id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc 1463,Script security warnings - Revisit code and decide WARN or Note ?,tct,,"OpenVPN 2.5.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 16 2022 Config: {{{ script-security 3 up up.sh down down.sh }}} Log (verb 4): {{{ 2022-04-19 12:42:44 us=119164 WARNING: file '/etc/openvpn/tunc_55111u/pki/ta.key' is group or others accessible 2022-04-19 12:42:44 us=119231 WARNING: file '/etc/openvpn/userpass.txt' is group or others accessible 2022-04-19 12:42:44 us=119257 Current Parameter Settings: 2022-04-19 12:42:44 us=119272 config = 'tunc_55111u.conf' 2022-04-19 12:42:44 us=119288 mode = 0 2022-04-19 12:42:44 us=119303 persist_config = DISABLED 2022-04-19 12:42:44 us=119318 persist_mode = 1 2022-04-19 12:42:44 us=119333 show_ciphers = DISABLED 2022-04-19 12:42:44 us=119347 show_digests = DISABLED 2022-04-19 12:42:44 us=119360 show_engines = DISABLED 2022-04-19 12:42:44 us=119377 genkey = DISABLED 2022-04-19 12:42:44 us=119391 genkey_filename = '[UNDEF]' 2022-04-19 12:42:44 us=119405 key_pass_file = '[UNDEF]' 2022-04-19 12:42:44 us=119420 show_tls_ciphers = DISABLED 2022-04-19 12:42:44 us=119437 connect_retry_max = 0 2022-04-19 12:42:44 us=119451 Connection profiles [0]: 2022-04-19 12:42:44 us=119468 proto = tcp-client 2022-04-19 12:42:44 us=119483 local = '[UNDEF]' 2022-04-19 12:42:44 us=119497 local_port = '[UNDEF]' 2022-04-19 12:42:44 us=119512 remote = '10.1.101.226' 2022-04-19 12:42:44 us=119527 remote_port = '55111' 2022-04-19 12:42:44 us=119542 remote_float = DISABLED 2022-04-19 12:42:44 us=119556 bind_defined = DISABLED 2022-04-19 12:42:44 us=119572 bind_local = DISABLED 2022-04-19 12:42:44 us=119586 bind_ipv6_only = DISABLED 2022-04-19 12:42:44 us=119602 connect_retry_seconds = 10 2022-04-19 12:42:44 us=119615 connect_timeout = 20 2022-04-19 12:42:44 us=119631 socks_proxy_server = '[UNDEF]' 2022-04-19 12:42:44 us=119645 socks_proxy_port = '[UNDEF]' 2022-04-19 12:42:44 us=119661 tun_mtu = 1500 2022-04-19 12:42:44 us=119675 tun_mtu_defined = ENABLED 2022-04-19 12:42:44 us=119690 link_mtu = 1500 2022-04-19 12:42:44 us=119703 link_mtu_defined = DISABLED 2022-04-19 12:42:44 us=119720 tun_mtu_extra = 0 2022-04-19 12:42:44 us=119733 tun_mtu_extra_defined = DISABLED 2022-04-19 12:42:44 us=119749 mtu_discover_type = -1 2022-04-19 12:42:44 us=119763 fragment = 0 2022-04-19 12:42:44 us=119779 mssfix = 1450 2022-04-19 12:42:44 us=119793 explicit_exit_notification = 0 2022-04-19 12:42:44 us=119807 tls_auth_file = '/etc/openvpn/tunc_55111u/pki/ta.key' 2022-04-19 12:42:44 us=119823 key_direction = 1 2022-04-19 12:42:44 us=119837 tls_crypt_file = '[UNDEF]' 2022-04-19 12:42:44 us=119851 tls_crypt_v2_file = '[UNDEF]' 2022-04-19 12:42:44 us=119867 Connection profiles END 2022-04-19 12:42:44 us=119880 remote_random = DISABLED 2022-04-19 12:42:44 us=119896 ipchange = '[UNDEF]' 2022-04-19 12:42:44 us=119910 dev = 'tunc55111' 2022-04-19 12:42:44 us=119924 dev_type = '[UNDEF]' 2022-04-19 12:42:44 us=119940 dev_node = '[UNDEF]' 2022-04-19 12:42:44 us=119954 lladdr = '[UNDEF]' 2022-04-19 