Opened 21 months ago
Last modified 16 months ago
#1476 closed Bug / Defect
P2P mode: --ping and DCO problem — at Version 1
| Reported by: | tct | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | release 2.6 |
| Component: | ovpn-dco (Linux kernel module) | Version: | |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | dco p2p ping |
| Cc: | Antonio Quartulli, Gert Döring, plaisthos |
Description (last modified by )
A --tls-server in P2Pmode only does not send --ping.
Please use these keys, they are only test value:
Server:
tls-server
ping 10
ping-restart 120
ifconfig 10.11.94.1 10.11.94.2
route 10.11.94.0 255.255.255.252
;cipher
;local ::ffff:10:1:101:101
;local fe80::26b6:fdff:fe31:bcca
port 1194
;proto tcp
proto udp6
;dev tap
dev tun-dco
;topology subnet
;server 10.111.222.0 255.255.255.0
;keepalive 10 120
;user nobody
;group nobody
persist-key
persist-tun
;status openvpn-status.log
;log openvpn.log
;log-append openvpn.log
verb 7
;explicit-exit-notify 1
;push 'explicit-exit-notify 1'
# wiscii
# EasyTLS version 2.8.0
# Common name: tuns_01194u
# X509 serial: 30A4C72E1C3CE151A960EF40FFBDB89F
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
30:a4:c7:2e:1c:3c:e1:51:a9:60:ef:40:ff:bd:b8:9f
Signature Algorithm: ED448
Issuer: C=00, ST=home, L=tct, O=test, OU=This & That, CN=wiscii CA/emailAddress=me@example.net
Validity
Not Before: Aug 1 13:14:55 2022 GMT
Not After : Jul 29 13:14:55 2032 GMT
Subject: C=00, ST=home, L=tct, O=test, OU=This & That, CN=tuns_01194u/emailAddress=me@example.net
Subject Public Key Info:
Public Key Algorithm: ED448
ED448 Public-Key:
pub:
0c:8f:87:bc:38:a4:55:6b:63:5a:26:36:40:81:8d:
c3:7d:5a:88:b6:b8:f8:e8:77:bf:90:c6:f4:18:50:
ef:ea:6b:c9:9f:53:5f:14:79:b8:ba:5a:be:32:fb:
e9:da:0e:ec:95:b6:11:3e:14:28:4f:80
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
40:4B:7A:D7:1A:5D:F8:AA:AA:34:3D:82:62:81:66:1D:AC:60:B8:57
X509v3 Authority Key Identifier:
keyid:5A:EF:81:9A:0B:29:27:6E:AC:3F:93:22:9A:A6:2A:EA:12:67:27:3A
DirName:/C=00/ST=home/L=tct/O=test/OU=This & That/CN=wiscii CA/emailAddress=me@example.net
serial:5C:B7:BB:C8:D6:4B:B8:93:BA:CE:4D:97:39:EE:57:BC:63:09:3B:0F
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Alternative Name:
DNS:tuns_01194u
Signature Algorithm: ED448
bb:a4:97:26:00:f0:41:a4:2e:8a:19:ca:07:f6:e1:96:da:bc:
70:db:82:91:44:60:62:ad:1e:9d:96:65:20:94:0f:18:07:6f:
c2:30:1e:2a:c4:1a:52:7f:2b:47:51:99:de:d2:20:0b:9d:c4:
96:16:00:e3:dd:e4:9a:21:f9:ae:23:ea:a5:41:a3:94:65:f4:
32:29:15:68:61:ec:70:25:b5:47:a0:5e:19:84:15:f3:07:65:
b2:bd:ba:4f:06:9e:db:b8:1a:02:91:33:b6:fb:04:d1:86:f7:
12:41:dc:a0:2b:00
-----BEGIN CERTIFICATE-----
MIIDQDCCAsCgAwIBAgIQMKTHLhw84VGpYO9A/724nzAFBgMrZXEwgYIxCzAJBgNV
BAYTAjAwMQ0wCwYDVQQIDARob21lMQwwCgYDVQQHDAN0Y3QxDTALBgNVBAoMBHRl
c3QxFDASBgNVBAsMC1RoaXMgJiBUaGF0MRIwEAYDVQQDDAl3aXNjaWkgQ0ExHTAb
BgkqhkiG9w0BCQEWDm1lQGV4YW1wbGUubmV0MB4XDTIyMDgwMTEzMTQ1NVoXDTMy
MDcyOTEzMTQ1NVowgYQxCzAJBgNVBAYTAjAwMQ0wCwYDVQQIDARob21lMQwwCgYD
VQQHDAN0Y3QxDTALBgNVBAoMBHRlc3QxFDASBgNVBAsMC1RoaXMgJiBUaGF0MRQw
EgYDVQQDDAt0dW5zXzAxMTk0dTEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBsZS5u
ZXQwQzAFBgMrZXEDOgAMj4e8OKRVa2NaJjZAgY3DfVqItrj46He/kMb0GFDv6mvJ
n1NfFHm4ulq+Mvvp2g7slbYRPhQoT4CjggEtMIIBKTAJBgNVHRMEAjAAMB0GA1Ud
DgQWBBRAS3rXGl34qqo0PYJigWYdrGC4VzCBwgYDVR0jBIG6MIG3gBRa74GaCykn
bqw/kyKapirqEmcnOqGBiKSBhTCBgjELMAkGA1UEBhMCMDAxDTALBgNVBAgMBGhv
bWUxDDAKBgNVBAcMA3RjdDENMAsGA1UECgwEdGVzdDEUMBIGA1UECwwLVGhpcyAm
IFRoYXQxEjAQBgNVBAMMCXdpc2NpaSBDQTEdMBsGCSqGSIb3DQEJARYObWVAZXhh
bXBsZS5uZXSCFFy3u8jWS7iTus5NlznuV7xjCTsPMBMGA1UdJQQMMAoGCCsGAQUF
BwMBMAsGA1UdDwQEAwIFoDAWBgNVHREEDzANggt0dW5zXzAxMTk0dTAFBgMrZXED
cwC7pJcmAPBBpC6KGcoH9uGW2rxw24KRRGBirR6dlmUglA8YB2/CMB4qxBpSfytH
UZne0iALncSWFgDj3eSaIfmuI+qlQaOUZfQyKRVoYexwJbVHoF4ZhBXzB2WyvbpP
Bp7buBoCkTO2+wTRhvcSQdygKwA=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MEcCAQAwBQYDK2VxBDsEOTZA8f+w++qOIo6uwpXNQUD7Z4w55fipxkOHz6P8JJUT
FLj2HdsDP6jTQKOhwAfQOS5isezW+3NLvA==
-----END PRIVATE KEY-----
</key>
<ca>
-----BEGIN CERTIFICATE-----
MIIDFzCCApegAwIBAgIUXLe7yNZLuJO6zk2XOe5XvGMJOw8wBQYDK2VxMIGCMQsw
CQYDVQQGEwIwMDENMAsGA1UECAwEaG9tZTEMMAoGA1UEBwwDdGN0MQ0wCwYDVQQK
DAR0ZXN0MRQwEgYDVQQLDAtUaGlzICYgVGhhdDESMBAGA1UEAwwJd2lzY2lpIENB
MR0wGwYJKoZIhvcNAQkBFg5tZUBleGFtcGxlLm5ldDAeFw0yMjA4MDExMzEzNTJa
Fw0zMjA3MjkxMzEzNTJaMIGCMQswCQYDVQQGEwIwMDENMAsGA1UECAwEaG9tZTEM
MAoGA1UEBwwDdGN0MQ0wCwYDVQQKDAR0ZXN0MRQwEgYDVQQLDAtUaGlzICYgVGhh
dDESMBAGA1UEAwwJd2lzY2lpIENBMR0wGwYJKoZIhvcNAQkBFg5tZUBleGFtcGxl
Lm5ldDBDMAUGAytlcQM6AAVIAfmQXU5PBwxI61tiXEoOZmM6RFk2FDFQilZyK/Lr
OMaOMCOUcijSVwh41qFMyWB1fo8a1ImDgKOCAQIwgf8wHQYDVR0OBBYEFFrvgZoL
KSdurD+TIpqmKuoSZyc6MIHCBgNVHSMEgbowgbeAFFrvgZoLKSdurD+TIpqmKuoS
Zyc6oYGIpIGFMIGCMQswCQYDVQQGEwIwMDENMAsGA1UECAwEaG9tZTEMMAoGA1UE
BwwDdGN0MQ0wCwYDVQQKDAR0ZXN0MRQwEgYDVQQLDAtUaGlzICYgVGhhdDESMBAG
A1UEAwwJd2lzY2lpIENBMR0wGwYJKoZIhvcNAQkBFg5tZUBleGFtcGxlLm5ldIIU
