AirDNS stopped working unexpectedly after two months of use on pfSense

[hbs 1]

Hi everyone,

 

Here's what happened.

 

I have set up my pfSense Firewall Appliance almost two months ago. Using the pfSense Tutorial that AirVPN provides.

 

It worked flawlessly until last Thursday.

 

Suddenly my pfSense router wasn't transferring data anymore and I went on doing some tweaking and noticed that AirDNS (10.4.0.1 wasn't resolving DNS queries anymore. I replaced it with Google, Cisco, Cloudfare, you name DNSs and was back online.

 

 

 

I wonder if someone else here has also encountered (or is encountering) this situation?

 

This is very weird. I am positively sure that wasn't any loss of data (my Firewall Appliance is connected to a brand new UPS) 

 

Please, let me know.

 

 

Regards

 

 

[Air4141841 24]

try adding an external dns server to the WAN

[hbs 1]

Thanks for replying it.

try adding an external dns server to the WAN

 

I have added to DNS on General Setup

 

It started to resolve again but not thru AirDNS.

 

 

I noticed that your setup is apparently different than mine.

 

Which guide did you use it? I have used the one AirVPN provides. It was working, Than stopped overnight.

 

It isn't my ISP. I can connect using Eddie to any server on Windows on the same network.

[Air4141841 24]

Right I have the same issue,

 

It’s taken me about a year to tweak my box to be able to work correctly

 

Try this :

Services / dhcp server - under dns add 10.4.0.1 or the dns server pushed through your tunnel

 

Once you reboot pfsense and your computer it should get that address added by the dhcp server

 

Make sense?

[hbs 1]

Thanks for replying it.

 

I left my PC unattended after i added the external DNS.

 

I only noticed now that it is passing ipleak,net.

 

Even without AirDNS.

 

Also, I have added as you asked me 

 

But I have lost completely the ability to access the internet

 

 

 

[Air4141841 24]

remove 192.168.0.1 and see if everything works.  you would have to restart your computer or renew release the nic

[hbs 1]

Hi Air4141841

 

Thanks for replying it.

 

I did as you told me.

 

 

removed 192.168.0.1 and left only AirDNS. This time I could still access the internet.

 

But the issue with AirDNS not resolving DNS queries persists

 

 

Oddly is still passing ipleak.net as well. For now.

[Air4141841 24]

Under general - dns uncheck. So 127.0.0.1 is not used that is another problem I see.. you don’t want 127.0.0.1 listed on that page

I can give better instructions when I am in front of my laptop

 

home now.   make sure this box IS checked:

 

Disable DNS Forwarder

 

make sure this is unchecked:

DNS Server Override

 

​this is under system > general setup 

[hbs 1]

 

Following are screen captures of unaltered settings that I have. I believe it matches what you re trying to do.

 

Please have a look on the images.

 

Another thing. 

 

I suspect the 127.0.0.1 that appear when DNS Lookup is queried is because of the localhost to AirVPN_WAN rule 

 

It is from the AirVPN Pfsense Guide https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/

 

My setup (hopefully) mirrors that one. Like I stated a couple of times worked for almost two months.

[Air4141841 24]

picture one i would enable: Enable SSL/TLS Service

picture one i would enable : Use SSL/TLS for outgoing DNS Queries to Forwarding Servers

also picture one for advanced configuration read my last sentense.  127.0.0.1 hasn't worked for me for months.   thats why i switched to the netgate link below

also under DNS server settings.   put 9.9.9.9 for the WAN gateway.   10.4.0.1 for Airvpngateway

 

i know exactly what you are talking about now.  that is why i switched to DNS over TLS setting from Pfsense: https://www.netgate.com/blog/dns-over-tls-with-pfsense.html

 

i am sure my way is a total and complete roundabout way to get it to work!.   but i have not see anyone else post or offer help for these issues, its taken me over a year to tweak my pfsense box and i have learned alot along the way...

[Air4141841 24]

picture one is how i created manual static entries and rules for each device i want on that tunnel 

 

 

picture 2 shows the static DNS entry for Airvpn DNS server 

[hbs 1]

thanks Air4141841,

 

I have tried your first post. To no avail.

