1 | | FTR |
2 | | |
3 | | This log shows how JJK's patch still fails: |
4 | | |
5 | | {{{ |
6 | | 2021-10-18 20:49:40 us=215762 Note: --cipher is not set. OpenVPN versions before 2.6 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback 'BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers. |
7 | | 2021-10-18 20:49:40 us=216009 WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure |
8 | | 2021-10-18 20:49:40 us=216049 Current Parameter Settings: |
9 | | 2021-10-18 20:49:40 us=216081 config = 'wiscii-v31a-ca.conf' |
10 | | 2021-10-18 20:49:40 us=216103 mode = 1 |
11 | | 2021-10-18 20:49:40 us=216121 persist_config = DISABLED |
12 | | 2021-10-18 20:49:40 us=216140 persist_mode = 1 |
13 | | 2021-10-18 20:49:40 us=216157 show_ciphers = DISABLED |
14 | | 2021-10-18 20:49:40 us=216176 show_digests = DISABLED |
15 | | 2021-10-18 20:49:40 us=216200 show_engines = DISABLED |
16 | | 2021-10-18 20:49:40 us=216219 genkey = DISABLED |
17 | | 2021-10-18 20:49:40 us=216237 genkey_filename = '[UNDEF]' |
18 | | 2021-10-18 20:49:40 us=216256 key_pass_file = '[UNDEF]' |
19 | | 2021-10-18 20:49:40 us=216275 show_tls_ciphers = DISABLED |
20 | | 2021-10-18 20:49:40 us=216293 connect_retry_max = 0 |
21 | | 2021-10-18 20:49:40 us=216311 Connection profiles [0]: |
22 | | 2021-10-18 20:49:40 us=216438 proto = udp6 |
23 | | 2021-10-18 20:49:40 us=216523 local = '[UNDEF]' |
24 | | 2021-10-18 20:49:40 us=216617 local_port = '17122' |
25 | | 2021-10-18 20:49:40 us=216699 remote = '[UNDEF]' |
26 | | 2021-10-18 20:49:40 us=216803 remote_port = '17122' |
27 | | 2021-10-18 20:49:40 us=216890 remote_float = DISABLED |
28 | | 2021-10-18 20:49:40 us=216983 bind_defined = DISABLED |
29 | | 2021-10-18 20:49:40 us=217058 bind_local = ENABLED |
30 | | 2021-10-18 20:49:40 us=217140 bind_ipv6_only = DISABLED |
31 | | 2021-10-18 20:49:40 us=217223 connect_retry_seconds = 5 |
32 | | 2021-10-18 20:49:40 us=217336 connect_timeout = 120 |
33 | | 2021-10-18 20:49:40 us=217677 socks_proxy_server = '[UNDEF]' |
34 | | 2021-10-18 20:49:40 us=217762 socks_proxy_port = '[UNDEF]' |
35 | | 2021-10-18 20:49:40 us=217850 tun_mtu = 1500 |
36 | | 2021-10-18 20:49:40 us=217936 tun_mtu_defined = ENABLED |
37 | | 2021-10-18 20:49:40 us=217955 link_mtu = 1500 |
38 | | 2021-10-18 20:49:40 us=217969 link_mtu_defined = DISABLED |
39 | | 2021-10-18 20:49:40 us=217982 tun_mtu_extra = 0 |
40 | | 2021-10-18 20:49:40 us=217995 tun_mtu_extra_defined = DISABLED |
41 | | 2021-10-18 20:49:40 us=218007 mtu_discover_type = -1 |
42 | | 2021-10-18 20:49:40 us=218019 fragment = 0 |
43 | | 2021-10-18 20:49:40 us=218031 mssfix = 1450 |
44 | | 2021-10-18 20:49:40 us=218043 explicit_exit_notification = 1 |
45 | | 2021-10-18 20:49:40 us=218055 tls_auth_file = '[INLINE]' |
46 | | 2021-10-18 20:49:40 us=218068 key_direction = not set |
47 | | 2021-10-18 20:49:40 us=218079 tls_crypt_file = '[UNDEF]' |
48 | | 2021-10-18 20:49:40 us=218091 tls_crypt_v2_file = '[INLINE]' |
49 | | 2021-10-18 20:49:40 us=218104 Connection profiles END |
50 | | 2021-10-18 20:49:40 us=218116 remote_random = DISABLED |
51 | | 2021-10-18 20:49:40 us=218126 ipchange = '[UNDEF]' |
52 | | 2021-10-18 20:49:40 us=218139 dev = 'tun17122' |
53 | | 2021-10-18 20:49:40 us=218151 dev_type = '[UNDEF]' |
54 | | 2021-10-18 20:49:40 us=218164 dev_node = '[UNDEF]' |
55 | | 2021-10-18 20:49:40 us=218177 lladdr = '[UNDEF]' |
56 | | 2021-10-18 20:49:40 us=218189 topology = 3 |
57 | | 2021-10-18 20:49:40 us=218202 ifconfig_local = '10.171.22.1' |
58 | | 2021-10-18 20:49:40 us=218216 ifconfig_remote_netmask = '255.255.255.0' |
59 | | 2021-10-18 20:49:40 us=218229 ifconfig_noexec = DISABLED |
60 | | 2021-10-18 20:49:40 us=218241 ifconfig_nowarn = DISABLED |
61 | | 2021-10-18 20:49:40 us=218252 ifconfig_ipv6_local = '[UNDEF]' |
62 | | 2021-10-18 20:49:40 us=218264 ifconfig_ipv6_netbits = 0 |
63 | | 2021-10-18 20:49:40 us=218278 ifconfig_ipv6_remote = '[UNDEF]' |
64 | | 2021-10-18 20:49:40 us=218293 shaper = 0 |
65 | | 2021-10-18 20:49:40 us=218316 mtu_test = 0 |
66 | | 2021-10-18 20:49:40 us=218336 mlock = DISABLED |
67 | | 2021-10-18 20:49:40 us=218354 keepalive_ping = 0 |
68 | | 2021-10-18 20:49:40 us=218372 keepalive_timeout = 0 |
69 | | 2021-10-18 20:49:40 us=218391 inactivity_timeout = 0 |
70 | | 2021-10-18 20:49:40 us=218409 ping_send_timeout = 90 |
71 | | 2021-10-18 20:49:40 us=218426 ping_rec_timeout = 180 |
72 | | 2021-10-18 20:49:40 us=218444 ping_rec_timeout_action = 2 |
73 | | 2021-10-18 20:49:40 us=218461 ping_timer_remote = DISABLED |
74 | | 2021-10-18 20:49:40 us=218479 remap_sigusr1 = 0 |
75 | | 2021-10-18 20:49:40 us=218496 persist_tun = ENABLED |
76 | | 2021-10-18 20:49:40 us=218515 persist_local_ip = DISABLED |
77 | | 2021-10-18 20:49:40 us=218534 persist_remote_ip = DISABLED |
78 | | 2021-10-18 20:49:40 us=218554 persist_key = ENABLED |
79 | | 2021-10-18 20:49:40 us=218573 passtos = DISABLED |
80 | | 2021-10-18 20:49:40 us=218601 resolve_retry_seconds = 1000000000 |
81 | | 2021-10-18 20:49:40 us=218648 resolve_in_advance = DISABLED |
82 | | 2021-10-18 20:49:40 us=218674 username = '[UNDEF]' |
83 | | 2021-10-18 20:49:40 us=218696 groupname = '[UNDEF]' |
84 | | 2021-10-18 20:49:40 us=218716 chroot_dir = '/var/easytls' |
85 | | 2021-10-18 20:49:40 us=218741 cd_dir = '[UNDEF]' |
86 | | 2021-10-18 20:49:40 us=218761 writepid = '[UNDEF]' |
87 | | 2021-10-18 20:49:40 us=218779 up_script = '[UNDEF]' |
88 | | 2021-10-18 20:49:40 us=218799 down_script = '[UNDEF]' |
89 | | 2021-10-18 20:49:40 us=218821 down_pre = DISABLED |
90 | | 2021-10-18 20:49:40 us=218841 up_restart = DISABLED |
91 | | 2021-10-18 20:49:40 us=218863 up_delay = DISABLED |
92 | | 2021-10-18 20:49:40 us=218957 daemon = DISABLED |
93 | | 2021-10-18 20:49:40 us=219039 log = DISABLED |
94 | | 2021-10-18 20:49:40 us=219124 suppress_timestamps = DISABLED |
95 | | 2021-10-18 20:49:40 us=219170 machine_readable_output = DISABLED |
96 | | 2021-10-18 20:49:40 us=219187 nice = 0 |
97 | | 2021-10-18 20:49:40 us=219200 verbosity = 4 |
98 | | 2021-10-18 20:49:40 us=219213 mute = 0 |
99 | | 2021-10-18 20:49:40 us=219227 gremlin = 0 |
100 | | 2021-10-18 20:49:40 us=219241 status_file = '[UNDEF]' |
101 | | 2021-10-18 20:49:40 us=219255 status_file_version = 1 |
102 | | 2021-10-18 20:49:40 us=219269 status_file_update_freq = 60 |
103 | | 2021-10-18 20:49:40 us=219281 occ = ENABLED |
104 | | 2021-10-18 20:49:40 us=219295 rcvbuf = 0 |
105 | | 2021-10-18 20:49:40 us=219308 sndbuf = 0 |
106 | | 2021-10-18 20:49:40 us=219322 mark = 0 |
107 | | 2021-10-18 20:49:40 us=219335 sockflags = 0 |
108 | | 2021-10-18 20:49:40 us=219349 fast_io = DISABLED |
109 | | 2021-10-18 20:49:40 us=219362 comp.alg = 1 |
110 | | 2021-10-18 20:49:40 us=219375 comp.flags = 24 |
111 | | 2021-10-18 20:49:40 us=219389 route_script = '[UNDEF]' |
112 | | 2021-10-18 20:49:40 us=219402 route_default_gateway = '10.171.22.2' |
113 | | 2021-10-18 20:49:40 us=219415 route_default_metric = 0 |
114 | | 2021-10-18 20:49:40 us=219428 route_noexec = DISABLED |
115 | | 2021-10-18 20:49:40 us=219443 route_delay = 0 |
116 | | 2021-10-18 20:49:40 us=219456 route_delay_window = 30 |
117 | | 2021-10-18 20:49:40 us=219469 route_delay_defined = DISABLED |
118 | | 2021-10-18 20:49:40 us=219482 route_nopull = DISABLED |
119 | | 2021-10-18 20:49:40 us=219496 route_gateway_via_dhcp = DISABLED |
120 | | 2021-10-18 20:49:40 us=219509 allow_pull_fqdn = DISABLED |
121 | | 2021-10-18 20:49:40 us=219523 management_addr = '127.0.0.1' |
122 | | 2021-10-18 20:49:40 us=219536 management_port = '17101' |
123 | | 2021-10-18 20:49:40 us=219550 management_user_pass = '[UNDEF]' |
124 | | 2021-10-18 20:49:40 us=219564 management_log_history_cache = 250 |
125 | | 2021-10-18 20:49:40 us=219578 management_echo_buffer_size = 100 |
126 | | 2021-10-18 20:49:40 us=219591 management_write_peer_info_file = '[UNDEF]' |
127 | | 2021-10-18 20:49:40 us=219605 management_client_user = '[UNDEF]' |
128 | | 2021-10-18 20:49:40 us=219618 management_client_group = '[UNDEF]' |
129 | | 2021-10-18 20:49:40 us=219632 management_flags = 0 |
130 | | 2021-10-18 20:49:40 us=219645 shared_secret_file = '[UNDEF]' |
131 | | 2021-10-18 20:49:40 us=219659 key_direction = not set |
132 | | 2021-10-18 20:49:40 us=219672 ciphername = 'BF-CBC' |
133 | | 2021-10-18 20:49:40 us=219686 ncp_ciphers = 'CHACHA20-POLY1305:AES-256-GCM:AES-128-GCM' |
134 | | 2021-10-18 20:49:40 us=219700 authname = 'SHA1' |
135 | | 2021-10-18 20:49:40 us=219714 prng_hash = 'SHA1' |
136 | | 2021-10-18 20:49:40 us=219728 prng_nonce_secret_len = 16 |
137 | | 2021-10-18 20:49:40 us=219741 engine = DISABLED |
138 | | 2021-10-18 20:49:40 us=219754 replay = ENABLED |
139 | | 2021-10-18 20:49:40 us=219768 mute_replay_warnings = DISABLED |
140 | | 2021-10-18 20:49:40 us=219782 replay_window = 64 |
141 | | 2021-10-18 20:49:40 us=219795 replay_time = 15 |
142 | | 2021-10-18 20:49:40 us=219809 packet_id_file = '[UNDEF]' |
143 | | 2021-10-18 20:49:40 us=219822 test_crypto = DISABLED |
144 | | 2021-10-18 20:49:40 us=219835 tls_server = ENABLED |
145 | | 2021-10-18 20:49:40 us=219849 tls_client = DISABLED |
146 | | 2021-10-18 20:49:40 us=219862 ca_file = '[INLINE]' |
147 | | 2021-10-18 20:49:40 us=219875 ca_path = '[UNDEF]' |
148 | | 2021-10-18 20:49:40 us=219889 dh_file = '[UNDEF]' |
149 | | 2021-10-18 20:49:40 us=219902 cert_file = '[INLINE]' |
150 | | 2021-10-18 20:49:40 us=219915 extra_certs_file = '[UNDEF]' |
151 | | 2021-10-18 20:49:40 us=219929 priv_key_file = '[INLINE]' |
152 | | 2021-10-18 20:49:40 us=219943 pkcs12_file = '[UNDEF]' |
153 | | 2021-10-18 20:49:40 us=219956 cipher_list = '[UNDEF]' |
154 | | 2021-10-18 20:49:40 us=219971 cipher_list_tls13 = 'TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384' |
155 | | 2021-10-18 20:49:40 us=219985 tls_cert_profile = '[UNDEF]' |
156 | | 2021-10-18 20:49:40 us=219998 tls_verify = '[UNDEF]' |
157 | | 2021-10-18 20:49:40 us=220012 tls_export_cert = '/tmp' |
158 | | 2021-10-18 20:49:40 us=220026 verify_x509_type = 0 |
159 | | 2021-10-18 20:49:40 us=220039 verify_x509_name = '[UNDEF]' |
160 | | 2021-10-18 20:49:40 us=220053 crl_file = '[UNDEF]' |
161 | | 2021-10-18 20:49:40 us=220067 ns_cert_type = 0 |
162 | | 2021-10-18 20:49:40 us=220081 remote_cert_ku[i] = 0 |
163 | | 2021-10-18 20:49:40 us=220095 remote_cert_ku[i] = 0 |
164 | | 2021-10-18 20:49:40 us=220108 remote_cert_ku[i] = 0 |
165 | | 2021-10-18 20:49:40 us=220122 remote_cert_ku[i] = 0 |
166 | | 2021-10-18 20:49:40 us=220135 remote_cert_ku[i] = 0 |
167 | | 2021-10-18 20:49:40 us=220149 remote_cert_ku[i] = 0 |
168 | | 2021-10-18 20:49:40 us=220163 remote_cert_ku[i] = 0 |
169 | | 2021-10-18 20:49:40 us=220177 remote_cert_ku[i] = 0 |
170 | | 2021-10-18 20:49:40 us=220190 remote_cert_ku[i] = 0 |
171 | | 2021-10-18 20:49:40 us=220204 remote_cert_ku[i] = 0 |
172 | | 2021-10-18 20:49:40 us=220217 remote_cert_ku[i] = 0 |
173 | | 2021-10-18 20:49:40 us=220232 remote_cert_ku[i] = 0 |
174 | | 2021-10-18 20:49:40 us=220245 remote_cert_ku[i] = 0 |
175 | | 2021-10-18 20:49:40 us=220258 remote_cert_ku[i] = 0 |
176 | | 2021-10-18 20:49:40 us=220272 remote_cert_ku[i] = 0 |
