"
In step 8 you create a firewall rule. I think thuis rule is the problem. This rule should be disabled if the wireguard is down or you turn it off. I am also struggling with this
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
Virtual private networks / Re: How to do a 'NON-KILL' switch on WireGuard VPN?
March 02, 2025, 03:38:37 PM #2
Virtual private networks / VPN needs 2 or 3 initializations before it is connected
October 24, 2021, 09:05:02 PM
Hi,
I'm not sure when this started but i have a problem when i want to connect to VPN.
It takes multiple tries before it is connected. During a connection attempt the opnsense software is not responding, also internet is a few seconds down.
Somehow after 2, 3 or 4 attempts it is connected.
I realy have no idea what is going on.
I copied the complete log from today when i treid to start VPN. I marked every start of an attempt wit a bold line.
I'm not sure when this started but i have a problem when i want to connect to VPN.
It takes multiple tries before it is connected. During a connection attempt the opnsense software is not responding, also internet is a few seconds down.
Somehow after 2, 3 or 4 attempts it is connected.
I realy have no idea what is going on.
I copied the complete log from today when i treid to start VPN. I marked every start of an attempt wit a bold line.
Code Select
Versions OPNsense 21.7.3_3-amd64
FreeBSD 12.1-RELEASE-p20-HBSD
OpenSSL 1.1.1l 24 Aug 2021Code Select
Date
Process
Line
2021-10-24T20:42:04 openvpn[56970] Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2021-10-24T20:42:04 openvpn[56970] Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-24T20:42:04 openvpn[56970] Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-24T20:42:04 openvpn[56970] WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA512'
2021-10-24T20:42:04 openvpn[56970] WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1582', remote='link-mtu 1634'
2021-10-24T20:42:04 openvpn[56970] VERIFY OK: depth=0, CN=node-nl-45.protonvpn.net
2021-10-24T20:42:04 openvpn[56970] VERIFY EKU OK
2021-10-24T20:42:04 openvpn[56970] ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-10-24T20:42:04 openvpn[56970] ++ Certificate has EKU (oid) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
2021-10-24T20:42:04 openvpn[56970] ++ Certificate has EKU (str) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
2021-10-24T20:42:04 openvpn[56970] ++ Certificate has EKU (oid) 1.3.6.1.5.5.7.3.2, expects TLS Web Server Authentication
2021-10-24T20:42:04 openvpn[56970] ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Server Authentication
2021-10-24T20:42:04 openvpn[56970] Validating certificate extended key usage
2021-10-24T20:42:04 openvpn[56970] VERIFY KU OK
2021-10-24T20:42:04 openvpn[56970] VERIFY OK: depth=1, C=CH, O=ProtonVPN AG, CN=ProtonVPN Intermediate CA 1
2021-10-24T20:42:04 openvpn[56970] VERIFY OK: depth=2, C=CH, O=ProtonVPN AG, CN=ProtonVPN Root CA
2021-10-24T20:29:29 openvpn[56970] MANAGEMENT: Client disconnected
2021-10-24T20:29:29 openvpn[56970] MANAGEMENT: CMD 'status 2'
2021-10-24T20:29:29 openvpn[56970] MANAGEMENT: CMD 'state all'
2021-10-24T20:29:29 openvpn[56970] MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
2021-10-24T19:47:42 openvpn[56970] Initialization Sequence Completed
2021-10-24T19:47:42 openvpn[56970] /sbin/route add -net 128.0.0.0 10.22.0.1 128.0.0.0
2021-10-24T19:47:42 openvpn[56970] /sbin/route add -net 0.0.0.0 10.22.0.1 128.0.0.0
2021-10-24T19:47:42 openvpn[56970] /sbin/route add -net 46.166.187.48 80.56.107.1 255.255.255.255
2021-10-24T19:47:32 openvpn[56970] /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpnc1 1500 1657 10.22.0.10 255.255.0.0 init
2021-10-24T19:47:32 openvpn[56970] /sbin/route add -net 10.22.0.0 10.22.0.1 255.255.0.0
2021-10-24T19:47:32 openvpn[56970] /sbin/ifconfig ovpnc1 10.22.0.10 10.22.0.1 mtu 1500 netmask 255.255.0.0 up
2021-10-24T19:47:32 openvpn[56970] TUN/TAP device /dev/tun1 opened
2021-10-24T19:47:32 openvpn[56970] TUN/TAP device ovpnc1 exists previously, keep at program end