XLe7yNZLuJO6zk2XOe5XvGMJOw8wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYw
BQYDK2VxA3MA4DsgMU0Vrfq+3ro4Bn9xaLtnuxwvyH4Vg+zBnl+OMA2+p5cOQLwq
2ILTbavXpnO4SJLymARaj6+At8RRzsf1++2ztW3Qmh8Vr8iwUH4nOYV+UiNH+Jpx
Ri5uaMsg9dO+tAldEO8mTbbblJkY/lepZxoA
-----END CERTIFICATE-----
</ca>
dh none
# metadata Easy-TLS-version 2.8.0 - TLS-Crypt-v2 key
# metadata Sub-key-name:
<tls-crypt-v2>
-----BEGIN OpenVPN tls-crypt-v2 server key-----
Mh5GYlenrposs3uu8dho4oGMWT50+4zWAbxrhzFm0X2a4jQ8La8JnwgzdjxiAU7r
aEvTjC4DlGyT1nbXUmyrlXHhqJ79WrdD94m2upDhMaJ1ipGS7vx/L2gjMihqmnMo
mtsWJ1h+pBJ4JtU1K1bl7LU1+/0vHmI/M559YmnMABM=
-----END OpenVPN tls-crypt-v2 server key-----
</tls-crypt-v2>
# Easy-TLS script configuration
# Requires mode --server
;config /etc/openvpn/tuns_01194u/easytls-script.conf
Client
;client
tls-client
ping 10
ping-restart 60
ifconfig 10.11.94.2 10.11.94.1
route 10.11.94.0 255.255.255.252
;cipher
;explicit-exit-notify 1
reneg-sec 360
dev tun
proto udp
remote 10.1.101.101
resolv-retry infinite
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody
# Try to preserve some state across restarts.
persist-key
persist-tun
remote-cert-tls server
#cipher AES-256-CBC
#comp-lzo
# Set log file verbosity.
verb 7
# wiscii
# EasyTLS version 2.8.0
# Common name: debian
# X509 serial: 168E24DCEA273B9B1B6CB8B73C521F1C
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
16:8e:24:dc:ea:27:3b:9b:1b:6c:b8:b7:3c:52:1f:1c
Signature Algorithm: ED448
Issuer: C=00, ST=home, L=tct, O=test, OU=This & That, CN=wiscii CA/emailAddress=me@example.net
Validity
Not Before: Aug 1 13:15:56 2022 GMT
Not After : Jul 29 13:15:56 2032 GMT
Subject: C=00, ST=home, L=tct, O=test, OU=This & That, CN=debian/emailAddress=me@example.net
Subject Public Key Info:
Public Key Algorithm: ED448
ED448 Public-Key:
pub:
6d:66:0f:e4:56:4c:43:85:fe:d9:d3:b9:f5:68:00:
2f:2c:79:c6:8d:62:16:34:f0:15:2b:0d:71:ed:e8:
f2:f9:cf:77:d4:09:aa:1b:3c:6e:5a:0d:99:ff:a9:
22:b8:69:f5:0f:53:09:93:93:41:36:00
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Key Identifier:
57:7A:0F:FF:11:28:6A:EF:D9:A2:66:4C:28:DB:E8:5C:5F:31:28:B1
X509v3 Authority Key Identifier:
keyid:5A:EF:81:9A:0B:29:27:6E:AC:3F:93:22:9A:A6:2A:EA:12:67:27:3A
DirName:/C=00/ST=home/L=tct/O=test/OU=This & That/CN=wiscii CA/emailAddress=me@example.net
serial:5C:B7:BB:C8:D6:4B:B8:93:BA:CE:4D:97:39:EE:57:BC:63:09:3B:0F
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
Signature Algorithm: ED448