 

10.4.0.1 is still not responding to all queries.

 

The only way I see to remove 127.0.0.1 from the list wast to disable DNS Forwarder/Resolver on General > Setup and that stops my internet after a reboot. Also doesn't solve the AirDNS situation. No response whatsoever.

 

Tomorrow will make a week this problem has started. 

[Air4141841 24]

what does your DNS resolver look like now?   your client page?

 

it has to be something in your setup.  my works perfectly and has worked perfectly like this since the DNS over TLS post

[hbs 1]

Sorry for the late response.

 

I have no internet connection on my pfsense box.

 

 

[Air4141841 24]

your client connection looks nothing like mine

1.  i assume you wiped your TLS key?

2. IF you are using TLS  tls usage should be set to Tls and Authentication.

3. encryption alg should be set to 256 GCM   negotiation is fine

4.  Auth digest alg?   that should be sha512

5. compression should be set too . legacy comp LZO NO

6. don't pull routes.  UNCHECKED

7. don't add remove routes UNCHECKED

8.   once those are set go back to system General and set DNS forwarder to checked. 

 

since you have VERB set to 4.  it will tell you generally how to fix your config.    also  generate a new client config file.  it will show you what you need to set your client config too. because it appears you are following old configuration files..

[hbs 1]

Yes. I wiped.

 

I rebooted once more and I am now connected.

 

I followed the pfsense how to guide from AirVPN.

 

I even disable DNS Forwarder/Resolver on General 

 

127.0.0.1 is gone

 

Here's my DNS Lookup

 

 

[Air4141841 24]

The several year old guide is extremely helpful. But I found several issues along the way.

 

I posted most of the improvements I have found. Good luck

[hbs 1]

I have followed the steps to update my openvpn client config.

 

But it is failing to properly connect. Honestly I cannot cypher what error is this

 

Please, have a look: 

 

