfig_local=172.16.16.2 ifconfig_netmask=255.255.255.0 link_mtu=1420 proto_1=udp4 proto_2=tcp4-client remote_1=SERVER_IP_HERE remote_2=SERVER_IP_HERE remote_port_1=443 remote_port_2=443 route_net_gateway=192.168.0.1 route_vpn_gateway=172.16.16.1 script_context=init script_type=up tls_digest_0=4a:f3:c3:b1:a6:6f:90:a0:29:f0:ec:cd:f6:17:87:2c:ab:04:ce:a6 tls_digest_1=0b:73:36:b4:3e:b6:af:e8:a8:81:b0:de:ae:1a:8a:76:c1:5b:25:b4 tls_digest_sha256_0=1f:d1:21:ee:1b:2e:8e:fa:76:75:d2:d7:3d:d3:d7:d4:34:8d:c8:ca:c1:65:6b:83:87:39:5b:b9:c1:00:cf:7a tls_digest_sha256_1=fa:2c:1e:da:f6:80:ee:88:97:88:1d:e0:1d:ad:74:8c:80:5b:57:c8:a0:df:4c:d6:99:75:4d:b7:3b:93:03:47 tls_id_0=CN=server tls_id_1='CN=Easy-RSA CA' tls_serial_0=1 tls_serial_1=14638174323727231863 tls_serial_hex_0=01 tls_serial_hex_1=cb:25:3d:fd:b6:01:6b:77 trusted_ip=SERVER_IP_HERE trusted_port=443 tun_mtu=1367 untrusted_ip=SERVER_IP_HERE untrusted_port=443 verb=3 Tue Aug 15 17:07:33 2017 /sbin/ip route add SERVER_IP_HERE/32 via 192.168.0.1 Tue Aug 15 17:07:33 2017 /sbin/ip route add 0.0.0.0/1 via 172.16.16.1 Tue Aug 15 17:07:33 2017 /sbin/ip route add 128.0.0.0/1 via 172.16.16.1 Tue Aug 15 17:07:33 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Tue Aug 15 17:07:33 2017 Initialization Sequence Completed