juniormaxx 0 Posted ... i've been using pfsense 2.3.4 and airvpn for a few years now and not had any issues. i woke up this morning and airvpn won't connect to the internet. pfsense shows everything is up and working but it won't connect to the internet. i use a pc to run pfsense and i've changed ip addresses to see if the site was down but it's not. i've rest my modem and router and still won't connect. anyone able to help with this. Quote Share this post Link to post
Staff 9973 Posted ... 7 hours ago, juniormaxx said: i've been using pfsense 2.3.4 and airvpn for a few years now and not had any issues. i woke up this morning and airvpn won't connect to the internet. pfsense shows everything is up and working but it won't connect to the internet. i use a pc to run pfsense and i've changed ip addresses to see if the site was down but it's not. i've rest my modem and router and still won't connect. anyone able to help with this. Hello! A preliminary recommended verification, only if you connect via OpenVPN: https://airvpn.org/forums/topic/58289-openvpn-certificate-has-expired/?tab=comments#comment-231319 If you have imported into your pfSense system AirVPN OpenVPN certificates before 2021, it's time to renew them. As usual, you can use the Configuration Generator available in your AirVPN account "Client Area" to generate new files. If you need to change only specific certificates, you can tell the Configuration Generator to generate split files: turn the "Advanced" switch on, check "Separate certs/keys from ovpn files" and proceed to generate: user.crt is the client certificate ca.crt is the CA certificate user.key is the client key tls-cryp.key is the TLS Crypt key Kind regards Quote Share this post Link to post
alanm 1 Posted ... I'm having a similar issue. I'm running AdvancedTomato on my router. This setup has been working for literal years, but as of last night, no VPN. I've tried the steps above, it's made absolutely no difference. No other changes were made at my end prior to the failure, and my router still shows the VPN connection as up and running. I've also tried connecting to another one of the UK servers, same result. Has anything been changed at AirVPN's side? Seems there's a few people with connection issues. Quote Share this post Link to post
Staff 9973 Posted ... 28 minutes ago, alanm said: 'm having a similar issue. I'm running AdvancedTomato on my router. Hello! Please check as recommended in the previous message of ours. Kind regards Quote Share this post Link to post
alanm 1 Posted ... As I said, I’ve already tried that, it’s made no difference. Quote Share this post Link to post
flat4 79 Posted ... 11 hours ago, juniormaxx said: i've been using pfsense 2.3.4 and airvpn for a few years now and not had any issues. i woke up this morning and airvpn won't connect to the internet. pfsense shows everything is up and working but it won't connect to the internet. i use a pc to run pfsense and i've changed ip addresses to see if the site was down but it's not. i've rest my modem and router and still won't connect. anyone able to help with this. wow 2.3.4, considering that the current version 2.7.2, I think @Staff is correct you may look at you're certs and also make sure that OVPN version 2.4 and lower is still supported on that server. Quote Hide flat4's signature Hide all signatures pFsense it works Share this post Link to post
Staff 9973 Posted ... 1 hour ago, alanm said: As I said, I’ve already tried that, it’s made no difference. Hello! Apparently not, but maybe there is a different cause overlapping, let's check the OpenVPN log. Kind regards Quote Share this post Link to post
alanm 1 Posted ... Here's a snippet from my log, looks like I'm getting TLS Key Negotiation Failed. Apr 9 14:39:21 NAS daemon.err openvpn[4465]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Apr 9 14:39:21 NAS daemon.err openvpn[4465]: TLS Error: TLS handshake failed Apr 9 14:39:21 NAS daemon.notice openvpn[4465]: SIGUSR1[soft,tls-error] received, process restarting Apr 9 14:39:21 NAS daemon.notice openvpn[4465]: Restart pause, 5 second(s) Apr 9 14:39:26 NAS daemon.warn openvpn[4465]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Apr 9 14:39:26 NAS daemon.notice openvpn[4465]: TCP/UDP: Preserving recently used remote address: [AF_INET]89.249.74.220:443 Apr 9 14:39:26 NAS daemon.notice openvpn[4465]: Socket Buffers: R=[120832->120832] S=[120832->120832] Apr 