Dec 26 19:38:06	openvpn	36721	Server poll timeout, restarting
Dec 26 19:38:06	openvpn	36721	TCP/UDP: Closing socket
Dec 26 19:38:06	openvpn	36721	SIGUSR1[soft,server_poll] received, process restarting
Dec 26 19:38:06	openvpn	36721	WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Dec 26 19:38:06	openvpn	36721	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 26 19:38:06	openvpn	36721	Re-using SSL/TLS context
Dec 26 19:38:06	openvpn	36721	Control Channel MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Dec 26 19:38:06	openvpn	36721	Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Dec 26 19:38:06	openvpn	36721	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
Dec 26 19:38:06	openvpn	36721	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
Dec 26 19:38:06	openvpn	36721	TCP/UDP: Preserving recently used remote address: [AF_INET]96.47.229.58:443
Dec 26 19:38:06	openvpn	36721	Socket Buffers: R=[42080->524288] S=[57344->524288]
Dec 26 19:38:06	openvpn	36721	UDPv4 link local (bound): [AF_INET]192.168.1.232:0
Dec 26 19:38:06	openvpn	36721	UDPv4 link remote: [AF_INET]96.47.229.58:443
Dec 26 19:38:16	openvpn	36721	Server poll timeout, restarting
Dec 26 19:38:16	openvpn	36721	TCP/UDP: Closing socket
Dec 26 19:38:16	openvpn	36721	SIGUSR1[soft,server_poll] received, process restarting
Dec 26 19:38:16	openvpn	36721	WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Dec 26 19:38:16	openvpn	36721	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 26 19:38:16	openvpn	36721	Re-using SSL/TLS context
Dec 26 19:38:16	openvpn	36721	Control Channel MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Dec 26 19:38:16	openvpn	36721	Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Dec 26 19:38:16	openvpn	36721	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
Dec 26 19:38:16	openvpn	36721	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
Dec 26 19:38:16	openvpn	36721	TCP/UDP: Preserving recently used remote address: [AF_INET]96.47.229.58:443
Dec 26 19:38:16	openvpn	36721	Socket Buffers: R=[42080->524288] S=[57344->524288]
Dec 26 19:38:16	openvpn	36721	UDPv4 link local (bound): [AF_INET]192.168.1.232:0
Dec 26 19:38:16	openvpn	36721	UDPv4 link remote: [AF_INET]96.47.229.58:443
Dec 26 19:38:26	openvpn	36721	Server poll timeout, restarting
Dec 26 19:38:26	openvpn	36721	TCP/UDP: Closing socket
Dec 26 19:38:26	openvpn	36721	SIGUSR1[soft,server_poll] received, process restarting
Dec 26 19:38:26	openvpn	36721	WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Dec 26 19:38:26	openvpn	36721	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 26 19:38:26	openvpn	36721	Re-using SSL/TLS context
Dec 26 19:38:26	openvpn	36721	Control Channel MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Dec 26 19:38:26	openvpn	36721	Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Dec 26 19:38:26	openvpn	36721	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
Dec 26 19:38:26	openvpn	36721	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
Dec 26 19:38:26	openvpn	36721	TCP/UDP: Preserving recently used remote address: [AF_INET]96.47.229.58:443
Dec 26 19:38:26	openvpn	36721	Socket Buffers: R=[42080->524288] S=[57344->524288]
Dec 26 19:38:26	openvpn	36721	UDPv4 link local (bound): [AF_INET]192.168.1.232:0
Dec 26 19:38:26	openvpn	36721	UDPv4 link remote: [AF_INET]96.47.229.58:443
Dec 26 19:38:36	openvpn	36721	Server poll timeout, restarting
Dec 26 19:38:36	openvpn	36721	TCP/UDP: Closing socket
Dec 26 19:38:36	openvpn	36721	SIGUSR1[soft,server_poll] received, process restarting
Dec 26 19:38:36	openvpn	36721	WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Dec 26 19:38:36	openvpn	36721	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 26 19:38:36	openvpn	36721	Re-using SSL/TLS context
Dec 26 19:38:36	openvpn	36721	Control Channel MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Dec 26 19:38:36	openvpn	36721	Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Dec 26 19:38:36	openvpn	36721	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-client'
Dec 26 19:38:36	openvpn	36721	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,key-method 2,tls-server'
Dec 26 19:38:36	openvpn	36721	TCP/UDP: Preserving recently used remote address: [AF_INET]96.47.229.58:443
Dec 26 19:38:36	openvpn	36721	Socket Buffers: R=[42080->524288] S=[57344->524288]
Dec 26 19:38:36	openvpn	36721	UDPv4 link local (bound): [AF_INET]192.168.1.232:0
Dec 26 19:38:36	openvpn	36721	UDPv4 link remote: [AF_INET]96.47.229.58:443
Dec 26 19:38:46	openvpn	36721	Server poll timeout, restarting
Dec 26 19:38:46	openvpn	36721	TCP/UDP: Closing socket
Dec 26 19:38:46	openvpn	36721	SIGUSR1[soft,server_poll] received, process restarting
Dec 26 19:38:46	openvpn	36721	WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Dec 26 19:38:46	openvpn	36721	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 26 19:38:46	openvpn	36721	Re-using SSL/TLS context
Dec 26 19:38:46	openvpn	36721	Control Channel MTU parms [ L:1622 D:1156 EF:94 EB:0 ET:0 EL:3 ]
Dec 26 19:38:46	openvpn	36721	Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]

 

Here it is the new config image (tls key removed)

 

 

[Air4141841 24]

well the only thing left is your custom config:

 

here is mine.   try it and see what happens!   Notice a few entry's removed from the file given by the configurator...

resolv-retry infinite;
persist-key;
persist-tun;
remote-cert-tls server;
auth-nocache;
tls-version-min 1.2;
remote 199.249.230.34 443;
remote us3.vpn.airdns.org 443;
remote america3.vpn.airdns.org 443;

[hbs 1]

I successfully tweaked some settings on my client config (although SHA512 and TLS and Auth didnt work for me) and finally was able to make 10.4.0.1 to respond to some queries. 