177 | | 2021-10-18 20:49:40 us=220286 remote_cert_ku[i] = 0 |
178 | | 2021-10-18 20:49:40 us=220299 remote_cert_eku = '[UNDEF]' |
179 | | 2021-10-18 20:49:40 us=220313 ssl_flags = 260 |
180 | | 2021-10-18 20:49:40 us=220326 tls_timeout = 2 |
181 | | 2021-10-18 20:49:40 us=220339 renegotiate_bytes = -1 |
182 | | 2021-10-18 20:49:40 us=220352 renegotiate_packets = 0 |
183 | | 2021-10-18 20:49:40 us=220366 renegotiate_seconds = 600 |
184 | | 2021-10-18 20:49:40 us=220379 handshake_window = 60 |
185 | | 2021-10-18 20:49:40 us=220392 transition_window = 3600 |
186 | | 2021-10-18 20:49:40 us=220406 single_session = DISABLED |
187 | | 2021-10-18 20:49:40 us=220419 push_peer_info = DISABLED |
188 | | 2021-10-18 20:49:40 us=220432 tls_exit = DISABLED |
189 | | 2021-10-18 20:49:40 us=220446 tls_crypt_v2_metadata = '[UNDEF]' |
190 | | 2021-10-18 20:49:40 us=220462 server_network = 0.0.0.0 |
191 | | 2021-10-18 20:49:40 us=220477 server_netmask = 0.0.0.0 |
192 | | 2021-10-18 20:49:40 us=220493 server_network_ipv6 = :: |
193 | | 2021-10-18 20:49:40 us=220507 server_netbits_ipv6 = 0 |
194 | | 2021-10-18 20:49:40 us=220522 server_bridge_ip = 0.0.0.0 |
195 | | 2021-10-18 20:49:40 us=220537 server_bridge_netmask = 0.0.0.0 |
196 | | 2021-10-18 20:49:40 us=220551 server_bridge_pool_start = 0.0.0.0 |
197 | | 2021-10-18 20:49:40 us=220566 server_bridge_pool_end = 0.0.0.0 |
198 | | 2021-10-18 20:49:40 us=220620 push_entry = 'topology subnet' |
199 | | 2021-10-18 20:49:40 us=220634 push_entry = 'route-gateway 10.171.22.1' |
200 | | 2021-10-18 20:49:40 us=220648 push_entry = 'route 10.171.22.1' |
201 | | 2021-10-18 20:49:40 us=220662 push_entry = 'route 10.66.67.101' |
202 | | 2021-10-18 20:49:40 us=220675 push_entry = 'comp-lzo no' |
203 | | 2021-10-18 20:49:40 us=220687 ifconfig_pool_defined = ENABLED |
204 | | 2021-10-18 20:49:40 us=220701 ifconfig_pool_start = 10.171.22.201 |
205 | | 2021-10-18 20:49:40 us=220714 ifconfig_pool_end = 10.171.22.209 |
206 | | 2021-10-18 20:49:40 us=220728 ifconfig_pool_netmask = 0.0.0.0 |
207 | | 2021-10-18 20:49:40 us=220742 ifconfig_pool_persist_filename = '[UNDEF]' |
208 | | 2021-10-18 20:49:40 us=220756 ifconfig_pool_persist_refresh_freq = 600 |
209 | | 2021-10-18 20:49:40 us=220770 ifconfig_ipv6_pool_defined = DISABLED |
210 | | 2021-10-18 20:49:40 us=220785 ifconfig_ipv6_pool_base = :: |
211 | | 2021-10-18 20:49:40 us=220799 ifconfig_ipv6_pool_netbits = 0 |
212 | | 2021-10-18 20:49:40 us=220813 n_bcast_buf = 256 |
213 | | 2021-10-18 20:49:40 us=220827 tcp_queue_limit = 64 |
214 | | 2021-10-18 20:49:40 us=220841 real_hash_size = 256 |
215 | | 2021-10-18 20:49:40 us=220854 virtual_hash_size = 256 |
216 | | 2021-10-18 20:49:40 us=220867 client_connect_script = '/etc/openvpn/server/v31a/easytls-client-connect.sh -v -l=/etc/openvpn/server/v31a/easytls-client-connect.vars' |
217 | | 2021-10-18 20:49:40 us=220881 learn_address_script = '[UNDEF]' |
218 | | 2021-10-18 20:49:40 us=220894 client_disconnect_script = '/etc/openvpn/server/v31a/easytls-client-disconnect.sh -v -l=/etc/openvpn/server/v31a/easytls-client-disconnect.vars' |
219 | | 2021-10-18 20:49:40 us=220909 client_config_dir = '/etc/openvpn/server/v31a/ccd' |
220 | | 2021-10-18 20:49:40 us=220922 ccd_exclusive = ENABLED |
221 | | 2021-10-18 20:49:40 us=220935 tmp_dir = '/tmp' |
222 | | 2021-10-18 20:49:40 us=220948 push_ifconfig_defined = DISABLED |
223 | | 2021-10-18 20:49:40 us=220962 push_ifconfig_local = 0.0.0.0 |
224 | | 2021-10-18 20:49:40 us=220988 push_ifconfig_remote_netmask = 0.0.0.0 |
225 | | 2021-10-18 20:49:40 us=221002 push_ifconfig_ipv6_defined = DISABLED |
226 | | 2021-10-18 20:49:40 us=221017 push_ifconfig_ipv6_local = ::/0 |
227 | | 2021-10-18 20:49:40 us=221032 push_ifconfig_ipv6_remote = :: |
228 | | 2021-10-18 20:49:40 us=221045 enable_c2c = DISABLED |
229 | | 2021-10-18 20:49:40 us=221059 duplicate_cn = DISABLED |
230 | | 2021-10-18 20:49:40 us=221072 cf_max = 0 |
231 | | 2021-10-18 20:49:40 us=221086 cf_per = 0 |
232 | | 2021-10-18 20:49:40 us=221099 max_clients = 1024 |
233 | | 2021-10-18 20:49:40 us=221113 max_routes_per_client = 256 |
234 | | 2021-10-18 20:49:40 us=221126 auth_user_pass_verify_script = '/etc/openvpn/server/v31a/easytls-defer-userpass-verify.sh' |
235 | | 2021-10-18 20:49:40 us=221140 auth_user_pass_verify_script_via_file = DISABLED |
236 | | 2021-10-18 20:49:40 us=221153 auth_token_generate = DISABLED |
237 | | 2021-10-18 20:49:40 us=221167 auth_token_lifetime = 0 |
238 | | 2021-10-18 20:49:40 us=221177 auth_token_secret_file = '[UNDEF]' |
239 | | 2021-10-18 20:49:40 us=221208 port_share_host = '[UNDEF]' |
240 | | 2021-10-18 20:49:40 us=221232 port_share_port = '[UNDEF]' |
241 | | 2021-10-18 20:49:40 us=221254 vlan_tagging = DISABLED |
242 | | 2021-10-18 20:49:40 us=221275 vlan_accept = all |
243 | | 2021-10-18 20:49:40 us=221299 vlan_pvid = 1 |
244 | | 2021-10-18 20:49:40 us=221321 client = DISABLED |
245 | | 2021-10-18 20:49:40 us=221342 pull = DISABLED |
246 | | 2021-10-18 20:49:40 us=221364 auth_user_pass_file = '[UNDEF]' |
247 | | 2021-10-18 20:49:40 us=221389 OpenVPN 2.6_git [git:master/01ce6ca39d1f4bf4] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Oct 18 2021 |
248 | | 2021-10-18 20:49:40 us=221425 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10 |
249 | | 2021-10-18 20:49:40 us=221527 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:17101 |
250 | | 2021-10-18 20:49:40 us=221593 WARNING: you are using chroot without specifying user and group -- this may cause the chroot jail to be insecure |
251 | | 2021-10-18 20:49:40 us=221605 WARNING: --keepalive option is missing from server config |
252 | | 2021-10-18 20:49:40 us=221719 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts |
253 | | 2021-10-18 20:49:40 us=222601 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
254 | | 2021-10-18 20:49:40 us=222623 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
255 | | 2021-10-18 20:49:40 us=222646 tls-crypt-v2 server key: Cipher 'AES-256-CTR' initialized with 256 bit key |
256 | | 2021-10-18 20:49:40 us=222662 tls-crypt-v2 server key: Using 256 bit message hash 'SHA256' for HMAC authentication |
257 | | 2021-10-18 20:49:40 us=222680 TLS-Auth MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ] |
258 | | 2021-10-18 20:49:40 us=224650 TUN/TAP device tun17122 opened |
259 | | 2021-10-18 20:49:40 us=224709 do_ifconfig, ipv4=1, ipv6=0 |
260 | | 2021-10-18 20:49:40 us=224734 /sbin/ip link set dev tun17122 up mtu 1500 |
261 | | 2021-10-18 20:49:40 us=230218 /sbin/ip link set dev tun17122 up |
262 | | 2021-10-18 20:49:40 us=232202 /sbin/ip addr add dev tun17122 10.171.22.1/24 |
263 | | 2021-10-18 20:49:40 us=235151 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] |
264 | | 2021-10-18 20:49:40 us=235209 Socket Buffers: R=[212992->212992] S=[212992->212992] |
265 | | 2021-10-18 20:49:40 us=235222 setsockopt(IPV6_V6ONLY=0) |
266 | | 2021-10-18 20:49:40 us=235247 UDPv6 link local (bound): [AF_INET6][undef]:17122 |
267 | | 2021-10-18 20:49:40 us=235258 UDPv6 link remote: [AF_UNSPEC] |
268 | | 2021-10-18 19:49:40 us=235274 chroot to '/var/easytls' and cd to '/' succeeded |
269 | | 2021-10-18 19:49:40 us=235305 MULTI: multi_init called, r=256 v=256 |
270 | | 2021-10-18 19:49:40 us=235331 IFCONFIG POOL IPv4: base=10.171.22.201 size=9 |
271 | | 2021-10-18 19:49:40 us=235429 Initialization Sequence Completed |
272 | | reneg_sec: 600 |
273 | | restart_sec: 43200 |
274 | | 2021-10-18 19:50:33 us=114348 Control Channel: using tls-crypt-v2 key |
275 | | 2021-10-18 19:50:33 us=114430 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
276 | | 2021-10-18 19:50:33 us=114462 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
277 | | 2021-10-18 19:50:33 us=114480 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
278 | | 2021-10-18 19:50:33 us=114502 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
279 | | 2021-10-18 19:50:33 us=114525 MULTI: multi_create_instance called |
280 | | 2021-10-18 19:50:33 us=114565 10.20.2.2:47660 Re-using SSL/TLS context |
281 | | 2021-10-18 19:50:33 us=114648 10.20.2.2:47660 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
282 | | 2021-10-18 19:50:33 us=114667 10.20.2.2:47660 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
283 | | 2021-10-18 19:50:33 us=114699 10.20.2.2:47660 tls-crypt-v2 server key: Cipher 'AES-256-CTR' initialized with 256 bit key |
284 | | 2021-10-18 19:50:33 us=114719 10.20.2.2:47660 tls-crypt-v2 server key: Using 256 bit message hash 'SHA256' for HMAC authentication |
285 | | 2021-10-18 19:50:33 us=114844 10.20.2.2:47660 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ] |
286 | | 2021-10-18 19:50:33 us=114864 10.20.2.2:47660 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] |
287 | | 2021-10-18 19:50:33 us=114903 10.20.2.2:47660 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' |
288 | | 2021-10-18 19:50:33 us=114918 10.20.2.2:47660 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client' |
289 | | 2021-10-18 19:50:33 us=114952 10.20.2.2:47660 TLS: Initial packet from [AF_INET6]::ffff:10.20.2.2:47660, sid=8d720700 9bb3f2e3 |
290 | | 2021-10-18 19:50:33 us=114968 10.20.2.2:47660 Control Channel: using tls-crypt-v2 key |
291 | | 2021-10-18 19:50:33 us=114994 10.20.2.2:47660 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
292 | | 2021-10-18 19:50:33 us=115013 10.20.2.2:47660 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
293 | | 2021-10-18 19:50:33 us=115033 10.20.2.2:47660 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
294 | | 2021-10-18 19:50:33 us=115052 10.20.2.2:47660 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
295 | | <EXOK> * Easy-TLS-cryptv2-verify => vars loaded => acquire_lock => CN: core01 => easytls OK => MULTI custom_group EasyTLS-v30a OK => tlskey-serial verification disabled => Key age 41 days OK => Enabled OK => metadata verified => connection allowed => Created client_md_file => release_lock |
296 | | |
297 | | 2021-10-18 19:50:33 us=128163 10.20.2.2:47660 TLS CRYPT V2 VERIFY SCRIPT OK |
298 | | 2021-10-18 19:50:53 us=490563 Control Channel: using tls-crypt-v2 key |
299 | | 2021-10-18 19:50:53 us=490676 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
300 | | 2021-10-18 19:50:53 us=490720 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
301 | | 2021-10-18 19:50:53 us=490750 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
302 | | 2021-10-18 19:50:53 us=490784 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
303 | | 2021-10-18 19:50:53 us=490828 MULTI: multi_create_instance called |
304 | | 2021-10-18 19:50:53 us=490880 10.20.1.2:47660 Re-using SSL/TLS context |
305 | | 2021-10-18 19:50:53 us=491017 10.20.1.2:47660 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
306 | | 2021-10-18 19:50:53 us=491048 10.20.1.2:47660 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
307 | | 2021-10-18 19:50:53 us=491112 10.20.1.2:47660 tls-crypt-v2 server key: Cipher 'AES-256-CTR' initialized with 256 bit key |
