id summary reporter owner description type status priority milestone component version severity resolution keywords cc 1059 Out of Memory caused by --mlock at --reneg-sec with EC cert tct "SERVER: {{{ verb 4 log defaults/108.log client-to-client cd /etc/openvpn dev tun port 11948 proto udp server 10.8.0.0 255.255.255.0 ;server-ipv6 12fc:1918::10:8:0:0/112 # https://forums.openvpn.net/viewtopic.php?f=6&t=26100&p=77744#p77744 ;server-ipv6 fda6:b39a:4037::/64 ;management 127.0.0.1 51948 client-config-dir defaults/ccd_net30 ccd-exclusive remote-cert-tls client script-security 3 auth-user-pass-optional auth-user-pass-verify defaults/auth-user-pass-verify.sh via-env client-connect defaults/client-connect.sh mlock nice -2 fast-io keepalive 15 60 reneg-sec 180 180 # 2048bit EC PKI ca ca.crt cert defs108.crt key defs108.key tls-auth ta-defs.key 0 dh dh-2048.pem }}} Note: CCD provides fixed IP only; all scripts do nothing, exit 0 CLIENT: {{{ connect-retry 10 10 ; cd /etc/openvpn dev tun108 nobind client remote-cert-tls server remote x port 11948 proto udp ; proto tcp-client log defc108.log verb 4 explicit-exit-notify 2 ; auth-user-pass /etc/openvpn/defaultc/userpass.txt user nobody group nobody ; persist-key ; persist-tun reneg-sec 0 remote-cert-tls server # Is it one of these ? mlock ; nice -2 ; fast-io # EC PKI }}} CLIENT systemd unit: {{{ [Unit] Description=OpenVPN tunnel for %I After=syslog.target network-online.target Wants=network-online.target Documentation=man:openvpn(8) Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO [Service] Type=notify PrivateTmp=true WorkingDirectory=/etc/openvpn/client #ExecStart=/usr/bin/openvpn --suppress-timestamps --nobind --config %i.conf ExecStart=/usr/bin/openvpn --config /etc/openvpn/client/defaultc.conf CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE LimitNPROC=10 LimitMEMLOCK=80M DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw ProtectSystem=true ProtectHome=true KillMode=process [Install] WantedBy=multi-user.target }}} NOTE: Increasing LimitMEMLOCK to 96M solved this problem. CLIENT LOG i Apr 20 14:10:16 2018 us=821019 Current Parameter Settings: Fri Apr 20 14:10:16 2018 us=821143 config = '/etc/openvpn/client/defaultc.conf' Fri Apr 20 14:10:16 2018 us=821175 mode = 0 Fri Apr 20 14:10:16 2018 us=821205 persist_config = DISABLED Fri Apr 20 14:10:16 2018 us=821258 persist_mode = 1 Fri Apr 20 14:10:16 2018 us=821273 show_ciphers = DISABLED Fri Apr 20 14:10:16 2018 us=821336 show_digests = DISABLED Fri Apr 20 14:10:16 2018 us=821352 show_engines = DISABLED Fri Apr 20 14:10:16 2018 us=821375 genkey = DISABLED Fri Apr 20 14:10:16 2018 us=821389 key_pass_file = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=821418 show_tls_ciphers = DISABLED Fri Apr 20 14:10:16 2018 us=821447 connect_retry_max = 0 Fri Apr 20 14:10:16 2018 us=821476 Connection profiles [0]: Fri Apr 20 14:10:16 2018 us=821504 proto = udp Fri Apr 20 14:10:16 2018 us=821532 local = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=821547 local_port = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=821575 