12:42:44 us=119970 topology = 1 2022-04-19 12:42:44 us=119984 ifconfig_local = '[UNDEF]' 2022-04-19 12:42:44 us=119999 ifconfig_remote_netmask = '[UNDEF]' 2022-04-19 12:42:44 us=120013 ifconfig_noexec = DISABLED 2022-04-19 12:42:44 us=120028 ifconfig_nowarn = DISABLED 2022-04-19 12:42:44 us=120042 ifconfig_ipv6_local = '[UNDEF]' 2022-04-19 12:42:44 us=120058 ifconfig_ipv6_netbits = 0 2022-04-19 12:42:44 us=120072 ifconfig_ipv6_remote = '[UNDEF]' 2022-04-19 12:42:44 us=120087 shaper = 0 2022-04-19 12:42:44 us=120101 mtu_test = 0 2022-04-19 12:42:44 us=120117 mlock = DISABLED 2022-04-19 12:42:44 us=120131 keepalive_ping = 0 2022-04-19 12:42:44 us=120146 keepalive_timeout = 0 2022-04-19 12:42:44 us=120160 inactivity_timeout = 0 2022-04-19 12:42:44 us=120176 inactivity_minimum_bytes = 0 2022-04-19 12:42:44 us=120190 ping_send_timeout = 0 2022-04-19 12:42:44 us=120205 ping_rec_timeout = 0 2022-04-19 12:42:44 us=120220 ping_rec_timeout_action = 0 2022-04-19 12:42:44 us=120235 ping_timer_remote = ENABLED 2022-04-19 12:42:44 us=120249 remap_sigusr1 = 0 2022-04-19 12:42:44 us=120264 persist_tun = DISABLED 2022-04-19 12:42:44 us=120278 persist_local_ip = DISABLED 2022-04-19 12:42:44 us=120293 persist_remote_ip = DISABLED 2022-04-19 12:42:44 us=120307 persist_key = DISABLED 2022-04-19 12:42:44 us=120323 passtos = DISABLED 2022-04-19 12:42:44 us=120337 resolve_retry_seconds = 1000000000 2022-04-19 12:42:44 us=120352 resolve_in_advance = DISABLED 2022-04-19 12:42:44 us=120367 username = '[UNDEF]' 2022-04-19 12:42:44 us=120382 groupname = '[UNDEF]' 2022-04-19 12:42:44 us=120396 chroot_dir = '[UNDEF]' 2022-04-19 12:42:44 us=120411 cd_dir = '[UNDEF]' 2022-04-19 12:42:44 us=120425 writepid = '[UNDEF]' 2022-04-19 12:42:44 us=120441 up_script = 'up.sh' 2022-04-19 12:42:44 us=120455 down_script = 'down.sh' 2022-04-19 12:42:44 us=120470 down_pre = DISABLED 2022-04-19 12:42:44 us=120484 up_restart = DISABLED 2022-04-19 12:42:44 us=120499 up_delay = DISABLED 2022-04-19 12:42:44 us=120513 daemon = DISABLED 2022-04-19 12:42:44 us=120529 inetd = 0 2022-04-19 12:42:44 us=120542 log = DISABLED 2022-04-19 12:42:44 us=120557 suppress_timestamps = DISABLED 2022-04-19 12:42:44 us=120571 machine_readable_output = DISABLED 2022-04-19 12:42:44 us=120586 nice = 0 2022-04-19 12:42:44 us=120600 verbosity = 4 2022-04-19 12:42:44 us=120616 mute = 0 2022-04-19 12:42:44 us=120629 gremlin = 0 2022-04-19 12:42:44 us=120644 status_file = '[UNDEF]' 2022-04-19 12:42:44 us=120658 status_file_version = 1 2022-04-19 12:42:44 us=120674 status_file_update_freq = 60 2022-04-19 12:42:44 us=120688 occ = ENABLED 2022-04-19 12:42:44 us=120704 rcvbuf = 0 2022-04-19 12:42:44 us=120717 sndbuf = 0 2022-04-19 12:42:44 us=120732 mark = 0 2022-04-19 12:42:44 us=120746 sockflags = 0 2022-04-19 12:42:44 us=120761 fast_io = DISABLED 2022-04-19 12:42:44 us=120775 comp.alg = 1 2022-04-19 12:42:44 us=120791 comp.flags = 0 2022-04-19 12:42:44 us=120805 route_script = '[UNDEF]' 2022-04-19 12:42:44 us=120829 route_default_gateway = '[UNDEF]' 2022-04-19 12:42:44 us=120848 route_default_metric = 0 2022-04-19 12:42:44 us=120862 route_noexec = DISABLED 2022-04-19 12:42:44 us=120877 route_delay = 0 2022-04-19 12:42:44 us=120891 route_delay_window = 30 2022-04-19 12:42:44 us=120907 route_delay_defined = DISABLED 2022-04-19 12:42:44 us=120921 route_nopull = DISABLED 2022-04-19 12:42:44 us=120935 route_gateway_via_dhcp = DISABLED 2022-04-19 12:42:44 us=120951 allow_pull_fqdn = DISABLED 2022-04-19 12:42:44 us=120965 Pull filters: 2022-04-19 12:42:44 us=120981 ignore ""route 192.168."" 2022-04-19 12:42:44 us=120995 management_addr = '[UNDEF]' 2022-04-19 12:42:44 us=121011 management_port = '[UNDEF]' 2022-04-19 12:42:44 us=121026 management_user_pass = '[UNDEF]' 2022-04-19 12:42:44 us=121042 management_log_history_cache = 250 2022-04-19 12:42:44 us=121056 management_echo_buffer_size = 100 2022-04-19 12:42:44 us=121070 management_write_peer_info_file = '[UNDEF]' 2022-04-19 12:42:44 us=121087 management_client_user = '[UNDEF]' 2022-04-19 12:42:44 us=121103 management_client_group = '[UNDEF]' 2022-04-19 12:42:44 us=121117 management_flags = 0 2022-04-19 12:42:44 us=121132 shared_secret_file = '[UNDEF]' 2022-04-19 12:42:44 us=121146 key_direction = 1 2022-04-19 12:42:44 us=121164 ciphername = 'AES-256-GCM' 2022-04-19 12:42:44 us=121180 ncp_enabled = ENABLED 2022-04-19 12:42:44 us=121194 ncp_ciphers = 'AES-256-GCM:AES-128-GCM' 2022-04-19 12:42:44 us=121209 authname = 'SHA1' 2022-04-19 12:42:44 us=121225 prng_hash = 'SHA1' 2022-04-19 12:42:44 us=121240 prng_nonce_secret_len = 16 2022-04-19 12:42:44 us=121254 keysize = 0 2022-04-19 12:42:44 us=121270 engine = DISABLED 2022-04-19 12:42:44 us=121284 replay = ENABLED 2022-04-19 12:42:44 us=121298 mute_replay_warnings = DISABLED 2022-04-19 12:42:44 us=121315 replay_window = 64 2022-04-19 12:42:44 us=121329 replay_time = 15 2022-04-19 12:42:44 us=121345 packet_id_file = '[UNDEF]' 2022-04-19 12:42:44 us=121359 test_crypto = DISABLED 2022-04-19 12:42:44 us=121376 tls_server = DISABLED 2022-04-19 12:42:44 us=121391 tls_client = ENABLED 2022-04-19 12:42:44 us=121407 ca_file = '[INLINE]' 2022-04-19 12:42:44 us=121421 ca_path = '[UNDEF]' 2022-04-19 12:42:44 us=121438 dh_file = '[UNDEF]' 2022-04-19 12:42:44 us=121454 cert_file = '[INLINE]' 2022-04-19 12:42:44 us=121469 extra_certs_file = '[UNDEF]' 2022-04-19 12:42:44 us=121485 priv_key_file = '[INLINE]' 2022-04-19 12:42:44 us=121499 pkcs12_file = '[UNDEF]' 2022-04-19 12:42:44 us=121514 cipher_list = '[UNDEF]' 2022-04-19 12:42:44 us=121528 cipher_list_tls13 = '[UNDEF]' 2022-04-19 12:42:44 us=121544 tls_cert_profile = '[UNDEF]' 2022-04-19 12:42:44 us=121558 tls_verify = '[UNDEF]' 2022-04-19 12:42:44 us=121574 tls_export_cert = '[UNDEF]' 2022-04-19 12:42:44 us=121588 verify_x509_type = 2 2022-04-19 12:42:44 us=121604 verify_x509_name = 'v303.tct.secp384r1.s01' 2022-04-19 12:42:44 us=121618 crl_file = '[UNDEF]' 2022-04-19 12:42:44 us=121632 ns_cert_type = 0 2022-04-19 12:42:44 us=121648 remote_cert_ku[i] = 65535 2022-04-19 12:42:44 us=121662 remote_cert_ku[i] = 0 2022-04-19 12:42:44 us=121678 remote_cert_ku[i] = 0 2022-04-19 12:42:44 