68:e9:f9:4c:32:32:08:97:a1:a2:bd:19:dd:da:c2:9c:88:20:
7e:9f:5e:70:b0:90:c1:0e:45:02:65:0c:2a:ef:69:4f:83:8d:
81:0a:7f:94:ea:76:ef:76:69:32:14:5a:ad:31:d0:f6:b0:68:
3f:dd:80:3a:45:2c:2e:5e:48:f0:f7:44:32:75:ea:ef:28:75:
5c:b6:1a:92:ac:70:22:e1:c0:e0:ed:61:55:3d:85:85:ef:f7:
93:69:14:81:c7:8b:d7:57:3a:e4:e3:ec:b5:47:a9:75:ce:b7:
2a:de:20:e3:10:00
-----BEGIN CERTIFICATE-----
MIIDIjCCAqKgAwIBAgIQFo4k3OonO5sbbLi3PFIfHDAFBgMrZXEwgYIxCzAJBgNV
BAYTAjAwMQ0wCwYDVQQIDARob21lMQwwCgYDVQQHDAN0Y3QxDTALBgNVBAoMBHRl
c3QxFDASBgNVBAsMC1RoaXMgJiBUaGF0MRIwEAYDVQQDDAl3aXNjaWkgQ0ExHTAb
BgkqhkiG9w0BCQEWDm1lQGV4YW1wbGUubmV0MB4XDTIyMDgwMTEzMTU1NloXDTMy
MDcyOTEzMTU1NlowfzELMAkGA1UEBhMCMDAxDTALBgNVBAgMBGhvbWUxDDAKBgNV
BAcMA3RjdDENMAsGA1UECgwEdGVzdDEUMBIGA1UECwwLVGhpcyAmIFRoYXQxDzAN
BgNVBAMMBmRlYmlhbjEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBsZS5uZXQwQzAF
BgMrZXEDOgBtZg/kVkxDhf7Z07n1aAAvLHnGjWIWNPAVKw1x7ejy+c931AmqGzxu
Wg2Z/6kiuGn1D1MJk5NBNgCjggEVMIIBETAJBgNVHRMEAjAAMB0GA1UdDgQWBBRX
eg//EShq79miZkwo2+hcXzEosTCBwgYDVR0jBIG6MIG3gBRa74GaCyknbqw/kyKa
pirqEmcnOqGBiKSBhTCBgjELMAkGA1UEBhMCMDAxDTALBgNVBAgMBGhvbWUxDDAK
BgNVBAcMA3RjdDENMAsGA1UECgwEdGVzdDEUMBIGA1UECwwLVGhpcyAmIFRoYXQx
EjAQBgNVBAMMCXdpc2NpaSBDQTEdMBsGCSqGSIb3DQEJARYObWVAZXhhbXBsZS5u
ZXSCFFy3u8jWS7iTus5NlznuV7xjCTsPMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAsG
A1UdDwQEAwIHgDAFBgMrZXEDcwBo6flMMjIIl6GivRnd2sKciCB+n15wsJDBDkUC
ZQwq72lPg42BCn+U6nbvdmkyFFqtMdD2sGg/3YA6RSwuXkjw90QydervKHVcthqS
rHAi4cDg7WFVPYWF7/eTaRSBx4vXVzrk4+y1R6l1zrcq3iDjEAA=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MEcCAQAwBQYDK2VxBDsEOQsu520hHJt4vgylAh1w92UF5GleBjIXTnLVC9TvUnOG
Ju8aQ59AbwhavPOnmpi3p4iPDeoQL4+v2Q==
-----END PRIVATE KEY-----
</key>
<ca>
-----BEGIN CERTIFICATE-----
MIIDFzCCApegAwIBAgIUXLe7yNZLuJO6zk2XOe5XvGMJOw8wBQYDK2VxMIGCMQsw
CQYDVQQGEwIwMDENMAsGA1UECAwEaG9tZTEMMAoGA1UEBwwDdGN0MQ0wCwYDVQQK
DAR0ZXN0MRQwEgYDVQQLDAtUaGlzICYgVGhhdDESMBAGA1UEAwwJd2lzY2lpIENB
MR0wGwYJKoZIhvcNAQkBFg5tZUBleGFtcGxlLm5ldDAeFw0yMjA4MDExMzEzNTJa
Fw0zMjA3MjkxMzEzNTJaMIGCMQswCQYDVQQGEwIwMDENMAsGA1UECAwEaG9tZTEM
MAoGA1UEBwwDdGN0MQ0wCwYDVQQKDAR0ZXN0MRQwEgYDVQQLDAtUaGlzICYgVGhh
dDESMBAGA1UEAwwJd2lzY2lpIENBMR0wGwYJKoZIhvcNAQkBFg5tZUBleGFtcGxl
Lm5ldDBDMAUGAytlcQM6AAVIAfmQXU5PBwxI61tiXEoOZmM6RFk2FDFQilZyK/Lr
OMaOMCOUcijSVwh41qFMyWB1fo8a1ImDgKOCAQIwgf8wHQYDVR0OBBYEFFrvgZoL
KSdurD+TIpqmKuoSZyc6MIHCBgNVHSMEgbowgbeAFFrvgZoLKSdurD+TIpqmKuoS
Zyc6oYGIpIGFMIGCMQswCQYDVQQGEwIwMDENMAsGA1UECAwEaG9tZTEMMAoGA1UE