remote = 'x' Fri Apr 20 14:10:16 2018 us=821603 remote_port = '11948' Fri Apr 20 14:10:16 2018 us=821632 remote_float = DISABLED Fri Apr 20 14:10:16 2018 us=821660 bind_defined = DISABLED Fri Apr 20 14:10:16 2018 us=821688 bind_local = DISABLED Fri Apr 20 14:10:16 2018 us=821703 bind_ipv6_only = DISABLED Fri Apr 20 14:10:16 2018 us=821731 connect_retry_seconds = 10 Fri Apr 20 14:10:16 2018 us=821760 connect_timeout = 120 Fri Apr 20 14:10:16 2018 us=821773 socks_proxy_server = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=821783 socks_proxy_port = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=821809 tun_mtu = 1500 Fri Apr 20 14:10:16 2018 us=821864 tun_mtu_defined = ENABLED Fri Apr 20 14:10:16 2018 us=821896 link_mtu = 1500 Fri Apr 20 14:10:16 2018 us=821924 link_mtu_defined = DISABLED Fri Apr 20 14:10:16 2018 us=821952 tun_mtu_extra = 0 Fri Apr 20 14:10:16 2018 us=821980 tun_mtu_extra_defined = DISABLED Fri Apr 20 14:10:16 2018 us=821995 mtu_discover_type = -1 Fri Apr 20 14:10:16 2018 us=822023 fragment = 0 Fri Apr 20 14:10:16 2018 us=822051 mssfix = 1 Fri Apr 20 14:10:16 2018 us=822081 explicit_exit_notification = 2 Fri Apr 20 14:10:16 2018 us=822109 Connection profiles END Fri Apr 20 14:10:16 2018 us=822138 remote_random = DISABLED Fri Apr 20 14:10:16 2018 us=822152 ipchange = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=822162 dev = 'tun108' Fri Apr 20 14:10:16 2018 us=822171 dev_type = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=822183 dev_node = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=822192 lladdr = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=822222 topology = 1 Fri Apr 20 14:10:16 2018 us=822253 ifconfig_local = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=822269 ifconfig_remote_netmask = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=822326 ifconfig_noexec = DISABLED Fri Apr 20 14:10:16 2018 us=822338 ifconfig_nowarn = DISABLED Fri Apr 20 14:10:16 2018 us=822368 ifconfig_ipv6_local = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=822396 ifconfig_ipv6_netbits = 0 Fri Apr 20 14:10:16 2018 us=822425 ifconfig_ipv6_remote = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=822453 shaper = 0 Fri Apr 20 14:10:16 2018 us=822481 mtu_test = 0 Fri Apr 20 14:10:16 2018 us=822496 mlock = ENABLED Fri Apr 20 14:10:16 2018 us=822525 keepalive_ping = 0 Fri Apr 20 14:10:16 2018 us=822554 keepalive_timeout = 0 Fri Apr 20 14:10:16 2018 us=822583 inactivity_timeout = 0 Fri Apr 20 14:10:16 2018 us=822612 ping_send_timeout = 0 Fri Apr 20 14:10:16 2018 us=822640 ping_rec_timeout = 0 Fri Apr 20 14:10:16 2018 us=822668 ping_rec_timeout_action = 0 Fri Apr 20 14:10:16 2018 us=822683 ping_timer_remote = DISABLED Fri Apr 20 14:10:16 2018 us=822706 remap_sigusr1 = 0 Fri Apr 20 14:10:16 2018 us=822719 persist_tun = DISABLED Fri Apr 20 14:10:16 2018 us=822728 persist_local_ip = DISABLED Fri Apr 20 14:10:16 2018 us=822737 persist_remote_ip = DISABLED Fri Apr 20 14:10:16 2018 us=822747 persist_key = DISABLED Fri Apr 20 14:10:16 2018 us=822756 