9 14:39:26 NAS daemon.notice openvpn[4465]: UDP link local: (not bound) Apr 9 14:39:26 NAS daemon.notice openvpn[4465]: UDP link remote: [AF_INET]89.249.74.220:443 Apr 9 14:40:26 NAS daemon.err openvpn[4465]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Apr 9 14:40:26 NAS daemon.err openvpn[4465]: TLS Error: TLS handshake failed Apr 9 14:40:26 NAS daemon.notice openvpn[4465]: SIGUSR1[soft,tls-error] received, process restarting Apr 9 14:40:26 NAS daemon.notice openvpn[4465]: Restart pause, 5 second(s) Apr 9 14:40:31 NAS daemon.warn openvpn[4465]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Apr 9 14:40:31 NAS daemon.notice openvpn[4465]: TCP/UDP: Preserving recently used remote address: [AF_INET]89.249.74.220:443 Apr 9 14:40:31 NAS daemon.notice openvpn[4465]: Socket Buffers: R=[120832->120832] S=[120832->120832] Apr 9 14:40:31 NAS daemon.notice openvpn[4465]: UDP link local: (not bound) Apr 9 14:40:31 NAS daemon.notice openvpn[4465]: UDP link remote: [AF_INET]89.249.74.220:443 Apr 9 14:41:31 NAS daemon.err openvpn[4465]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Apr 9 14:41:31 NAS daemon.err openvpn[4465]: TLS Error: TLS handshake failed Apr 9 14:41:31 NAS daemon.notice openvpn[4465]: SIGUSR1[soft,tls-error] received, process restarting Apr 9 14:41:31 NAS daemon.notice openvpn[4465]: Restart pause, 5 second(s) Quote Share this post Link to post
Staff 9973 Posted ... @alanm Hello! The router tries to connect to entry-IP address three, so you'll need tls-crypt.key (if you use ta.key, i.e. the TLS Auth key, the server on entry-IP address three will not respond at all, it will immediately drop the connection). Please verify that you're using the correct key. If it is correct, then you can't reach the server at all. It might be a block against OpenVPN or UDP but please try different servers first. Kind regards Quote Share this post Link to post
juniormaxx 0 Posted ... i've checked the TLS keys and make sure they're correct and the CA cert is correct. how can i change the other certificates, the option is only to export them, you can't edit. it looks like that one use cert is different. i'm not having a good day, can anyone help with how to change the certificates or do i have to add everything again. Quote Share this post Link to post
go558a83nk 362 Posted ... 18 minutes ago, juniormaxx said: i've checked the TLS keys and make sure they're correct and the CA cert is correct. how can i change the other certificates, the option is only to export them, you can't edit. it looks like that one use cert is different. i'm not having a good day, can anyone help with how to change the certificates or do i have to add everything again. If you need to change the certs you can add them the same way you added the the others you've been using and then update the openvpn config such that it uses the new certs instead of the old ones (simple drop down selection). If you, like alanm, are trying to use entry IP 3 or 4 then you'll need to adjust for tls-crypt usage. However, I do wonder if your old version of pfsense has a new enough version of openvpn to even support tls-crypt. Quote Share this post Link to post
alanm 1 Posted ... Okay. I've used the config generator to create a full set of new keys/certs for OpenVPN 2.4 (I'm running 2.4.1 in my router), and set the server to "UK" (gb3.vpn.airdns.org). I've also been into manage my devices in the client area of the website to renew. Still exactly the same result. I don't get it. This setup was working yesterday. Nothing is physically broken. I can get a connection through terminal to the server, so it's not blocked. What has changed??? Apr 9 18:43:44 NAS daemon.notice openvpn[7519]: Restart pause, 5 second(s) Apr 9 18:43:49 NAS daemon.warn openvpn[7519]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Apr 9 18:43:49 NAS daemon.notice openvpn[7519]: TCP/UDP: Preserving recently used remote address: [AF_INET]89.249.74.220:443 Apr 9 18:43:49 NAS daemon.notice openvpn[7519]: Socket Buffers: R=[120832->120832] S=[120832->120832] Apr 9 18:43:49 NAS daemon.notice openvpn[7519]: UDP link local: (not bound) Apr 9 18:43:49 NAS daemon.notice openvpn[7519]: UDP link remote: [AF_INET]89.249.74.220:443 Apr 9 18:44:49 NAS daemon.err openvpn[7519]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Apr 9 18:44:49 NAS daemon.err openvpn[7519]: TLS Error: TLS handshake failed Apr 9 18:44:49 NAS daemon.notice openvpn[7519]: SIGUSR1[soft,tls-error] received, process restarting Apr 9 18:44:49 NAS daemon.notice openvpn[7519]: Restart pause, 5 second(s) Quote Share this post Link to post