308 | | 2021-10-18 19:50:53 us=491155 10.20.1.2:47660 tls-crypt-v2 server key: Using 256 bit message hash 'SHA256' for HMAC authentication |
309 | | 2021-10-18 19:50:53 us=491346 10.20.1.2:47660 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ] |
310 | | 2021-10-18 19:50:53 us=491379 10.20.1.2:47660 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] |
311 | | 2021-10-18 19:50:53 us=491465 10.20.1.2:47660 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' |
312 | | 2021-10-18 19:50:53 us=491499 10.20.1.2:47660 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client' |
313 | | 2021-10-18 19:50:53 us=491587 10.20.1.2:47660 TLS: Initial packet from [AF_INET6]::ffff:10.20.1.2:47660, sid=8d720700 9bb3f2e3 |
314 | | 2021-10-18 19:50:53 us=491637 10.20.1.2:47660 Control Channel: using tls-crypt-v2 key |
315 | | 2021-10-18 19:50:53 us=491681 10.20.1.2:47660 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
316 | | 2021-10-18 19:50:53 us=491710 10.20.1.2:47660 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
317 | | 2021-10-18 19:50:53 us=491741 10.20.1.2:47660 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
318 | | 2021-10-18 19:50:53 us=491765 10.20.1.2:47660 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
319 | | <EXOK> * Easy-TLS-cryptv2-verify => vars loaded => acquire_lock => CN: core01 => easytls OK => MULTI custom_group EasyTLS-v30a OK => tlskey-serial verification disabled => Key age 41 days OK => Enabled OK => metadata verified => connection allowed => Created client_md_file => release_lock |
320 | | |
321 | | 2021-10-18 19:50:53 us=513041 10.20.1.2:47660 TLS CRYPT V2 VERIFY SCRIPT OK |
322 | | 2021-10-18 19:51:33 us=832911 10.20.2.2:47660 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) |
323 | | 2021-10-18 19:51:33 us=833013 10.20.2.2:47660 TLS Error: TLS handshake failed |
324 | | 2021-10-18 19:51:33 us=833310 10.20.2.2:47660 SIGUSR1[soft,tls-error] received, client-instance restarting |
325 | | 2021-10-18 19:51:38 us=326321 Control Channel: using tls-crypt-v2 key |
326 | | 2021-10-18 19:51:38 us=326477 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
327 | | 2021-10-18 19:51:38 us=326537 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
328 | | 2021-10-18 19:51:38 us=326607 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
329 | | 2021-10-18 19:51:38 us=326661 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
330 | | 2021-10-18 19:51:38 us=326720 MULTI: multi_create_instance called |
331 | | 2021-10-18 19:51:38 us=326815 10.20.1.2:34723 Re-using SSL/TLS context |
332 | | 2021-10-18 19:51:38 us=327074 10.20.1.2:34723 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
333 | | 2021-10-18 19:51:38 us=327123 10.20.1.2:34723 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
334 | | 2021-10-18 19:51:38 us=327212 10.20.1.2:34723 tls-crypt-v2 server key: Cipher 'AES-256-CTR' initialized with 256 bit key |
335 | | 2021-10-18 19:51:38 us=327265 10.20.1.2:34723 tls-crypt-v2 server key: Using 256 bit message hash 'SHA256' for HMAC authentication |
336 | | 2021-10-18 19:51:38 us=327378 10.20.1.2:34723 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ] |
337 | | 2021-10-18 19:51:38 us=327409 10.20.1.2:34723 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] |
338 | | 2021-10-18 19:51:38 us=327477 10.20.1.2:34723 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' |
339 | | 2021-10-18 19:51:38 us=327502 10.20.1.2:34723 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client' |
340 | | 2021-10-18 19:51:38 us=327585 10.20.1.2:34723 TLS: Initial packet from [AF_INET6]::ffff:10.20.1.2:34723, sid=2fbdb65b 5fc6aa89 |
341 | | 2021-10-18 19:51:38 us=327615 10.20.1.2:34723 Control Channel: using tls-crypt-v2 key |
342 | | 2021-10-18 19:51:38 us=327679 10.20.1.2:34723 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
343 | | 2021-10-18 19:51:38 us=327722 10.20.1.2:34723 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
344 | | 2021-10-18 19:51:38 us=327756 10.20.1.2:34723 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
345 | | 2021-10-18 19:51:38 us=327795 10.20.1.2:34723 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
346 | | <EXOK> * Easy-TLS-cryptv2-verify => vars loaded => acquire_lock => CN: core01 => easytls OK => MULTI custom_group EasyTLS-v30a OK => tlskey-serial verification disabled => Key age 41 days OK => Enabled OK => metadata verified => connection allowed => Created client_md_file => release_lock |
347 | | |
348 | | 2021-10-18 19:51:38 us=347384 10.20.1.2:34723 TLS CRYPT V2 VERIFY SCRIPT OK |
349 | | 2021-10-18 19:51:38 us=367255 10.20.1.2:34723 VERIFY OK: depth=1, C=00, ST=home, L=tct, O=easy-tls, OU=Easy-TLS test v30a, CN=Easy-TLS v30a CA, emailAddress=tct@easytls.net |
350 | | 2021-10-18 19:51:38 us=369148 10.20.1.2:34723 VERIFY OK: depth=0, CN=core01 |
351 | | 2021-10-18 19:51:38 us=369519 10.20.1.2:34723 peer info: IV_VER=2.6_git |
352 | | 2021-10-18 19:51:38 us=369551 10.20.1.2:34723 peer info: IV_PLAT=linux |
353 | | 2021-10-18 19:51:38 us=369576 10.20.1.2:34723 peer info: IV_CIPHERS=CHACHA20-POLY1305 |
354 | | 2021-10-18 19:51:38 us=369589 10.20.1.2:34723 peer info: IV_PROTO=30 |
355 | | 2021-10-18 19:51:38 us=369605 10.20.1.2:34723 peer info: IV_LZO_STUB=1 |
356 | | 2021-10-18 19:51:38 us=369619 10.20.1.2:34723 peer info: IV_COMP_STUB=1 |
357 | | 2021-10-18 19:51:38 us=369634 10.20.1.2:34723 peer info: IV_COMP_STUBv2=1 |
358 | | 2021-10-18 19:51:38 us=369650 10.20.1.2:34723 peer info: IV_TCPNL=1 |
359 | | 2021-10-18 19:51:38 us=369665 10.20.1.2:34723 peer info: IV_HWADDR=00:00:00:aa:00:03 |
360 | | 2021-10-18 19:51:38 us=369683 10.20.1.2:34723 peer info: IV_SSL=OpenSSL_1.1.1f__31_Mar_2020 |
361 | | 2021-10-18 19:51:38 us=369700 10.20.1.2:34723 peer info: UV_TLSKEY_SERIAL=638a99cd17661fcf1b8e41165f259d486dae443a9e3bf7879069f4ffcc35e7a5 |
362 | | 2021-10-18 19:51:38 us=369716 10.20.1.2:34723 peer info: UV_REAL_NAME=core01 |
363 | | 2021-10-18 19:51:38 us=371490 10.20.1.2:34723 TLS: Username/Password authentication deferred for username 'core_01_b' [CN SET] |
364 | | 2021-10-18 19:51:38 us=371544 10.20.1.2:34723 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1557' |
365 | | 2021-10-18 19:51:38 us=371584 10.20.1.2:34723 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo' |
366 | | |
367 | | ***** delay for 7 seconds -- core01 core_01_b ***** |
368 | | |
369 | | 2021-10-18 19:51:38 us=373612 10.20.1.2:34723 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 2048 bit RSA, signature: ecdsa-with-SHA256 |
370 | | 2021-10-18 19:51:38 us=373696 10.20.1.2:34723 [core_01_b] Peer Connection Initiated with [AF_INET6]::ffff:10.20.1.2:34723 |
371 | | 2021-10-18 19:51:39 us=422678 10.20.1.2:34723 PUSH: Received control message: 'PUSH_REQUEST' |
372 | | 2021-10-18 19:51:44 us=476448 10.20.1.2:34723 PUSH: Received control message: 'PUSH_REQUEST' |
373 | | |
374 | | ***** delay for 7 seconds -- core01 core_01_b DONE ***** |
375 | | |
376 | | 2021-10-18 19:51:45 us=611038 core_01_b/10.20.1.2:34723 MULTI_sva: pool returned IPv4=10.171.22.201, IPv6=(Not enabled) |
377 | | 2021-10-18 19:51:45 us=611179 core_01_b/10.20.1.2:34723 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/server/v31a/ccd/core_01_b |
378 | | <EXOK> * EasyTLS-client-connect => vars loaded => dyn opts loaded => CN: core_01_b => conntrac: tallied => conntrac: registered => tls key serial: 638a99cd17661fcf1b8e41165f259d486dae443a9e3bf7879069f4ffcc35e7a5 => fixed_md_file loaded => metadata -> x509 serial match => Key is not locked to hwaddr => connection allowed => temp-files deleted |
379 | | |
380 | | 2021-10-18 19:51:45 us=635510 core_01_b/10.20.1.2:34723 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_6577ee89169eeb5c17d9c64f71586892.tmp |
381 | | 2021-10-18 19:51:45 us=635763 core_01_b/10.20.1.2:34723 OPTIONS IMPORT: timers and/or timeouts modified |
382 | | 2021-10-18 19:51:45 us=635805 core_01_b/10.20.1.2:34723 MULTI: Learn: 10.171.22.201 -> core_01_b/10.20.1.2:34723 |
383 | | 2021-10-18 19:51:45 us=635823 core_01_b/10.20.1.2:34723 MULTI: primary virtual IP for core_01_b/10.20.1.2:34723: 10.171.22.201 |
384 | | 2021-10-18 19:51:45 us=635857 core_01_b/10.20.1.2:34723 Data Channel: using negotiated cipher 'CHACHA20-POLY1305' |
385 | | 2021-10-18 19:51:45 us=635886 core_01_b/10.20.1.2:34723 Data Channel MTU parms [ L:1535 D:1450 EF:35 EB:406 ET:0 EL:3 AF:14/122 ] |
386 | | 2021-10-18 19:51:45 us=635959 core_01_b/10.20.1.2:34723 Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key |
387 | | 2021-10-18 19:51:45 us=635982 core_01_b/10.20.1.2:34723 Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key |
388 | | 2021-10-18 19:51:45 us=636080 core_01_b/10.20.1.2:34723 SENT CONTROL [core_01_b]: 'PUSH_REPLY,topology subnet,route-gateway 10.171.22.1,route 10.171.22.1,route 10.66.67.101,comp-lzo no,explicit-exit-notify 1,route 10.66.67.101,ping 90,ping-restart 150,ifconfig 10.171.22.201 255.255.255.0,peer-id 0,cipher CHACHA20-POLY1305,key-derivation tls-ekm' (status=1) |
389 | | 2021-10-18 19:51:53 us=836858 10.20.1.2:47660 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) |
390 | | 2021-10-18 19:51:53 us=836936 10.20.1.2:47660 TLS Error: TLS handshake failed |
391 | | 2021-10-18 19:51:53 us=837168 10.20.1.2:47660 SIGUSR1[soft,tls-error] received, client-instance restarting |
392 | | 2021-10-18 19:55:29 us=644488 Float requested for peer 0 to 10.20.2.2:34723 |
393 | | 2021-10-18 19:55:29 us=644646 peer 0 (core_01_b) floated from 10.20.1.2:34723 to [AF_INET6]::ffff:10.20.2.2:34723 |
394 | | 2021-10-18 19:55:54 us=13542 core_01_b/10.20.2.2:34723 Control Channel: using tls-crypt-v2 key |
395 | | 2021-10-18 19:55:54 us=13625 core_01_b/10.20.2.2:34723 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
396 | | 2021-10-18 19:55:54 us=13659 core_01_b/10.20.2.2:34723 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
397 | | 2021-10-18 19:55:54 us=13679 core_01_b/10.20.2.2:34723 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
398 | | 2021-10-18 19:55:54 us=13699 core_01_b/10.20.2.2:34723 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
399 | | <EXOK> * Easy-TLS-cryptv2-verify => vars loaded => acquire_lock => CN: core01 => easytls OK => MULTI custom_group EasyTLS-v30a OK => tlskey-serial verification disabled => Key age 41 days OK => Enabled OK => metadata verified => connection allowed => Created client_md_file => release_lock |
400 | | |
401 | | 2021-10-18 19:55:54 us=24622 core_01_b/10.20.2.2:34723 TLS CRYPT V2 VERIFY SCRIPT OK |
402 | | 2021-10-18 19:55:54 us=24697 core_01_b/10.20.2.2:34723 TLS: new session incoming connection from [AF_INET6]::ffff:10.20.2.2:34723 |
403 | | 2021-10-18 19:56:07 us=272369 Control Channel: using tls-crypt-v2 key |
404 | | 2021-10-18 19:56:07 us=272512 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
405 | | 2021-10-18 19:56:07 us=272584 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
406 | | 2021-10-18 19:56:07 us=272623 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
407 | | 2021-10-18 19:56:07 us=272672 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