 

 

traceroute airvpn.org

1  10.14.192.1  140.994 ms  139.973 ms  139.885 ms
 2  * 96.47.229.57  142.709 ms  140.916 ms
 3  173.44.32.249  140.954 ms  139.738 ms  142.258 ms
 4  84.16.8.36  140.914 ms  141.742 ms  141.428 ms
 5  94.142.119.241  180.354 ms
    94.142.126.225  184.986 ms  180.993 ms
 6  198.27.73.160  182.647 ms  182.034 ms  181.853 ms
 7  142.44.208.69  281.681 ms
    198.27.73.218  187.688 ms  188.042 ms
 8  192.99.146.147  195.012 ms  194.605 ms
    192.99.146.138  265.044 ms
 9  192.99.146.147  194.115 ms  194.363 ms  193.476 ms

PING airvpn.org (5.196.64.52): 56 data bytes
64 bytes from 5.196.64.52: icmp_seq=0 ttl=52 time=263.442 ms
64 bytes from 5.196.64.52: icmp_seq=1 ttl=52 time=260.203 ms
64 bytes from 5.196.64.52: icmp_seq=2 ttl=52 time=263.098 ms

--- airvpn.org ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 260.203/262.248/263.442/1.453 ms

But I am not able to use the internet. There is none, according to my laptop, apple tv 

 

I don't know what is happening. There should be internet access.

.

Any idea how to troubleshoot this?

 

Thanks

[Air4141841 24]

Without the open vpn log on verb 4 I have no idea

 

If you can not get tls to work I would create a new opvn file

[hbs 1]

Without the open vpn log on verb 4 I have no idea

 

If you can not get tls to work I would create a new opvn file

 

 

I Couldn't make it work with TLS Encryption and Authentication or/with SHA 512. I mean.using these settings I cannot establish a successful VPN connection

 

 

Had to go with TLS Auth and SHA1 

 

I am connected to the internet. But only on my pfsense box.

 

I can even download in there using: fetch -o /dev/null http://ipv4.download.thinkbroadband.com/200MB.zip

 

I can ping from my laptop to the gateway 10.14.192.1

 

I can ping from pfSense to my laptop IP address

 

But I can't browse the internet on my laptop or my Apple TV.

 

 

 

[Wolke68 5]

in your screenshot you doesnt fill in your TLS key so you havent TLs Auth

 

and NCP Options

 

AES-256-GCM

AES-256-CBc

 

your openvpn config isnt correct

[Air4141841 24]

i saw that as well.  i assumed it was done on purpose.  i really have no idea why...   on the GCM that will also connect just fine   you can add cbc on there but it will connect to GCM from my experience

 

also the options in his custom config i am not sure if it will work that way.   he needs to copy and paste it EXACTLY the way i posted it and erase everything he has.

 

change to Verb 4 and it will give more details about the issue

 

this all makes NO sense the issue the original poster is having

[hbs 1]

Thank you guys for replying it.

 

My issue now has changed. 

 

10.4.0.1 is now accepting my queries.

 

Inside my pfsense box I can resolve, traceroute, ping and even download it.

 

But on my Lan side, I can only ping using the internet. 

 

Here's some new info:

 

 

