Opened 21 months ago
Last modified 16 months ago
#1476 closed Bug / Defect
P2P mode: --ping and DCO problem — at Version 1
Reported by: | tct | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | release 2.6 |
Component: | ovpn-dco (Linux kernel module) | Version: | |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | dco p2p ping |
Cc: | Antonio Quartulli, Gert Döring, plaisthos |
Description (last modified by )
A --tls-server
in P2Pmode only does not send --ping
.
Please use these keys, they are only test value:
Server:
tls-server ping 10 ping-restart 120 ifconfig 10.11.94.1 10.11.94.2 route 10.11.94.0 255.255.255.252 ;cipher ;local ::ffff:10:1:101:101 ;local fe80::26b6:fdff:fe31:bcca port 1194 ;proto tcp proto udp6 ;dev tap dev tun-dco ;topology subnet ;server 10.111.222.0 255.255.255.0 ;keepalive 10 120 ;user nobody ;group nobody persist-key persist-tun ;status openvpn-status.log ;log openvpn.log ;log-append openvpn.log verb 7 ;explicit-exit-notify 1 ;push 'explicit-exit-notify 1' # wiscii # EasyTLS version 2.8.0 # Common name: tuns_01194u # X509 serial: 30A4C72E1C3CE151A960EF40FFBDB89F <cert> Certificate: Data: Version: 3 (0x2) Serial Number: 30:a4:c7:2e:1c:3c:e1:51:a9:60:ef:40:ff:bd:b8:9f Signature Algorithm: ED448 Issuer: C=00, ST=home, L=tct, O=test, OU=This & That, CN=wiscii CA/emailAddress=me@example.net Validity Not Before: Aug 1 13:14:55 2022 GMT Not After : Jul 29 13:14:55 2032 GMT Subject: C=00, ST=home, L=tct, O=test, OU=This & That, CN=tuns_01194u/emailAddress=me@example.net Subject Public Key Info: Public Key Algorithm: ED448 ED448 Public-Key: pub: 0c:8f:87:bc:38:a4:55:6b:63:5a:26:36:40:81:8d: c3:7d:5a:88:b6:b8:f8:e8:77:bf:90:c6:f4:18:50: ef:ea:6b:c9:9f:53:5f:14:79:b8:ba:5a:be:32:fb: e9:da:0e:ec:95:b6:11:3e:14:28:4f:80 X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: 40:4B:7A:D7:1A:5D:F8:AA:AA:34:3D:82:62:81:66:1D:AC:60:B8:57 X509v3 Authority Key Identifier: keyid:5A:EF:81:9A:0B:29:27:6E:AC:3F:93:22:9A:A6:2A:EA:12:67:27:3A DirName:/C=00/ST=home/L=tct/O=test/OU=This & That/CN=wiscii CA/emailAddress=me@example.net serial:5C:B7:BB:C8:D6:4B:B8:93:BA:CE:4D:97:39:EE:57:BC:63:09:3B:0F X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Subject Alternative Name: DNS:tuns_01194u Signature Algorithm: ED448 bb:a4:97:26:00:f0:41:a4:2e:8a:19:ca:07:f6:e1:96:da:bc: 70:db:82:91:44:60:62:ad:1e:9d:96:65:20:94:0f:18:07:6f: c2:30:1e:2a:c4:1a:52:7f:2b:47:51:99:de:d2:20:0b:9d:c4: 