2021-10-24T19:47:32 openvpn[56970] ROUTE_GATEWAY 80.56.107.1/255.255.255.0 IFACE=igb0 HWADDR=00:c0:e7:e0:09:38
2021-10-24T19:47:31 openvpn[56970] /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown ovpnc1 1500 1657 10.30.0.5 255.255.0.0 init
2021-10-24T19:47:31 openvpn[56970] Closing TUN/TAP interface
2021-10-24T19:47:31 openvpn[56970] /sbin/route delete -net 128.0.0.0 10.30.0.1 128.0.0.0
2021-10-24T19:47:31 openvpn[56970] /sbin/route delete -net 0.0.0.0 10.30.0.1 128.0.0.0
2021-10-24T19:47:31 openvpn[56970] /sbin/route delete -net 46.166.187.48 80.56.107.1 255.255.255.255
2021-10-24T19:47:31 openvpn[56970] NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
2021-10-24T19:47:31 openvpn[56970] Preserving previous TUN/TAP instance: ovpnc1
2021-10-24T19:47:31 openvpn[56970] Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-24T19:47:31 openvpn[56970] Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: data channel crypto options modified
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: adjusting link_mtu to 1657
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: peer-id set
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: route-related options modified
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: route options modified
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: --ifconfig/up options modified
2021-10-24T19:47:31 openvpn[56970] NOTE: setsockopt TCP_NODELAY=1 failed
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: --socket-flags option modified
2021-10-24T19:47:31 openvpn[56970] Socket Buffers: R=[524288->524288] S=[524288->524288]
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: compression parms modified
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: explicit notify parm(s) modified
2021-10-24T19:47:31 openvpn[56970] OPTIONS IMPORT: timers and/or timeouts modified
2021-10-24T19:47:31 openvpn[56970] PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.22.0.1,sndbuf 524288,rcvbuf 524288,redirect-gateway def1,explicit-exit-notify,comp-lzo no,route-gateway 10.22.0.1,topology subnet,ping 10,ping-restart 60,socket-flags TCP_NODELAY,ifconfig 10.22.0.10 255.255.0.0,peer-id 393224,cipher AES-256-GCM'
2021-10-24T19:47:31 openvpn[56970] SENT CONTROL [node-nl-45.protonvpn.net]: 'PUSH_REQUEST' (status=1)
2021-10-24T19:47:30 openvpn[56970] [node-nl-45.protonvpn.net] Peer Connection Initiated with [AF_INET]46.166.187.48:443 (via [AF_INET]80.56.107.37%)
2021-10-24T19:47:30 openvpn[56970] Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2021-10-24T19:47:30 openvpn[56970] WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA512'
2021-10-24T19:47:30 openvpn[56970] WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1582', remote='link-mtu 1634'
2021-10-24T19:47:30 openvpn[56970] VERIFY OK: depth=0, CN=node-nl-45.protonvpn.net
2021-10-24T19:47:30 openvpn[56970] VERIFY EKU OK
2021-10-24T19:47:30 openvpn[56970] ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-10-24T19:47:30 openvpn[56970] ++ Certificate has EKU (oid) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
2021-10-24T19:47:30 openvpn[56970] ++ Certificate has EKU (str) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
2021-10-24T19:47:30 openvpn[56970] ++ Certificate has EKU (oid) 1.3.6.1.5.5.7.3.2, expects TLS Web Server Authentication
2021-10-24T19:47:30 openvpn[56970] ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Server Authentication
2021-10-24T19:47:30 openvpn[56970] Validating certificate extended key usage
2021-10-24T19:47:30 openvpn[56970] VERIFY KU OK
2021-10-24T19:47:30 openvpn[56970] VERIFY OK: depth=1, C=CH, O=ProtonVPN AG, CN=ProtonVPN Intermediate CA 1
2021-10-24T19:47:30 openvpn[56970] VERIFY OK: depth=2, C=CH, O=ProtonVPN AG, CN=ProtonVPN Root CA
2021-10-24T19:47:30 openvpn[56970] TLS: Initial packet from [AF_INET]46.166.187.48:443 (via [AF_INET]80.56.107.37%), sid=df1df491 f434ca00
2021-10-24T19:47:30 openvpn[56970] UDP link remote: [AF_INET]46.166.187.48:443
2021-10-24T19:47:30 openvpn[56970] UDP link local: (not bound)
2021-10-24T19:47:30 openvpn[56970] NOTE: setsockopt TCP_NODELAY=1 failed