408 | | 2021-10-18 19:56:07 us=272723 MULTI: multi_create_instance called |
409 | | 2021-10-18 19:56:07 us=272823 10.20.2.2:50403 Re-using SSL/TLS context |
410 | | 2021-10-18 19:56:07 us=273017 10.20.2.2:50403 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
411 | | 2021-10-18 19:56:07 us=273050 10.20.2.2:50403 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
412 | | 2021-10-18 19:56:07 us=273111 10.20.2.2:50403 tls-crypt-v2 server key: Cipher 'AES-256-CTR' initialized with 256 bit key |
413 | | 2021-10-18 19:56:07 us=273150 10.20.2.2:50403 tls-crypt-v2 server key: Using 256 bit message hash 'SHA256' for HMAC authentication |
414 | | 2021-10-18 19:56:07 us=273297 10.20.2.2:50403 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ] |
415 | | 2021-10-18 19:56:07 us=273323 10.20.2.2:50403 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] |
416 | | 2021-10-18 19:56:07 us=273370 10.20.2.2:50403 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' |
417 | | 2021-10-18 19:56:07 us=273393 10.20.2.2:50403 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client' |
418 | | 2021-10-18 19:56:07 us=273446 10.20.2.2:50403 TLS: Initial packet from [AF_INET6]::ffff:10.20.2.2:50403, sid=ca8fb9aa a044f5a9 |
419 | | 2021-10-18 19:56:07 us=273464 10.20.2.2:50403 Control Channel: using tls-crypt-v2 key |
420 | | 2021-10-18 19:56:07 us=273498 10.20.2.2:50403 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
421 | | 2021-10-18 19:56:07 us=273530 10.20.2.2:50403 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
422 | | 2021-10-18 19:56:07 us=273550 10.20.2.2:50403 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
423 | | 2021-10-18 19:56:07 us=273574 10.20.2.2:50403 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
424 | | <EXOK> * Easy-TLS-cryptv2-verify => vars loaded => acquire_lock => CN: core01 => easytls OK => MULTI custom_group EasyTLS-v30a OK => tlskey-serial verification disabled => Key age 41 days OK => Enabled OK => metadata verified => connection allowed => Created client_md_file => release_lock |
425 | | |
426 | | 2021-10-18 19:56:07 us=305058 10.20.2.2:50403 TLS CRYPT V2 VERIFY SCRIPT OK |
427 | | 2021-10-18 19:56:28 us=26559 10.20.2.2:50403 Control Channel: using tls-crypt-v2 key |
428 | | 2021-10-18 19:56:28 us=26642 10.20.2.2:50403 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
429 | | 2021-10-18 19:56:28 us=26671 10.20.2.2:50403 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
430 | | 2021-10-18 19:56:28 us=26703 10.20.2.2:50403 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
431 | | 2021-10-18 19:56:28 us=26749 10.20.2.2:50403 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
432 | | <EXOK> * Easy-TLS-cryptv2-verify => vars loaded => acquire_lock => CN: core01 => easytls OK => MULTI custom_group EasyTLS-v30a OK => tlskey-serial verification disabled => Key age 41 days OK => Enabled OK => metadata verified => connection allowed => Created client_md_file => release_lock |
433 | | |
434 | | 2021-10-18 19:56:28 us=40634 10.20.2.2:50403 TLS CRYPT V2 VERIFY SCRIPT OK |
435 | | 2021-10-18 19:56:55 us=203730 core_01_b/10.20.2.2:34723 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) |
436 | | 2021-10-18 19:56:55 us=203765 core_01_b/10.20.2.2:34723 TLS Error: TLS handshake failed |
437 | | 2021-10-18 19:57:07 us=327360 10.20.2.2:50403 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) |
438 | | 2021-10-18 19:57:07 us=327433 10.20.2.2:50403 TLS Error: TLS handshake failed |
439 | | 2021-10-18 19:57:07 us=327611 10.20.2.2:50403 SIGUSR1[soft,tls-error] received, client-instance restarting |
440 | | 2021-10-18 19:57:13 us=128606 Control Channel: using tls-crypt-v2 key |
441 | | 2021-10-18 19:57:13 us=128820 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
442 | | 2021-10-18 19:57:13 us=128891 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
443 | | 2021-10-18 19:57:13 us=128942 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
444 | | 2021-10-18 19:57:13 us=128994 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
445 | | 2021-10-18 19:57:13 us=129055 MULTI: multi_create_instance called |
446 | | 2021-10-18 19:57:13 us=129138 10.20.2.2:38334 Re-using SSL/TLS context |
447 | | 2021-10-18 19:57:13 us=129376 10.20.2.2:38334 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
448 | | 2021-10-18 19:57:13 us=129418 10.20.2.2:38334 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
449 | | 2021-10-18 19:57:13 us=129487 10.20.2.2:38334 tls-crypt-v2 server key: Cipher 'AES-256-CTR' initialized with 256 bit key |
450 | | 2021-10-18 19:57:13 us=129533 10.20.2.2:38334 tls-crypt-v2 server key: Using 256 bit message hash 'SHA256' for HMAC authentication |
451 | | 2021-10-18 19:57:13 us=129685 10.20.2.2:38334 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ] |
452 | | 2021-10-18 19:57:13 us=129722 10.20.2.2:38334 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] |
453 | | 2021-10-18 19:57:13 us=129791 10.20.2.2:38334 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' |
454 | | 2021-10-18 19:57:13 us=129816 10.20.2.2:38334 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client' |
455 | | 2021-10-18 19:57:13 us=129888 10.20.2.2:38334 TLS: Initial packet from [AF_INET6]::ffff:10.20.2.2:38334, sid=a4e56558 05826d02 |
456 | | 2021-10-18 19:57:13 us=129913 10.20.2.2:38334 Control Channel: using tls-crypt-v2 key |
457 | | 2021-10-18 19:57:13 us=129957 10.20.2.2:38334 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
458 | | 2021-10-18 19:57:13 us=129990 10.20.2.2:38334 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
459 | | 2021-10-18 19:57:13 us=130014 10.20.2.2:38334 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
460 | | 2021-10-18 19:57:13 us=130043 10.20.2.2:38334 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
461 | | <EXOK> * Easy-TLS-cryptv2-verify => vars loaded => acquire_lock => CN: core01 => easytls OK => MULTI custom_group EasyTLS-v30a OK => tlskey-serial verification disabled => Key age 41 days OK => Enabled OK => metadata verified => connection allowed => Created client_md_file => release_lock |
462 | | |
463 | | 2021-10-18 19:57:13 us=181131 10.20.2.2:38334 TLS CRYPT V2 VERIFY SCRIPT OK |
464 | | 2021-10-18 19:57:33 us=698708 10.20.2.2:38334 Control Channel: using tls-crypt-v2 key |
465 | | 2021-10-18 19:57:33 us=698853 10.20.2.2:38334 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
466 | | 2021-10-18 19:57:33 us=698907 10.20.2.2:38334 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
467 | | 2021-10-18 19:57:33 us=698948 10.20.2.2:38334 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
468 | | 2021-10-18 19:57:33 us=698989 10.20.2.2:38334 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
469 | | <EXOK> * Easy-TLS-cryptv2-verify => vars loaded => acquire_lock => CN: core01 => easytls OK => MULTI custom_group EasyTLS-v30a OK => tlskey-serial verification disabled => Key age 41 days OK => Enabled OK => metadata verified => connection allowed => Created client_md_file => release_lock |
470 | | |
471 | | 2021-10-18 19:57:33 us=716943 10.20.2.2:38334 TLS CRYPT V2 VERIFY SCRIPT OK |
472 | | 2021-10-18 19:58:13 us=270234 10.20.2.2:38334 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) |
473 | | 2021-10-18 19:58:13 us=270310 10.20.2.2:38334 TLS Error: TLS handshake failed |
474 | | 2021-10-18 19:58:13 us=270499 10.20.2.2:38334 SIGUSR1[soft,tls-error] received, client-instance restarting |
475 | | 2021-10-18 19:58:18 us=559689 Control Channel: using tls-crypt-v2 key |
476 | | 2021-10-18 19:58:18 us=559854 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
477 | | 2021-10-18 19:58:18 us=559924 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
478 | | 2021-10-18 19:58:18 us=559974 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
479 | | 2021-10-18 19:58:18 us=560025 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
480 | | 2021-10-18 19:58:18 us=560093 MULTI: multi_create_instance called |
481 | | 2021-10-18 19:58:18 us=560192 10.20.2.2:35906 Re-using SSL/TLS context |
482 | | 2021-10-18 19:58:18 us=560439 10.20.2.2:35906 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
483 | | 2021-10-18 19:58:18 us=560492 10.20.2.2:35906 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
484 | | 2021-10-18 19:58:18 us=560577 10.20.2.2:35906 tls-crypt-v2 server key: Cipher 'AES-256-CTR' initialized with 256 bit key |
485 | | 2021-10-18 19:58:18 us=560640 10.20.2.2:35906 tls-crypt-v2 server key: Using 256 bit message hash 'SHA256' for HMAC authentication |
486 | | 2021-10-18 19:58:18 us=560834 10.20.2.2:35906 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ] |
487 | | 2021-10-18 19:58:18 us=560890 10.20.2.2:35906 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] |
488 | | 2021-10-18 19:58:18 us=561007 10.20.2.2:35906 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' |
489 | | 2021-10-18 19:58:18 us=561046 10.20.2.2:35906 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client' |
490 | | 2021-10-18 19:58:18 us=561143 10.20.2.2:35906 TLS: Initial packet from [AF_INET6]::ffff:10.20.2.2:35906, sid=b5a602f6 6d6057ba |
491 | | 2021-10-18 19:58:18 us=561184 10.20.2.2:35906 Control Channel: using tls-crypt-v2 key |
492 | | 2021-10-18 19:58:18 us=561259 10.20.2.2:35906 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
493 | | 2021-10-18 19:58:18 us=561315 10.20.2.2:35906 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
494 | | 2021-10-18 19:58:18 us=561362 10.20.2.2:35906 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
495 | | 2021-10-18 19:58:18 us=561420 10.20.2.2:35906 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
496 | | <EXOK> * Easy-TLS-cryptv2-verify => vars loaded => acquire_lock => CN: core01 => easytls OK => MULTI custom_group EasyTLS-v30a OK => tlskey-serial verification disabled => Key age 41 days OK => Enabled OK => metadata verified => connection allowed => Created client_md_file => release_lock |
497 | | |
498 | | 2021-10-18 19:58:18 us=599993 10.20.2.2:35906 TLS CRYPT V2 VERIFY SCRIPT OK |
499 | | 2021-10-18 19:58:38 us=395622 10.20.2.2:35906 Control Channel: using tls-crypt-v2 key |
500 | | 2021-10-18 19:58:38 us=395719 10.20.2.2:35906 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
501 | | 2021-10-18 19:58:38 us=395752 10.20.2.2:35906 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
502 | | 2021-10-18 19:58:38 us=395776 10.20.2.2:35906 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
503 | | 2021-10-18 19:58:38 us=395807 10.20.2.2:35906 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
504 | | <EXOK> * Easy-TLS-cryptv2-verify => vars loaded => acquire_lock => CN: core01 => easytls OK => MULTI custom_group EasyTLS-v30a OK => tlskey-serial verification disabled => Key age 41 days OK => Enabled OK => metadata verified => connection allowed => Created client_md_file => release_lock |
505 | | |
506 | | 2021-10-18 19:58:38 us=411674 10.20.2.2:35906 TLS CRYPT V2 VERIFY SCRIPT OK |