alanm 1 Posted ... 2 hours ago, Staff said: @alanm Hello! The router tries to connect to entry-IP address three, so you'll need tls-crypt.key (if you use ta.key, i.e. the TLS Auth key, the server on entry-IP address three will not respond at all, it will immediately drop the connection). Please verify that you're using the correct key. If it is correct, then you can't reach the server at all. It might be a block against OpenVPN or UDP but please try different servers first. Kind regards Confirmed I am using tls-crypt.key, still no luck. Quote Share this post Link to post
clevoir 3 Posted ... I am seeing similar issues using DD-WRT too I've installed a new setup using the config generator with different servers, but still can't connect. Prior to the past few days I have used the same config for years. Quote Share this post Link to post
juniormaxx 0 Posted ... i've added the new cert information and i still can't connect to the internet. Quote Share this post Link to post
Staff 9973 Posted ... 19 minutes ago, juniormaxx said: i've added the new cert information and i still can't connect to the internet. Log? Kind regards Quote Share this post Link to post
Staff 9973 Posted ... 1 hour ago, alanm said: Confirmed I am using tls-crypt.key, still no luck. Hello! Please post complete log, don't cut it. Kind regards Quote Share this post Link to post
Staff 9973 Posted ... 1 hour ago, clevoir said: I am seeing similar issues using DD-WRT too Hello! Please post OpenVPN log taken after a connection attempt has failed. Kind regards Quote Share this post Link to post
clevoir 3 Posted ... Clientlog: 19700101 00:00:32 W WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set. 19700101 00:00:32 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure 19700101 00:00:32 I OpenVPN 2.5.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 4 2020 19700101 00:00:32 I library versions: OpenSSL 1.1.1h 22 Sep 2020 LZO 2.09 19700101 00:00:32 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16 19700101 00:00:32 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 19700101 00:00:32 W WARNING: Your certificate is not yet valid! 19700101 00:00:32 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 19700101 00:00:32 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 20240409 20:26:39 I TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.217.242:443 20240409 20:26:39 Socket Buffers: R=[180224->180224] S=[180224->180224] 20240409 20:26:39 I UDPv4 link local: (not bound) 20240409 20:26:39 I UDPv4 link remote: [AF_INET]37.120.217.242:443 20240409 20:26:39 TLS: Initial packet from [AF_INET]37.120.217.242:443 sid=c2486bdc 1ce3fc4b 20240409 20:26:40 VERIFY KU OK 20240409 20:26:40 Validating certificate extended key usage 20240409 20:26:40 NOTE: --mute triggered... 20240409 20:27:39 3 variation(s) on previous 3 message(s) suppressed by --mute 20240409 20:27:39 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20240409 20:27:39 N TLS Error: TLS handshake failed 20240409 20:27:39 I SIGUSR1[soft tls-error] received process restarting 20240409 20:27:39 Restart pause 5 second(s) 20240409 20:27:44 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20240409 20:27:44 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 20240409 20:27:44 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 20240409 20:27:44 I TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.217.242:443 20240409 20:27:44 Socket Buffers: R=[180224->180224] S=[180224->180224] 20240409 20:27:44 I UDPv4 link local: (not bound) 20240409 20:27:44 I UDPv4 link remote: [AF_INET]37.120.217.242:443 20240409 20:27:44 TLS: Initial packet from [AF_INET]37.120.217.242:443 sid=2875a945 5ebe3e78 20240409 20:27:44 VERIFY KU OK 20240409 20:27:44 Validating certificate extended key usage 20240409 20:27:44 NOTE: --mute triggered... 