1
Virtual private networks / VPN needs 2 or 3 initializations before it is connected
« on: October 24, 2021, 09:05:02 pm »
Hi,
I'm not sure when this started but i have a problem when i want to connect to VPN.
It takes multiple tries before it is connected. During a connection attempt the opnsense software is not responding, also internet is a few seconds down.
Somehow after 2, 3 or 4 attempts it is connected.
I realy have no idea what is going on.
I copied the complete log from today when i treid to start VPN. I marked every start of an attempt wit a bold line.
I'm not sure when this started but i have a problem when i want to connect to VPN.
It takes multiple tries before it is connected. During a connection attempt the opnsense software is not responding, also internet is a few seconds down.
Somehow after 2, 3 or 4 attempts it is connected.
I realy have no idea what is going on.
I copied the complete log from today when i treid to start VPN. I marked every start of an attempt wit a bold line.
Code: [Select]
Versions OPNsense 21.7.3_3-amd64
FreeBSD 12.1-RELEASE-p20-HBSD
OpenSSL 1.1.1l 24 Aug 2021
Code: [Select]
Date
Process
Line
2021-10-24T20:42:04 openvpn[56970] Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2021-10-24T20:42:04 openvpn[56970] Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-24T20:42:04 openvpn[56970] Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-24T20:42:04 openvpn[56970] WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA512'
2021-10-24T20:42:04 openvpn[56970] WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1582', remote='link-mtu 1634'
2021-10-24T20:42:04 openvpn[56970] VERIFY OK: depth=0, CN=node-nl-45.protonvpn.net
2021-10-24T20:42:04 openvpn[56970] VERIFY EKU OK
2021-10-24T20:42:04 openvpn[56970] ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-10-24T20:42:04 openvpn[56970] ++ Certificate has EKU (oid) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
2021-10-24T20:42:04 openvpn[56970] ++ Certificate has EKU (str) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
2021-10-24T20:42:04 openvpn[56970] ++ Certificate has EKU (oid) 1.3.6.1.5.5.7.3.2, expects TLS Web Server Authentication
2021-10-24T20:42:04 openvpn[56970] ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Server Authentication
2021-10-24T20:42:04 openvpn[56970] Validating certificate extended key usage
2021-10-24T20:42:04 openvpn[56970] VERIFY KU OK
2021-10-24T20:42:04 openvpn[56970] VERIFY OK: depth=1, C=CH, O=ProtonVPN AG, CN=ProtonVPN Intermediate CA 1
2021-10-24T20:42:04 openvpn[56970] VERIFY OK: depth=2, C=CH, O=ProtonVPN AG, CN=ProtonVPN Root CA
2021-10-24T20:29:29 openvpn[56970] MANAGEMENT: Client disconnected
2021-10-24T20:29:29 openvpn[56970] MANAGEMENT: CMD 'status 2'
2021-10-24T20:29:29 openvpn[56970] MANAGEMENT: CMD 'state all'
2021-10-24T20:29:29 openvpn[56970] MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
2021-10-24T19:47:42 openvpn[56970] Initialization Sequence Completed
2021-10-24T19:47:42 openvpn[56970] /sbin/route add -net 128.0.0.0 10.22.0.1 128.0.0.0
2021-10-24T19:47:42 openvpn[56970] /sbin/route add -net 0.0.0.0 10.22.0.1 128.0.0.0
2021-10-24T19:47:42 openvpn[56970] /sbin/route add -net 46.166.187.48 80.56.107.1 255.255.255.255
2021-10-24T19:47:32 openvpn[56970] /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpnc1 1500 1657 10.22.0.10 255.255.0.0 init
2021-10-24T19:47:32 openvpn[56970] /sbin/route add -net 10.22.0.0 10.22.0.1 255.255.0.0
2021-10-24T19:47:32 openvpn[56970] /sbin/ifconfig ovpnc1 10.22.0.10 10.22.0.1 mtu 1500 netmask 255.255.0.0 up
2021-10-24T19:47:32 openvpn[56970] TUN/TAP device /dev/tun1 opened
2021-10-24T19:47:32 openvpn[56970] TUN/TAP device ovpnc1 exists previously, keep at program end
2021-10-24T19:47:32 openvpn[56970] ROUTE_GATEWAY 80.56.107.1/255.255.255.0 IFACE=igb0 HWADDR=00:c0:e7:e0:09:38
2021-10-24T19:47:31 openvpn[56970] /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown ovpnc1 1500 1657 10.30.0.5 255.255.0.0 init
2021-10-24T19:47:31 openvpn[56970] Closing TUN/TAP interface