507 | | 2021-10-18 19:58:55 us=116155 core_01_b/10.20.2.2:34723 [core_01_b] Inactivity timeout (--ping-restart), restarting |
508 | | 2021-10-18 19:58:55 us=116257 core_01_b/10.20.2.2:34723 SIGUSR1[soft,ping-restart] received, client-instance restarting |
509 | | <EXOK> * EasyTLS-client-disconnect => vars loaded => CN: core_01_b => conntrac: acquire_lock => conntrac: tallied => conntrac pattern: 638a99cd17661fcf1b8e41165f259d486dae443a9e3bf7879069f4ffcc35e7a5=817D664B73EF39A1A788E84E685DC5EB==core_01_b==10.171.22.201 => conntrac: unregistered => conntrac: RESET => conntrac: release_lock => disconnect completed |
510 | | |
511 | | 2021-10-18 19:59:18 us=443196 10.20.2.2:35906 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) |
512 | | 2021-10-18 19:59:18 us=443314 10.20.2.2:35906 TLS Error: TLS handshake failed |
513 | | 2021-10-18 19:59:18 us=443602 10.20.2.2:35906 SIGUSR1[soft,tls-error] received, client-instance restarting |
514 | | 2021-10-18 19:59:23 us=601954 Control Channel: using tls-crypt-v2 key |
515 | | 2021-10-18 19:59:23 us=602076 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
516 | | 2021-10-18 19:59:23 us=602126 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
517 | | 2021-10-18 19:59:23 us=602161 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
518 | | 2021-10-18 19:59:23 us=602200 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
519 | | 2021-10-18 19:59:23 us=602245 MULTI: multi_create_instance called |
520 | | 2021-10-18 19:59:23 us=602306 10.20.1.2:37317 Re-using SSL/TLS context |
521 | | 2021-10-18 19:59:23 us=602476 10.20.1.2:37317 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
522 | | 2021-10-18 19:59:23 us=602511 10.20.1.2:37317 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
523 | | 2021-10-18 19:59:23 us=602567 10.20.1.2:37317 tls-crypt-v2 server key: Cipher 'AES-256-CTR' initialized with 256 bit key |
524 | | 2021-10-18 19:59:23 us=602601 10.20.1.2:37317 tls-crypt-v2 server key: Using 256 bit message hash 'SHA256' for HMAC authentication |
525 | | 2021-10-18 19:59:23 us=602712 10.20.1.2:37317 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ] |
526 | | 2021-10-18 19:59:23 us=602748 10.20.1.2:37317 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] |
527 | | 2021-10-18 19:59:23 us=602824 10.20.1.2:37317 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' |
528 | | 2021-10-18 19:59:23 us=602857 10.20.1.2:37317 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client' |
529 | | 2021-10-18 19:59:23 us=602925 10.20.1.2:37317 TLS: Initial packet from [AF_INET6]::ffff:10.20.1.2:37317, sid=96a412b1 656ea2c6 |
530 | | 2021-10-18 19:59:23 us=602955 10.20.1.2:37317 Control Channel: using tls-crypt-v2 key |
531 | | 2021-10-18 19:59:23 us=603002 10.20.1.2:37317 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
532 | | 2021-10-18 19:59:23 us=603039 10.20.1.2:37317 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
533 | | 2021-10-18 19:59:23 us=603073 10.20.1.2:37317 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
534 | | 2021-10-18 19:59:23 us=603110 10.20.1.2:37317 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
535 | | <EXOK> * Easy-TLS-cryptv2-verify => vars loaded => acquire_lock => CN: core01 => easytls OK => MULTI custom_group EasyTLS-v30a OK => tlskey-serial verification disabled => Key age 41 days OK => Enabled OK => metadata verified => connection allowed => Created client_md_file => release_lock |
536 | | |
537 | | 2021-10-18 19:59:23 us=643303 10.20.1.2:37317 TLS CRYPT V2 VERIFY SCRIPT OK |
538 | | 2021-10-18 19:59:23 us=665862 10.20.1.2:37317 VERIFY OK: depth=1, C=00, ST=home, L=tct, O=easy-tls, OU=Easy-TLS test v30a, CN=Easy-TLS v30a CA, emailAddress=tct@easytls.net |
539 | | 2021-10-18 19:59:23 us=668144 10.20.1.2:37317 VERIFY OK: depth=0, CN=core01 |
540 | | 2021-10-18 19:59:23 us=668609 10.20.1.2:37317 peer info: IV_VER=2.6_git |
541 | | 2021-10-18 19:59:23 us=668639 10.20.1.2:37317 peer info: IV_PLAT=linux |
542 | | 2021-10-18 19:59:23 us=668656 10.20.1.2:37317 peer info: IV_CIPHERS=CHACHA20-POLY1305 |
543 | | 2021-10-18 19:59:23 us=668672 10.20.1.2:37317 peer info: IV_PROTO=30 |
544 | | 2021-10-18 19:59:23 us=668687 10.20.1.2:37317 peer info: IV_LZO_STUB=1 |
545 | | 2021-10-18 19:59:23 us=668704 10.20.1.2:37317 peer info: IV_COMP_STUB=1 |
546 | | 2021-10-18 19:59:23 us=668720 10.20.1.2:37317 peer info: IV_COMP_STUBv2=1 |
547 | | 2021-10-18 19:59:23 us=668736 10.20.1.2:37317 peer info: IV_TCPNL=1 |
548 | | 2021-10-18 19:59:23 us=668751 10.20.1.2:37317 peer info: IV_HWADDR=00:00:00:aa:00:03 |
549 | | 2021-10-18 19:59:23 us=668765 10.20.1.2:37317 peer info: IV_SSL=OpenSSL_1.1.1f__31_Mar_2020 |
550 | | 2021-10-18 19:59:23 us=668791 10.20.1.2:37317 peer info: UV_TLSKEY_SERIAL=638a99cd17661fcf1b8e41165f259d486dae443a9e3bf7879069f4ffcc35e7a5 |
551 | | 2021-10-18 19:59:23 us=668808 10.20.1.2:37317 peer info: UV_REAL_NAME=core01 |
552 | | 2021-10-18 19:59:23 us=670818 10.20.1.2:37317 TLS: Username/Password authentication deferred for username 'core_01_b' [CN SET] |
553 | | 2021-10-18 19:59:23 us=670877 10.20.1.2:37317 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1557' |
554 | | 2021-10-18 19:59:23 us=670906 10.20.1.2:37317 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo' |
555 | | |
556 | | ***** delay for 7 seconds -- core01 core_01_b ***** |
557 | | |
558 | | 2021-10-18 19:59:23 us=672394 10.20.1.2:37317 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 2048 bit RSA, signature: ecdsa-with-SHA256 |
559 | | 2021-10-18 19:59:23 us=672439 10.20.1.2:37317 [core_01_b] Peer Connection Initiated with [AF_INET6]::ffff:10.20.1.2:37317 |
560 | | 2021-10-18 19:59:24 us=734862 10.20.1.2:37317 PUSH: Received control message: 'PUSH_REQUEST' |
561 | | 2021-10-18 19:59:29 us=799928 10.20.1.2:37317 PUSH: Received control message: 'PUSH_REQUEST' |
562 | | |
563 | | ***** delay for 7 seconds -- core01 core_01_b DONE ***** |
564 | | |
565 | | 2021-10-18 19:59:30 us=948260 core_01_b/10.20.1.2:37317 MULTI_sva: pool returned IPv4=10.171.22.201, IPv6=(Not enabled) |
566 | | 2021-10-18 19:59:30 us=948343 core_01_b/10.20.1.2:37317 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/server/v31a/ccd/core_01_b |
567 | | <EXOK> * EasyTLS-client-connect => vars loaded => dyn opts loaded => CN: core_01_b => conntrac: tallied => conntrac: registered => tls key serial: 638a99cd17661fcf1b8e41165f259d486dae443a9e3bf7879069f4ffcc35e7a5 => fixed_md_file loaded => metadata -> x509 serial match => Key is not locked to hwaddr => connection allowed => temp-files deleted |
568 | | |
569 | | 2021-10-18 19:59:30 us=970293 core_01_b/10.20.1.2:37317 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_1448fead14d96a66557c00826b2fb7f9.tmp |
570 | | 2021-10-18 19:59:30 us=970521 core_01_b/10.20.1.2:37317 OPTIONS IMPORT: timers and/or timeouts modified |
571 | | 2021-10-18 19:59:30 us=970552 core_01_b/10.20.1.2:37317 MULTI: Learn: 10.171.22.201 -> core_01_b/10.20.1.2:37317 |
572 | | 2021-10-18 19:59:30 us=970573 core_01_b/10.20.1.2:37317 MULTI: primary virtual IP for core_01_b/10.20.1.2:37317: 10.171.22.201 |
573 | | 2021-10-18 19:59:30 us=970597 core_01_b/10.20.1.2:37317 Data Channel: using negotiated cipher 'CHACHA20-POLY1305' |
574 | | 2021-10-18 19:59:30 us=970628 core_01_b/10.20.1.2:37317 Data Channel MTU parms [ L:1535 D:1450 EF:35 EB:406 ET:0 EL:3 AF:14/122 ] |
575 | | 2021-10-18 19:59:30 us=970703 core_01_b/10.20.1.2:37317 Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key |
576 | | 2021-10-18 19:59:30 us=970728 core_01_b/10.20.1.2:37317 Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key |
577 | | 2021-10-18 19:59:30 us=970799 core_01_b/10.20.1.2:37317 SENT CONTROL [core_01_b]: 'PUSH_REPLY,topology subnet,route-gateway 10.171.22.1,route 10.171.22.1,route 10.66.67.101,comp-lzo no,explicit-exit-notify 1,route 10.66.67.101,ping 90,ping-restart 150,ifconfig 10.171.22.201 255.255.255.0,peer-id 0,cipher CHACHA20-POLY1305,key-derivation tls-ekm' (status=1) |
578 | | 2021-10-18 20:02:23 us=269597 core_01_b/10.20.1.2:37317 VERIFY OK: depth=1, C=00, ST=home, L=tct, O=easy-tls, OU=Easy-TLS test v30a, CN=Easy-TLS v30a CA, emailAddress=tct@easytls.net |
579 | | 2021-10-18 20:02:23 us=272653 core_01_b/10.20.1.2:37317 VERIFY OK: depth=0, CN=core01 |
580 | | 2021-10-18 20:02:23 us=273166 core_01_b/10.20.1.2:37317 peer info: IV_VER=2.6_git |
581 | | 2021-10-18 20:02:23 us=273184 core_01_b/10.20.1.2:37317 peer info: IV_PLAT=linux |
582 | | 2021-10-18 20:02:23 us=273198 core_01_b/10.20.1.2:37317 peer info: IV_CIPHERS=CHACHA20-POLY1305 |
583 | | 2021-10-18 20:02:23 us=273214 core_01_b/10.20.1.2:37317 peer info: IV_PROTO=30 |
584 | | 2021-10-18 20:02:23 us=273229 core_01_b/10.20.1.2:37317 peer info: IV_LZO_STUB=1 |
585 | | 2021-10-18 20:02:23 us=273246 core_01_b/10.20.1.2:37317 peer info: IV_COMP_STUB=1 |
586 | | 2021-10-18 20:02:23 us=273260 core_01_b/10.20.1.2:37317 peer info: IV_COMP_STUBv2=1 |
587 | | 2021-10-18 20:02:23 us=273273 core_01_b/10.20.1.2:37317 peer info: IV_TCPNL=1 |
588 | | 2021-10-18 20:02:23 us=273290 core_01_b/10.20.1.2:37317 peer info: IV_HWADDR=00:00:00:aa:00:03 |
589 | | 2021-10-18 20:02:23 us=273307 core_01_b/10.20.1.2:37317 peer info: IV_SSL=OpenSSL_1.1.1f__31_Mar_2020 |
590 | | 2021-10-18 20:02:23 us=273323 core_01_b/10.20.1.2:37317 peer info: UV_TLSKEY_SERIAL=638a99cd17661fcf1b8e41165f259d486dae443a9e3bf7879069f4ffcc35e7a5 |
591 | | 2021-10-18 20:02:23 us=273338 core_01_b/10.20.1.2:37317 peer info: UV_REAL_NAME=core01 |
592 | | 2021-10-18 20:02:23 us=274885 core_01_b/10.20.1.2:37317 TLS: Username/Password authentication deferred for username 'core_01_b' [CN SET] |
593 | | 2021-10-18 20:02:23 us=275069 core_01_b/10.20.1.2:37317 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1557' |
594 | | 2021-10-18 20:02:23 us=275141 core_01_b/10.20.1.2:37317 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo' |
595 | | |
596 | | ***** delay for 7 seconds -- core01 core_01_b ***** |
597 | | |
598 | | 2021-10-18 20:02:23 us=277650 core_01_b/10.20.1.2:37317 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 2048 bit RSA, signature: ecdsa-with-SHA256 |
599 | | |
600 | | ***** delay for 7 seconds -- core01 core_01_b DONE ***** |
601 | | |
602 | | 2021-10-18 20:02:38 us=409147 core_01_b/10.20.1.2:37317 Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key |
603 | | 2021-10-18 20:02:38 us=409219 core_01_b/10.20.1.2:37317 Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key |
604 | | 2021-10-18 20:04:09 us=835956 Float requested for peer 0 to 10.20.2.2:37317 |
605 | | 2021-10-18 20:04:09 us=836032 peer 0 (core_01_b) floated from 10.20.1.2:37317 to [AF_INET6]::ffff:10.20.2.2:37317 |
606 | | 2021-10-18 20:04:59 us=181259 Control Channel: using tls-crypt-v2 key |
607 | | 2021-10-18 20:04:59 us=181422 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
608 | | 2021-10-18 20:04:59 us=181492 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
609 | | 2021-10-18 20:04:59 us=181539 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
610 | | 2021-10-18 20:04:59 us=181589 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