20240409 20:28:44 3 variation(s) on previous 3 message(s) suppressed by --mute 20240409 20:28:44 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20240409 20:28:44 N TLS Error: TLS handshake failed 20240409 20:28:44 I SIGUSR1[soft tls-error] received process restarting 20240409 20:28:44 Restart pause 5 second(s) 20240409 20:28:49 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20240409 20:28:49 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 20240409 20:28:49 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 20240409 20:28:49 I TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.217.242:443 20240409 20:28:49 Socket Buffers: R=[180224->180224] S=[180224->180224] 20240409 20:28:49 I UDPv4 link local: (not bound) 20240409 20:28:49 I UDPv4 link remote: [AF_INET]37.120.217.242:443 20240409 20:28:49 TLS: Initial packet from [AF_INET]37.120.217.242:443 sid=6e5c9b0f 9736fb84 20240409 20:28:49 VERIFY KU OK 20240409 20:28:49 Validating certificate extended key usage 20240409 20:28:49 NOTE: --mute triggered... 20240409 20:29:48 3 variation(s) on previous 3 message(s) suppressed by --mute 20240409 20:29:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20240409 20:29:48 D MANAGEMENT: CMD 'state' 20240409 20:29:48 MANAGEMENT: Client disconnected 20240409 20:29:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20240409 20:29:48 D MANAGEMENT: CMD 'state' 20240409 20:29:48 MANAGEMENT: Client disconnected 20240409 20:29:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20240409 20:29:48 D MANAGEMENT: CMD 'state' 20240409 20:29:48 MANAGEMENT: Client disconnected 20240409 20:29:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20240409 20:29:48 D MANAGEMENT: CMD 'status 2' 20240409 20:29:48 MANAGEMENT: Client disconnected 20240409 20:29:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20240409 20:29:48 D MANAGEMENT: CMD 'log 500' 19700101 00:00:00 Quote Share this post Link to post
go558a83nk 362 Posted ... 6 minutes ago, clevoir said: 20240409 20:27:44 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication sha1 being used which is for old tls-auth configs but only staff can quickly say if the entry IP is 1 or 2 and not 3 or 4. that is to say, I'm guessing you and several others are getting tls-auth and tls-crypt things mixed up. edit: Ok I see your post below mine that shows you used a tls-auth config. 1 Air4141841 reacted to this Quote Share this post Link to post
clevoir 3 Posted ... This was using Clientlog: 19700101 00:00:32 W WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set. 19700101 00:00:32 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure 19700101 00:00:32 I OpenVPN 2.5.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 4 2020 19700101 00:00:32 I library versions: OpenSSL 1.1.1h 22 Sep 2020 LZO 2.09 19700101 00:00:32 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16 19700101 00:00:32 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 19700101 00:00:32 W WARNING: Your certificate is not yet valid! 19700101 00:00:32 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 19700101 00:00:32 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 20240409 20:26:39 I TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.217.242:443 20240409 20:26:39 Socket Buffers: R=[180224->180224] S=[180224->180224] 20240409 20:26:39 I UDPv4 link local: (not bound) 20240409 20:26:39 I UDPv4 link remote: [AF_INET]37.120.217.242:443 20240409 20:26:39 TLS: Initial packet from [AF_INET]37.120.217.242:443 sid=c2486bdc 1ce3fc4b 20240409 20:26:40 VERIFY KU OK 20240409 20:26:40 Validating certificate extended key usage 20240409 20:26:40 NOTE: --mute triggered... 20240409 20:27:39 3 variation(s) on previous 3 message(s) suppressed by --mute 20240409 20:27:39 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20240409 20:27:39 N TLS Error: TLS handshake failed 20240409 20:27:39 I SIGUSR1[soft tls-error] received process restarting 20240409 20:27:39 Restart pause 5 second(s) 20240409 20:27:44 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20240409 20:27:44 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 20240409 20:27:44 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 20240409 20:27:44 I TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.217.242:443 20240409 20:27:44 Socket Buffers: R=[180224->180224] S=[180224->180224] 20240409 20:27:44 I UDPv4 link local: (not bound) 20240409 20:27:44 I UDPv4 link remote: [AF_INET]37.120.217.242:443 20240409 20:27:44 TLS: Initial packet from [AF_INET]37.120.217.242:443 sid=2875a945 5ebe3e78 20240409 20:27:44 VERIFY KU OK 20240409 20:27:44 Validating certificate extended key usage 20240409 20:27:44 NOTE: --mute triggered... 