passtos = DISABLED Fri Apr 20 14:10:16 2018 us=822765 resolve_retry_seconds = 1000000000 Fri Apr 20 14:10:16 2018 us=822774 resolve_in_advance = DISABLED Fri Apr 20 14:10:16 2018 us=822818 username = 'nobody' Fri Apr 20 14:10:16 2018 us=822830 groupname = 'nobody' Fri Apr 20 14:10:16 2018 us=822839 chroot_dir = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=822848 cd_dir = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=822857 writepid = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=822867 up_script = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=822876 down_script = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=822885 down_pre = DISABLED Fri Apr 20 14:10:16 2018 us=822894 up_restart = DISABLED Fri Apr 20 14:10:16 2018 us=822903 up_delay = DISABLED Fri Apr 20 14:10:16 2018 us=822912 daemon = DISABLED Fri Apr 20 14:10:16 2018 us=822921 inetd = 0 Fri Apr 20 14:10:16 2018 us=822930 log = ENABLED Fri Apr 20 14:10:16 2018 us=822939 suppress_timestamps = DISABLED Fri Apr 20 14:10:16 2018 us=822948 machine_readable_output = DISABLED Fri Apr 20 14:10:16 2018 us=822957 nice = 0 Fri Apr 20 14:10:16 2018 us=822966 verbosity = 4 Fri Apr 20 14:10:16 2018 us=822975 mute = 0 Fri Apr 20 14:10:16 2018 us=822985 gremlin = 0 Fri Apr 20 14:10:16 2018 us=822995 status_file = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823004 status_file_version = 1 Fri Apr 20 14:10:16 2018 us=823013 status_file_update_freq = 60 Fri Apr 20 14:10:16 2018 us=823022 occ = ENABLED Fri Apr 20 14:10:16 2018 us=823031 rcvbuf = 0 Fri Apr 20 14:10:16 2018 us=823040 sndbuf = 0 Fri Apr 20 14:10:16 2018 us=823049 mark = 0 Fri Apr 20 14:10:16 2018 us=823058 sockflags = 0 Fri Apr 20 14:10:16 2018 us=823067 fast_io = DISABLED Fri Apr 20 14:10:16 2018 us=823077 comp.alg = 0 Fri Apr 20 14:10:16 2018 us=823086 comp.flags = 0 Fri Apr 20 14:10:16 2018 us=823095 route_script = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823104 route_default_gateway = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823113 route_default_metric = 0 Fri Apr 20 14:10:16 2018 us=823122 route_noexec = DISABLED Fri Apr 20 14:10:16 2018 us=823131 route_delay = 0 Fri Apr 20 14:10:16 2018 us=823141 route_delay_window = 30 Fri Apr 20 14:10:16 2018 us=823150 route_delay_defined = DISABLED Fri Apr 20 14:10:16 2018 us=823159 route_nopull = DISABLED Fri Apr 20 14:10:16 2018 us=823168 route_gateway_via_dhcp = DISABLED Fri Apr 20 14:10:16 2018 us=823197 allow_pull_fqdn = DISABLED Fri Apr 20 14:10:16 2018 us=823208 management_addr = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823217 management_port = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823227 management_user_pass = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823236 management_log_history_cache = 250 Fri Apr 20 14:10:16 2018 us=823246 management_echo_buffer_size = 100 Fri Apr 20 14:10:16 2018 us=823255 management_write_peer_info_file = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823265 management_client_user = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823292 