2021-10-24T19:47:30 openvpn[56970] Socket Buffers: R=[42080->524288] S=[57344->524288]
2021-10-24T19:47:30 openvpn[56970] TCP/UDP: Preserving recently used remote address: [AF_INET]46.166.187.48:443
2021-10-24T19:47:30 openvpn[56970] Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-10-24T19:47:30 openvpn[56970] Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-10-24T19:47:30 openvpn[56970] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-10-24T19:47:25 openvpn[56970] MANAGEMENT: Client disconnected
2021-10-24T19:47:25 openvpn[56970] MANAGEMENT: TCP send error: Broken pipe
2021-10-24T19:47:25 openvpn[56970] MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
2021-10-24T19:47:25 openvpn[56970] Restart pause, 5 second(s)
2021-10-24T19:47:25 openvpn[56970] SIGUSR1[soft,ping-restart] received, process restarting
2021-10-24T19:47:25 openvpn[56970] [node-nl-45.protonvpn.net] Inactivity timeout (--ping-restart), restarting
2021-10-24T19:47:25 openvpn[56970] MANAGEMENT: Client disconnected
2021-10-24T19:47:25 openvpn[56970] MANAGEMENT: TCP send error: Broken pipe
2021-10-24T19:47:25 openvpn[56970] MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
2021-10-24T19:47:25 openvpn[56970] Initialization Sequence Completed
2021-10-24T19:47:25 openvpn[56970] /sbin/route add -net 128.0.0.0 10.30.0.1 128.0.0.0
2021-10-24T19:47:25 openvpn[56970] /sbin/route add -net 0.0.0.0 10.30.0.1 128.0.0.0
[b]2021-10-24T19:47:25 openvpn[56970] /sbin/route add -net 46.166.187.48 80.56.107.1 255.255.255.255 [/b]
2021-10-24T19:45:25 openvpn[56970] /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpnc1 1500 1657 10.30.0.5 255.255.0.0 init
2021-10-24T19:45:25 openvpn[56970] /sbin/route add -net 10.30.0.0 10.30.0.1 255.255.0.0
2021-10-24T19:45:25 openvpn[56970] /sbin/ifconfig ovpnc1 10.30.0.5 10.30.0.1 mtu 1500 netmask 255.255.0.0 up
2021-10-24T19:45:25 openvpn[56970] TUN/TAP device /dev/tun1 opened
2021-10-24T19:45:25 openvpn[56970] TUN/TAP device ovpnc1 exists previously, keep at program end
2021-10-24T19:45:25 openvpn[56970] ROUTE_GATEWAY 80.56.107.1/255.255.255.0 IFACE=igb0 HWADDR=00:c0:e7:e0:09:38
2021-10-24T19:45:23 openvpn[56970] /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown ovpnc1 1500 1657 10.21.0.2 255.255.0.0 init
2021-10-24T19:45:23 openvpn[56970] Closing TUN/TAP interface
2021-10-24T19:45:23 openvpn[56970] /sbin/route delete -net 128.0.0.0 10.21.0.1 128.0.0.0
2021-10-24T19:45:23 openvpn[56970] /sbin/route delete -net 0.0.0.0 10.21.0.1 128.0.0.0
2021-10-24T19:45:23 openvpn[56970] /sbin/route delete -net 46.166.187.48 80.56.107.1 255.255.255.255
2021-10-24T19:45:23 openvpn[56970] NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
2021-10-24T19:45:23 openvpn[56970] Preserving previous TUN/TAP instance: ovpnc1
2021-10-24T19:45:23 openvpn[56970] Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-24T19:45:23 openvpn[56970] Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: data channel crypto options modified
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: adjusting link_mtu to 1657
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: peer-id set
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: route-related options modified
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: route options modified
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: --ifconfig/up options modified
2021-10-24T19:45:23 openvpn[56970] NOTE: setsockopt TCP_NODELAY=1 failed
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: --socket-flags option modified
2021-10-24T19:45:23 openvpn[56970] Socket Buffers: R=[524288->524288] S=[524288->524288]
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: compression parms modified
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: explicit notify parm(s) modified
2021-10-24T19:45:23 openvpn[56970] OPTIONS IMPORT: timers and/or timeouts modified
2021-10-24T19:45:23 openvpn[56970] PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.30.0.1,sndbuf 524288,rcvbuf 524288,redirect-gateway def1,explicit-exit-notify,comp-lzo no,route-gateway 10.30.0.1,topology subnet,ping 10,ping-restart 60,socket-flags TCP_NODELAY,ifconfig 10.30.0.5 255.255.0.0,peer-id 917507,cipher AES-256-GCM'