96:16:00:e3:dd:e4:9a:21:f9:ae:23:ea:a5:41:a3:94:65:f4: 32:29:15:68:61:ec:70:25:b5:47:a0:5e:19:84:15:f3:07:65: b2:bd:ba:4f:06:9e:db:b8:1a:02:91:33:b6:fb:04:d1:86:f7: 12:41:dc:a0:2b:00 -----BEGIN CERTIFICATE----- MIIDQDCCAsCgAwIBAgIQMKTHLhw84VGpYO9A/724nzAFBgMrZXEwgYIxCzAJBgNV BAYTAjAwMQ0wCwYDVQQIDARob21lMQwwCgYDVQQHDAN0Y3QxDTALBgNVBAoMBHRl c3QxFDASBgNVBAsMC1RoaXMgJiBUaGF0MRIwEAYDVQQDDAl3aXNjaWkgQ0ExHTAb BgkqhkiG9w0BCQEWDm1lQGV4YW1wbGUubmV0MB4XDTIyMDgwMTEzMTQ1NVoXDTMy MDcyOTEzMTQ1NVowgYQxCzAJBgNVBAYTAjAwMQ0wCwYDVQQIDARob21lMQwwCgYD VQQHDAN0Y3QxDTALBgNVBAoMBHRlc3QxFDASBgNVBAsMC1RoaXMgJiBUaGF0MRQw EgYDVQQDDAt0dW5zXzAxMTk0dTEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBsZS5u ZXQwQzAFBgMrZXEDOgAMj4e8OKRVa2NaJjZAgY3DfVqItrj46He/kMb0GFDv6mvJ n1NfFHm4ulq+Mvvp2g7slbYRPhQoT4CjggEtMIIBKTAJBgNVHRMEAjAAMB0GA1Ud DgQWBBRAS3rXGl34qqo0PYJigWYdrGC4VzCBwgYDVR0jBIG6MIG3gBRa74GaCykn bqw/kyKapirqEmcnOqGBiKSBhTCBgjELMAkGA1UEBhMCMDAxDTALBgNVBAgMBGhv bWUxDDAKBgNVBAcMA3RjdDENMAsGA1UECgwEdGVzdDEUMBIGA1UECwwLVGhpcyAm IFRoYXQxEjAQBgNVBAMMCXdpc2NpaSBDQTEdMBsGCSqGSIb3DQEJARYObWVAZXhh bXBsZS5uZXSCFFy3u8jWS7iTus5NlznuV7xjCTsPMBMGA1UdJQQMMAoGCCsGAQUF BwMBMAsGA1UdDwQEAwIFoDAWBgNVHREEDzANggt0dW5zXzAxMTk0dTAFBgMrZXED cwC7pJcmAPBBpC6KGcoH9uGW2rxw24KRRGBirR6dlmUglA8YB2/CMB4qxBpSfytH UZne0iALncSWFgDj3eSaIfmuI+qlQaOUZfQyKRVoYexwJbVHoF4ZhBXzB2WyvbpP Bp7buBoCkTO2+wTRhvcSQdygKwA= -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- MEcCAQAwBQYDK2VxBDsEOTZA8f+w++qOIo6uwpXNQUD7Z4w55fipxkOHz6P8JJUT FLj2HdsDP6jTQKOhwAfQOS5isezW+3NLvA== -----END PRIVATE KEY----- </key> <ca> -----BEGIN CERTIFICATE----- MIIDFzCCApegAwIBAgIUXLe7yNZLuJO6zk2XOe5XvGMJOw8wBQYDK2VxMIGCMQsw CQYDVQQGEwIwMDENMAsGA1UECAwEaG9tZTEMMAoGA1UEBwwDdGN0MQ0wCwYDVQQK DAR0ZXN0MRQwEgYDVQQLDAtUaGlzICYgVGhhdDESMBAGA1UEAwwJd2lzY2lpIENB MR0wGwYJKoZIhvcNAQkBFg5tZUBleGFtcGxlLm5ldDAeFw0yMjA4MDExMzEzNTJa Fw0zMjA3MjkxMzEzNTJaMIGCMQswCQYDVQQGEwIwMDENMAsGA1UECAwEaG9tZTEM MAoGA1UEBwwDdGN0MQ0wCwYDVQQKDAR0ZXN0MRQwEgYDVQQLDAtUaGlzICYgVGhh dDESMBAGA1UEAwwJd2lzY2lpIENBMR0wGwYJKoZIhvcNAQkBFg5tZUBleGFtcGxl Lm5ldDBDMAUGAytlcQM6AAVIAfmQXU5PBwxI61tiXEoOZmM6RFk2FDFQilZyK/Lr OMaOMCOUcijSVwh41qFMyWB1fo8a1ImDgKOCAQIwgf8wHQYDVR0OBBYEFFrvgZoL KSdurD+TIpqmKuoSZyc6MIHCBgNVHSMEgbowgbeAFFrvgZoLKSdurD+TIpqmKuoS Zyc6oYGIpIGFMIGCMQswCQYDVQQGEwIwMDENMAsGA1UECAwEaG9tZTEMMAoGA1UE BwwDdGN0MQ0wCwYDVQQKDAR0ZXN0MRQwEgYDVQQLDAtUaGlzICYgVGhhdDESMBAG A1UEAwwJd2lzY2lpIENBMR0wGwYJKoZIhvcNAQkBFg5tZUBleGFtcGxlLm5ldIIU