management_client_group = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823304 management_flags = 0 Fri Apr 20 14:10:16 2018 us=823314 shared_secret_file = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823324 key_direction = 1 Fri Apr 20 14:10:16 2018 us=823333 ciphername = 'BF-CBC' Fri Apr 20 14:10:16 2018 us=823343 ncp_enabled = ENABLED Fri Apr 20 14:10:16 2018 us=823352 ncp_ciphers = 'AES-256-GCM:AES-128-GCM' Fri Apr 20 14:10:16 2018 us=823361 authname = 'SHA1' Fri Apr 20 14:10:16 2018 us=823371 prng_hash = 'SHA1' Fri Apr 20 14:10:16 2018 us=823380 prng_nonce_secret_len = 16 Fri Apr 20 14:10:16 2018 us=823390 keysize = 0 Fri Apr 20 14:10:16 2018 us=823399 engine = DISABLED Fri Apr 20 14:10:16 2018 us=823409 replay = ENABLED Fri Apr 20 14:10:16 2018 us=823418 mute_replay_warnings = DISABLED Fri Apr 20 14:10:16 2018 us=823427 replay_window = 64 Fri Apr 20 14:10:16 2018 us=823437 replay_time = 15 Fri Apr 20 14:10:16 2018 us=823446 packet_id_file = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823455 use_iv = ENABLED Fri Apr 20 14:10:16 2018 us=823465 test_crypto = DISABLED Fri Apr 20 14:10:16 2018 us=823474 tls_server = DISABLED Fri Apr 20 14:10:16 2018 us=823483 tls_client = ENABLED Fri Apr 20 14:10:16 2018 us=823498 key_method = 2 Fri Apr 20 14:10:16 2018 us=823507 ca_file = '[[INLINE]]' Fri Apr 20 14:10:16 2018 us=823517 ca_path = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823526 dh_file = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823535 cert_file = '[[INLINE]]' Fri Apr 20 14:10:16 2018 us=823545 extra_certs_file = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823554 priv_key_file = '[[INLINE]]' Fri Apr 20 14:10:16 2018 us=823564 pkcs12_file = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823573 cipher_list = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823582 tls_cert_profile = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823592 tls_verify = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823601 tls_export_cert = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823610 verify_x509_type = 0 Fri Apr 20 14:10:16 2018 us=823620 verify_x509_name = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823629 crl_file = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823638 ns_cert_type = 0 Fri Apr 20 14:10:16 2018 us=823648 remote_cert_ku[i] = 65535 Fri Apr 20 14:10:16 2018 us=823657 remote_cert_ku[i] = 0 Fri Apr 20 14:10:16 2018 us=823667 remote_cert_ku[i] = 0 Fri Apr 20 14:10:16 2018 us=823676 remote_cert_ku[i] = 0 Fri Apr 20 14:10:16 2018 us=823685 remote_cert_ku[i] = 0 Fri Apr 20 14:10:16 2018 us=823695 remote_cert_ku[i] = 0 Fri Apr 20 14:10:16 2018 us=823704 remote_cert_ku[i] = 0 Fri Apr 20 14:10:16 2018 us=823713 remote_cert_ku[i] = 0 Fri Apr 20 14:10:16 2018 us=823723 remote_cert_ku[i] = 0 Fri Apr 20 14:10:16 2018 us=823732 remote_cert_ku[i] = 0 Fri Apr 20 14:10:16 2018 us=823741 remote_cert_ku[i] = 0 Fri Apr 20 14:10:16 2018 us=823750 remote_cert_ku[i] = 0 Fri Apr 20 14:10:16 2018 us=823760 remote_cert_ku[i] = 0 Fri Apr 20 14:10:16 