2021-10-24T19:45:23 openvpn[56970] SENT CONTROL [node-nl-45.protonvpn.net]: 'PUSH_REQUEST' (status=1)
2021-10-24T19:45:22 openvpn[56970] [node-nl-45.protonvpn.net] Peer Connection Initiated with [AF_INET]46.166.187.48:443 (via [AF_INET]80.56.107.37%)
2021-10-24T19:45:22 openvpn[56970] Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2021-10-24T19:45:22 openvpn[56970] WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA512'
2021-10-24T19:45:22 openvpn[56970] WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1582', remote='link-mtu 1634'
2021-10-24T19:45:22 openvpn[56970] VERIFY OK: depth=0, CN=node-nl-45.protonvpn.net
2021-10-24T19:45:22 openvpn[56970] VERIFY EKU OK
2021-10-24T19:45:22 openvpn[56970] ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-10-24T19:45:22 openvpn[56970] ++ Certificate has EKU (oid) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
2021-10-24T19:45:22 openvpn[56970] ++ Certificate has EKU (str) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
2021-10-24T19:45:22 openvpn[56970] ++ Certificate has EKU (oid) 1.3.6.1.5.5.7.3.2, expects TLS Web Server Authentication
2021-10-24T19:45:22 openvpn[56970] ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Server Authentication
2021-10-24T19:45:22 openvpn[56970] Validating certificate extended key usage
2021-10-24T19:45:22 openvpn[56970] VERIFY KU OK
2021-10-24T19:45:22 openvpn[56970] VERIFY OK: depth=1, C=CH, O=ProtonVPN AG, CN=ProtonVPN Intermediate CA 1
2021-10-24T19:45:22 openvpn[56970] VERIFY OK: depth=2, C=CH, O=ProtonVPN AG, CN=ProtonVPN Root CA
2021-10-24T19:45:22 openvpn[56970] TLS: Initial packet from [AF_INET]46.166.187.48:443 (via [AF_INET]80.56.107.37%), sid=97abea17 65ad7b91
2021-10-24T19:45:22 openvpn[56970] UDP link remote: [AF_INET]46.166.187.48:443
2021-10-24T19:45:22 openvpn[56970] UDP link local: (not bound)
2021-10-24T19:45:22 openvpn[56970] NOTE: setsockopt TCP_NODELAY=1 failed
2021-10-24T19:45:22 openvpn[56970] Socket Buffers: R=[42080->524288] S=[57344->524288]
2021-10-24T19:45:22 openvpn[56970] TCP/UDP: Preserving recently used remote address: [AF_INET]46.166.187.48:443
2021-10-24T19:45:22 openvpn[56970] Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-10-24T19:45:22 openvpn[56970] Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-10-24T19:45:22 openvpn[56970] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-10-24T19:45:17 openvpn[56970] Restart pause, 5 second(s)
2021-10-24T19:45:17 openvpn[56970] SIGUSR1[soft,ping-restart] received, process restarting
2021-10-24T19:45:17 openvpn[56970] [node-nl-45.protonvpn.net] Inactivity timeout (--ping-restart), restarting
2021-10-24T19:45:17 openvpn[56970] Initialization Sequence Completed
2021-10-24T19:45:17 openvpn[56970] /sbin/route add -net 128.0.0.0 10.21.0.1 128.0.0.0
2021-10-24T19:45:17 openvpn[56970] /sbin/route add -net 0.0.0.0 10.21.0.1 128.0.0.0
[b]2021-10-24T19:45:17 openvpn[56970] /sbin/route add -net 46.166.187.48 80.56.107.1 255.255.255.255 [/b]
2021-10-24T19:43:17 openvpn[56970] /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpnc1 1500 1656 10.21.0.2 255.255.0.0 init
2021-10-24T19:43:17 openvpn[56970] /sbin/route add -net 10.21.0.0 10.21.0.1 255.255.0.0
2021-10-24T19:43:17 openvpn[56970] /sbin/ifconfig ovpnc1 10.21.0.2 10.21.0.1 mtu 1500 netmask 255.255.0.0 up
2021-10-24T19:43:17 openvpn[56970] TUN/TAP device /dev/tun1 opened
2021-10-24T19:43:17 openvpn[56970] TUN/TAP device ovpnc1 exists previously, keep at program end
2021-10-24T19:43:17 openvpn[56970] ROUTE_GATEWAY 80.56.107.1/255.255.255.0 IFACE=igb0 HWADDR=00:c0:e7:e0:09:38
2021-10-24T19:43:17 openvpn[56970] Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-24T19:43:17 openvpn[56970] Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: data channel crypto options modified
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: adjusting link_mtu to 1656
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: peer-id set