2021-10-24T19:47:31 openvpn[56970] /sbin/route delete -net 128.0.0.0 10.30.0.1 128.0.0.0
2021-10-24T19:47:31 openvpn[56970] /sbin/route delete -net 0.0.0.0 10.30.0.1 128.0.0.0
2021-10-24T19:47:31 openvpn[56970] /sbin/route delete -net 46.166.187.48 80.56.107.1 255.255.255.255
2021-10-24T19:47:31 openvpn[56970] NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
2021-10-24T19:47:31 openvpn[56970] Preserving previous TUN/TAP instance: ovpnc1
2021-10-24T19:47:31 openvpn[56970] Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-24T19:47:31 openvpn[56970] Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: data channel crypto options modified
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: adjusting link_mtu to 1657
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: peer-id set
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: route-related options modified
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: route options modified
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: --ifconfig/up options modified
2021-10-24T19:47:31 openvpn[56970] NOTE: setsockopt TCP_NODELAY=1 failed
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: --socket-flags option modified
2021-10-24T19:47:31 openvpn[56970] Socket Buffers: R=[524288->524288] S=[524288->524288]
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: compression parms modified
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: explicit notify parm(s) modified
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: timers and/or timeouts modified
2021-10-24T19:47:31 openvpn[56970] PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.22.0.1,sndbuf 524288,rcvbuf 524288,redirect-gateway def1,explicit-exit-notify,comp-lzo no,route-gateway 10.22.0.1,topology subnet,ping 10,ping-restart 60,socket-flags TCP_NODELAY,ifconfig 10.22.0.10 255.255.0.0,peer-id 393224,cipher AES-256-GCM'
2021-10-24T19:47:31 openvpn[56970] SENT CONTROL [node-nl-45.protonvpn.net]: 'PUSH_REQUEST' (status=1)
2021-10-24T19:47:30 openvpn[56970] [node-nl-45.protonvpn.net] Peer Connection Initiated with [AF_INET]46.166.187.48:443 (via [AF_INET]80.56.107.37%)
2021-10-24T19:47:30 openvpn[56970] Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2021-10-24T19:47:30 openvpn[56970] WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA512'
2021-10-24T19:47:30 openvpn[56970] WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1582', remote='link-mtu 1634'
2021-10-24T19:47:30 openvpn[56970] VERIFY OK: depth=0, CN=node-nl-45.protonvpn.net
2021-10-24T19:47:30 openvpn[56970] VERIFY EKU OK
2021-10-24T19:47:30 openvpn[56970] ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-10-24T19:47:30 openvpn[56970] ++ Certificate has EKU (oid) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
2021-10-24T19:47:30 openvpn[56970] ++ Certificate has EKU (str) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
2021-10-24T19:47:30 openvpn[56970] ++ Certificate has EKU (oid) 1.3.6.1.5.5.7.3.2, expects TLS Web Server Authentication
2021-10-24T19:47:30 openvpn[56970] ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Server Authentication
2021-10-24T19:47:30 openvpn[56970] Validating certificate extended key usage
2021-10-24T19:47:30 openvpn[56970] VERIFY KU OK
2021-10-24T19:47:30 openvpn[56970] VERIFY OK: depth=1, C=CH, O=ProtonVPN AG, CN=ProtonVPN Intermediate CA 1
2021-10-24T19:47:30 openvpn[56970] VERIFY OK: depth=2, C=CH, O=ProtonVPN AG, CN=ProtonVPN Root CA
2021-10-24T19:47:30 openvpn[56970] TLS: Initial packet from [AF_INET]46.166.187.48:443 (via [AF_INET]80.56.107.37%), sid=df1df491 f434ca00
2021-10-24T19:47:30 openvpn[56970] UDP link remote: [AF_INET]46.166.187.48:443
2021-10-24T19:47:30 openvpn[56970] UDP link local: (not bound)
2021-10-24T19:47:30 openvpn[56970] NOTE: setsockopt TCP_NODELAY=1 failed
2021-10-24T19:47:30 openvpn[56970] Socket Buffers: R=[42080->524288] S=[57344->524288]
2021-10-24T19:47:30 openvpn[56970] TCP/UDP: Preserving recently used remote address: [AF_INET]46.166.187.48:443