us=121692 remote_cert_ku[i] = 0 2022-04-19 12:42:44 us=121708 remote_cert_ku[i] = 0 2022-04-19 12:42:44 us=121722 remote_cert_ku[i] = 0 2022-04-19 12:42:44 us=121736 remote_cert_ku[i] = 0 2022-04-19 12:42:44 us=121751 remote_cert_ku[i] = 0 2022-04-19 12:42:44 us=121765 remote_cert_ku[i] = 0 2022-04-19 12:42:44 us=121779 remote_cert_ku[i] = 0 2022-04-19 12:42:44 us=121793 remote_cert_ku[i] = 0 2022-04-19 12:42:44 us=121807 remote_cert_ku[i] = 0 2022-04-19 12:42:44 us=121822 remote_cert_ku[i] = 0 2022-04-19 12:42:44 us=121836 remote_cert_ku[i] = 0 2022-04-19 12:42:44 us=121850 remote_cert_ku[i] = 0 2022-04-19 12:42:44 us=121864 remote_cert_ku[i] = 0 2022-04-19 12:42:44 us=121879 remote_cert_eku = 'TLS Web Server Authentication' 2022-04-19 12:42:44 us=121894 ssl_flags = 3264 2022-04-19 12:42:44 us=121908 tls_timeout = 10 2022-04-19 12:42:44 us=121922 renegotiate_bytes = -1 2022-04-19 12:42:44 us=121936 renegotiate_packets = 0 2022-04-19 12:42:44 us=121951 renegotiate_seconds = 0 2022-04-19 12:42:44 us=121965 handshake_window = 60 2022-04-19 12:42:44 us=121979 transition_window = 3600 2022-04-19 12:42:44 us=121993 single_session = DISABLED 2022-04-19 12:42:44 us=122007 push_peer_info = ENABLED 2022-04-19 12:42:44 us=122021 tls_exit = DISABLED 2022-04-19 12:42:44 us=122035 tls_crypt_v2_metadata = '[UNDEF]' 2022-04-19 12:42:44 us=122049 pkcs11_protected_authentication = DISABLED 2022-04-19 12:42:44 us=122063 pkcs11_protected_authentication = DISABLED 2022-04-19 12:42:44 us=122077 pkcs11_protected_authentication = DISABLED 2022-04-19 12:42:44 us=122093 pkcs11_protected_authentication = DISABLED 2022-04-19 12:42:44 us=122106 pkcs11_protected_authentication = DISABLED 2022-04-19 12:42:44 us=122121 pkcs11_protected_authentication = DISABLED 2022-04-19 12:42:44 us=122135 pkcs11_protected_authentication = DISABLED 2022-04-19 12:42:44 us=122149 pkcs11_protected_authentication = DISABLED 2022-04-19 12:42:44 us=122164 pkcs11_protected_authentication = DISABLED 2022-04-19 12:42:44 us=122178 pkcs11_protected_authentication = DISABLED 2022-04-19 12:42:44 us=122192 pkcs11_protected_authentication = DISABLED 2022-04-19 12:42:44 us=122206 pkcs11_protected_authentication = DISABLED 2022-04-19 12:42:44 us=122221 pkcs11_protected_authentication = DISABLED 2022-04-19 12:42:44 us=122234 pkcs11_protected_authentication = DISABLED 2022-04-19 12:42:44 us=122249 pkcs11_protected_authentication = DISABLED 2022-04-19 12:42:44 us=122263 pkcs11_protected_authentication = DISABLED 2022-04-19 12:42:44 us=122278 pkcs11_private_mode = 00000000 2022-04-19 12:42:44 us=122292 pkcs11_private_mode = 00000000 2022-04-19 12:42:44 us=122306 pkcs11_private_mode = 00000000 2022-04-19 12:42:44 us=122321 pkcs11_private_mode = 00000000 2022-04-19 12:42:44 us=122335 pkcs11_private_mode = 00000000 2022-04-19 12:42:44 us=122349 pkcs11_private_mode = 00000000 2022-04-19 12:42:44 us=122364 pkcs11_private_mode = 00000000 2022-04-19 12:42:44 us=122378 pkcs11_private_mode = 00000000 2022-04-19 12:42:44 us=122392 pkcs11_private_mode = 00000000 2022-04-19 12:42:44 us=122406 pkcs11_private_mode = 00000000 2022-04-19 12:42:44 us=122421 pkcs11_private_mode = 00000000 2022-04-19 12:42:44 us=122435 pkcs11_private_mode = 00000000 2022-04-19 12:42:44 us=122449 pkcs11_private_mode = 00000000 2022-04-19 12:42:44 us=122463 pkcs11_private_mode = 00000000 2022-04-19 12:42:44 us=122477 pkcs11_private_mode = 00000000 2022-04-19 12:42:44 us=122491 pkcs11_private_mode = 00000000 2022-04-19 12:42:44 us=122505 pkcs11_cert_private = DISABLED 2022-04-19 12:42:44 us=122519 pkcs11_cert_private = DISABLED 2022-04-19 12:42:44 us=122533 pkcs11_cert_private = DISABLED 2022-04-19 12:42:44 us=122548 pkcs11_cert_private = DISABLED 2022-04-19 12:42:44 us=122562 pkcs11_cert_private = DISABLED 2022-04-19 12:42:44 us=122575 pkcs11_cert_private = DISABLED 2022-04-19 12:42:44 us=122589 pkcs11_cert_private = DISABLED 2022-04-19 12:42:44 us=122603 pkcs11_cert_private = DISABLED 2022-04-19 12:42:44 us=122618 pkcs11_cert_private = DISABLED 2022-04-19 12:42:44 us=122632 pkcs11_cert_private = DISABLED 2022-04-19 12:42:44 us=122646 pkcs11_cert_private = DISABLED 2022-04-19 12:42:44 us=122660 pkcs11_cert_private = DISABLED 2022-04-19 12:42:44 us=122674 pkcs11_cert_private = DISABLED 2022-04-19 12:42:44 us=122688 pkcs11_cert_private = DISABLED 2022-04-19 12:42:44 us=122702 pkcs11_cert_private = DISABLED 2022-04-19 12:42:44 us=122716 pkcs11_cert_private = DISABLED 2022-04-19 12:42:44 us=122731 pkcs11_pin_cache_period = -1 2022-04-19 12:42:44 us=122745 pkcs11_id = '[UNDEF]' 2022-04-19 12:42:44 us=122759 pkcs11_id_management = DISABLED 2022-04-19 12:42:44 us=122775 server_network = 0.0.0.0 2022-04-19 12:42:44 us=122790 server_netmask = 0.0.0.0 2022-04-19 12:42:44 us=122811 server_network_ipv6 = :: 2022-04-19 12:42:44 us=122825 server_netbits_ipv6 = 0 2022-04-19 12:42:44 us=122840 server_bridge_ip = 0.0.0.0 2022-04-19 12:42:44 us=122855 server_bridge_netmask = 0.0.0.0 2022-04-19 12:42:44 us=122870 server_bridge_pool_start = 0.0.0.0 2022-04-19 12:42:44 us=122886 server_bridge_pool_end = 0.0.0.0 2022-04-19 12:42:44 us=122899 ifconfig_pool_defined = DISABLED 2022-04-19 12:42:44 us=122919 ifconfig_pool_start = 0.0.0.0 2022-04-19 12:42:44 us=122936 ifconfig_pool_end = 0.0.0.0 2022-04-19 12:42:44 us=122952 ifconfig_pool_netmask = 0.0.0.0 2022-04-19 12:42:44 us=122965 ifconfig_pool_persist_filename = '[UNDEF]' 2022-04-19 12:42:44 us=122981 ifconfig_pool_persist_refresh_freq = 600 2022-04-19 12:42:44 us=122994 ifconfig_ipv6_pool_defined = DISABLED 2022-04-19 12:42:44 us=123010 ifconfig_ipv6_pool_base = :: 2022-04-19 12:42:44 us=123025 ifconfig_ipv6_pool_netbits = 0 2022-04-19 12:42:44 us=123039 n_bcast_buf = 256 2022-04-19 12:42:44 us=123053 tcp_queue_limit = 64 2022-04-19 12:42:44 us=123067 real_hash_size = 256 2022-04-19 12:42:44 us=123082 virtual_hash_size = 256 2022-04-19 12:42:44 us=123096 client_connect_script = '[UNDEF]' 2022-04-19 12:42:44 us=123110 learn_address_script = '[UNDEF]' 2022-04-19 12:42:44 us=123124 client_disconnect_script = '[UNDEF]' 2022-04-19 12:42:44 us=123139 client_config_dir = '[UNDEF]' 2022-04-19 12:42:44 us=123153 ccd_exclusive = DISABLED 2022-04-19 12:42:44 us=123167 tmp_dir = '/tmp' 2022-04-19 12:42:44 us=123180 push_ifconfig_defined = DISABLED 2022-04-19 12:42:44 us=123196 push_ifconfig_local = 0.0.0.0 2022-04-19 12:42:44 us=123213 push_ifconfig_remote_netmask = 0.0.0.0 2022-04-19 12:42:44 us=123226 push_ifconfig_ipv6_defined = DISABLED 2022-04-19 12:42:44 us=123242 push_ifconfig_ipv6_local = ::/0 2022-04-19 12:42:44 us=123257 push_ifconfig_ipv6_remote = :: 2022-04-19 12:42:44 us=123270 enable_c2c = DISABLED 2022-04-19 12:42:44 us=123285 duplicate_cn = DISABLED 2022-04-19 12:42:44 us=123299 cf_max = 0 2022-04-19 12:42:44 us=123313 cf_per = 0 2022-04-19 12:42:44 us=123327 max_clients = 1024 2022-04-19 12:42:44 us=123341 max_routes_per_client = 256 2022-04-19 12:42:44 us=123355 auth_user_pass_verify_script = '[UNDEF]' 2022-04-19 12:42:44 us=123369 auth_user_pass_verify_script_via_file = DISABLED 2022-04-19 12:42:44 us=123383 auth_token_generate = DISABLED 2022-04-19 12:42:44 us=123398 auth_token_lifetime = 0 2022-04-19 12:42:44 us=123411 auth_token_secret_file = '[UNDEF]' 2022-04-19 12:42:44 us=123425 port_share_host = '[UNDEF]' 2022-04-19 12:42:44 us=123439 port_share_port = '[UNDEF]' 2022-04-19 12:42:44 us=123453 vlan_tagging = DISABLED 2022-04-19 12:42:44 us=123468 vlan_accept = all 2022-04-19 12:42:44 us=123482 vlan_pvid = 1 2022-04-19 12:42:44 us=123496 client = DISABLED 2022-04-19 12:42:44 us=123510 pull = ENABLED 2022-04-19 12:42:44 us=123524 auth_user_pass_file = '/etc/openvpn/userpass.txt' 2022-04-19 12:42:44 us=123540 OpenVPN 2.5.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 16 2022 2022-04-19 12:42:44 us=123562 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10 2022-04-19 12:42:44 us=123769 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2022-04-19 12:42:44 us=125046 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2022-04-19 12:42:44 us=125072 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2022-04-19 12:42:44 us=125172 Control Channel MTU parms [ L:1624 D:1182 EF:68 EB:0 ET:0 EL:3 ] 2022-04-19 12:42:44 us=125203 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ] 2022-04-19 12:42:44 us=125234 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1552,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-client' 2022-04-19 12:42:44 us=125246 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1552,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-server' 2022-04-19 12:42:44 us=125279 TCP/UDP: Preserving recently used remote address: [AF_INET]10.1.101.226:55111 2022-04-19 12:42:44 us=125325 Socket Buffers: R=[131072->131072] S=[16384->16384] 2022-04-19 12:42:44 us=125343 Attempting to establish TCP connection with [AF_INET]10.1.101.226:55111 [nonblock] 2022-04-19 12:42:44 us=126596 TCP connection established with [AF_INET]10.1.101.226:55111 2022-04-19 12:42:44 us=128261 TCP_CLIENT link local: (not bound) 2022-04-19 12:42:44 us=128302 TCP_CLIENT link remote: [AF_INET]10.1.101.226:55111 2022-04-19 12:42:44 us=129751 TLS: Initial packet from [AF_INET]10.1.101.226:55111, sid=8bde60a3 975cfe65 2022-04-19 