XLe7yNZLuJO6zk2XOe5XvGMJOw8wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYw BQYDK2VxA3MA4DsgMU0Vrfq+3ro4Bn9xaLtnuxwvyH4Vg+zBnl+OMA2+p5cOQLwq 2ILTbavXpnO4SJLymARaj6+At8RRzsf1++2ztW3Qmh8Vr8iwUH4nOYV+UiNH+Jpx Ri5uaMsg9dO+tAldEO8mTbbblJkY/lepZxoA -----END CERTIFICATE----- </ca> dh none # metadata Easy-TLS-version 2.8.0 - TLS-Crypt-v2 key # metadata Sub-key-name: <tls-crypt-v2> -----BEGIN OpenVPN tls-crypt-v2 server key----- Mh5GYlenrposs3uu8dho4oGMWT50+4zWAbxrhzFm0X2a4jQ8La8JnwgzdjxiAU7r aEvTjC4DlGyT1nbXUmyrlXHhqJ79WrdD94m2upDhMaJ1ipGS7vx/L2gjMihqmnMo mtsWJ1h+pBJ4JtU1K1bl7LU1+/0vHmI/M559YmnMABM= -----END OpenVPN tls-crypt-v2 server key----- </tls-crypt-v2> # Easy-TLS script configuration # Requires mode --server ;config /etc/openvpn/tuns_01194u/easytls-script.conf
Client
;client tls-client ping 10 ping-restart 60 ifconfig 10.11.94.2 10.11.94.1 route 10.11.94.0 255.255.255.252 ;cipher ;explicit-exit-notify 1 reneg-sec 360 dev tun proto udp remote 10.1.101.101 resolv-retry infinite nobind # Downgrade privileges after initialization (non-Windows only) ;user nobody ;group nobody # Try to preserve some state across restarts. persist-key persist-tun remote-cert-tls server #cipher AES-256-CBC #comp-lzo # Set log file verbosity. verb 7 # wiscii # EasyTLS version 2.8.0 # Common name: debian # X509 serial: 168E24DCEA273B9B1B6CB8B73C521F1C <cert> Certificate: Data: Version: 3 (0x2) Serial Number: 16:8e:24:dc:ea:27:3b:9b:1b:6c:b8:b7:3c:52:1f:1c Signature Algorithm: ED448 Issuer: C=00, ST=home, L=tct, O=test, OU=This & That, CN=wiscii CA/emailAddress=me@example.net Validity Not Before: Aug 1 13:15:56 2022 GMT Not After : Jul 29 13:15:56 2032 GMT Subject: C=00, ST=home, L=tct, O=test, OU=This & That, CN=debian/emailAddress=me@example.net Subject Public Key Info: Public Key Algorithm: ED448 ED448 Public-Key: pub: 6d:66:0f:e4:56:4c:43:85:fe:d9:d3:b9:f5:68:00: 2f:2c:79:c6:8d:62:16:34:f0:15:2b:0d:71:ed:e8: f2:f9:cf:77:d4:09:aa:1b:3c:6e:5a:0d:99:ff:a9: 22:b8:69:f5:0f:53:09:93:93:41:36:00 X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: 57:7A:0F:FF:11:28:6A:EF:D9:A2:66:4C:28:DB:E8:5C:5F:31:28:B1 X509v3 Authority Key Identifier: keyid:5A:EF:81:9A:0B:29:27:6E:AC:3F:93:22:9A:A6:2A:EA:12:67:27:3A DirName:/C=00/ST=home/L=tct/O=test/OU=This & That/CN=wiscii CA/emailAddress=me@example.net serial:5C:B7:BB:C8:D6:4B:B8:93:BA:CE:4D:97:39:EE:57:BC:63:09:3B:0F X509v3 Extended Key Usage: TLS Web Client Authentication X509v3 Key Usage: Digital Signature Signature Algorithm: ED448 68:e9:f9:4c:32:32:08:97:a1:a2:bd:19:dd:da:c2:9c:88:20: 7e:9f:5e:70:b0:90:c1:0e:45:02:65:0c:2a:ef:69:4f:83:8d: 81:0a:7f:94:ea:76:ef:76:69:32:14:5a:ad:31:d0:f6:b0:68: 3f:dd:80:3a:45:2c:2e:5e:48:f0:f7:44:32:75:ea:ef:28:75: 5c:b6:1a:92:ac:70:22:e1:c0:e0:ed:61:55:3d:85:85:ef:f7: 93:69:14:81:c7:8b:d7:57:3a:e4:e3:ec:b5:47:a9:75:ce:b7: 2a:de:20:e3:10:00 -----BEGIN CERTIFICATE----- MIIDIjCCAqKgAwIBAgIQFo4k3OonO5sbbLi3PFIfHDAFBgMrZXEwgYIxCzAJBgNV BAYTAjAwMQ0wCwYDVQQIDARob21lMQwwCgYDVQQHDAN0Y3QxDTALBgNVBAoMBHRl c3QxFDASBgNVBAsMC1RoaXMgJiBUaGF0MRIwEAYDVQQDDAl3aXNjaWkgQ0ExHTAb BgkqhkiG9w0BCQEWDm1lQGV4YW1wbGUubmV0MB4XDTIyMDgwMTEzMTU1NloXDTMy MDcyOTEzMTU1NlowfzELMAkGA1UEBhMCMDAxDTALBgNVBAgMBGhvbWUxDDAKBgNV BAcMA3RjdDENMAsGA1UECgwEdGVzdDEUMBIGA1UECwwLVGhpcyAmIFRoYXQxDzAN BgNVBAMMBmRlYmlhbjEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBsZS5uZXQwQzAF BgMrZXEDOgBtZg/kVkxDhf7Z07n1aAAvLHnGjWIWNPAVKw1x7ejy+c931AmqGzxu Wg2Z/6kiuGn1D1MJk5NBNgCjggEVMIIBETAJBgNVHRMEAjAAMB0GA1UdDgQWBBRX eg//EShq79miZkwo2+hcXzEosTCBwgYDVR0jBIG6MIG3gBRa74GaCyknbqw/kyKa pirqEmcnOqGBiKSBhTCBgjELMAkGA1UEBhMCMDAxDTALBgNVBAgMBGhvbWUxDDAK BgNVBAcMA3RjdDENMAsGA1UECgwEdGVzdDEUMBIGA1UECwwLVGhpcyAmIFRoYXQx EjAQBgNVBAMMCXdpc2NpaSBDQTEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBsZS5u ZXSCFFy3u8jWS7iTus5NlznuV7xjCTsPMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsG A1UdDwQEAwIHgDAFBgMrZXEDcwBo6flMMjIIl6GivRnd2sKciCB+n15wsJDBDkUC ZQwq72lPg42BCn+U6nbvdmkyFFqtMdD2sGg/3YA6RSwuXkjw90QydervKHVcthqS rHAi4cDg7WFVPYWF7/eTaRSBx4vXVzrk4+y1R6l1zrcq3iDjEAA= -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- MEcCAQAwBQYDK2VxBDsEOQsu520hHJt4vgylAh1w92UF5GleBjIXTnLVC9TvUnOG Ju8aQ59AbwhavPOnmpi3p4iPDeoQL4+v2Q== -----END PRIVATE KEY----- </key> <ca> -----BEGIN CERTIFICATE----- MIIDFzCCApegAwIBAgIUXLe7yNZLuJO6zk2XOe5XvGMJOw8wBQYDK2VxMIGCMQsw CQYDVQQGEwIwMDENMAsGA1UECAwEaG9tZTEMMAoGA1UEBwwDdGN0MQ0wCwYDVQQK DAR0ZXN0MRQwEgYDVQQLDAtUaGlzICYgVGhhdDESMBAGA1UEAwwJd2lzY2lpIENB MR0wGwYJKoZIhvcNAQkBFg5tZUBleGFtcGxlLm5ldDAeFw0yMjA4MDExMzEzNTJa Fw0zMjA3MjkxMzEzNTJaMIGCMQswCQYDVQQGEwIwMDENMAsGA1UECAwEaG9tZTEM MAoGA1UEBwwDdGN0MQ0wCwYDVQQKDAR0ZXN0MRQwEgYDVQQLDAtUaGlzICYgVGhh dDESMBAGA1UEAwwJd2lzY2lpIENBMR0wGwYJKoZIhvcNAQkBFg5tZUBleGFtcGxl Lm5ldDBDMAUGAytlcQM6AAVIAfmQXU5PBwxI61tiXEoOZmM6RFk2FDFQilZyK/Lr OMaOMCOUcijSVwh41qFMyWB1fo8a1ImDgKOCAQIwgf8wHQYDVR0OBBYEFFrvgZoL KSdurD+TIpqmKuoSZyc6MIHCBgNVHSMEgbowgbeAFFrvgZoLKSdurD+TIpqmKuoS Zyc6oYGIpIGFMIGCMQswCQYDVQQGEwIwMDENMAsGA1UECAwEaG9tZTEMMAoGA1UE