ANSWERED Pfsense and airvpn won't connect to the internet

[juniormaxx 0]

i've been using pfsense 2.3.4 and airvpn for a few years now and not had any issues.  i woke up this morning and airvpn won't connect to the internet.
pfsense shows everything is up and working but it won't connect to the internet.  i use a pc to run pfsense and i've changed ip addresses to see if the site was down but it's not.
i've rest my modem and router and still won't connect.  anyone able to help with this.

[Staff 9769]

7 hours ago, juniormaxx said:

i've been using pfsense 2.3.4 and airvpn for a few years now and not had any issues.  i woke up this morning and airvpn won't connect to the internet.
pfsense shows everything is up and working but it won't connect to the internet.  i use a pc to run pfsense and i've changed ip addresses to see if the site was down but it's not.
i've rest my modem and router and still won't connect.  anyone able to help with this.

Hello!

A preliminary recommended verification, only if you connect via OpenVPN: https://airvpn.org/forums/topic/58289-openvpn-certificate-has-expired/?tab=comments#comment-231319

If you have imported into your pfSense system AirVPN OpenVPN certificates before 2021, it's time to renew them. As usual, you can use the Configuration Generator available in your AirVPN account "Client Area" to generate new files. If you need to change only specific certificates, you can tell the Configuration Generator to generate split files: turn the "Advanced" switch on, check "Separate certs/keys from ovpn files" and proceed to generate:

• user.crt is the client certificate
• ca.crt is the CA certificate
• user.key is the client key
• tls-cryp.key is the TLS Crypt key

Kind regards
 

[alanm 1]

I'm having a similar issue.  I'm running AdvancedTomato on my router.  This setup has been working for literal years, but as of last night, no VPN.  I've tried the steps above, it's made absolutely no difference.  No other changes were made at my end prior to the failure, and my router still shows the VPN connection as up and running.  I've also tried connecting to another one of the UK servers, same result.

Has anything been changed at AirVPN's side?  Seems there's a few people with connection issues.

[Staff 9769]

28 minutes ago, alanm said:

'm having a similar issue.  I'm running AdvancedTomato on my router.

Hello!

Please check as recommended in the previous message of ours.

Kind regards
 

[alanm 1]

As I said, I’ve already tried that, it’s made no difference.

[flat4 79]

11 hours ago, juniormaxx said:

i've been using pfsense 2.3.4 and airvpn for a few years now and not had any issues.  i woke up this morning and airvpn won't connect to the internet.
pfsense shows everything is up and working but it won't connect to the internet.  i use a pc to run pfsense and i've changed ip addresses to see if the site was down but it's not.
i've rest my modem and router and still won't connect.  anyone able to help with this.

wow 2.3.4, considering that the current version 2.7.2,  I think @Staff is correct you may look at you're certs and also make sure that OVPN version 2.4 and lower is still supported on that server.

[Staff 9769]

1 hour ago, alanm said:

As I said, I’ve already tried that, it’s made no difference.

Hello!

Apparently not, but maybe there is a different cause overlapping, let's check the OpenVPN log.

Kind regards
 

[alanm 1]

Here's a snippet from my log, looks like I'm getting TLS Key Negotiation Failed.

Apr  9 14:39:21 NAS daemon.err openvpn[4465]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr  9 14:39:21 NAS daemon.err openvpn[4465]: TLS Error: TLS handshake failed
Apr  9 14:39:21 NAS daemon.notice openvpn[4465]: SIGUSR1[soft,tls-error] received, process restarting
Apr  9 14:39:21 NAS daemon.notice openvpn[4465]: Restart pause, 5 second(s)
Apr  9 14:39:26 NAS daemon.warn openvpn[4465]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr  9 14:39:26 NAS daemon.notice openvpn[4465]: TCP/UDP: Preserving recently used remote address: [AF_INET]89.249.74.220:443
Apr  9 14:39:26 NAS daemon.notice openvpn[4465]: Socket Buffers: R=[120832->120832] S=[120832->120832]
Apr  9 14:39:26 NAS daemon.notice openvpn[4465]: UDP link local: (not bound)
Apr  9 14:39:26 NAS daemon.notice openvpn[4465]: UDP link remote: [AF_INET]89.249.74.220:443
Apr  9 14:40:26 NAS daemon.err openvpn[4465]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr  9 14:40:26 NAS daemon.err openvpn[4465]: TLS Error: TLS handshake failed
Apr  9 14:40:26 NAS daemon.notice openvpn[4465]: SIGUSR1[soft,tls-error] received, process restarting
Apr  9 14:40:26 NAS daemon.notice openvpn[4465]: Restart pause, 5 second(s)
Apr  9 14:40:31 NAS daemon.warn openvpn[4465]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr  9 14:40:31 NAS daemon.notice openvpn[4465]: TCP/UDP: Preserving recently used remote address: [AF_INET]89.249.74.220:443
Apr  9 14:40:31 NAS daemon.notice openvpn[4465]: Socket Buffers: R=[120832->120832] S=[120832->120832]
Apr  9 14:40:31 NAS daemon.notice openvpn[4465]: UDP link local: (not bound)
Apr  9 14:40:31 NAS daemon.notice openvpn[4465]: UDP link remote: [AF_INET]89.249.74.220:443
Apr  9 14:41:31 NAS daemon.err openvpn[4465]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr  9 14:41:31 NAS daemon.err openvpn[4465]: TLS Error: TLS handshake failed
Apr  9 14:41:31 NAS daemon.notice openvpn[4465]: SIGUSR1[soft,tls-error] received, process restarting
Apr  9 14:41:31 NAS daemon.notice openvpn[4465]: Restart pause, 5 second(s)

[Staff 9769]

@alanm

Hello!

The router tries to connect to entry-IP address three, so you'll need tls-crypt.key (if you use ta.key, i.e. the TLS Auth key, the server on entry-IP address three will not respond at all, it will immediately drop the connection). Please verify that you're using the correct key. If it is correct, then you can't reach the server at all. It might be a block against OpenVPN or UDP but please try different servers first.

Kind regards
 

[juniormaxx 0]

i've checked the TLS keys and make sure they're correct and the CA cert is correct.  how can i change the other certificates, the option is only to export them, you can't edit.  it looks like that one use cert is different.
i'm not having a good day, can anyone help with how to change the certificates or do i have to add everything again.

[go558a83nk 352]

18 minutes ago, juniormaxx said:

i've checked the TLS keys and make sure they're correct and the CA cert is correct.  how can i change the other certificates, the option is only to export them, you can't edit.  it looks like that one use cert is different.
i'm not having a good day, can anyone help with how to change the certificates or do i have to add everything again.

If you need to change the certs you can add them the same way you added the the others you've been using and then update the openvpn config such that it uses the new certs instead of the old ones (simple drop down selection).

If you, like alanm, are trying to use entry IP 3 or 4 then you'll need to adjust for tls-crypt usage.  However, I do wonder if your old version of pfsense has a new enough version of openvpn to even support tls-crypt.

[alanm 1]

Okay.  I've used the config generator to create a full set of new keys/certs for OpenVPN 2.4 (I'm running 2.4.1 in my router), and set the server to "UK" (gb3.vpn.airdns.org).  I've also been into manage my devices in the client area of the website to renew.  Still exactly the same result.  I don't get it.  This setup was working yesterday.  Nothing is physically broken.  I can get a connection through terminal to the server, so it's not blocked.  What has changed???

Apr  9 18:43:44 NAS daemon.notice openvpn[7519]: Restart pause, 5 second(s)
Apr  9 18:43:49 NAS daemon.warn openvpn[7519]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr  9 18:43:49 NAS daemon.notice openvpn[7519]: TCP/UDP: Preserving recently used remote address: [AF_INET]89.249.74.220:443
Apr  9 18:43:49 NAS daemon.notice openvpn[7519]: Socket Buffers: R=[120832->120832] S=[120832->120832]
Apr  9 18:43:49 NAS daemon.notice openvpn[7519]: UDP link local: (not bound)
Apr  9 18:43:49 NAS daemon.notice openvpn[7519]: UDP link remote: [AF_INET]89.249.74.220:443
Apr  9 18:44:49 NAS daemon.err openvpn[7519]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr  9 18:44:49 NAS daemon.err openvpn[7519]: TLS Error: TLS handshake failed
Apr  9 18:44:49 NAS daemon.notice openvpn[7519]: SIGUSR1[soft,tls-error] received, process restarting
Apr  9 18:44:49 NAS daemon.notice openvpn[7519]: Restart pause, 5 second(s)

[alanm 1]

2 hours ago, Staff said:

@alanm

Hello!

The router tries to connect to entry-IP address three, so you'll need tls-crypt.key (if you use ta.key, i.e. the TLS Auth key, the server on entry-IP address three will not respond at all, it will immediately drop the connection). Please verify that you're using the correct key. If it is correct, then you can't reach the server at all. It might be a block against OpenVPN or UDP but please try different servers first.

Kind regards
 

Confirmed I am using tls-crypt.key, still no luck.

[clevoir 3]

I am seeing similar issues using DD-WRT too

I've installed a new setup using the config generator with different servers, but still can't connect.

Prior to the past few days I have used the same config for years.

 

[juniormaxx 0]

i've added the new cert information and i still can't connect to the internet.
 

[Staff 9769]

19 minutes ago, juniormaxx said:

i've added the new cert information and i still can't connect to the internet.
 

Log?

Kind regards
 

[Staff 9769]

1 hour ago, alanm said:

Confirmed I am using tls-crypt.key, still no luck.

Hello!
Please post complete log, don't cut it.
Kind regards

[Staff 9769]

1 hour ago, clevoir said:

I am seeing similar issues using DD-WRT too

Hello!

Please post OpenVPN log taken after a connection attempt has failed.

Kind regards
 

[clevoir 3]

Clientlog:
19700101 00:00:32 W WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
19700101 00:00:32 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
19700101 00:00:32 I OpenVPN 2.5.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 4 2020
19700101 00:00:32 I library versions: OpenSSL 1.1.1h 22 Sep 2020 LZO 2.09
19700101 00:00:32 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
19700101 00:00:32 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700101 00:00:32 W WARNING: Your certificate is not yet valid!
19700101 00:00:32 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
19700101 00:00:32 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20240409 20:26:39 I TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.217.242:443
20240409 20:26:39 Socket Buffers: R=[180224->180224] S=[180224->180224]
20240409 20:26:39 I UDPv4 link local: (not bound)
20240409 20:26:39 I UDPv4 link remote: [AF_INET]37.120.217.242:443
20240409 20:26:39 TLS: Initial packet from [AF_INET]37.120.217.242:443 sid=c2486bdc 1ce3fc4b
20240409 20:26:40 VERIFY KU OK
20240409 20:26:40 Validating certificate extended key usage
20240409 20:26:40 NOTE: --mute triggered...
20240409 20:27:39 3 variation(s) on previous 3 message(s) suppressed by --mute
20240409 20:27:39 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20240409 20:27:39 N TLS Error: TLS handshake failed
20240409 20:27:39 I SIGUSR1[soft tls-error] received process restarting
20240409 20:27:39 Restart pause 5 second(s)
20240409 20:27:44 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20240409 20:27:44 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20240409 20:27:44 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20240409 20:27:44 I TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.217.242:443
20240409 20:27:44 Socket Buffers: R=[180224->180224] S=[180224->180224]
20240409 20:27:44 I UDPv4 link local: (not bound)
20240409 20:27:44 I UDPv4 link remote: [AF_INET]37.120.217.242:443
20240409 20:27:44 TLS: Initial packet from [AF_INET]37.120.217.242:443 sid=2875a945 5ebe3e78
20240409 20:27:44 VERIFY KU OK
20240409 20:27:44 Validating certificate extended key usage
20240409 20:27:44 NOTE: --mute triggered...
20240409 20:28:44 3 variation(s) on previous 3 message(s) suppressed by --mute
20240409 20:28:44 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20240409 20:28:44 N TLS Error: TLS handshake failed
20240409 20:28:44 I SIGUSR1[soft tls-error] received process restarting
20240409 20:28:44 Restart pause 5 second(s)
20240409 20:28:49 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20240409 20:28:49 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20240409 20:28:49 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20240409 20:28:49 I TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.217.242:443
20240409 20:28:49 Socket Buffers: R=[180224->180224] S=[180224->180224]
20240409 20:28:49 I UDPv4 link local: (not bound)
20240409 20:28:49 I UDPv4 link remote: [AF_INET]37.120.217.242:443
20240409 20:28:49 TLS: Initial packet from [AF_INET]37.120.217.242:443 sid=6e5c9b0f 9736fb84
20240409 20:28:49 VERIFY KU OK
20240409 20:28:49 Validating certificate extended key usage
20240409 20:28:49 NOTE: --mute triggered...
20240409 20:29:48 3 variation(s) on previous 3 message(s) suppressed by --mute
20240409 20:29:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240409 20:29:48 D MANAGEMENT: CMD 'state'
20240409 20:29:48 MANAGEMENT: Client disconnected
20240409 20:29:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240409 20:29:48 D MANAGEMENT: CMD 'state'
20240409 20:29:48 MANAGEMENT: Client disconnected
20240409 20:29:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240409 20:29:48 D MANAGEMENT: CMD 'state'
20240409 20:29:48 MANAGEMENT: Client disconnected
20240409 20:29:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240409 20:29:48 D MANAGEMENT: CMD 'status 2'
20240409 20:29:48 MANAGEMENT: Client disconnected
20240409 20:29:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240409 20:29:48 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00

[go558a83nk 352]

6 minutes ago, clevoir said:

20240409 20:27:44 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
 

sha1 being used which is for old tls-auth configs but only staff can quickly say if the entry IP is 1 or 2 and not 3 or 4.  that is to say, I'm guessing you and several others are getting tls-auth and tls-crypt things mixed up.

edit: Ok I see your post below mine that shows you used a tls-auth config.

[clevoir 3]

This was using



Clientlog:
19700101 00:00:32 W WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
19700101 00:00:32 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
19700101 00:00:32 I OpenVPN 2.5.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 4 2020
19700101 00:00:32 I library versions: OpenSSL 1.1.1h 22 Sep 2020 LZO 2.09
19700101 00:00:32 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
19700101 00:00:32 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700101 00:00:32 W WARNING: Your certificate is not yet valid!
19700101 00:00:32 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
19700101 00:00:32 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20240409 20:26:39 I TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.217.242:443
20240409 20:26:39 Socket Buffers: R=[180224->180224] S=[180224->180224]
20240409 20:26:39 I UDPv4 link local: (not bound)
20240409 20:26:39 I UDPv4 link remote: [AF_INET]37.120.217.242:443
20240409 20:26:39 TLS: Initial packet from [AF_INET]37.120.217.242:443 sid=c2486bdc 1ce3fc4b
20240409 20:26:40 VERIFY KU OK
20240409 20:26:40 Validating certificate extended key usage
20240409 20:26:40 NOTE: --mute triggered...
20240409 20:27:39 3 variation(s) on previous 3 message(s) suppressed by --mute
20240409 20:27:39 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20240409 20:27:39 N TLS Error: TLS handshake failed
20240409 20:27:39 I SIGUSR1[soft tls-error] received process restarting
20240409 20:27:39 Restart pause 5 second(s)
20240409 20:27:44 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20240409 20:27:44 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20240409 20:27:44 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20240409 20:27:44 I TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.217.242:443
20240409 20:27:44 Socket Buffers: R=[180224->180224] S=[180224->180224]
20240409 20:27:44 I UDPv4 link local: (not bound)
20240409 20:27:44 I UDPv4 link remote: [AF_INET]37.120.217.242:443
20240409 20:27:44 TLS: Initial packet from [AF_INET]37.120.217.242:443 sid=2875a945 5ebe3e78
20240409 20:27:44 VERIFY KU OK
20240409 20:27:44 Validating certificate extended key usage
20240409 20:27:44 NOTE: --mute triggered...
20240409 20:28:44 3 variation(s) on previous 3 message(s) suppressed by --mute
20240409 20:28:44 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20240409 20:28:44 N TLS Error: TLS handshake failed
20240409 20:28:44 I SIGUSR1[soft tls-error] received process restarting
20240409 20:28:44 Restart pause 5 second(s)
20240409 20:28:49 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20240409 20:28:49 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20240409 20:28:49 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20240409 20:28:49 I TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.217.242:443
20240409 20:28:49 Socket Buffers: R=[180224->180224] S=[180224->180224]
20240409 20:28:49 I UDPv4 link local: (not bound)
20240409 20:28:49 I UDPv4 link remote: [AF_INET]37.120.217.242:443
20240409 20:28:49 TLS: Initial packet from [AF_INET]37.120.217.242:443 sid=6e5c9b0f 9736fb84
20240409 20:28:49 VERIFY KU OK
20240409 20:28:49 Validating certificate extended key usage
20240409 20:28:49 NOTE: --mute triggered...
20240409 20:29:48 3 variation(s) on previous 3 message(s) suppressed by --mute
20240409 20:29:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240409 20:29:48 D MANAGEMENT: CMD 'state'
20240409 20:29:48 MANAGEMENT: Client disconnected
20240409 20:29:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240409 20:29:48 D MANAGEMENT: CMD 'state'
20240409 20:29:48 MANAGEMENT: Client disconnected
20240409 20:29:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240409 20:29:48 D MANAGEMENT: CMD 'state'
20240409 20:29:48 MANAGEMENT: Client disconnected
20240409 20:29:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240409 20:29:48 D MANAGEMENT: CMD 'status 2'
20240409 20:29:48 MANAGEMENT: Client disconnected
20240409 20:29:48 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240409 20:29:48 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00

[go558a83nk 352]

2 minutes ago, clevoir said:

This was using



 

Are you able to change the protocol to TCP and try?  You should be able to just flip the option in dd-wrt and nothing else needs to change.

[clevoir 3]

TLS key type is set to auth



I have tried config generator is use TLS Crypt instead, and have set key type in DD-WRT to TLS Crypt, however I still can't connect.

Up to last week I was able to connect using a TLS Auth key, and had been able to for years

 

[Staff 9769]

@clevoir

Hello!

We see a date/time problem, when OpenVPN starts the date of the router is still 1970 and it could cause a fatal TLS failure. When the initial packet is received the date seems to be set correctly, but it's unclear whether the previous past date may have already caused a problem, because:
 

Quote

19700101 00:00:32 W WARNING: Your certificate is not yet valid!

Assuming that the problem is not related to date and time, UDP seems blocked, or maybe it's a block against OpenVPN. You're using TLS Auth (correctly to entry-IP address 1) with OpenVPN 2.5. You may change to TLS Crypt and test again (remember to switch to entry-IP address 3 as well). Also switch to TCP if the block persists.

In the last part of the log a notorious bug is visible (the cycle between disconnections and connections according to management). Usually this is not relevant but if you have the option to upgrade please do it.  As you can see the date and time is again reset to UNIX 0 after the Client management disconnect/connect cycle, and this could be critical. In any case, the fact that the date is suddenly reset makes a firmware upgrade recommended.

Before upgrading, anyway, please test again but this time make sure to start the connection when the date and time are already set correctly. Please send also a screenshot of all the various settings of the OpenVPN DD-WRT panel.

Kind regards
 

[clevoir 3]

I found that no NTP server had been set up in DD-WRT, once this had been set I was able to gain access OK

I have only tried tls auth so far

For the bug where the client is showing connected / disconnected, would you recommend updating DD-WRT to the latest version?



Clientlog:
19700101 00:00:32 W WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
19700101 00:00:32 W WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
19700101 00:00:32 I OpenVPN 2.5.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 4 2020
19700101 00:00:32 I library versions: OpenSSL 1.1.1h 22 Sep 2020 LZO 2.09
19700101 00:00:32 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
19700101 00:00:32 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700101 00:00:32 W WARNING: Your certificate is not yet valid!
19700101 00:00:32 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
19700101 00:00:32 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
19700101 00:00:34 I TCP/UDP: Preserving recently used remote address: [AF_INET]141.98.102.186:443
19700101 00:00:34 Socket Buffers: R=[180224->180224] S=[180224->180224]
19700101 00:00:34 I UDPv4 link local: (not bound)
19700101 00:00:34 I UDPv4 link remote: [AF_INET]141.98.102.186:443
19700101 00:00:34 TLS: Initial packet from [AF_INET]141.98.102.186:443 sid=46da2de1 d0c285cb
19700101 00:00:34 N VERIFY ERROR: depth=0 error=certificate is not yet valid: C=IT ST=IT L=Perugia O=airvpn.org CN=Alsephina emailAddress=info@airvpn.org serial=365
19700101 00:00:34 N OpenSSL: error:1416F086:lib(20):func(367):reason(134)
19700101 00:00:34 N TLS_ERROR: BIO read tls_read_plaintext error
19700101 00:00:34 NOTE: --mute triggered...
19700101 00:00:34 2 variation(s) on previous 3 message(s) suppressed by --mute
19700101 00:00:34 I SIGUSR1[soft tls-error] received process restarting
19700101 00:00:34 Restart pause 5 second(s)
20240410 08:01:17 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20240410 08:01:17 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20240410 08:01:17 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
20240410 08:01:20 I TCP/UDP: Preserving recently used remote address: [AF_INET]141.98.102.186:443
20240410 08:01:20 Socket Buffers: R=[180224->180224] S=[180224->180224]
20240410 08:01:20 I UDPv4 link local: (not bound)
20240410 08:01:20 I UDPv4 link remote: [AF_INET]141.98.102.186:443
20240410 08:01:20 TLS: Initial packet from [AF_INET]141.98.102.186:443 sid=b9beb3fd dac33f94
20240410 08:01:20 VERIFY KU OK
20240410 08:01:20 Validating certificate extended key usage
20240410 08:01:20 NOTE: --mute triggered...
20240410 08:01:20 4 variation(s) on previous 3 message(s) suppressed by --mute
20240410 08:01:20 I [Alsephina] Peer Connection Initiated with [AF_INET]141.98.102.186:443
20240410 08:01:20 PUSH: Received control message: 'PUSH_REPLY comp-lzo no redirect-gateway def1 bypass-dhcp dhcp-option DNS 10.25.100.1 route-gateway 10.25.100.1 topology subnet ping 10 ping-restart 60 ifconfig 10.25.100.84 255.255.255.0 peer-id 1 cipher AES-256-CBC'
20240410 08:01:20 Pushed option removed by filter: 'redirect-gateway def1 bypass-dhcp'
20240410 08:01:20 OPTIONS IMPORT: timers and/or timeouts modified
20240410 08:01:20 NOTE: --mute triggered...
20240410 08:01:20 7 variation(s) on previous 3 message(s) suppressed by --mute
20240410 08:01:20 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
20240410 08:01:20 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
20240410 08:01:20 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
20240410 08:01:20 NOTE: --mute triggered...
20240410 08:01:20 1 variation(s) on previous 3 message(s) suppressed by --mute
20240410 08:01:20 net_route_v4_best_gw query: dst 0.0.0.0
20240410 08:01:20 net_route_v4_best_gw result: via 172.16.10.105 dev ppp0
20240410 08:01:20 I TUN/TAP device tun1 opened
20240410 08:01:20 I net_iface_mtu_set: mtu 1500 for tun1
20240410 08:01:20 I net_iface_up: set tun1 up
20240410 08:01:20 I net_addr_v4_add: 10.25.100.84/24 dev tun1
20240410 08:01:25 net_route_v4_add: 141.98.102.186/32 via 172.16.10.105 dev [NULL] table 0 metric -1
20240410 08:01:25 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20240410 08:01:25 I Initialization Sequence Completed
20240410 08:01:38 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240410 08:01:38 D MANAGEMENT: CMD 'state'
20240410 08:01:38 MANAGEMENT: Client disconnected
20240410 08:01:38 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240410 08:01:38 D MANAGEMENT: CMD 'state'
20240410 08:01:38 MANAGEMENT: Client disconnected
20240410 08:01:38 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240410 08:01:38 D MANAGEMENT: CMD 'state'
20240410 08:01:38 MANAGEMENT: Client disconnected
20240410 08:01:38 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240410 08:01:38 D MANAGEMENT: CMD 'status 2'
20240410 08:01:38 MANAGEMENT: Client disconnected
20240410 08:01:38 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20240410 08:01:38 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00