611 | | 2021-10-18 20:04:59 us=181650 MULTI: multi_create_instance called |
612 | | 2021-10-18 20:04:59 us=181740 10.20.2.2:36849 Re-using SSL/TLS context |
613 | | 2021-10-18 20:04:59 us=181985 10.20.2.2:36849 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
614 | | 2021-10-18 20:04:59 us=182031 10.20.2.2:36849 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
615 | | 2021-10-18 20:04:59 us=182117 10.20.2.2:36849 tls-crypt-v2 server key: Cipher 'AES-256-CTR' initialized with 256 bit key |
616 | | 2021-10-18 20:04:59 us=182147 10.20.2.2:36849 tls-crypt-v2 server key: Using 256 bit message hash 'SHA256' for HMAC authentication |
617 | | 2021-10-18 20:04:59 us=182308 10.20.2.2:36849 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ] |
618 | | 2021-10-18 20:04:59 us=182339 10.20.2.2:36849 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] |
619 | | 2021-10-18 20:04:59 us=182415 10.20.2.2:36849 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' |
620 | | 2021-10-18 20:04:59 us=182437 10.20.2.2:36849 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client' |
621 | | 2021-10-18 20:04:59 us=182512 10.20.2.2:36849 TLS: Initial packet from [AF_INET6]::ffff:10.20.2.2:36849, sid=31592c50 9ca1a261 |
622 | | 2021-10-18 20:04:59 us=182532 10.20.2.2:36849 Control Channel: using tls-crypt-v2 key |
623 | | 2021-10-18 20:04:59 us=182572 10.20.2.2:36849 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
624 | | 2021-10-18 20:04:59 us=182605 10.20.2.2:36849 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
625 | | 2021-10-18 20:04:59 us=182628 10.20.2.2:36849 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
626 | | 2021-10-18 20:04:59 us=182659 10.20.2.2:36849 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
627 | | <EXOK> * Easy-TLS-cryptv2-verify => vars loaded => acquire_lock => CN: core01 => easytls OK => MULTI custom_group EasyTLS-v30a OK => tlskey-serial verification disabled => Key age 41 days OK => Enabled OK => metadata verified => connection allowed => Created client_md_file => release_lock |
628 | | |
629 | | 2021-10-18 20:04:59 us=214627 10.20.2.2:36849 TLS CRYPT V2 VERIFY SCRIPT OK |
630 | | 2021-10-18 20:05:19 us=386282 10.20.2.2:36849 Control Channel: using tls-crypt-v2 key |
631 | | 2021-10-18 20:05:19 us=386443 10.20.2.2:36849 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
632 | | 2021-10-18 20:05:19 us=386504 10.20.2.2:36849 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
633 | | 2021-10-18 20:05:19 us=386546 10.20.2.2:36849 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
634 | | 2021-10-18 20:05:19 us=386598 10.20.2.2:36849 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
635 | | <EXOK> * Easy-TLS-cryptv2-verify => vars loaded => acquire_lock => CN: core01 => easytls OK => MULTI custom_group EasyTLS-v30a OK => tlskey-serial verification disabled => Key age 41 days OK => Enabled OK => metadata verified => connection allowed => Created client_md_file => release_lock |
636 | | |
637 | | 2021-10-18 20:05:19 us=409661 10.20.2.2:36849 TLS CRYPT V2 VERIFY SCRIPT OK |
638 | | 2021-10-18 20:05:59 us=784906 10.20.2.2:36849 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) |
639 | | 2021-10-18 20:05:59 us=785025 10.20.2.2:36849 TLS Error: TLS handshake failed |
640 | | 2021-10-18 20:05:59 us=785396 10.20.2.2:36849 SIGUSR1[soft,tls-error] received, client-instance restarting |
641 | | 2021-10-18 20:06:04 us=227329 Control Channel: using tls-crypt-v2 key |
642 | | 2021-10-18 20:06:04 us=227497 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
643 | | 2021-10-18 20:06:04 us=227555 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
644 | | 2021-10-18 20:06:04 us=227596 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
645 | | 2021-10-18 20:06:04 us=227641 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
646 | | 2021-10-18 20:06:04 us=227697 MULTI: multi_create_instance called |
647 | | 2021-10-18 20:06:04 us=227771 10.20.2.2:36159 Re-using SSL/TLS context |
648 | | 2021-10-18 20:06:04 us=227936 10.20.2.2:36159 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
649 | | 2021-10-18 20:06:04 us=227978 10.20.2.2:36159 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
650 | | 2021-10-18 20:06:04 us=228054 10.20.2.2:36159 tls-crypt-v2 server key: Cipher 'AES-256-CTR' initialized with 256 bit key |
651 | | 2021-10-18 20:06:04 us=228099 10.20.2.2:36159 tls-crypt-v2 server key: Using 256 bit message hash 'SHA256' for HMAC authentication |
652 | | 2021-10-18 20:06:04 us=228228 10.20.2.2:36159 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ] |
653 | | 2021-10-18 20:06:04 us=228279 10.20.2.2:36159 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] |
654 | | 2021-10-18 20:06:04 us=228366 10.20.2.2:36159 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' |
655 | | 2021-10-18 20:06:04 us=228404 10.20.2.2:36159 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client' |
656 | | 2021-10-18 20:06:04 us=228508 10.20.2.2:36159 TLS: Initial packet from [AF_INET6]::ffff:10.20.2.2:36159, sid=56a5d4d1 6fa73199 |
657 | | 2021-10-18 20:06:04 us=228541 10.20.2.2:36159 Control Channel: using tls-crypt-v2 key |
658 | | 2021-10-18 20:06:04 us=228626 10.20.2.2:36159 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
659 | | 2021-10-18 20:06:04 us=228673 10.20.2.2:36159 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
660 | | 2021-10-18 20:06:04 us=228719 10.20.2.2:36159 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
661 | | 2021-10-18 20:06:04 us=228775 10.20.2.2:36159 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
662 | | <EXOK> * Easy-TLS-cryptv2-verify => vars loaded => acquire_lock => CN: core01 => easytls OK => MULTI custom_group EasyTLS-v30a OK => tlskey-serial verification disabled => Key age 41 days OK => Enabled OK => metadata verified => connection allowed => Created client_md_file => release_lock |
663 | | |
664 | | 2021-10-18 20:06:04 us=249320 10.20.2.2:36159 TLS CRYPT V2 VERIFY SCRIPT OK |
665 | | 2021-10-18 20:06:24 us=610530 10.20.2.2:36159 Control Channel: using tls-crypt-v2 key |
666 | | 2021-10-18 20:06:24 us=610674 10.20.2.2:36159 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
667 | | 2021-10-18 20:06:24 us=610734 10.20.2.2:36159 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
668 | | 2021-10-18 20:06:24 us=610781 10.20.2.2:36159 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
669 | | 2021-10-18 20:06:24 us=610824 10.20.2.2:36159 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
670 | | <EXOK> * Easy-TLS-cryptv2-verify => vars loaded => acquire_lock => CN: core01 => easytls OK => MULTI custom_group EasyTLS-v30a OK => tlskey-serial verification disabled => Key age 41 days OK => Enabled OK => metadata verified => connection allowed => Created client_md_file => release_lock |
671 | | |
672 | | 2021-10-18 20:06:24 us=630308 10.20.2.2:36159 TLS CRYPT V2 VERIFY SCRIPT OK |
673 | | 2021-10-18 20:07:04 us=868970 10.20.2.2:36159 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) |
674 | | 2021-10-18 20:07:04 us=869086 10.20.2.2:36159 TLS Error: TLS handshake failed |
675 | | 2021-10-18 20:07:04 us=869334 10.20.2.2:36159 SIGUSR1[soft,tls-error] received, client-instance restarting |
676 | | 2021-10-18 20:07:09 us=117294 Control Channel: using tls-crypt-v2 key |
677 | | 2021-10-18 20:07:09 us=117416 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
678 | | 2021-10-18 20:07:09 us=117468 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
679 | | 2021-10-18 20:07:09 us=117502 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
680 | | 2021-10-18 20:07:09 us=117540 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
681 | | 2021-10-18 20:07:09 us=117585 MULTI: multi_create_instance called |
682 | | 2021-10-18 20:07:09 us=117652 10.20.1.2:43412 Re-using SSL/TLS context |
683 | | 2021-10-18 20:07:09 us=117823 10.20.1.2:43412 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
684 | | 2021-10-18 20:07:09 us=117857 10.20.1.2:43412 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
685 | | 2021-10-18 20:07:09 us=117919 10.20.1.2:43412 tls-crypt-v2 server key: Cipher 'AES-256-CTR' initialized with 256 bit key |
686 | | 2021-10-18 20:07:09 us=117958 10.20.1.2:43412 tls-crypt-v2 server key: Using 256 bit message hash 'SHA256' for HMAC authentication |
687 | | 2021-10-18 20:07:09 us=118054 10.20.1.2:43412 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ] |
688 | | 2021-10-18 20:07:09 us=118083 10.20.1.2:43412 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] |
689 | | 2021-10-18 20:07:09 us=118139 10.20.1.2:43412 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' |
690 | | 2021-10-18 20:07:09 us=118160 10.20.1.2:43412 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client' |
691 | | 2021-10-18 20:07:09 us=118218 10.20.1.2:43412 TLS: Initial packet from [AF_INET6]::ffff:10.20.1.2:43412, sid=d52b4753 c7f202e2 |
692 | | 2021-10-18 20:07:09 us=118239 10.20.1.2:43412 Control Channel: using tls-crypt-v2 key |
693 | | 2021-10-18 20:07:09 us=118279 10.20.1.2:43412 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
694 | | 2021-10-18 20:07:09 us=118308 10.20.1.2:43412 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
695 | | 2021-10-18 20:07:09 us=118331 10.20.1.2:43412 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
696 | | 2021-10-18 20:07:09 us=118359 10.20.1.2:43412 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
697 | | <EXOK> * Easy-TLS-cryptv2-verify => vars loaded => acquire_lock => CN: core01 => easytls OK => MULTI custom_group EasyTLS-v30a OK => tlskey-serial verification disabled => Key age 41 days OK => Enabled OK => metadata verified => connection allowed => Created client_md_file => release_lock |
698 | | |
699 | | 2021-10-18 20:07:09 us=139747 10.20.1.2:43412 TLS CRYPT V2 VERIFY SCRIPT OK |
700 | | 2021-10-18 20:07:09 us=160954 10.20.1.2:43412 VERIFY OK: depth=1, C=00, ST=home, L=tct, O=easy-tls, OU=Easy-TLS test v30a, CN=Easy-TLS v30a CA, emailAddress=tct@easytls.net |
701 | | 2021-10-18 20:07:09 us=162439 10.20.1.2:43412 VERIFY OK: depth=0, CN=core01 |
702 | | 2021-10-18 20:07:09 us=162885 10.20.1.2:43412 peer info: IV_VER=2.6_git |
703 | | 2021-10-18 20:07:09 us=162932 10.20.1.2:43412 peer info: IV_PLAT=linux |
704 | | 2021-10-18 20:07:09 us=162961 10.20.1.2:43412 peer info: IV_CIPHERS=CHACHA20-POLY1305 |
705 | | 2021-10-18 20:07:09 us=162980 10.20.1.2:43412 peer info: IV_PROTO=30 |
706 | | 2021-10-18 20:07:09 us=162999 10.20.1.2:43412 peer info: IV_LZO_STUB=1 |
707 | | 2021-10-18 20:07:09 us=163015 10.20.1.2:43412 peer info: IV_COMP_STUB=1 |
708 | | 2021-10-18 20:07:09 us=163030 10.20.1.2:43412 peer info: IV_COMP_STUBv2=1 |
709 | | 2021-10-18 20:07:09 us=163046 10.20.1.2:43412 peer info: IV_TCPNL=1 |
710 | | 2021-10-18 20:07:09 us=163061 10.20.1.2:43412 peer info: IV_HWADDR=00:00:00:aa:00:03 |
711 | | 2021-10-18 20:07:09 us=163076 10.20.1.2:43412 peer info: IV_SSL=OpenSSL_1.1.1f__31_Mar_2020 |