2018 us=823769 remote_cert_ku[i] = 0 Fri Apr 20 14:10:16 2018 us=823778 remote_cert_ku[i] = 0 Fri Apr 20 14:10:16 2018 us=823787 remote_cert_ku[i] = 0 Fri Apr 20 14:10:16 2018 us=823797 remote_cert_eku = 'TLS Web Server Authentication' Fri Apr 20 14:10:16 2018 us=823806 ssl_flags = 0 Fri Apr 20 14:10:16 2018 us=823816 tls_timeout = 2 Fri Apr 20 14:10:16 2018 us=823825 renegotiate_bytes = -1 Fri Apr 20 14:10:16 2018 us=823834 renegotiate_packets = 0 Fri Apr 20 14:10:16 2018 us=823844 renegotiate_seconds = 0 Fri Apr 20 14:10:16 2018 us=823853 handshake_window = 60 Fri Apr 20 14:10:16 2018 us=823862 transition_window = 3600 Fri Apr 20 14:10:16 2018 us=823872 single_session = DISABLED Fri Apr 20 14:10:16 2018 us=823881 push_peer_info = DISABLED Fri Apr 20 14:10:16 2018 us=823890 tls_exit = DISABLED Fri Apr 20 14:10:16 2018 us=823900 tls_auth_file = '[[INLINE]]' Fri Apr 20 14:10:16 2018 us=823909 tls_crypt_file = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=823918 pkcs11_protected_authentication = DISABLED Fri Apr 20 14:10:16 2018 us=823928 pkcs11_protected_authentication = DISABLED Fri Apr 20 14:10:16 2018 us=823937 pkcs11_protected_authentication = DISABLED Fri Apr 20 14:10:16 2018 us=823946 pkcs11_protected_authentication = DISABLED Fri Apr 20 14:10:16 2018 us=823955 pkcs11_protected_authentication = DISABLED Fri Apr 20 14:10:16 2018 us=823965 pkcs11_protected_authentication = DISABLED Fri Apr 20 14:10:16 2018 us=823974 pkcs11_protected_authentication = DISABLED Fri Apr 20 14:10:16 2018 us=823983 pkcs11_protected_authentication = DISABLED Fri Apr 20 14:10:16 2018 us=823992 pkcs11_protected_authentication = DISABLED Fri Apr 20 14:10:16 2018 us=824001 pkcs11_protected_authentication = DISABLED Fri Apr 20 14:10:16 2018 us=824011 pkcs11_protected_authentication = DISABLED Fri Apr 20 14:10:16 2018 us=824020 pkcs11_protected_authentication = DISABLED Fri Apr 20 14:10:16 2018 us=824030 pkcs11_protected_authentication = DISABLED Fri Apr 20 14:10:16 2018 us=824039 pkcs11_protected_authentication = DISABLED Fri Apr 20 14:10:16 2018 us=824048 pkcs11_protected_authentication = DISABLED Fri Apr 20 14:10:16 2018 us=824057 pkcs11_protected_authentication = DISABLED Fri Apr 20 14:10:16 2018 us=824067 pkcs11_private_mode = 00000000 Fri Apr 20 14:10:16 2018 us=824076 pkcs11_private_mode = 00000000 Fri Apr 20 14:10:16 2018 us=824089 pkcs11_private_mode = 00000000 Fri Apr 20 14:10:16 2018 us=824099 pkcs11_private_mode = 00000000 Fri Apr 20 14:10:16 2018 us=824109 pkcs11_private_mode = 00000000 Fri Apr 20 14:10:16 2018 us=824118 pkcs11_private_mode = 00000000 Fri Apr 20 14:10:16 2018 us=824128 pkcs11_private_mode = 00000000 Fri Apr 20 14:10:16 2018 us=824137 pkcs11_private_mode = 00000000 Fri Apr 20 14:10:16 2018 us=824166 pkcs11_private_mode = 00000000 Fri Apr 20 14:10:16 2018 us=824177 pkcs11_private_mode = 00000000 Fri Apr 20 14:10:16 2018 us=824186 pkcs11_private_mode = 00000000 Fri Apr 20 14:10:16 2018 us=824196 pkcs11_private_mode = 00000000 Fri Apr 20 14:10:16 2018 us=824205 pkcs11_private_mode = 00000000 Fri Apr 20 