2021-10-24T19:47:30 openvpn[56970] Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-10-24T19:47:30 openvpn[56970] Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-10-24T19:47:30 openvpn[56970] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-10-24T19:47:25 openvpn[56970] MANAGEMENT: Client disconnected
2021-10-24T19:47:25 openvpn[56970] MANAGEMENT: TCP send error: Broken pipe
2021-10-24T19:47:25 openvpn[56970] MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
2021-10-24T19:47:25 openvpn[56970] Restart pause, 5 second(s)
2021-10-24T19:47:25 openvpn[56970] SIGUSR1[soft,ping-restart] received, process restarting
2021-10-24T19:47:25 openvpn[56970] [node-nl-45.protonvpn.net] Inactivity timeout (--ping-restart), restarting
2021-10-24T19:47:25 openvpn[56970] MANAGEMENT: Client disconnected
2021-10-24T19:47:25 openvpn[56970] MANAGEMENT: TCP send error: Broken pipe
2021-10-24T19:47:25 openvpn[56970] MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
2021-10-24T19:47:25 openvpn[56970] Initialization Sequence Completed
2021-10-24T19:47:25 openvpn[56970] /sbin/route add -net 128.0.0.0 10.30.0.1 128.0.0.0
2021-10-24T19:47:25 openvpn[56970] /sbin/route add -net 0.0.0.0 10.30.0.1 128.0.0.0
[b]2021-10-24T19:47:25 openvpn[56970] /sbin/route add -net 46.166.187.48 80.56.107.1 255.255.255.255 [/b]
2021-10-24T19:45:25 openvpn[56970] /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpnc1 1500 1657 10.30.0.5 255.255.0.0 init
2021-10-24T19:45:25 openvpn[56970] /sbin/route add -net 10.30.0.0 10.30.0.1 255.255.0.0
2021-10-24T19:45:25 openvpn[56970] /sbin/ifconfig ovpnc1 10.30.0.5 10.30.0.1 mtu 1500 netmask 255.255.0.0 up
2021-10-24T19:45:25 openvpn[56970] TUN/TAP device /dev/tun1 opened
2021-10-24T19:45:25 openvpn[56970] TUN/TAP device ovpnc1 exists previously, keep at program end
2021-10-24T19:45:25 openvpn[56970] ROUTE_GATEWAY 80.56.107.1/255.255.255.0 IFACE=igb0 HWADDR=00:c0:e7:e0:09:38
2021-10-24T19:45:23 openvpn[56970] /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown ovpnc1 1500 1657 10.21.0.2 255.255.0.0 init
2021-10-24T19:45:23 openvpn[56970] Closing TUN/TAP interface
2021-10-24T19:45:23 openvpn[56970] /sbin/route delete -net 128.0.0.0 10.21.0.1 128.0.0.0
2021-10-24T19:45:23 openvpn[56970] /sbin/route delete -net 0.0.0.0 10.21.0.1 128.0.0.0
2021-10-24T19:45:23 openvpn[56970] /sbin/route delete -net 46.166.187.48 80.56.107.1 255.255.255.255
2021-10-24T19:45:23 openvpn[56970] NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
2021-10-24T19:45:23 openvpn[56970] Preserving previous TUN/TAP instance: ovpnc1
2021-10-24T19:45:23 openvpn[56970] Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-24T19:45:23 openvpn[56970] Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: data channel crypto options modified
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: adjusting link_mtu to 1657
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: peer-id set
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: route-related options modified
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: route options modified
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: --ifconfig/up options modified
2021-10-24T19:45:23 openvpn[56970] NOTE: setsockopt TCP_NODELAY=1 failed
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: --socket-flags option modified
2021-10-24T19:45:23 openvpn[56970] Socket Buffers: R=[524288->524288] S=[524288->524288]
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: compression parms modified
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: explicit notify parm(s) modified
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: timers and/or timeouts modified
2021-10-24T19:45:23 openvpn[56970] PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.30.0.1,sndbuf 524288,rcvbuf 524288,redirect-gateway def1,explicit-exit-notify,comp-lzo no,route-gateway 10.30.0.1,topology subnet,ping 10,ping-restart 60,socket-flags TCP_NODELAY,ifconfig 10.30.0.5 255.255.0.0,peer-id 917507,cipher AES-256-GCM'