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: route-related options modified
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: route options modified
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: --ifconfig/up options modified
2021-10-24T19:43:17 openvpn[56970] NOTE: setsockopt TCP_NODELAY=1 failed
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: --socket-flags option modified
2021-10-24T19:43:17 openvpn[56970] Socket Buffers: R=[42080->524288] S=[57344->524288]
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: compression parms modified
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: explicit notify parm(s) modified
2021-10-24T19:43:17 openvpn[56970] OPTIONS IMPORT: timers and/or timeouts modified
2021-10-24T19:43:17 openvpn[56970] PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.21.0.1,sndbuf 524288,rcvbuf 524288,redirect-gateway def1,explicit-exit-notify,comp-lzo no,route-gateway 10.21.0.1,topology subnet,ping 10,ping-restart 60,socket-flags TCP_NODELAY,ifconfig 10.21.0.2 255.255.0.0,peer-id 327681,cipher AES-256-GCM'
2021-10-24T19:43:17 openvpn[56970] SENT CONTROL [node-nl-45.protonvpn.net]: 'PUSH_REQUEST' (status=1)
2021-10-24T19:43:16 openvpn[56970] MANAGEMENT: Client disconnected
2021-10-24T19:43:16 openvpn[56970] MANAGEMENT: CMD 'state all'
2021-10-24T19:43:16 openvpn[56970] MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
2021-10-24T19:43:16 openvpn[56970] [node-nl-45.protonvpn.net] Peer Connection Initiated with [AF_INET]46.166.187.48:443 (via [AF_INET]80.56.107.37%)
2021-10-24T19:43:16 openvpn[56970] Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2021-10-24T19:43:16 openvpn[56970] WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2021-10-24T19:43:16 openvpn[56970] WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA512'
2021-10-24T19:43:16 openvpn[56970] WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1581', remote='link-mtu 1634'
2021-10-24T19:43:16 openvpn[56970] VERIFY OK: depth=0, CN=node-nl-45.protonvpn.net
2021-10-24T19:43:16 openvpn[56970] VERIFY EKU OK
2021-10-24T19:43:16 openvpn[56970] ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021-10-24T19:43:16 openvpn[56970] ++ Certificate has EKU (oid) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
2021-10-24T19:43:16 openvpn[56970] ++ Certificate has EKU (str) 1.3.6.1.5.5.8.2.2, expects TLS Web Server Authentication
2021-10-24T19:43:16 openvpn[56970] ++ Certificate has EKU (oid) 1.3.6.1.5.5.7.3.2, expects TLS Web Server Authentication
2021-10-24T19:43:16 openvpn[56970] ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Server Authentication
2021-10-24T19:43:16 openvpn[56970] Validating certificate extended key usage
2021-10-24T19:43:16 openvpn[56970] VERIFY KU OK
2021-10-24T19:43:16 openvpn[56970] VERIFY OK: depth=1, C=CH, O=ProtonVPN AG, CN=ProtonVPN Intermediate CA 1
2021-10-24T19:43:16 openvpn[56970] VERIFY OK: depth=2, C=CH, O=ProtonVPN AG, CN=ProtonVPN Root CA
2021-10-24T19:43:16 openvpn[56970] TLS: Initial packet from [AF_INET]46.166.187.48:443 (via [AF_INET]80.56.107.37%), sid=9c8e2fec a110d39d
2021-10-24T19:43:16 openvpn[56970] UDP link remote: [AF_INET]46.166.187.48:443
2021-10-24T19:43:16 openvpn[56970] UDP link local: (not bound)
2021-10-24T19:43:16 openvpn[56970] Socket Buffers: R=[42080->42080] S=[57344->57344]
2021-10-24T19:43:16 openvpn[56970] TCP/UDP: Preserving recently used remote address: [AF_INET]46.166.187.48:443
2021-10-24T19:43:16 openvpn[56970] Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-10-24T19:43:16 openvpn[56970] Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2021-10-24T19:43:16 openvpn[56970] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-10-24T19:43:16 openvpn[56970] MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
2021-10-24T19:43:16 openvpn[37856] library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2021-10-24T19:43:16 openvpn[37856] OpenVPN 2.5.3 amd64-portbld-freebsd12.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Sep 21 2021
2021-10-24T19:43:16 openvpn[37856] WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible
Pages1