712 | | 2021-10-18 20:07:09 us=163091 10.20.1.2:43412 peer info: UV_TLSKEY_SERIAL=638a99cd17661fcf1b8e41165f259d486dae443a9e3bf7879069f4ffcc35e7a5 |
713 | | 2021-10-18 20:07:09 us=163109 10.20.1.2:43412 peer info: UV_REAL_NAME=core01 |
714 | | 2021-10-18 20:07:09 us=164661 10.20.1.2:43412 TLS: Username/Password authentication deferred for username 'core_01_b' [CN SET] |
715 | | 2021-10-18 20:07:09 us=164723 10.20.1.2:43412 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1557' |
716 | | 2021-10-18 20:07:09 us=164749 10.20.1.2:43412 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo' |
717 | | |
718 | | ***** delay for 7 seconds -- core01 core_01_b ***** |
719 | | |
720 | | 2021-10-18 20:07:09 us=166632 10.20.1.2:43412 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 2048 bit RSA, signature: ecdsa-with-SHA256 |
721 | | 2021-10-18 20:07:09 us=166709 10.20.1.2:43412 [core_01_b] Peer Connection Initiated with [AF_INET6]::ffff:10.20.1.2:43412 |
722 | | 2021-10-18 20:07:09 us=332052 core_01_b/10.20.2.2:37317 [core_01_b] Inactivity timeout (--ping-restart), restarting |
723 | | 2021-10-18 20:07:09 us=332187 core_01_b/10.20.2.2:37317 SIGUSR1[soft,ping-restart] received, client-instance restarting |
724 | | <EXOK> * EasyTLS-client-disconnect => vars loaded => CN: core_01_b => conntrac: acquire_lock => conntrac: tallied => conntrac pattern: 638a99cd17661fcf1b8e41165f259d486dae443a9e3bf7879069f4ffcc35e7a5=817D664B73EF39A1A788E84E685DC5EB==core_01_b==10.171.22.201 => conntrac: unregistered => conntrac: RESET => conntrac: release_lock => disconnect completed |
725 | | |
726 | | 2021-10-18 20:07:10 us=401227 10.20.1.2:43412 PUSH: Received control message: 'PUSH_REQUEST' |
727 | | 2021-10-18 20:07:15 us=640945 10.20.1.2:43412 PUSH: Received control message: 'PUSH_REQUEST' |
728 | | |
729 | | ***** delay for 7 seconds -- core01 core_01_b DONE ***** |
730 | | |
731 | | 2021-10-18 20:07:16 us=837113 core_01_b/10.20.1.2:43412 MULTI_sva: pool returned IPv4=10.171.22.201, IPv6=(Not enabled) |
732 | | 2021-10-18 20:07:16 us=837398 core_01_b/10.20.1.2:43412 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/server/v31a/ccd/core_01_b |
733 | | <EXOK> * EasyTLS-client-connect => vars loaded => dyn opts loaded => CN: core_01_b => conntrac: tallied => conntrac: registered => tls key serial: 638a99cd17661fcf1b8e41165f259d486dae443a9e3bf7879069f4ffcc35e7a5 => fixed_md_file loaded => metadata -> x509 serial match => Key is not locked to hwaddr => connection allowed => temp-files deleted |
734 | | |
735 | | 2021-10-18 20:07:16 us=863564 core_01_b/10.20.1.2:43412 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_254723af0405bf077edb4e7015fff3a2.tmp |
736 | | 2021-10-18 20:07:16 us=863849 core_01_b/10.20.1.2:43412 OPTIONS IMPORT: timers and/or timeouts modified |
737 | | 2021-10-18 20:07:16 us=863889 core_01_b/10.20.1.2:43412 MULTI: Learn: 10.171.22.201 -> core_01_b/10.20.1.2:43412 |
738 | | 2021-10-18 20:07:16 us=863911 core_01_b/10.20.1.2:43412 MULTI: primary virtual IP for core_01_b/10.20.1.2:43412: 10.171.22.201 |
739 | | 2021-10-18 20:07:16 us=863937 core_01_b/10.20.1.2:43412 Data Channel: using negotiated cipher 'CHACHA20-POLY1305' |
740 | | 2021-10-18 20:07:16 us=863972 core_01_b/10.20.1.2:43412 Data Channel MTU parms [ L:1535 D:1450 EF:35 EB:406 ET:0 EL:3 AF:14/122 ] |
741 | | 2021-10-18 20:07:16 us=864053 core_01_b/10.20.1.2:43412 Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key |
742 | | 2021-10-18 20:07:16 us=864076 core_01_b/10.20.1.2:43412 Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key |
743 | | 2021-10-18 20:07:16 us=864162 core_01_b/10.20.1.2:43412 SENT CONTROL [core_01_b]: 'PUSH_REPLY,topology subnet,route-gateway 10.171.22.1,route 10.171.22.1,route 10.66.67.101,comp-lzo no,explicit-exit-notify 1,route 10.66.67.101,ping 10,ping-restart 150,ifconfig 10.171.22.201 255.255.255.0,peer-id 1,cipher CHACHA20-POLY1305,key-derivation tls-ekm' (status=1) |
744 | | 2021-10-18 20:10:09 us=954239 core_01_b/10.20.1.2:43412 VERIFY OK: depth=1, C=00, ST=home, L=tct, O=easy-tls, OU=Easy-TLS test v30a, CN=Easy-TLS v30a CA, emailAddress=tct@easytls.net |
745 | | 2021-10-18 20:10:09 us=957047 core_01_b/10.20.1.2:43412 VERIFY OK: depth=0, CN=core01 |
746 | | 2021-10-18 20:10:09 us=957576 core_01_b/10.20.1.2:43412 peer info: IV_VER=2.6_git |
747 | | 2021-10-18 20:10:09 us=957613 core_01_b/10.20.1.2:43412 peer info: IV_PLAT=linux |
748 | | 2021-10-18 20:10:09 us=957641 core_01_b/10.20.1.2:43412 peer info: IV_CIPHERS=CHACHA20-POLY1305 |
749 | | 2021-10-18 20:10:09 us=957672 core_01_b/10.20.1.2:43412 peer info: IV_PROTO=30 |
750 | | 2021-10-18 20:10:09 us=957706 core_01_b/10.20.1.2:43412 peer info: IV_LZO_STUB=1 |
751 | | 2021-10-18 20:10:09 us=957726 core_01_b/10.20.1.2:43412 peer info: IV_COMP_STUB=1 |
752 | | 2021-10-18 20:10:09 us=957746 core_01_b/10.20.1.2:43412 peer info: IV_COMP_STUBv2=1 |
753 | | 2021-10-18 20:10:09 us=957769 core_01_b/10.20.1.2:43412 peer info: IV_TCPNL=1 |
754 | | 2021-10-18 20:10:09 us=957789 core_01_b/10.20.1.2:43412 peer info: IV_HWADDR=00:00:00:aa:00:03 |
755 | | 2021-10-18 20:10:09 us=957809 core_01_b/10.20.1.2:43412 peer info: IV_SSL=OpenSSL_1.1.1f__31_Mar_2020 |
756 | | 2021-10-18 20:10:09 us=957830 core_01_b/10.20.1.2:43412 peer info: UV_TLSKEY_SERIAL=638a99cd17661fcf1b8e41165f259d486dae443a9e3bf7879069f4ffcc35e7a5 |
757 | | 2021-10-18 20:10:09 us=957852 core_01_b/10.20.1.2:43412 peer info: UV_REAL_NAME=core01 |
758 | | 2021-10-18 20:10:09 us=959339 core_01_b/10.20.1.2:43412 TLS: Username/Password authentication deferred for username 'core_01_b' [CN SET] |
759 | | 2021-10-18 20:10:09 us=959499 core_01_b/10.20.1.2:43412 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1557' |
760 | | 2021-10-18 20:10:09 us=959537 core_01_b/10.20.1.2:43412 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo' |
761 | | |
762 | | ***** delay for 7 seconds -- core01 core_01_b ***** |
763 | | |
764 | | 2021-10-18 20:10:09 us=961849 core_01_b/10.20.1.2:43412 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 2048 bit RSA, signature: ecdsa-with-SHA256 |
765 | | |
766 | | ***** delay for 7 seconds -- core01 core_01_b DONE ***** |
767 | | |
768 | | 2021-10-18 20:10:24 us=273083 core_01_b/10.20.1.2:43412 Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key |
769 | | 2021-10-18 20:10:24 us=273164 core_01_b/10.20.1.2:43412 Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key |
770 | | 2021-10-18 20:11:00 us=91952 Float requested for peer 1 to 10.20.2.2:43412 |
771 | | 2021-10-18 20:11:00 us=92081 peer 1 (core_01_b) floated from 10.20.1.2:43412 to [AF_INET6]::ffff:10.20.2.2:43412 |
772 | | 2021-10-18 20:13:25 us=207321 Control Channel: using tls-crypt-v2 key |
773 | | 2021-10-18 20:13:25 us=207390 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
774 | | 2021-10-18 20:13:25 us=207414 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
775 | | 2021-10-18 20:13:25 us=207430 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
776 | | 2021-10-18 20:13:25 us=207451 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
777 | | 2021-10-18 20:13:25 us=207476 MULTI: multi_create_instance called |
778 | | 2021-10-18 20:13:25 us=207517 10.20.2.2:53174 Re-using SSL/TLS context |
779 | | 2021-10-18 20:13:25 us=207617 10.20.2.2:53174 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
780 | | 2021-10-18 20:13:25 us=207633 10.20.2.2:53174 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
781 | | 2021-10-18 20:13:25 us=207671 10.20.2.2:53174 tls-crypt-v2 server key: Cipher 'AES-256-CTR' initialized with 256 bit key |
782 | | 2021-10-18 20:13:25 us=207692 10.20.2.2:53174 tls-crypt-v2 server key: Using 256 bit message hash 'SHA256' for HMAC authentication |
783 | | 2021-10-18 20:13:25 us=207792 10.20.2.2:53174 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ] |
784 | | 2021-10-18 20:13:25 us=207813 10.20.2.2:53174 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] |
785 | | 2021-10-18 20:13:25 us=207854 10.20.2.2:53174 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' |
786 | | 2021-10-18 20:13:25 us=207868 10.20.2.2:53174 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client' |
787 | | 2021-10-18 20:13:25 us=207907 10.20.2.2:53174 TLS: Initial packet from [AF_INET6]::ffff:10.20.2.2:53174, sid=fdfa5701 108808e0 |
788 | | 2021-10-18 20:13:25 us=207922 10.20.2.2:53174 Control Channel: using tls-crypt-v2 key |
789 | | 2021-10-18 20:13:25 us=207948 10.20.2.2:53174 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
790 | | 2021-10-18 20:13:25 us=207969 10.20.2.2:53174 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
791 | | 2021-10-18 20:13:25 us=207987 10.20.2.2:53174 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
792 | | 2021-10-18 20:13:25 us=208012 10.20.2.2:53174 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
793 | | <EXOK> * Easy-TLS-cryptv2-verify => vars loaded => acquire_lock => CN: core01 => easytls OK => MULTI custom_group EasyTLS-v30a OK => tlskey-serial verification disabled => Key age 41 days OK => Enabled OK => metadata verified => connection allowed => Created client_md_file => release_lock |
794 | | |
795 | | 2021-10-18 20:13:25 us=216091 10.20.2.2:53174 TLS CRYPT V2 VERIFY SCRIPT OK |
796 | | 2021-10-18 20:13:45 us=801770 10.20.2.2:53174 Control Channel: using tls-crypt-v2 key |
797 | | 2021-10-18 20:13:45 us=801931 10.20.2.2:53174 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
798 | | 2021-10-18 20:13:45 us=802008 10.20.2.2:53174 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
799 | | 2021-10-18 20:13:45 us=802050 10.20.2.2:53174 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
800 | | 2021-10-18 20:13:45 us=802108 10.20.2.2:53174 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
801 | | <EXOK> * Easy-TLS-cryptv2-verify => vars loaded => acquire_lock => CN: core01 => easytls OK => MULTI custom_group EasyTLS-v30a OK => tlskey-serial verification disabled => Key age 41 days OK => Enabled OK => metadata verified => connection allowed => Created client_md_file => release_lock |
802 | | |
803 | | 2021-10-18 20:13:45 us=825994 10.20.2.2:53174 TLS CRYPT V2 VERIFY SCRIPT OK |
804 | | 2021-10-18 20:14:09 us=658508 core_01_b/10.20.2.2:43412 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) |
805 | | 2021-10-18 20:14:09 us=658619 core_01_b/10.20.2.2:43412 TLS Error: TLS handshake failed |
806 | | 2021-10-18 20:14:09 us=658673 core_01_b/10.20.2.2:43412 TLS: move_session: dest=TM_LAME_DUCK src=TM_ACTIVE reinit_src=1 |
807 | | 2021-10-18 20:14:25 us=6759 10.20.2.2:53174 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) |
808 | | 2021-10-18 20:14:25 us=6862 10.20.2.2:53174 TLS Error: TLS handshake failed |
809 | | 2021-10-18 20:14:25 us=7129 10.20.2.2:53174 SIGUSR1[soft,tls-error] received, client-instance restarting |
810 | | 2021-10-18 20:14:30 us=857791 Control Channel: using tls-crypt-v2 key |
811 | | 2021-10-18 20:14:30 us=857954 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
812 | | 2021-10-18 20:14:30 us=858013 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