2021-10-24T19:45:23 openvpn[56970] SENT CONTROL [node-nl-45.protonvpn.net]: 'PUSH_REQUEST' (status=1)
2021-10-24T19:45:22 openvpn[56970] [node-nl-45.protonvpn.net] Peer Connection Initiated with [AF_INET]46.166.187.48:443 (via [AF_INET]80.56.107.37%)
2021-10-24T19:45:22 openvpn[56970] Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2021-10-24T19:45:22 openvpn[56970] WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA512'
2021-10-24T19:45:22 openvpn[56970] WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1582', remote='link-mtu 1634'
2021-10-24T19:45:22 openvpn[56970] VERIFY OK: depth=0, CN=node-nl-45.protonvpn.net
2021-10-24T19:45:22 openvpn[56970] VERIFY EKU OK
2021-10-24T19:45:22 openvpn[56970] ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-10-24T19:45:22 openvpn[56970] ++ Certificate has EKU (oid) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
2021-10-24T19:45:22 openvpn[56970] ++ Certificate has EKU (str) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
2021-10-24T19:45:22 openvpn[56970] ++ Certificate has EKU (oid) 1.3.6.1.5.5.7.3.2, expects TLS Web Server Authentication
2021-10-24T19:45:22 openvpn[56970] ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Server Authentication
2021-10-24T19:45:22 openvpn[56970] Validating certificate extended key usage
2021-10-24T19:45:22 openvpn[56970] VERIFY KU OK
2021-10-24T19:45:22 openvpn[56970] VERIFY OK: depth=1, C=CH, O=ProtonVPN AG, CN=ProtonVPN Intermediate CA 1
2021-10-24T19:45:22 openvpn[56970] VERIFY OK: depth=2, C=CH, O=ProtonVPN AG, CN=ProtonVPN Root CA
2021-10-24T19:45:22 openvpn[56970] TLS: Initial packet from [AF_INET]46.166.187.48:443 (via [AF_INET]80.56.107.37%), sid=97abea17 65ad7b91
2021-10-24T19:45:22 openvpn[56970] UDP link remote: [AF_INET]46.166.187.48:443
2021-10-24T19:45:22 openvpn[56970] UDP link local: (not bound)
2021-10-24T19:45:22 openvpn[56970] NOTE: setsockopt TCP_NODELAY=1 failed
2021-10-24T19:45:22 openvpn[56970] Socket Buffers: R=[42080->524288] S=[57344->524288]
2021-10-24T19:45:22 openvpn[56970] TCP/UDP: Preserving recently used remote address: [AF_INET]46.166.187.48:443
2021-10-24T19:45:22 openvpn[56970] Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-10-24T19:45:22 openvpn[56970] Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-10-24T19:45:22 openvpn[56970] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-10-24T19:45:17 openvpn[56970] Restart pause, 5 second(s)
2021-10-24T19:45:17 openvpn[56970] SIGUSR1[soft,ping-restart] received, process restarting
2021-10-24T19:45:17 openvpn[56970] [node-nl-45.protonvpn.net] Inactivity timeout (--ping-restart), restarting
2021-10-24T19:45:17 openvpn[56970] Initialization Sequence Completed
2021-10-24T19:45:17 openvpn[56970] /sbin/route add -net 128.0.0.0 10.21.0.1 128.0.0.0
2021-10-24T19:45:17 openvpn[56970] /sbin/route add -net 0.0.0.0 10.21.0.1 128.0.0.0
[b]2021-10-24T19:45:17 openvpn[56970] /sbin/route add -net 46.166.187.48 80.56.107.1 255.255.255.255 [/b]
2021-10-24T19:43:17 openvpn[56970] /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpnc1 1500 1656 10.21.0.2 255.255.0.0 init
2021-10-24T19:43:17 openvpn[56970] /sbin/route add -net 10.21.0.0 10.21.0.1 255.255.0.0
2021-10-24T19:43:17 openvpn[56970] /sbin/ifconfig ovpnc1 10.21.0.2 10.21.0.1 mtu 1500 netmask 255.255.0.0 up
2021-10-24T19:43:17 openvpn[56970] TUN/TAP device /dev/tun1 opened
2021-10-24T19:43:17 openvpn[56970] TUN/TAP device ovpnc1 exists previously, keep at program end
2021-10-24T19:43:17 openvpn[56970] ROUTE_GATEWAY 80.56.107.1/255.255.255.0 IFACE=igb0 HWADDR=00:c0:e7:e0:09:38
2021-10-24T19:43:17 openvpn[56970] Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-24T19:43:17 openvpn[56970] Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: data channel crypto options modified
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: adjusting link_mtu to 1656
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: peer-id set
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: route-related options modified