BwwDdGN0MQ0wCwYDVQQKDAR0ZXN0MRQwEgYDVQQLDAtUaGlzICYgVGhhdDESMBAG A1UEAwwJd2lzY2lpIENBMR0wGwYJKoZIhvcNAQkBFg5tZUBleGFtcGxlLm5ldIIU XLe7yNZLuJO6zk2XOe5XvGMJOw8wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYw BQYDK2VxA3MA4DsgMU0Vrfq+3ro4Bn9xaLtnuxwvyH4Vg+zBnl+OMA2+p5cOQLwq 2ILTbavXpnO4SJLymARaj6+At8RRzsf1++2ztW3Qmh8Vr8iwUH4nOYV+UiNH+Jpx Ri5uaMsg9dO+tAldEO8mTbbblJkY/lepZxoA -----END CERTIFICATE----- </ca> # metadata Easy-TLS-version 2.8.0 - TLS-Crypt-v2 key # metadata CA-serial: 5CB7BBC8D64BB893BACE4D9739EE57BC63093B0F # metadata tlskey-serial: 9177fa0589e152f550950aa4da8f81f03f022037c35279fc298534026486d81e # metadata Creation-Date: 2022/08/01-15:23:26 # metadata Custom-Group: wiscii # metadata Server-Common-Name: tuns_01194u # metadata Client-Common-Name: debian # metadata Key-status: Closed setenv UV_TLSKEY_SERIAL 9177fa0589e152f550950aa4da8f81f03f022037c35279fc298534026486d81e push-peer-info <tls-crypt-v2> -----BEGIN OpenVPN tls-crypt-v2 client key----- iYPNyvVkruCXpbA6EhJ/NPNhuF33RTxrajOXdHWN50H77Np+gKt6LubKvyHlLU5Z X8TOlDvfOs2CwtBBEZqrcSNs8zA3h/NgPwYax3sffP6jC6HkMTH350lCh8mcdz+Y /d7Yy7G00RTUu4OvP2lmdsuiIfbj5KZ96NWq/U8Wn7SH0EJfetYpXFK22COpuf1y jb7C2xInvJ1HsGiR1RDAm/H8e7Mrz2K+Wk+ATIJc0i7Mva1hFVDDzamqxz/gdWW5 lerwB3jY/VQ+QflXl7dkKihR+lfEr9R8bS3yxMZrCXfaugeyI150KMh0vpyKoK3O JLV3BXg12u6R8/PvECFqLoiKZy9Vzm84tzd/YaDcV0T9VLGPHAKDUYA3NCejoTcV xJZju39cudyBlKEb53zhwaPCShh/Xg/zSPOlCLMiXg16Qkn8v2f8lXqpjVAAQfne UhhYEOz7CEsbFlXKh0Tq3611nwl/Y0Ut+6ENyBmEaSwFo0SFyWjB6HHCAmwL3eeh S85xNcvnPbtpxK8xrh/cjwSXsk+mgcHBcUEitzkib0JBpBBDdEkNuZwdEKXMsgVw kZay7ybGPgM6UKTMae89j+7ABw42+OF0WBr3XX8TCJ0dDAUK2GPxHaMFn369O58F M7hSFCJH02c4JT4emQLD5n4fgEvtnMLGbqiWtqXc4vqJwIwKFoFWnQ8hx5Yj+ldg VKN43AWWTIuCdNFf7v+ngK5P0lxL8TqGhtB2Ieu1ibGCE0V37h3XiGAUGyozd2hX C6KRPTkK4I1NKcgyOGJDaEDlVBdZTOFpxHx8aGqILzrEq2bh/dhdQC/wFbClgpEW vBbu0KMzGfbcELTHE1nHbWiwbYgMuxDR/NYVosAJbMyEpNXdbSQpVsEjfrv+TsIE Q2tvDUZ+yd1shMf2XiaQ9p35jg04tq7nP1IkSS3tDBsI6MEFXzRZDaN6sjvKNwGo f83f4GvvroJCdVJdovEc1Ioe1voQvmO+XjnFgWWlo3JETq4n/2P6tU8l9tGKmUUq ABLc0IYgXTmyTqHcWIwFDVJ+cAgOUijDUIGemiwCHw== -----END OpenVPN tls-crypt-v2 client key----- </tls-crypt-v2>
Change History (1)
comment:1 Changed 21 months ago by
Cc: | Antonio Quartulli Gert Döring added |
---|---|
Description: | modified (diff) |
Keywords: | dco p2p ping added |
Summary: | Renegotiation and DCO problem → P2P mode: --ping and DCO problem |
Note: See
TracTickets for help on using
tickets.