14:10:16 2018 us=824214 pkcs11_private_mode = 00000000 Fri Apr 20 14:10:16 2018 us=824224 pkcs11_private_mode = 00000000 Fri Apr 20 14:10:16 2018 us=824233 pkcs11_private_mode = 00000000 Fri Apr 20 14:10:16 2018 us=824242 pkcs11_cert_private = DISABLED Fri Apr 20 14:10:16 2018 us=824252 pkcs11_cert_private = DISABLED Fri Apr 20 14:10:16 2018 us=824261 pkcs11_cert_private = DISABLED Fri Apr 20 14:10:16 2018 us=824270 pkcs11_cert_private = DISABLED Fri Apr 20 14:10:16 2018 us=824291 pkcs11_cert_private = DISABLED Fri Apr 20 14:10:16 2018 us=824301 pkcs11_cert_private = DISABLED Fri Apr 20 14:10:16 2018 us=824311 pkcs11_cert_private = DISABLED Fri Apr 20 14:10:16 2018 us=824320 pkcs11_cert_private = DISABLED Fri Apr 20 14:10:16 2018 us=824329 pkcs11_cert_private = DISABLED Fri Apr 20 14:10:16 2018 us=824339 pkcs11_cert_private = DISABLED Fri Apr 20 14:10:16 2018 us=824348 pkcs11_cert_private = DISABLED Fri Apr 20 14:10:16 2018 us=824357 pkcs11_cert_private = DISABLED Fri Apr 20 14:10:16 2018 us=824366 pkcs11_cert_private = DISABLED Fri Apr 20 14:10:16 2018 us=824375 pkcs11_cert_private = DISABLED Fri Apr 20 14:10:16 2018 us=824385 pkcs11_cert_private = DISABLED Fri Apr 20 14:10:16 2018 us=824394 pkcs11_cert_private = DISABLED Fri Apr 20 14:10:16 2018 us=824403 pkcs11_pin_cache_period = -1 Fri Apr 20 14:10:16 2018 us=824413 pkcs11_id = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=824422 pkcs11_id_management = DISABLED Fri Apr 20 14:10:16 2018 us=824439 server_network = 0.0.0.0 Fri Apr 20 14:10:16 2018 us=824449 server_netmask = 0.0.0.0 Fri Apr 20 14:10:16 2018 us=824460 server_network_ipv6 = :: Fri Apr 20 14:10:16 2018 us=824469 server_netbits_ipv6 = 0 Fri Apr 20 14:10:16 2018 us=824479 server_bridge_ip = 0.0.0.0 Fri Apr 20 14:10:16 2018 us=824489 server_bridge_netmask = 0.0.0.0 Fri Apr 20 14:10:16 2018 us=824503 server_bridge_pool_start = 0.0.0.0 Fri Apr 20 14:10:16 2018 us=824514 server_bridge_pool_end = 0.0.0.0 Fri Apr 20 14:10:16 2018 us=824523 ifconfig_pool_defined = DISABLED Fri Apr 20 14:10:16 2018 us=824533 ifconfig_pool_start = 0.0.0.0 Fri Apr 20 14:10:16 2018 us=824543 ifconfig_pool_end = 0.0.0.0 Fri Apr 20 14:10:16 2018 us=824553 ifconfig_pool_netmask = 0.0.0.0 Fri Apr 20 14:10:16 2018 us=824563 ifconfig_pool_persist_filename = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=824572 ifconfig_pool_persist_refresh_freq = 600 Fri Apr 20 14:10:16 2018 us=824582 ifconfig_ipv6_pool_defined = DISABLED Fri Apr 20 14:10:16 2018 us=824591 ifconfig_ipv6_pool_base = :: Fri Apr 20 14:10:16 2018 us=824601 ifconfig_ipv6_pool_netbits = 0 Fri Apr 20 14:10:16 2018 us=824611 n_bcast_buf = 256 Fri Apr 20 14:10:16 2018 us=824620 tcp_queue_limit = 64 Fri Apr 20 14:10:16 2018 us=824630 real_hash_size = 256 Fri Apr 20 14:10:16 2018 us=824639 virtual_hash_size = 256 Fri Apr 20 14:10:16 2018 us=824648 client_connect_script = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=824658 learn_address_script = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=824667 client_disconnect_script = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=824676 client_config_dir = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=824686 ccd_exclusive = DISABLED Fri Apr 20 14:10:16 2018 us=824695 tmp_dir = '/tmp' Fri Apr 20 14:10:16 2018 us=824705 push_ifconfig_defined = DISABLED Fri Apr 20 14:10:16 2018 us=824719 push_ifconfig_local = 0.0.0.0 Fri Apr 20 14:10:16 2018 us=824729 push_ifconfig_remote_netmask = 0.0.0.0 Fri Apr 20 14:10:16 2018 us=824739 push_ifconfig_ipv6_defined = DISABLED Fri Apr 20 14:10:16 2018 us=824749 push_ifconfig_ipv6_local = ::/0 Fri Apr 20 14:10:16 2018 us=824759 push_ifconfig_ipv6_remote = :: Fri Apr 20 14:10:16 2018 us=824768 enable_c2c = DISABLED Fri Apr 20 14:10:16 2018 us=824777 duplicate_cn = DISABLED Fri Apr 20 14:10:16 2018 us=824787 cf_max = 0 Fri Apr 20 14:10:16 2018 us=824796 cf_per = 0 Fri Apr 20 14:10:16 2018 us=824806 max_clients = 1024 Fri Apr 20 14:10:16 2018 us=824815 max_routes_per_client = 256 Fri Apr 20 14:10:16 2018 us=824824 auth_user_pass_verify_script = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=824834 auth_user_pass_verify_script_via_file = DISABLED Fri Apr 20 14:10:16 2018 us=824843 auth_token_generate = DISABLED Fri Apr 20 14:10:16 2018 us=824852 auth_token_lifetime = 0 Fri Apr 20 14:10:16 2018 us=824862 port_share_host = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=824871 port_share_port = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=824880 client = ENABLED Fri Apr 20 14:10:16 2018 us=824890 pull = ENABLED Fri Apr 20 14:10:16 2018 us=824899 auth_user_pass_file = '[UNDEF]' Fri Apr 20 14:10:16 2018 us=824909 OpenVPN 2.4.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 1 2018 Fri Apr 20 14:10:16 2018 us=824923 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.10 Fri Apr 20 14:10:16 2018 us=826783 mlockall call succeeded Fri Apr 20 14:10:16 2018 us=826816 WARNING: you are using user/group/chroot/setcon without persist-tun -- this may cause restarts to fail Fri Apr 20 14:10:16 2018 us=826826 WARNING: you are using user/group/chroot/setcon without persist-key -- this may cause restarts to fail Fri Apr 20 14:10:16 2018 us=827349 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Apr 20 14:10:16 2018 us=827416 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Apr 20 14:10:16 2018 us=827457 Control Channel MTU parms [ L:1621 D:1184 EF:66 EB:0 ET:0 EL:3 ] Fri Apr 20 14:10:17 2018 us=93842 Data Channel MTU parms [ L:1621 D:221 EF:121 EB:406 ET:0 EL:3 ] Fri Apr 20 14:10:17 2018 us=93900 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client' Fri Apr 20 14:10:17 2018 us=93911 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' Fri Apr 20 14:10:17 2018 us=94021 TCP/UDP: Preserving recently used remote address: [AF_INET]92.8.108.41:11948 Fri Apr 20 14:10:17 2018 us=94042 Socket Buffers: R=[212992->212992] S=[212992->212992] Fri Apr 20 14:10:17 2018 us=94053 UDP link local: (not bound) Fri Apr 20 14:10:17 2018 us=94063 UDP link remote: [AF_INET]92.8.108.41:11948 Fri Apr 20 14:10:17 2018 us=94072 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay Fri Apr 20 14:10:17 2018 us=97593 TLS: Initial packet from [AF_INET]92.8.108.41:11948, sid=73e5fe06 920bce43 Fri Apr 20 14:10:17 2018 us=107853 VERIFY OK: depth=1, CN=v304.ec.CA.default Fri Apr 20 14:10:17 2018 us=109131 VERIFY KU OK Fri Apr 20 14:10:17 2018 us=109150 Validating certificate extended key usage Fri Apr 20 14:10:17 2018 us=109161 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Fri Apr 20 14:10:17 2018 us=109169 VERIFY EKU OK Fri Apr 20 14:10:17 2018 us=109178 VERIFY OK: depth=0, CN=v304.ec.defs108 Fri Apr 20 14:10:17 2018 us=158394 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, 384 bit EC, curve: secp384r1 Fri Apr 20 14:10:17 2018 us=158444 [v304.ec.defs108] Peer Connection Initiated with [AF_INET]92.8.108.41:11948 Fri Apr 20 14:10:18 2018 us=421936 SENT CONTROL [v304.ec.defs108]: 'PUSH_REQUEST' (status=1) Fri Apr 20 14:10:18 2018 us=424964 PUSH: Received control message: 'PUSH_REPLY,tun-ipv6,route 10.8.0.0 255.255.255.0,topology net30,ping 15,ping-restart 60,ifconfig-ipv6 12fc:1918::10:8:0:226/112 fda6:b39a:4037::1,ifconfig 10.8.0.226 10.8.0.225,peer-id 0,cipher AES-256-GCM' Fri Apr 20 14:10:18 2018 us=425032 OPTIONS IMPORT: timers and/or timeouts modified Fri Apr 20 14:10:18 2018 us=425044 OPTIONS IMPORT: --ifconfig/up options modified Fri Apr 20 14:10:18 2018 us=425053 OPTIONS IMPORT: route options modified Fri Apr 20 14:10:18 2018 us=425061 OPTIONS IMPORT: peer-id set Fri Apr 20 14:10:18 2018 us=425069 OPTIONS IMPORT: adjusting link_mtu to 1624 Fri Apr 20 14:10:18 2018 us=425077 OPTIONS IMPORT: data channel crypto options modified Fri Apr 20 14:10:18 2018 us=425087 Data Channel: using negotiated cipher 'AES-256-GCM' Fri Apr 20 14:10:18 2018 us=425103 Data Channel MTU parms [ L:1552 D:152 EF:52 EB:406 ET:0 EL:3 ] Fri Apr 20 14:10:18 2018 us=425167 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Fri Apr 20 14:10:18 2018 us=425179 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Fri Apr 20 14:10:18 2018 us=425371 ROUTE_GATEWAY 10.10.201.1/255.255.255.0 IFACE=eth0 HWADDR=00:15:5d:c9:6e:01 Fri Apr 20 14:10:18 2018 us=426348 TUN/TAP device tun108 opened Fri Apr 20 14:10:18 2018 us=426411 TUN/TAP TX queue length set to 100 Fri Apr 20 14:10:18 2018 us=426431 do_ifconfig, tt->did_ifconfig_ipv6_setup=1 Fri Apr 20 14:10:18 2018 us=426450 /usr/bin/ip link set dev tun108 up mtu 1500 Fri Apr 20 14:10:18 2018 us=428385 /usr/bin/ip addr add dev tun108 local 10.8.0.226 peer 10.8.0.225 Fri Apr 20 14:10:18 2018 us=429806 /usr/bin/ip -6 addr add 12fc:1918::10:8:0:226/112 dev tun108 Fri Apr 20 14:10:18 2018 us=431123 /usr/bin/ip route add 10.8.0.0/24 via 10.8.0.225 Fri Apr 20 14:10:18 2018 us=432355 GID set to nobody Fri Apr 20 14:10:18 2018 us=432420 UID set to nobody Fri Apr 20 14:10:18 2018 us=432435 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Fri Apr 20 14:10:18 2018 us=433311 Initialization Sequence Completed OpenVPN: Out of Memory (Note: occurred at 14:12:18) " Bug / Defect closed minor Documentation Not set (select this one, unless your'e a OpenVPN developer) fixed Selva Nair