Dec 28 16:53:15	openvpn	33200	MANAGEMENT: Client disconnected
Dec 28 16:53:15	openvpn	33200	MANAGEMENT: CMD 'status 2'
Dec 28 16:53:15	openvpn	33200	MANAGEMENT: CMD 'state 1'
Dec 28 16:53:15	openvpn	33200	MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Dec 28 16:53:12	openvpn	33200	Initialization Sequence Completed
Dec 28 16:53:12	openvpn	33200	WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Dec 28 16:53:12	openvpn	33200	/sbin/route add -net 128.0.0.0 10.14.192.1 128.0.0.0
Dec 28 16:53:12	openvpn	33200	/sbin/route add -net 0.0.0.0 10.14.192.1 128.0.0.0
Dec 28 16:53:12	openvpn	33200	ERROR: FreeBSD route add command failed: external program exited with error status: 1
Dec 28 16:53:12	openvpn	33200	/sbin/route add -net 96.47.229.58 192.168.1.1 255.255.255.255
Dec 28 16:53:12	openvpn	33200	/usr/local/sbin/ovpn-linkup ovpnc1 1500 1553 10.14.192.252 255.255.255.0 init
Dec 28 16:53:12	openvpn	33200	/sbin/route add -net 10.14.192.0 10.14.192.1 255.255.255.0
Dec 28 16:53:12	openvpn	33200	/sbin/ifconfig ovpnc1 10.14.192.252 10.14.192.1 mtu 1500 netmask 255.255.255.0 up
Dec 28 16:53:12	openvpn	33200	do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Dec 28 16:53:12	openvpn	33200	TUN/TAP device /dev/tun1 opened
Dec 28 16:53:12	openvpn	33200	TUN/TAP device ovpnc1 exists previously, keep at program end
Dec 28 16:53:12	openvpn	33200	ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=igb0 HWADDR=00:0d:b9:4c:8b:70
Dec 28 16:53:12	openvpn	33200	Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 28 16:53:12	openvpn	33200	Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 28 16:53:12	openvpn	33200	Data Channel MTU parms [ L:1553 D:1450 EF:53 EB:406 ET:0 EL:3 ]
Dec 28 16:53:12	openvpn	33200	OPTIONS IMPORT: data channel crypto options modified
Dec 28 16:53:12	openvpn	33200	OPTIONS IMPORT: adjusting link_mtu to 1625
Dec 28 16:53:12	openvpn	33200	OPTIONS IMPORT: peer-id set
Dec 28 16:53:12	openvpn	33200	OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Dec 28 16:53:12	openvpn	33200	OPTIONS IMPORT: route-related options modified
Dec 28 16:53:12	openvpn	33200	OPTIONS IMPORT: route options modified
Dec 28 16:53:12	openvpn	33200	OPTIONS IMPORT: --ifconfig/up options modified
Dec 28 16:53:12	openvpn	33200	OPTIONS IMPORT: compression parms modified
Dec 28 16:53:12	openvpn	33200	OPTIONS IMPORT: timers and/or timeouts modified
Dec 28 16:53:12	openvpn	33200	PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.14.192.1,route-gateway 10.14.192.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.14.192.252 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Dec 28 16:53:12	openvpn	33200	SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Dec 28 16:53:11	openvpn	33200	[server] Peer Connection Initiated with [AF_INET]96.47.229.58:443
Dec 28 16:53:11	openvpn	33200	Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Dec 28 16:53:11	openvpn	33200	WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA1'
Dec 28 16:53:11	openvpn	33200	WARNING: 'cipher' is used inconsistently, local='cipher AES-256-GCM', remote='cipher AES-256-CBC'
Dec 28 16:53:11	openvpn	33200	WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1550', remote='link-mtu 1558'
Dec 28 16:53:10	openvpn	33200	VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
Dec 28 16:53:10	openvpn	33200	VERIFY EKU OK
Dec 28 16:53:10	openvpn	33200	++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Dec 28 16:53:10	openvpn	33200	Validating certificate extended key usage
Dec 28 16:53:10	openvpn	33200	VERIFY KU OK
Dec 28 16:53:10	openvpn	33200	VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Dec 28 16:53:10	openvpn	33200	TLS: Initial packet from [AF_INET]96.47.229.58:443, sid=da02aee6 f0dd9a17
Dec 28 16:53:10	openvpn	33200	UDPv4 link remote: [AF_INET]96.47.229.58:443
Dec 28 16:53:10	openvpn	33200	UDPv4 link local (bound): [AF_INET]192.168.1.232:0
Dec 28 16:53:10	openvpn	33200	Socket Buffers: R=[42080->42080] S=[57344->57344]
Dec 28 16:53:10	openvpn	33200	TCP/UDP: Preserving recently used remote address: [AF_INET]96.47.229.58:443
Dec 28 16:53:10	openvpn	33200	Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-server'
Dec 28 16:53:10	openvpn	33200	Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-GCM,auth [null-digest],keysize 256,tls-auth,key-method 2,tls-client'
Dec 28 16:53:10	openvpn	33200	Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]