20240409 20:28:44 3 variation(s) on previous 3 message(s) suppressed by --mute 20240409 20:28:44 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 20240409 20:28:44 N TLS Error: TLS handshake failed 20240409 20:28:44 I SIGUSR1[soft tls-error] received process restarting 20240409 20:28:44 Restart pause 5 second(s) 20240409 20:28:49 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20240409 20:28:49 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 20240409 20:28:49 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 20240409 20:28:49 I TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.217.242:443 20240409 20:28:49 Socket Buffers: R=[180224->180224] S=[180224->180224] 20240409 20:28:49 I UDPv4 link local: (not bound) 20240409 20:28:49 I UDPv4 link remote: [AF_INET]37.120.217.242:443 20240409 20:28:49 TLS: Initial packet from [AF_INET]37.120.217.242:443 sid=6e5c9b0f 9736fb84 20240409 20:28:49 VERIFY KU OK 20240409 20:28:49 Validating certificate extended key usage 20240409 20:28:49 NOTE: --mute triggered... 20240409 20:29:48 3 variation(s) on previous 3 message(s) suppressed by --mute 20240409 20:29:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20240409 20:29:48 D MANAGEMENT: CMD 'state' 20240409 20:29:48 MANAGEMENT: Client disconnected 20240409 20:29:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20240409 20:29:48 D MANAGEMENT: CMD 'state' 20240409 20:29:48 MANAGEMENT: Client disconnected 20240409 20:29:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20240409 20:29:48 D MANAGEMENT: CMD 'state' 20240409 20:29:48 MANAGEMENT: Client disconnected 20240409 20:29:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20240409 20:29:48 D MANAGEMENT: CMD 'status 2' 20240409 20:29:48 MANAGEMENT: Client disconnected 20240409 20:29:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20240409 20:29:48 D MANAGEMENT: CMD 'log 500' 19700101 00:00:00 Quote Share this post Link to post
go558a83nk 362 Posted ... 2 minutes ago, clevoir said: This was using Are you able to change the protocol to TCP and try? You should be able to just flip the option in dd-wrt and nothing else needs to change. Quote Share this post Link to post
clevoir 3 Posted ... TLS key type is set to auth I have tried config generator is use TLS Crypt instead, and have set key type in DD-WRT to TLS Crypt, however I still can't connect. Up to last week I was able to connect using a TLS Auth key, and had been able to for years Quote Share this post Link to post
Staff 9973 Posted ... @clevoir Hello! We see a date/time problem, when OpenVPN starts the date of the router is still 1970 and it could cause a fatal TLS failure. When the initial packet is received the date seems to be set correctly, but it's unclear whether the previous past date may have already caused a problem, because: Quote 19700101 00:00:32 W WARNING: Your certificate is not yet valid! Assuming that the problem is not related to date and time, UDP seems blocked, or maybe it's a block against OpenVPN. You're using TLS Auth (correctly to entry-IP address 1) with OpenVPN 2.5. You may change to TLS Crypt and test again (remember to switch to entry-IP address 3 as well). Also switch to TCP if the block persists. In the last part of the log a notorious bug is visible (the cycle between disconnections and connections according to management). Usually this is not relevant but if you have the option to upgrade please do it. As you can see the date and time is again reset to UNIX 0 after the Client management disconnect/connect cycle, and this could be critical. In any case, the fact that the date is suddenly reset makes a firmware upgrade recommended. Before upgrading, anyway, please test again but this time make sure to start the connection when the date and time are already set correctly. Please send also a screenshot of all the various settings of the OpenVPN DD-WRT panel. Kind regards Quote Share this post Link to post
clevoir 3 Posted ... I found that no NTP server had been set up in DD-WRT, once this had been set I was able to gain access OK I have only tried tls auth so far For the bug where the client is showing connected / disconnected, would you recommend updating DD-WRT to the latest version? Clientlog: 19700101 00:00:32 W WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set. 19700101 00:00:32 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure 19700101 00:00:32 I OpenVPN 2.5.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 4 2020 19700101 00:00:32 I library versions: OpenSSL 1.1.1h 22 Sep 2020 LZO 2.09 19700101 00:00:32 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16 19700101 00:00:32 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 19700101 00:00:32 W WARNING: Your certificate is not yet valid! 19700101 00:00:32 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 19700101 00:00:32 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 19700101 00:00:34 I TCP/UDP: Preserving recently used remote address: [AF_INET]141.98.102.186:443 19700101 00:00:34 Socket Buffers: R=[180224->180224] S=[180224->180224] 19700101 00:00:34 I UDPv4 link local: (not bound) 19700101 00:00:34 I UDPv4 link remote: [AF_INET]141.98.102.186:443 19700101 00:00:34 TLS: Initial packet from [AF_INET]141.98.102.186:443 sid=46da2de1 d0c285cb 19700101 00:00:34 N VERIFY ERROR: depth=0 error=certificate is not yet valid: C=IT ST=IT L=Perugia O=airvpn.org CN=Alsephina emailAddress=info@airvpn.org serial=365 19700101 00:00:34 N OpenSSL: error:1416F086:lib(20):func(367):reason(134) 19700101 00:00:34 N TLS_ERROR: BIO read tls_read_plaintext error 19700101 00:00:34 NOTE: --mute triggered... 19700101 00:00:34 2 variation(s) on previous 3 message(s) suppressed by --mute 19700101 00:00:34 I SIGUSR1[soft tls-error] received process restarting 19700101 00:00:34 Restart pause 5 second(s) 20240410 08:01:17 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 20240410 08:01:17 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 20240410 08:01:17 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 20240410 08:01:20 I TCP/UDP: Preserving recently used remote address: [AF_INET]141.98.102.186:443 20240410 08:01:20 Socket Buffers: R=[180224->180224] S=[180224->180224] 20240410 08:01:20 I UDPv4 link local: (not bound) 20240410 08:01:20 I UDPv4 link remote: [AF_INET]141.98.102.186:443 20240410 08:01:20 TLS: Initial packet from [AF_INET]141.98.102.186:443 sid=b9beb3fd dac33f94 20240410 08:01:20 VERIFY KU OK 20240410 08:01:20 Validating certificate extended key usage 20240410 08:01:20 NOTE: --mute triggered... 20240410 08:01:20 4 variation(s) on previous 3 message(s) suppressed by --mute 20240410 08:01:20 I [Alsephina] Peer Connection Initiated with [AF_INET]141.98.102.186:443 20240410 08:01:20 PUSH: Received control message: 'PUSH_REPLY comp-lzo no redirect-gateway def1 bypass-dhcp dhcp-option DNS 10.25.100.1 route-gateway 10.25.100.1 topology subnet ping 10 ping-restart 60 ifconfig 10.25.100.84 255.255.255.0 peer-id 1 cipher AES-256-CBC' 20240410 08:01:20 Pushed option removed by filter: 'redirect-gateway def1 bypass-dhcp' 20240410 08:01:20 OPTIONS IMPORT: timers and/or timeouts modified 20240410 08:01:20 NOTE: --mute triggered... 20240410 08:01:20 7 variation(s) on previous 3 message(s) suppressed by --mute 20240410 08:01:20 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key 20240410 08:01:20 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication 20240410 08:01:20 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key 20240410 08:01:20 NOTE: --mute triggered... 20240410 08:01:20 1 variation(s) on previous 3 message(s) suppressed by --mute 20240410 08:01:20 net_route_v4_best_gw query: dst 0.0.0.0 20240410 08:01:20 net_route_v4_best_gw result: via 172.16.10.105 dev ppp0 20240410 08:01:20 I TUN/TAP device tun1 opened 20240410 08:01:20 I net_iface_mtu_set: mtu 1500 for tun1 20240410 08:01:20 I net_iface_up: set tun1 up 20240410 08:01:20 I net_addr_v4_add: 10.25.100.84/24 dev tun1 20240410 08:01:25 net_route_v4_add: 141.98.102.186/32 via 172.16.10.105 dev [NULL] table 0 metric -1 20240410 08:01:25 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 20240410 08:01:25 I Initialization Sequence Completed 20240410 08:01:38 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20240410 08:01:38 D MANAGEMENT: CMD 'state' 20240410 08:01:38 MANAGEMENT: Client disconnected 20240410 08:01:38 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20240410 08:01:38 D MANAGEMENT: CMD 'state' 20240410 08:01:38 MANAGEMENT: Client disconnected 20240410 08:01:38 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20240410 08:01:38 D MANAGEMENT: CMD 'state' 20240410 08:01:38 MANAGEMENT: Client disconnected 20240410 08:01:38 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20240410 08:01:38 D MANAGEMENT: CMD 'status 2' 20240410 08:01:38 MANAGEMENT: Client disconnected 20240410 08:01:38 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16 20240410 08:01:38 D MANAGEMENT: CMD 'log 500' 19700101 00:00:00 Quote Share this post Link to post