12:42:44 us=138821 VERIFY OK: depth=1, C=00, ST=tct, L=home, O=tctnet, OU=tctnet-secp384r1, CN=CA tct-secp384r1, emailAddress=me@home.org 2022-04-19 12:42:44 us=141162 VERIFY KU OK 2022-04-19 12:42:44 us=141202 Validating certificate extended key usage 2022-04-19 12:42:44 us=141216 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2022-04-19 12:42:44 us=141228 VERIFY EKU OK 2022-04-19 12:42:44 us=141239 VERIFY X509NAME OK: C=00, ST=tct, L=home, O=tctnet, OU=tctnet-secp384r1, CN=v303.tct.secp384r1.s01, emailAddress=me@home.org 2022-04-19 12:42:44 us=141251 VERIFY OK: depth=0, C=00, ST=tct, L=home, O=tctnet, OU=tctnet-secp384r1, CN=v303.tct.secp384r1.s01, emailAddress=me@home.org 2022-04-19 12:42:44 us=160332 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384, peer certificate: 384 bit EC, curve secp384r1, signature: ecdsa-with-SHA384 2022-04-19 12:42:44 us=160397 [v303.tct.secp384r1.s01] Peer Connection Initiated with [AF_INET]10.1.101.226:55111 2022-04-19 12:42:44 us=161663 Key [AF_INET]10.1.101.226:55111 [0] not initialized (yet), dropping packet. 2022-04-19 12:42:44 us=205964 PUSH: Received control message: 'PUSH_REPLY,block-ipv6,topology subnet,explicit-exit-notify 3,comp-lzo no,compress,route-gateway 10.55.111.225,topology subnet,route 10.7.39.137,ping 0,ping-restart 0,ping 10,ping-restart 30,ifconfig 10.55.111.254 255.255.255.224,peer-id 0,cipher AES-256-GCM' 2022-04-19 12:42:44 us=206185 OPTIONS IMPORT: timers and/or timeouts modified 2022-04-19 12:42:44 us=206386 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp 2022-04-19 12:42:44 us=206493 OPTIONS IMPORT: compression parms modified 2022-04-19 12:42:44 us=206562 OPTIONS IMPORT: --ifconfig/up options modified 2022-04-19 12:42:44 us=206582 OPTIONS IMPORT: route options modified 2022-04-19 12:42:44 us=206594 OPTIONS IMPORT: route-related options modified 2022-04-19 12:42:44 us=206606 OPTIONS IMPORT: peer-id set 2022-04-19 12:42:44 us=206618 OPTIONS IMPORT: adjusting link_mtu to 1627 2022-04-19 12:42:44 us=206630 OPTIONS IMPORT: data channel crypto options modified 2022-04-19 12:42:44 us=206759 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2022-04-19 12:42:44 us=206784 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2022-04-19 12:42:44 us=207009 ROUTE_GATEWAY 10.1.101.1/255.255.255.0 IFACE=enp5s0 HWADDR=24:b6:fd:31:bc:ca 2022-04-19 12:42:44 us=207555 TUN/TAP device tunc55111 opened 2022-04-19 12:42:44 us=207609 do_ifconfig, ipv4=1, ipv6=0 2022-04-19 12:42:44 us=207637 /sbin/ip link set dev tunc55111 up mtu 1500 2022-04-19 12:42:44 us=211074 /sbin/ip link set dev tunc55111 up 2022-04-19 12:42:44 us=214581 /sbin/ip addr add dev tunc55111 10.55.111.254/27 2022-04-19 12:42:44 us=220597 up.sh tunc55111 1500 1627 10.55.111.254 255.255.255.224 init ******** * * * UP * * * ******** 2022-04-19 12:42:44 us=221760 /sbin/ip route add 10.7.39.137/32 via 10.55.111.225 2022-04-19 12:42:44 us=223613 Initialization Sequence Completed }}} ",Bug / Defect,reopened,major,,Generic / unclassified,,"Not set (select this one, unless your'e a OpenVPN developer)",,,