BwwDdGN0MQ0wCwYDVQQKDAR0ZXN0MRQwEgYDVQQLDAtUaGlzICYgVGhhdDESMBAG
A1UEAwwJd2lzY2lpIENBMR0wGwYJKoZIhvcNAQkBFg5tZUBleGFtcGxlLm5ldIIU
XLe7yNZLuJO6zk2XOe5XvGMJOw8wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYw
BQYDK2VxA3MA4DsgMU0Vrfq+3ro4Bn9xaLtnuxwvyH4Vg+zBnl+OMA2+p5cOQLwq
2ILTbavXpnO4SJLymARaj6+At8RRzsf1++2ztW3Qmh8Vr8iwUH4nOYV+UiNH+Jpx
Ri5uaMsg9dO+tAldEO8mTbbblJkY/lepZxoA
-----END CERTIFICATE-----
</ca>
# metadata Easy-TLS-version 2.8.0 - TLS-Crypt-v2 key
# metadata CA-serial: 5CB7BBC8D64BB893BACE4D9739EE57BC63093B0F
# metadata tlskey-serial: 9177fa0589e152f550950aa4da8f81f03f022037c35279fc298534026486d81e
# metadata Creation-Date: 2022/08/01-15:23:26
# metadata Custom-Group: wiscii
# metadata Server-Common-Name: tuns_01194u
# metadata Client-Common-Name: debian
# metadata Key-status: Closed
setenv UV_TLSKEY_SERIAL 9177fa0589e152f550950aa4da8f81f03f022037c35279fc298534026486d81e
push-peer-info
<tls-crypt-v2>
-----BEGIN OpenVPN tls-crypt-v2 client key-----
iYPNyvVkruCXpbA6EhJ/NPNhuF33RTxrajOXdHWN50H77Np+gKt6LubKvyHlLU5Z
X8TOlDvfOs2CwtBBEZqrcSNs8zA3h/NgPwYax3sffP6jC6HkMTH350lCh8mcdz+Y
/d7Yy7G00RTUu4OvP2lmdsuiIfbj5KZ96NWq/U8Wn7SH0EJfetYpXFK22COpuf1y
jb7C2xInvJ1HsGiR1RDAm/H8e7Mrz2K+Wk+ATIJc0i7Mva1hFVDDzamqxz/gdWW5
lerwB3jY/VQ+QflXl7dkKihR+lfEr9R8bS3yxMZrCXfaugeyI150KMh0vpyKoK3O
JLV3BXg12u6R8/PvECFqLoiKZy9Vzm84tzd/YaDcV0T9VLGPHAKDUYA3NCejoTcV
xJZju39cudyBlKEb53zhwaPCShh/Xg/zSPOlCLMiXg16Qkn8v2f8lXqpjVAAQfne
UhhYEOz7CEsbFlXKh0Tq3611nwl/Y0Ut+6ENyBmEaSwFo0SFyWjB6HHCAmwL3eeh
S85xNcvnPbtpxK8xrh/cjwSXsk+mgcHBcUEitzkib0JBpBBDdEkNuZwdEKXMsgVw
kZay7ybGPgM6UKTMae89j+7ABw42+OF0WBr3XX8TCJ0dDAUK2GPxHaMFn369O58F
M7hSFCJH02c4JT4emQLD5n4fgEvtnMLGbqiWtqXc4vqJwIwKFoFWnQ8hx5Yj+ldg
VKN43AWWTIuCdNFf7v+ngK5P0lxL8TqGhtB2Ieu1ibGCE0V37h3XiGAUGyozd2hX
C6KRPTkK4I1NKcgyOGJDaEDlVBdZTOFpxHx8aGqILzrEq2bh/dhdQC/wFbClgpEW
vBbu0KMzGfbcELTHE1nHbWiwbYgMuxDR/NYVosAJbMyEpNXdbSQpVsEjfrv+TsIE
Q2tvDUZ+yd1shMf2XiaQ9p35jg04tq7nP1IkSS3tDBsI6MEFXzRZDaN6sjvKNwGo
f83f4GvvroJCdVJdovEc1Ioe1voQvmO+XjnFgWWlo3JETq4n/2P6tU8l9tGKmUUq
ABLc0IYgXTmyTqHcWIwFDVJ+cAgOUijDUIGemiwCHw==
-----END OpenVPN tls-crypt-v2 client key-----
</tls-crypt-v2>
Change History (1)
comment:1 Changed 21 months ago by
| Cc: | Antonio Quartulli Gert Döring added |
|---|---|
| Description: | modified (diff) |
| Keywords: | dco p2p ping added |
| Summary: | Renegotiation and DCO problem → P2P mode: --ping and DCO problem |
Note: See
TracTickets for help on using
tickets.