813 | | 2021-10-18 20:14:30 us=858059 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
814 | | 2021-10-18 20:14:30 us=858109 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
815 | | 2021-10-18 20:14:30 us=858164 MULTI: multi_create_instance called |
816 | | 2021-10-18 20:14:30 us=858241 10.20.2.2:40950 Re-using SSL/TLS context |
817 | | 2021-10-18 20:14:30 us=858421 10.20.2.2:40950 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
818 | | 2021-10-18 20:14:30 us=858468 10.20.2.2:40950 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
819 | | 2021-10-18 20:14:30 us=858566 10.20.2.2:40950 tls-crypt-v2 server key: Cipher 'AES-256-CTR' initialized with 256 bit key |
820 | | 2021-10-18 20:14:30 us=858591 10.20.2.2:40950 tls-crypt-v2 server key: Using 256 bit message hash 'SHA256' for HMAC authentication |
821 | | 2021-10-18 20:14:30 us=858694 10.20.2.2:40950 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ] |
822 | | 2021-10-18 20:14:30 us=858717 10.20.2.2:40950 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] |
823 | | 2021-10-18 20:14:30 us=858766 10.20.2.2:40950 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' |
824 | | 2021-10-18 20:14:30 us=858783 10.20.2.2:40950 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client' |
825 | | 2021-10-18 20:14:30 us=858836 10.20.2.2:40950 TLS: Initial packet from [AF_INET6]::ffff:10.20.2.2:40950, sid=698d2362 829e401f |
826 | | 2021-10-18 20:14:30 us=858853 10.20.2.2:40950 Control Channel: using tls-crypt-v2 key |
827 | | 2021-10-18 20:14:30 us=858885 10.20.2.2:40950 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
828 | | 2021-10-18 20:14:30 us=858906 10.20.2.2:40950 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
829 | | 2021-10-18 20:14:30 us=858923 10.20.2.2:40950 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
830 | | 2021-10-18 20:14:30 us=858944 10.20.2.2:40950 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
831 | | <EXOK> * Easy-TLS-cryptv2-verify => vars loaded => acquire_lock => CN: core01 => easytls OK => MULTI custom_group EasyTLS-v30a OK => tlskey-serial verification disabled => Key age 41 days OK => Enabled OK => metadata verified => connection allowed => Created client_md_file => release_lock |
832 | | |
833 | | 2021-10-18 20:14:30 us=896737 10.20.2.2:40950 TLS CRYPT V2 VERIFY SCRIPT OK |
834 | | 2021-10-18 20:15:25 us=418608 core_01_b/10.20.2.2:43412 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) |
835 | | 2021-10-18 20:15:25 us=418663 core_01_b/10.20.2.2:43412 TLS Error: TLS handshake failed |
836 | | 2021-10-18 20:15:30 us=11012 10.20.2.2:40950 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) |
837 | | 2021-10-18 20:15:30 us=11057 10.20.2.2:40950 TLS Error: TLS handshake failed |
838 | | 2021-10-18 20:15:30 us=11181 10.20.2.2:40950 SIGUSR1[soft,tls-error] received, client-instance restarting |
839 | | 2021-10-18 20:15:55 us=712147 Control Channel: using tls-crypt-v2 key |
840 | | 2021-10-18 20:15:55 us=712286 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
841 | | 2021-10-18 20:15:55 us=712331 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
842 | | 2021-10-18 20:15:55 us=712364 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
843 | | 2021-10-18 20:15:55 us=712398 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
844 | | 2021-10-18 20:15:55 us=712438 MULTI: multi_create_instance called |
845 | | 2021-10-18 20:15:55 us=712499 10.20.1.2:38470 Re-using SSL/TLS context |
846 | | 2021-10-18 20:15:55 us=712630 10.20.1.2:38470 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
847 | | 2021-10-18 20:15:55 us=712660 10.20.1.2:38470 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication |
848 | | 2021-10-18 20:15:55 us=712745 10.20.1.2:38470 tls-crypt-v2 server key: Cipher 'AES-256-CTR' initialized with 256 bit key |
849 | | 2021-10-18 20:15:55 us=712775 10.20.1.2:38470 tls-crypt-v2 server key: Using 256 bit message hash 'SHA256' for HMAC authentication |
850 | | 2021-10-18 20:15:55 us=712915 10.20.1.2:38470 Control Channel MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ] |
851 | | 2021-10-18 20:15:55 us=712939 10.20.1.2:38470 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 AF:14/122 ] |
852 | | 2021-10-18 20:15:55 us=712992 10.20.1.2:38470 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server' |
853 | | 2021-10-18 20:15:55 us=713010 10.20.1.2:38470 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client' |
854 | | 2021-10-18 20:15:55 us=713064 10.20.1.2:38470 TLS: Initial packet from [AF_INET6]::ffff:10.20.1.2:38470, sid=e004d2d9 1c59c6bb |
855 | | 2021-10-18 20:15:55 us=713082 10.20.1.2:38470 Control Channel: using tls-crypt-v2 key |
856 | | 2021-10-18 20:15:55 us=713117 10.20.1.2:38470 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
857 | | 2021-10-18 20:15:55 us=713141 10.20.1.2:38470 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
858 | | 2021-10-18 20:15:55 us=713159 10.20.1.2:38470 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key |
859 | | 2021-10-18 20:15:55 us=713181 10.20.1.2:38470 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication |
860 | | <EXOK> * Easy-TLS-cryptv2-verify => vars loaded => acquire_lock => CN: core01 => easytls OK => MULTI custom_group EasyTLS-v30a OK => tlskey-serial verification disabled => Key age 41 days OK => Enabled OK => metadata verified => connection allowed => Created client_md_file => release_lock |
861 | | |
862 | | 2021-10-18 20:15:55 us=733025 10.20.1.2:38470 TLS CRYPT V2 VERIFY SCRIPT OK |
863 | | 2021-10-18 20:15:55 us=752309 10.20.1.2:38470 VERIFY OK: depth=1, C=00, ST=home, L=tct, O=easy-tls, OU=Easy-TLS test v30a, CN=Easy-TLS v30a CA, emailAddress=tct@easytls.net |
864 | | 2021-10-18 20:15:55 us=754566 10.20.1.2:38470 VERIFY OK: depth=0, CN=core01 |
865 | | 2021-10-18 20:15:55 us=755044 10.20.1.2:38470 peer info: IV_VER=2.6_git |
866 | | 2021-10-18 20:15:55 us=755069 10.20.1.2:38470 peer info: IV_PLAT=linux |
867 | | 2021-10-18 20:15:55 us=755084 10.20.1.2:38470 peer info: IV_CIPHERS=CHACHA20-POLY1305 |
868 | | 2021-10-18 20:15:55 us=755098 10.20.1.2:38470 peer info: IV_PROTO=30 |
869 | | 2021-10-18 20:15:55 us=755110 10.20.1.2:38470 peer info: IV_LZO_STUB=1 |
870 | | 2021-10-18 20:15:55 us=755121 10.20.1.2:38470 peer info: IV_COMP_STUB=1 |
871 | | 2021-10-18 20:15:55 us=755134 10.20.1.2:38470 peer info: IV_COMP_STUBv2=1 |
872 | | 2021-10-18 20:15:55 us=755146 10.20.1.2:38470 peer info: IV_TCPNL=1 |
873 | | 2021-10-18 20:15:55 us=755158 10.20.1.2:38470 peer info: IV_HWADDR=00:00:00:aa:00:03 |
874 | | 2021-10-18 20:15:55 us=755170 10.20.1.2:38470 peer info: IV_SSL=OpenSSL_1.1.1f__31_Mar_2020 |
875 | | 2021-10-18 20:15:55 us=755185 10.20.1.2:38470 peer info: UV_TLSKEY_SERIAL=638a99cd17661fcf1b8e41165f259d486dae443a9e3bf7879069f4ffcc35e7a5 |
876 | | 2021-10-18 20:15:55 us=755198 10.20.1.2:38470 peer info: UV_REAL_NAME=core01 |
877 | | 2021-10-18 20:15:55 us=756798 10.20.1.2:38470 TLS: Username/Password authentication deferred for username 'core_01_b' [CN SET] |
878 | | 2021-10-18 20:15:55 us=756864 10.20.1.2:38470 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1557' |
879 | | 2021-10-18 20:15:55 us=756890 10.20.1.2:38470 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo' |
880 | | |
881 | | ***** delay for 7 seconds -- core01 core_01_b ***** |
882 | | |
883 | | 2021-10-18 20:15:55 us=758754 10.20.1.2:38470 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 2048 bit RSA, signature: ecdsa-with-SHA256 |
884 | | 2021-10-18 20:15:55 us=758815 10.20.1.2:38470 [core_01_b] Peer Connection Initiated with [AF_INET6]::ffff:10.20.1.2:38470 |
885 | | 2021-10-18 20:15:56 us=992105 10.20.1.2:38470 PUSH: Received control message: 'PUSH_REQUEST' |
886 | | 2021-10-18 20:16:02 us=228455 10.20.1.2:38470 PUSH: Received control message: 'PUSH_REQUEST' |
887 | | |
888 | | ***** delay for 7 seconds -- core01 core_01_b DONE ***** |
889 | | |
890 | | 2021-10-18 20:16:03 us=489013 core_01_b/10.20.1.2:38470 MULTI_sva: pool returned IPv4=10.171.22.202, IPv6=(Not enabled) |
891 | | 2021-10-18 20:16:03 us=489208 core_01_b/10.20.1.2:38470 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/server/v31a/ccd/core_01_b |
892 | | <EXOK> * EasyTLS-client-connect => vars loaded => dyn opts loaded => CN: core_01_b => conntrac: tallied => conntrac: registered => tls key serial: 638a99cd17661fcf1b8e41165f259d486dae443a9e3bf7879069f4ffcc35e7a5 => fixed_md_file loaded => metadata -> x509 serial match => Key is not locked to hwaddr => connection allowed => temp-files deleted |
893 | | |
894 | | 2021-10-18 20:16:03 us=518048 core_01_b/10.20.1.2:38470 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_402e33d88980d40b3c0126e9f21ba34c.tmp |
895 | | 2021-10-18 20:16:03 us=518307 core_01_b/10.20.1.2:38470 OPTIONS IMPORT: timers and/or timeouts modified |
896 | | 2021-10-18 20:16:03 us=518339 core_01_b/10.20.1.2:38470 MULTI: Learn: 10.171.22.202 -> core_01_b/10.20.1.2:38470 |
897 | | 2021-10-18 20:16:03 us=518354 core_01_b/10.20.1.2:38470 MULTI: primary virtual IP for core_01_b/10.20.1.2:38470: 10.171.22.202 |
898 | | 2021-10-18 20:16:03 us=518381 core_01_b/10.20.1.2:38470 Data Channel: using negotiated cipher 'CHACHA20-POLY1305' |
899 | | 2021-10-18 20:16:03 us=518416 core_01_b/10.20.1.2:38470 Data Channel MTU parms [ L:1535 D:1450 EF:35 EB:406 ET:0 EL:3 AF:14/122 ] |
900 | | 2021-10-18 20:16:03 us=518511 core_01_b/10.20.1.2:38470 Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key |
901 | | 2021-10-18 20:16:03 us=518644 core_01_b/10.20.1.2:38470 Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key |
902 | | 2021-10-18 20:16:03 us=518756 core_01_b/10.20.1.2:38470 SENT CONTROL [core_01_b]: 'PUSH_REPLY,topology subnet,route-gateway 10.171.22.1,route 10.171.22.1,route 10.66.67.101,comp-lzo no,explicit-exit-notify 1,route 10.66.67.101,ping 10,ping-restart 150,ifconfig 10.171.22.202 255.255.255.0,peer-id 0,cipher CHACHA20-POLY1305,key-derivation tls-ekm' (status=1) |
903 | | 2021-10-18 20:16:09 us=350625 core_01_b/10.20.2.2:43412 [UNDEF] Inactivity timeout (--ping-restart), restarting |
904 | | 2021-10-18 20:16:09 us=350716 core_01_b/10.20.2.2:43412 SIGUSR1[soft,ping-restart] received, client-instance restarting |
905 | | <EXOK> * EasyTLS-client-disconnect => vars loaded => CN: => conntrac: acquire_lock => conntrac: tallied => conntrac pattern: 638a99cd17661fcf1b8e41165f259d486dae443a9e3bf7879069f4ffcc35e7a5=817D664B73EF39A1A788E84E685DC5EB====10.171.22.201 => conntrac: record not found: 638a99cd17661fcf1b8e41165f259d486dae443a9e3bf7879069f4ffcc35e7a5=817D664B73EF39A1A788E84E685DC5EB====10.171.22.201 => conntrac: release_lock => conn_trac_disconnect FAIL => conntrac: acquire_lock => conntrac: tallied => conntrac pattern: 638a99cd17661fcf1b8e41165f259d486dae443a9e3bf7879069f4ffcc35e7a5=817D664B73EF39A1A788E84E685DC5EB==core_01_b==10.171.22.201 => conntrac: unregistered => conntrac: release_lock => conn_trac_disconnect recovered => disconnect completed |
906 | | }}} |
| 1 | Comment Too noisy - deleted in favour of the following comment |