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: route options modified
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: --ifconfig/up options modified
2021-10-24T19:43:17 openvpn[56970] NOTE: setsockopt TCP_NODELAY=1 failed
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: --socket-flags option modified
2021-10-24T19:43:17 openvpn[56970] Socket Buffers: R=[42080->524288] S=[57344->524288]
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: compression parms modified
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: explicit notify parm(s) modified
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: timers and/or timeouts modified
2021-10-24T19:43:17 openvpn[56970] PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.21.0.1,sndbuf 524288,rcvbuf 524288,redirect-gateway def1,explicit-exit-notify,comp-lzo no,route-gateway 10.21.0.1,topology subnet,ping 10,ping-restart 60,socket-flags TCP_NODELAY,ifconfig 10.21.0.2 255.255.0.0,peer-id 327681,cipher AES-256-GCM'
2021-10-24T19:43:17 openvpn[56970] SENT CONTROL [node-nl-45.protonvpn.net]: 'PUSH_REQUEST' (status=1)
2021-10-24T19:43:16 openvpn[56970] MANAGEMENT: Client disconnected
2021-10-24T19:43:16 openvpn[56970] MANAGEMENT: CMD 'state all'
2021-10-24T19:43:16 openvpn[56970] MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
2021-10-24T19:43:16 openvpn[56970] [node-nl-45.protonvpn.net] Peer Connection Initiated with [AF_INET]46.166.187.48:443 (via [AF_INET]80.56.107.37%)
2021-10-24T19:43:16 openvpn[56970] Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2021-10-24T19:43:16 openvpn[56970] WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2021-10-24T19:43:16 openvpn[56970] WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA512'
2021-10-24T19:43:16 openvpn[56970] WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1581', remote='link-mtu 1634'
2021-10-24T19:43:16 openvpn[56970] VERIFY OK: depth=0, CN=node-nl-45.protonvpn.net
2021-10-24T19:43:16 openvpn[56970] VERIFY EKU OK
2021-10-24T19:43:16 openvpn[56970] ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-10-24T19:43:16 openvpn[56970] ++ Certificate has EKU (oid) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
2021-10-24T19:43:16 openvpn[56970] ++ Certificate has EKU (str) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
2021-10-24T19:43:16 openvpn[56970] ++ Certificate has EKU (oid) 1.3.6.1.5.5.7.3.2, expects TLS Web Server Authentication
2021-10-24T19:43:16 openvpn[56970] ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Server Authentication
2021-10-24T19:43:16 openvpn[56970] Validating certificate extended key usage
2021-10-24T19:43:16 openvpn[56970] VERIFY KU OK
2021-10-24T19:43:16 openvpn[56970] VERIFY OK: depth=1, C=CH, O=ProtonVPN AG, CN=ProtonVPN Intermediate CA 1
2021-10-24T19:43:16 openvpn[56970] VERIFY OK: depth=2, C=CH, O=ProtonVPN AG, CN=ProtonVPN Root CA
2021-10-24T19:43:16 openvpn[56970] TLS: Initial packet from [AF_INET]46.166.187.48:443 (via [AF_INET]80.56.107.37%), sid=9c8e2fec a110d39d
2021-10-24T19:43:16 openvpn[56970] UDP link remote: [AF_INET]46.166.187.48:443
2021-10-24T19:43:16 openvpn[56970] UDP link local: (not bound)
2021-10-24T19:43:16 openvpn[56970] Socket Buffers: R=[42080->42080] S=[57344->57344]
2021-10-24T19:43:16 openvpn[56970] TCP/UDP: Preserving recently used remote address: [AF_INET]46.166.187.48:443
2021-10-24T19:43:16 openvpn[56970] Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-10-24T19:43:16 openvpn[56970] Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-10-24T19:43:16 openvpn[56970] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-10-24T19:43:16 openvpn[56970] MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
2021-10-24T19:43:16 openvpn[37856] library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2021-10-24T19:43:16 openvpn[37856] OpenVPN 2.5.3 amd64-portbld-freebsd12.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 21 2021
2021-10-24T19:43:16 openvpn[37856] WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible