Реконнект клиента OpenVPN при подключении второго клиента

Question

[Артур Артур]

Всем доброго времени суток. Админ я относительно молодой, но возникла необходимость поднять VPN туннель между офисом и клиентом снаружи, так чтобы клиент имел доступ к корпоративному терминалу который во внутренней сети. Выбран был OpenVPN. Итак, установлен и сконфигурирован OpenVPN сервер на Windows server 2008 r2, установлен RRAS. конфиг сервера

dev tun
dev-node "vpn"
proto tcp-server
port 8888
tls-server

server 172.16.0.0 255.255.255.0
push route-gateway 172.16.0.1
push route 10.0.0.0 255.0.0.0
topology subnet

comp-lzo
dh c:\\OpenVPN\\ssl\\dh1024.pem
ca c:\\OpenVPN\\ssl\\ca.crt
cert c:\\OpenVPN\\ssl\\dc.crt
key c:\\OpenVPN\\ssl\\dc.key
persist-tun
persist-key
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
keepalive 10 120
status c:\\OpenVPN\\log\\openvpn-status.log
log c:\\OpenVPN\\log\\openvpn.log
verb 3

Конфиг клиента_1

dev tun
proto tcp
remote 30.30.30.30 8888

client
ca c:\\OpenVPN\\ssl\\ca.crt
cert c:\\OpenVPN\\ssl\\cl-1.crt
key c:\\OpenVPN\\ssl\\cl-1.key
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
status c:\\OpenVPN\\log\\openvpn-status.log
log c:\\OpenVPN\\log\\openvpn.log
verb 3

Конфиг клиента_2
dev tun
proto tcp
remote 30.30.30.30 8888

client
ca c:\\OpenVPN\\ssl\\ca.crt
cert c:\\OpenVPN\\ssl\\cl-2.crt
key c:\\OpenVPN\\ssl\\cl-2.key
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
status c:\\OpenVPN\\log\\openvpn-status.log
log c:\\OpenVPN\\log\\openvpn.log
verb 3

Все установлено на ВМ Hyper-v. 2 клиента windows 7, 3 windows server 2008r2, у одного роль домен контроллера с белым адресам(якобы), у второго роль терминального сервера, а третий как шлюз по умолчанию между клиентами и DC. То есть клиенты подключаются через шлюз по умолчанию на котором развернут RRAS. Сервер с клиентами пингуется нормально, туннель поднимается, но стоит подключиться второму клиенту к серверу OpenVPN первого обрывает, второй коннектится (коннект держится секунд 5) в то время как первый реконнектнулся и второй отконектился, все это продолжается бесконечно, борьба ведется за адрес 172.16.0.2. Не пойму почему получают один адрес.

Версия OpenVPN 2.1.1

Comments

[eisaev]

Желательно указать версии OpenVPN на сервере и клиентах, а так же не помешали бы файлы логов.

Answer 1

[eisaev]

Попробуйте закомментировать следующие строки в конфиге сервера:

push route-gateway 172.16.0.1
push route 10.0.0.0 255.0.0.0
topology subnet

и добавить
push "route 10.0.0.0 255.0.0.0"

Comments

[Артур Артур]

@eisaev Сделал как описали, клиент получает адрес в туннеле 172.16.0.6/30, DHCP сервер 172.16.0.5 и при коннекте второго клиента такая же "бойня"

[eisaev]

Тогда серверный лог нужно смотреть. Главное, чтобы в логе были отражены подключения обоих клиентов. Уровень логирования (verb 3) у вас достаточен для предварительного анализа ситуации.

Answer 2

[Артур Артур]

Лог openvpn.log Логи соответствуют действиям, Запустился сервер, подключился cl-1, подключился cl-2 далее "битва" далее отключил службу OpenVPNService на cl-2
Thu Nov 21 20:42:39 2013 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Thu Nov 21 20:42:39 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Nov 21 20:42:39 2013 Diffie-Hellman initialized with 1024 bit key
Thu Nov 21 20:42:39 2013 TLS-Auth MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Nov 21 20:42:39 2013 TAP-WIN32 device [vpn] opened: \\.\Global\{21E34A5B-7387-4496-AA10-C2297C67A985}.tap
Thu Nov 21 20:42:39 2013 TAP-Win32 Driver Version 9.6
Thu Nov 21 20:42:39 2013 TAP-Win32 MTU=1500
Thu Nov 21 20:42:39 2013 Set TAP-Win32 TUN subnet mode network/local/netmask = 172.16.0.0/172.16.0.1/255.255.255.0 [SUCCEEDED]
Thu Nov 21 20:42:39 2013 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.16.0.1/255.255.255.0 on interface {21E34A5B-7387-4496-AA10-C2297C67A985} [DHCP-serv: 172.16.0.254, lease-time: 31536000]
Thu Nov 21 20:42:39 2013 Sleeping for 10 seconds...
Thu Nov 21 20:42:49 2013 Successful ARP Flush on interface [16] {21E34A5B-7387-4496-AA10-C2297C67A985}
Thu Nov 21 20:42:49 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 21 20:42:49 2013 Listening for incoming TCP connection on [undef]:8888
Thu Nov 21 20:42:49 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 21 20:42:49 2013 TCPv4_SERVER link local (bound): [undef]:8888
Thu Nov 21 20:42:49 2013 TCPv4_SERVER link remote: [undef]
Thu Nov 21 20:42:49 2013 MULTI: multi_init called, r=256 v=256
Thu Nov 21 20:42:49 2013 IFCONFIG POOL: base=172.16.0.2 size=252
Thu Nov 21 20:42:49 2013 MULTI: TCP INIT maxclients=60 maxevents=64
Thu Nov 21 20:42:49 2013 Initialization Sequence Completed
Thu Nov 21 20:42:56 2013 MULTI: multi_create_instance called
Thu Nov 21 20:42:56 2013 Re-using SSL/TLS context
Thu Nov 21 20:42:56 2013 LZO compression initialized
Thu Nov 21 20:42:56 2013 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Nov 21 20:42:56 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 21 20:42:56 2013 Local Options hash (VER=V4): '77cf0943'
Thu Nov 21 20:42:56 2013 Expected Remote Options hash (VER=V4): '2547efd2'
Thu Nov 21 20:42:56 2013 TCP connection established with 192.168.1.10:49207
Thu Nov 21 20:42:56 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 21 20:42:56 2013 TCPv4_SERVER link local: [undef]
Thu Nov 21 20:42:56 2013 TCPv4_SERVER link remote: 192.168.1.10:49207
Thu Nov 21 20:42:56 2013 192.168.1.10:49207 TLS: Initial packet from 192.168.1.10:49207, sid=cc0d48bd ae4aa80b
Thu Nov 21 20:42:56 2013 192.168.1.10:49207 VERIFY OK: depth=1, /C=RU/ST=Mocsow/L=Moscow/O=OpenVPN/emailAddress=admin@localhost
Thu Nov 21 20:42:56 2013 192.168.1.10:49207 VERIFY OK: depth=0, /C=RU/ST=Mocsow/O=OpenVPN/CN=dc/emailAddress=admin@localhost
Thu Nov 21 20:42:57 2013 192.168.1.10:49207 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:42:57 2013 192.168.1.10:49207 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:42:57 2013 192.168.1.10:49207 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:42:57 2013 192.168.1.10:49207 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:42:57 2013 192.168.1.10:49207 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Nov 21 20:42:57 2013 192.168.1.10:49207 [dc] Peer Connection Initiated with 192.168.1.10:49207
Thu Nov 21 20:42:57 2013 dc/192.168.1.10:49207 MULTI: Learn: 172.16.0.2 -> dc/192.168.1.10:49207
Thu Nov 21 20:42:57 2013 dc/192.168.1.10:49207 MULTI: primary virtual IP for dc/192.168.1.10:49207: 172.16.0.2
Thu Nov 21 20:42:59 2013 dc/192.168.1.10:49207 PUSH: Received control message: 'PUSH_REQUEST'
Thu Nov 21 20:42:59 2013 dc/192.168.1.10:49207 SENT CONTROL [dc]: 'PUSH_REPLY,route-gateway 172.16.0.1,route 10.0.0.0 255.0.0.0,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0' (status=1)
Thu Nov 21 20:44:26 2013 MULTI: multi_create_instance called
Thu Nov 21 20:44:26 2013 Re-using SSL/TLS context
Thu Nov 21 20:44:26 2013 LZO compression initialized
Thu Nov 21 20:44:26 2013 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Nov 21 20:44:26 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 21 20:44:26 2013 Local Options hash (VER=V4): '77cf0943'
Thu Nov 21 20:44:26 2013 Expected Remote Options hash (VER=V4): '2547efd2'
Thu Nov 21 20:44:26 2013 TCP connection established with 192.168.2.20:49193
Thu Nov 21 20:44:26 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 21 20:44:26 2013 TCPv4_SERVER link local: [undef]
Thu Nov 21 20:44:26 2013 TCPv4_SERVER link remote: 192.168.2.20:49193
Thu Nov 21 20:44:26 2013 192.168.2.20:49193 TLS: Initial packet from 192.168.2.20:49193, sid=1bdf57d2 536165be
Thu Nov 21 20:44:26 2013 192.168.2.20:49193 VERIFY OK: depth=1, /C=RU/ST=Mocsow/L=Moscow/O=OpenVPN/emailAddress=admin@localhost
Thu Nov 21 20:44:26 2013 192.168.2.20:49193 VERIFY OK: depth=0, /C=RU/ST=Mocsow/O=OpenVPN/CN=dc/emailAddress=admin@localhost
Thu Nov 21 20:44:27 2013 192.168.2.20:49193 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:44:27 2013 192.168.2.20:49193 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:44:27 2013 192.168.2.20:49193 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:44:27 2013 192.168.2.20:49193 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:44:27 2013 192.168.2.20:49193 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Nov 21 20:44:27 2013 192.168.2.20:49193 [dc] Peer Connection Initiated with 192.168.2.20:49193
Thu Nov 21 20:44:27 2013 dc/192.168.2.20:49193 TCP/UDP: Closing socket
Thu Nov 21 20:44:27 2013 MULTI: new connection by client 'dc' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Nov 21 20:44:27 2013 MULTI: Learn: 172.16.0.2 -> dc/192.168.2.20:49193
Thu Nov 21 20:44:27 2013 MULTI: primary virtual IP for dc/192.168.2.20:49193: 172.16.0.2
Thu Nov 21 20:44:30 2013 dc/192.168.2.20:49193 PUSH: Received control message: 'PUSH_REQUEST'
Thu Nov 21 20:44:30 2013 dc/192.168.2.20:49193 SENT CONTROL [dc]: 'PUSH_REPLY,route-gateway 172.16.0.1,route 10.0.0.0 255.0.0.0,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0' (status=1)
Thu Nov 21 20:44:32 2013 MULTI: multi_create_instance called
Thu Nov 21 20:44:32 2013 Re-using SSL/TLS context
Thu Nov 21 20:44:32 2013 LZO compression initialized
Thu Nov 21 20:44:32 2013 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Nov 21 20:44:32 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 21 20:44:32 2013 Local Options hash (VER=V4): '77cf0943'
Thu Nov 21 20:44:32 2013 Expected Remote Options hash (VER=V4): '2547efd2'
Thu Nov 21 20:44:32 2013 TCP connection established with 192.168.1.10:49208
Thu Nov 21 20:44:32 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 21 20:44:32 2013 TCPv4_SERVER link local: [undef]
Thu Nov 21 20:44:32 2013 TCPv4_SERVER link remote: 192.168.1.10:49208
Thu Nov 21 20:44:32 2013 192.168.1.10:49208 TLS: Initial packet from 192.168.1.10:49208, sid=1f06fa2a 0cb9015a
Thu Nov 21 20:44:33 2013 192.168.1.10:49208 VERIFY OK: depth=1, /C=RU/ST=Mocsow/L=Moscow/O=OpenVPN/emailAddress=admin@localhost
Thu Nov 21 20:44:33 2013 192.168.1.10:49208 VERIFY OK: depth=0, /C=RU/ST=Mocsow/O=OpenVPN/CN=dc/emailAddress=admin@localhost
Thu Nov 21 20:44:33 2013 192.168.1.10:49208 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:44:33 2013 192.168.1.10:49208 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:44:33 2013 192.168.1.10:49208 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:44:33 2013 192.168.1.10:49208 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:44:34 2013 192.168.1.10:49208 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Nov 21 20:44:34 2013 192.168.1.10:49208 [dc] Peer Connection Initiated with 192.168.1.10:49208
Thu Nov 21 20:44:34 2013 dc/192.168.1.10:49208 TCP/UDP: Closing socket
Thu Nov 21 20:44:34 2013 MULTI: new connection by client 'dc' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Nov 21 20:44:34 2013 MULTI: Learn: 172.16.0.2 -> dc/192.168.1.10:49208
Thu Nov 21 20:44:34 2013 MULTI: primary virtual IP for dc/192.168.1.10:49208: 172.16.0.2
Thu Nov 21 20:44:36 2013 dc/192.168.1.10:49208 PUSH: Received control message: 'PUSH_REQUEST'
Thu Nov 21 20:44:36 2013 dc/192.168.1.10:49208 SENT CONTROL [dc]: 'PUSH_REPLY,route-gateway 172.16.0.1,route 10.0.0.0 255.0.0.0,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0' (status=1)
Thu Nov 21 20:44:39 2013 MULTI: multi_create_instance called
Thu Nov 21 20:44:39 2013 Re-using SSL/TLS context
Thu Nov 21 20:44:39 2013 LZO compression initialized
Thu Nov 21 20:44:39 2013 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Nov 21 20:44:39 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 21 20:44:39 2013 Local Options hash (VER=V4): '77cf0943'
Thu Nov 21 20:44:39 2013 Expected Remote Options hash (VER=V4): '2547efd2'
Thu Nov 21 20:44:39 2013 TCP connection established with 192.168.2.20:49194
Thu Nov 21 20:44:39 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 21 20:44:39 2013 TCPv4_SERVER link local: [undef]
Thu Nov 21 20:44:39 2013 TCPv4_SERVER link remote: 192.168.2.20:49194
Thu Nov 21 20:44:39 2013 192.168.2.20:49194 TLS: Initial packet from 192.168.2.20:49194, sid=56402b7d 7f2c445d
Thu Nov 21 20:44:39 2013 192.168.2.20:49194 VERIFY OK: depth=1, /C=RU/ST=Mocsow/L=Moscow/O=OpenVPN/emailAddress=admin@localhost
Thu Nov 21 20:44:39 2013 192.168.2.20:49194 VERIFY OK: depth=0, /C=RU/ST=Mocsow/O=OpenVPN/CN=dc/emailAddress=admin@localhost
Thu Nov 21 20:44:40 2013 192.168.2.20:49194 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:44:40 2013 192.168.2.20:49194 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:44:40 2013 192.168.2.20:49194 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:44:40 2013 192.168.2.20:49194 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:44:40 2013 192.168.2.20:49194 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Nov 21 20:44:40 2013 192.168.2.20:49194 [dc] Peer Connection Initiated with 192.168.2.20:49194
Thu Nov 21 20:44:40 2013 dc/192.168.2.20:49194 TCP/UDP: Closing socket
Thu Nov 21 20:44:40 2013 MULTI: new connection by client 'dc' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Nov 21 20:44:40 2013 MULTI: Learn: 172.16.0.2 -> dc/192.168.2.20:49194
Thu Nov 21 20:44:40 2013 MULTI: primary virtual IP for dc/192.168.2.20:49194: 172.16.0.2
Thu Nov 21 20:44:42 2013 dc/192.168.2.20:49194 PUSH: Received control message: 'PUSH_REQUEST'
Thu Nov 21 20:44:42 2013 dc/192.168.2.20:49194 SENT CONTROL [dc]: 'PUSH_REPLY,route-gateway 172.16.0.1,route 10.0.0.0 255.0.0.0,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0' (status=1)
Thu Nov 21 20:44:45 2013 MULTI: multi_create_instance called
Thu Nov 21 20:44:45 2013 Re-using SSL/TLS context
Thu Nov 21 20:44:45 2013 LZO compression initialized
Thu Nov 21 20:44:45 2013 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Nov 21 20:44:45 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 21 20:44:45 2013 Local Options hash (VER=V4): '77cf0943'
Thu Nov 21 20:44:45 2013 Expected Remote Options hash (VER=V4): '2547efd2'
Thu Nov 21 20:44:45 2013 TCP connection established with 192.168.1.10:49209
Thu Nov 21 20:44:45 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 21 20:44:45 2013 TCPv4_SERVER link local: [undef]
Thu Nov 21 20:44:45 2013 TCPv4_SERVER link remote: 192.168.1.10:49209
Thu Nov 21 20:44:45 2013 192.168.1.10:49209 TLS: Initial packet from 192.168.1.10:49209, sid=a7b5c915 d71a3650
Thu Nov 21 20:44:46 2013 192.168.1.10:49209 VERIFY OK: depth=1, /C=RU/ST=Mocsow/L=Moscow/O=OpenVPN/emailAddress=admin@localhost
Thu Nov 21 20:44:46 2013 192.168.1.10:49209 VERIFY OK: depth=0, /C=RU/ST=Mocsow/O=OpenVPN/CN=dc/emailAddress=admin@localhost
Thu Nov 21 20:44:46 2013 192.168.1.10:49209 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:44:46 2013 192.168.1.10:49209 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:44:46 2013 192.168.1.10:49209 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:44:46 2013 192.168.1.10:49209 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:44:47 2013 192.168.1.10:49209 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Nov 21 20:44:47 2013 192.168.1.10:49209 [dc] Peer Connection Initiated with 192.168.1.10:49209
Thu Nov 21 20:44:47 2013 dc/192.168.1.10:49209 TCP/UDP: Closing socket
Thu Nov 21 20:44:47 2013 MULTI: new connection by client 'dc' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Nov 21 20:44:47 2013 MULTI: Learn: 172.16.0.2 -> dc/192.168.1.10:49209
Thu Nov 21 20:44:47 2013 MULTI: primary virtual IP for dc/192.168.1.10:49209: 172.16.0.2
Thu Nov 21 20:44:49 2013 dc/192.168.1.10:49209 PUSH: Received control message: 'PUSH_REQUEST'
Thu Nov 21 20:44:49 2013 dc/192.168.1.10:49209 SENT CONTROL [dc]: 'PUSH_REPLY,route-gateway 172.16.0.1,route 10.0.0.0 255.0.0.0,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0' (status=1)
Thu Nov 21 20:44:52 2013 MULTI: multi_create_instance called
Thu Nov 21 20:44:52 2013 Re-using SSL/TLS context
Thu Nov 21 20:44:52 2013 LZO compression initialized
Thu Nov 21 20:44:52 2013 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Nov 21 20:44:52 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 21 20:44:52 2013 Local Options hash (VER=V4): '77cf0943'
Thu Nov 21 20:44:52 2013 Expected Remote Options hash (VER=V4): '2547efd2'
Thu Nov 21 20:44:52 2013 TCP connection established with 192.168.2.20:49195
Thu Nov 21 20:44:52 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 21 20:44:52 2013 TCPv4_SERVER link local: [undef]
Thu Nov 21 20:44:52 2013 TCPv4_SERVER link remote: 192.168.2.20:49195
Thu Nov 21 20:44:52 2013 192.168.2.20:49195 TLS: Initial packet from 192.168.2.20:49195, sid=12c92b99 da550ae7
Thu Nov 21 20:44:52 2013 192.168.2.20:49195 VERIFY OK: depth=1, /C=RU/ST=Mocsow/L=Moscow/O=OpenVPN/emailAddress=admin@localhost
Thu Nov 21 20:44:52 2013 192.168.2.20:49195 VERIFY OK: depth=0, /C=RU/ST=Mocsow/O=OpenVPN/CN=dc/emailAddress=admin@localhost
Thu Nov 21 20:44:53 2013 192.168.2.20:49195 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:44:53 2013 192.168.2.20:49195 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:44:53 2013 192.168.2.20:49195 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:44:53 2013 192.168.2.20:49195 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:44:53 2013 192.168.2.20:49195 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Nov 21 20:44:53 2013 192.168.2.20:49195 [dc] Peer Connection Initiated with 192.168.2.20:49195
Thu Nov 21 20:44:53 2013 dc/192.168.2.20:49195 TCP/UDP: Closing socket
Thu Nov 21 20:44:53 2013 MULTI: new connection by client 'dc' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Nov 21 20:44:53 2013 MULTI: Learn: 172.16.0.2 -> dc/192.168.2.20:49195
Thu Nov 21 20:44:53 2013 MULTI: primary virtual IP for dc/192.168.2.20:49195: 172.16.0.2
Thu Nov 21 20:44:55 2013 dc/192.168.2.20:49195 PUSH: Received control message: 'PUSH_REQUEST'
Thu Nov 21 20:44:55 2013 dc/192.168.2.20:49195 SENT CONTROL [dc]: 'PUSH_REPLY,route-gateway 172.16.0.1,route 10.0.0.0 255.0.0.0,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0' (status=1)
Thu Nov 21 20:44:58 2013 MULTI: multi_create_instance called
Thu Nov 21 20:44:58 2013 Re-using SSL/TLS context
Thu Nov 21 20:44:58 2013 LZO compression initialized
Thu Nov 21 20:44:58 2013 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Nov 21 20:44:58 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 21 20:44:58 2013 Local Options hash (VER=V4): '77cf0943'
Thu Nov 21 20:44:58 2013 Expected Remote Options hash (VER=V4): '2547efd2'
Thu Nov 21 20:44:58 2013 TCP connection established with 192.168.1.10:49210
Thu Nov 21 20:44:58 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 21 20:44:58 2013 TCPv4_SERVER link local: [undef]
Thu Nov 21 20:44:58 2013 TCPv4_SERVER link remote: 192.168.1.10:49210
Thu Nov 21 20:44:58 2013 192.168.1.10:49210 TLS: Initial packet from 192.168.1.10:49210, sid=6868a093 5007f7d1
Thu Nov 21 20:44:59 2013 192.168.1.10:49210 VERIFY OK: depth=1, /C=RU/ST=Mocsow/L=Moscow/O=OpenVPN/emailAddress=admin@localhost
Thu Nov 21 20:44:59 2013 192.168.1.10:49210 VERIFY OK: depth=0, /C=RU/ST=Mocsow/O=OpenVPN/CN=dc/emailAddress=admin@localhost
Thu Nov 21 20:44:59 2013 192.168.1.10:49210 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:44:59 2013 192.168.1.10:49210 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:44:59 2013 192.168.1.10:49210 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:44:59 2013 192.168.1.10:49210 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:44:59 2013 192.168.1.10:49210 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Nov 21 20:44:59 2013 192.168.1.10:49210 [dc] Peer Connection Initiated with 192.168.1.10:49210
Thu Nov 21 20:44:59 2013 dc/192.168.1.10:49210 TCP/UDP: Closing socket
Thu Nov 21 20:44:59 2013 MULTI: new connection by client 'dc' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Nov 21 20:44:59 2013 MULTI: Learn: 172.16.0.2 -> dc/192.168.1.10:49210
Thu Nov 21 20:44:59 2013 MULTI: primary virtual IP for dc/192.168.1.10:49210: 172.16.0.2
Thu Nov 21 20:45:02 2013 dc/192.168.1.10:49210 PUSH: Received control message: 'PUSH_REQUEST'
Thu Nov 21 20:45:02 2013 dc/192.168.1.10:49210 SENT CONTROL [dc]: 'PUSH_REPLY,route-gateway 172.16.0.1,route 10.0.0.0 255.0.0.0,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0' (status=1)
Thu Nov 21 20:45:04 2013 MULTI: multi_create_instance called
Thu Nov 21 20:45:04 2013 Re-using SSL/TLS context
Thu Nov 21 20:45:04 2013 LZO compression initialized
Thu Nov 21 20:45:04 2013 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Nov 21 20:45:04 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 21 20:45:04 2013 Local Options hash (VER=V4): '77cf0943'
Thu Nov 21 20:45:04 2013 Expected Remote Options hash (VER=V4): '2547efd2'
Thu Nov 21 20:45:04 2013 TCP connection established with 192.168.2.20:49196
Thu Nov 21 20:45:04 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 21 20:45:04 2013 TCPv4_SERVER link local: [undef]
Thu Nov 21 20:45:04 2013 TCPv4_SERVER link remote: 192.168.2.20:49196
Thu Nov 21 20:45:04 2013 192.168.2.20:49196 TLS: Initial packet from 192.168.2.20:49196, sid=f3dfeda7 454119fb
Thu Nov 21 20:45:05 2013 192.168.2.20:49196 VERIFY OK: depth=1, /C=RU/ST=Mocsow/L=Moscow/O=OpenVPN/emailAddress=admin@localhost
Thu Nov 21 20:45:05 2013 192.168.2.20:49196 VERIFY OK: depth=0, /C=RU/ST=Mocsow/O=OpenVPN/CN=dc/emailAddress=admin@localhost
Thu Nov 21 20:45:05 2013 192.168.2.20:49196 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:45:05 2013 192.168.2.20:49196 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:45:05 2013 192.168.2.20:49196 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:45:05 2013 192.168.2.20:49196 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:45:06 2013 192.168.2.20:49196 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Nov 21 20:45:06 2013 192.168.2.20:49196 [dc] Peer Connection Initiated with 192.168.2.20:49196
Thu Nov 21 20:45:06 2013 dc/192.168.2.20:49196 TCP/UDP: Closing socket
Thu Nov 21 20:45:06 2013 MULTI: new connection by client 'dc' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Nov 21 20:45:06 2013 MULTI: Learn: 172.16.0.2 -> dc/192.168.2.20:49196
Thu Nov 21 20:45:06 2013 MULTI: primary virtual IP for dc/192.168.2.20:49196: 172.16.0.2
Thu Nov 21 20:45:08 2013 dc/192.168.2.20:49196 PUSH: Received control message: 'PUSH_REQUEST'
Thu Nov 21 20:45:08 2013 dc/192.168.2.20:49196 SENT CONTROL [dc]: 'PUSH_REPLY,route-gateway 172.16.0.1,route 10.0.0.0 255.0.0.0,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0' (status=1)
Thu Nov 21 20:45:11 2013 MULTI: multi_create_instance called
Thu Nov 21 20:45:11 2013 Re-using SSL/TLS context
Thu Nov 21 20:45:11 2013 LZO compression initialized
Thu Nov 21 20:45:11 2013 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Nov 21 20:45:11 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 21 20:45:11 2013 Local Options hash (VER=V4): '77cf0943'
Thu Nov 21 20:45:11 2013 Expected Remote Options hash (VER=V4): '2547efd2'
Thu Nov 21 20:45:11 2013 TCP connection established with 192.168.1.10:49211
Thu Nov 21 20:45:11 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 21 20:45:11 2013 TCPv4_SERVER link local: [undef]
Thu Nov 21 20:45:11 2013 TCPv4_SERVER link remote: 192.168.1.10:49211
Thu Nov 21 20:45:11 2013 192.168.1.10:49211 TLS: Initial packet from 192.168.1.10:49211, sid=214ea847 c6ce7127
Thu Nov 21 20:45:11 2013 192.168.1.10:49211 VERIFY OK: depth=1, /C=RU/ST=Mocsow/L=Moscow/O=OpenVPN/emailAddress=admin@localhost
Thu Nov 21 20:45:11 2013 192.168.1.10:49211 VERIFY OK: depth=0, /C=RU/ST=Mocsow/O=OpenVPN/CN=dc/emailAddress=admin@localhost
Thu Nov 21 20:45:12 2013 192.168.1.10:49211 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:45:12 2013 192.168.1.10:49211 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:45:12 2013 192.168.1.10:49211 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:45:12 2013 192.168.1.10:49211 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:45:12 2013 192.168.1.10:49211 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Nov 21 20:45:12 2013 192.168.1.10:49211 [dc] Peer Connection Initiated with 192.168.1.10:49211
Thu Nov 21 20:45:12 2013 dc/192.168.1.10:49211 TCP/UDP: Closing socket
Thu Nov 21 20:45:12 2013 MULTI: new connection by client 'dc' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Nov 21 20:45:12 2013 MULTI: Learn: 172.16.0.2 -> dc/192.168.1.10:49211
Thu Nov 21 20:45:12 2013 MULTI: primary virtual IP for dc/192.168.1.10:49211: 172.16.0.2
Thu Nov 21 20:45:14 2013 dc/192.168.1.10:49211 PUSH: Received control message: 'PUSH_REQUEST'
Thu Nov 21 20:45:14 2013 dc/192.168.1.10:49211 SENT CONTROL [dc]: 'PUSH_REPLY,route-gateway 172.16.0.1,route 10.0.0.0 255.0.0.0,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0' (status=1)
Thu Nov 21 20:45:17 2013 MULTI: multi_create_instance called
Thu Nov 21 20:45:17 2013 Re-using SSL/TLS context
Thu Nov 21 20:45:17 2013 LZO compression initialized
Thu Nov 21 20:45:17 2013 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Nov 21 20:45:17 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 21 20:45:17 2013 Local Options hash (VER=V4): '77cf0943'
Thu Nov 21 20:45:17 2013 Expected Remote Options hash (VER=V4): '2547efd2'
Thu Nov 21 20:45:17 2013 TCP connection established with 192.168.2.20:49197
Thu Nov 21 20:45:17 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 21 20:45:17 2013 TCPv4_SERVER link local: [undef]
Thu Nov 21 20:45:17 2013 TCPv4_SERVER link remote: 192.168.2.20:49197
Thu Nov 21 20:45:17 2013 192.168.2.20:49197 TLS: Initial packet from 192.168.2.20:49197, sid=2e1d2c31 a0a6ef40
Thu Nov 21 20:45:18 2013 192.168.2.20:49197 VERIFY OK: depth=1, /C=RU/ST=Mocsow/L=Moscow/O=OpenVPN/emailAddress=admin@localhost
Thu Nov 21 20:45:18 2013 192.168.2.20:49197 VERIFY OK: depth=0, /C=RU/ST=Mocsow/O=OpenVPN/CN=dc/emailAddress=admin@localhost
Thu Nov 21 20:45:18 2013 192.168.2.20:49197 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:45:18 2013 192.168.2.20:49197 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:45:18 2013 192.168.2.20:49197 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:45:18 2013 192.168.2.20:49197 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:45:19 2013 192.168.2.20:49197 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Nov 21 20:45:19 2013 192.168.2.20:49197 [dc] Peer Connection Initiated with 192.168.2.20:49197
Thu Nov 21 20:45:19 2013 dc/192.168.2.20:49197 TCP/UDP: Closing socket
Thu Nov 21 20:45:19 2013 MULTI: new connection by client 'dc' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Nov 21 20:45:19 2013 MULTI: Learn: 172.16.0.2 -> dc/192.168.2.20:49197
Thu Nov 21 20:45:19 2013 MULTI: primary virtual IP for dc/192.168.2.20:49197: 172.16.0.2
Thu Nov 21 20:45:21 2013 dc/192.168.2.20:49197 PUSH: Received control message: 'PUSH_REQUEST'
Thu Nov 21 20:45:21 2013 dc/192.168.2.20:49197 SENT CONTROL [dc]: 'PUSH_REPLY,route-gateway 172.16.0.1,route 10.0.0.0 255.0.0.0,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0' (status=1)
Thu Nov 21 20:45:24 2013 MULTI: multi_create_instance called
Thu Nov 21 20:45:24 2013 Re-using SSL/TLS context
Thu Nov 21 20:45:24 2013 LZO compression initialized
Thu Nov 21 20:45:24 2013 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Nov 21 20:45:24 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 21 20:45:24 2013 Local Options hash (VER=V4): '77cf0943'
Thu Nov 21 20:45:24 2013 Expected Remote Options hash (VER=V4): '2547efd2'
Thu Nov 21 20:45:24 2013 TCP connection established with 192.168.1.10:49212
Thu Nov 21 20:45:24 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 21 20:45:24 2013 TCPv4_SERVER link local: [undef]
Thu Nov 21 20:45:24 2013 TCPv4_SERVER link remote: 192.168.1.10:49212
Thu Nov 21 20:45:24 2013 192.168.1.10:49212 TLS: Initial packet from 192.168.1.10:49212, sid=963a6fa0 019a82f8
Thu Nov 21 20:45:24 2013 192.168.1.10:49212 VERIFY OK: depth=1, /C=RU/ST=Mocsow/L=Moscow/O=OpenVPN/emailAddress=admin@localhost
Thu Nov 21 20:45:24 2013 192.168.1.10:49212 VERIFY OK: depth=0, /C=RU/ST=Mocsow/O=OpenVPN/CN=dc/emailAddress=admin@localhost
Thu Nov 21 20:45:25 2013 192.168.1.10:49212 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:45:25 2013 192.168.1.10:49212 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:45:25 2013 192.168.1.10:49212 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:45:25 2013 192.168.1.10:49212 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:45:25 2013 192.168.1.10:49212 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Nov 21 20:45:25 2013 192.168.1.10:49212 [dc] Peer Connection Initiated with 192.168.1.10:49212
Thu Nov 21 20:45:25 2013 dc/192.168.1.10:49212 TCP/UDP: Closing socket
Thu Nov 21 20:45:25 2013 MULTI: new connection by client 'dc' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Nov 21 20:45:25 2013 MULTI: Learn: 172.16.0.2 -> dc/192.168.1.10:49212
Thu Nov 21 20:45:25 2013 MULTI: primary virtual IP for dc/192.168.1.10:49212: 172.16.0.2
Thu Nov 21 20:45:27 2013 dc/192.168.1.10:49212 PUSH: Received control message: 'PUSH_REQUEST'
Thu Nov 21 20:45:27 2013 dc/192.168.1.10:49212 SENT CONTROL [dc]: 'PUSH_REPLY,route-gateway 172.16.0.1,route 10.0.0.0 255.0.0.0,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0' (status=1)
Thu Nov 21 20:45:30 2013 MULTI: multi_create_instance called
Thu Nov 21 20:45:30 2013 Re-using SSL/TLS context
Thu Nov 21 20:45:30 2013 LZO compression initialized
Thu Nov 21 20:45:30 2013 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Nov 21 20:45:30 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 21 20:45:30 2013 Local Options hash (VER=V4): '77cf0943'
Thu Nov 21 20:45:30 2013 Expected Remote Options hash (VER=V4): '2547efd2'
Thu Nov 21 20:45:30 2013 TCP connection established with 192.168.2.20:49198
Thu Nov 21 20:45:30 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 21 20:45:30 2013 TCPv4_SERVER link local: [undef]
Thu Nov 21 20:45:30 2013 TCPv4_SERVER link remote: 192.168.2.20:49198
Thu Nov 21 20:45:30 2013 192.168.2.20:49198 TLS: Initial packet from 192.168.2.20:49198, sid=97d8eabb 99068b3d
Thu Nov 21 20:45:31 2013 192.168.2.20:49198 VERIFY OK: depth=1, /C=RU/ST=Mocsow/L=Moscow/O=OpenVPN/emailAddress=admin@localhost
Thu Nov 21 20:45:31 2013 192.168.2.20:49198 VERIFY OK: depth=0, /C=RU/ST=Mocsow/O=OpenVPN/CN=dc/emailAddress=admin@localhost
Thu Nov 21 20:45:31 2013 192.168.2.20:49198 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:45:31 2013 192.168.2.20:49198 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:45:31 2013 192.168.2.20:49198 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:45:31 2013 192.168.2.20:49198 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:45:31 2013 192.168.2.20:49198 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Nov 21 20:45:31 2013 192.168.2.20:49198 [dc] Peer Connection Initiated with 192.168.2.20:49198
Thu Nov 21 20:45:31 2013 dc/192.168.2.20:49198 TCP/UDP: Closing socket
Thu Nov 21 20:45:31 2013 MULTI: new connection by client 'dc' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Nov 21 20:45:31 2013 MULTI: Learn: 172.16.0.2 -> dc/192.168.2.20:49198
Thu Nov 21 20:45:31 2013 MULTI: primary virtual IP for dc/192.168.2.20:49198: 172.16.0.2
Thu Nov 21 20:45:33 2013 dc/192.168.2.20:49198 PUSH: Received control message: 'PUSH_REQUEST'
Thu Nov 21 20:45:33 2013 dc/192.168.2.20:49198 SENT CONTROL [dc]: 'PUSH_REPLY,route-gateway 172.16.0.1,route 10.0.0.0 255.0.0.0,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0' (status=1)
Thu Nov 21 20:45:36 2013 MULTI: multi_create_instance called
Thu Nov 21 20:45:36 2013 Re-using SSL/TLS context
Thu Nov 21 20:45:36 2013 LZO compression initialized
Thu Nov 21 20:45:36 2013 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Nov 21 20:45:36 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 21 20:45:36 2013 Local Options hash (VER=V4): '77cf0943'
Thu Nov 21 20:45:36 2013 Expected Remote Options hash (VER=V4): '2547efd2'
Thu Nov 21 20:45:36 2013 TCP connection established with 192.168.1.10:49213
Thu Nov 21 20:45:36 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 21 20:45:36 2013 TCPv4_SERVER link local: [undef]
Thu Nov 21 20:45:36 2013 TCPv4_SERVER link remote: 192.168.1.10:49213
Thu Nov 21 20:45:36 2013 192.168.1.10:49213 TLS: Initial packet from 192.168.1.10:49213, sid=0a92032f be867406
Thu Nov 21 20:45:37 2013 192.168.1.10:49213 VERIFY OK: depth=1, /C=RU/ST=Mocsow/L=Moscow/O=OpenVPN/emailAddress=admin@localhost
Thu Nov 21 20:45:37 2013 192.168.1.10:49213 VERIFY OK: depth=0, /C=RU/ST=Mocsow/O=OpenVPN/CN=dc/emailAddress=admin@localhost
Thu Nov 21 20:45:37 2013 192.168.1.10:49213 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:45:37 2013 192.168.1.10:49213 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:45:37 2013 192.168.1.10:49213 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:45:37 2013 192.168.1.10:49213 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:45:38 2013 192.168.1.10:49213 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Nov 21 20:45:38 2013 192.168.1.10:49213 [dc] Peer Connection Initiated with 192.168.1.10:49213
Thu Nov 21 20:45:38 2013 dc/192.168.1.10:49213 TCP/UDP: Closing socket
Thu Nov 21 20:45:38 2013 MULTI: new connection by client 'dc' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Nov 21 20:45:38 2013 MULTI: Learn: 172.16.0.2 -> dc/192.168.1.10:49213
Thu Nov 21 20:45:38 2013 MULTI: primary virtual IP for dc/192.168.1.10:49213: 172.16.0.2
Thu Nov 21 20:45:40 2013 dc/192.168.1.10:49213 PUSH: Received control message: 'PUSH_REQUEST'
Thu Nov 21 20:45:40 2013 dc/192.168.1.10:49213 SENT CONTROL [dc]: 'PUSH_REPLY,route-gateway 172.16.0.1,route 10.0.0.0 255.0.0.0,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0' (status=1)
Thu Nov 21 20:45:43 2013 MULTI: multi_create_instance called
Thu Nov 21 20:45:43 2013 Re-using SSL/TLS context
Thu Nov 21 20:45:43 2013 LZO compression initialized
Thu Nov 21 20:45:43 2013 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Nov 21 20:45:43 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 21 20:45:43 2013 Local Options hash (VER=V4): '77cf0943'
Thu Nov 21 20:45:43 2013 Expected Remote Options hash (VER=V4): '2547efd2'
Thu Nov 21 20:45:43 2013 TCP connection established with 192.168.2.20:49199
Thu Nov 21 20:45:43 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 21 20:45:43 2013 TCPv4_SERVER link local: [undef]
Thu Nov 21 20:45:43 2013 TCPv4_SERVER link remote: 192.168.2.20:49199
Thu Nov 21 20:45:43 2013 192.168.2.20:49199 TLS: Initial packet from 192.168.2.20:49199, sid=65acaba8 6b8b6b29
Thu Nov 21 20:45:43 2013 192.168.2.20:49199 VERIFY OK: depth=1, /C=RU/ST=Mocsow/L=Moscow/O=OpenVPN/emailAddress=admin@localhost
Thu Nov 21 20:45:43 2013 192.168.2.20:49199 VERIFY OK: depth=0, /C=RU/ST=Mocsow/O=OpenVPN/CN=dc/emailAddress=admin@localhost
Thu Nov 21 20:45:44 2013 192.168.2.20:49199 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:45:44 2013 192.168.2.20:49199 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:45:44 2013 192.168.2.20:49199 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:45:44 2013 192.168.2.20:49199 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:45:44 2013 192.168.2.20:49199 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Nov 21 20:45:44 2013 192.168.2.20:49199 [dc] Peer Connection Initiated with 192.168.2.20:49199
Thu Nov 21 20:45:44 2013 dc/192.168.2.20:49199 TCP/UDP: Closing socket
Thu Nov 21 20:45:44 2013 MULTI: new connection by client 'dc' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Nov 21 20:45:44 2013 MULTI: Learn: 172.16.0.2 -> dc/192.168.2.20:49199
Thu Nov 21 20:45:44 2013 MULTI: primary virtual IP for dc/192.168.2.20:49199: 172.16.0.2
Thu Nov 21 20:45:46 2013 dc/192.168.2.20:49199 PUSH: Received control message: 'PUSH_REQUEST'
Thu Nov 21 20:45:46 2013 dc/192.168.2.20:49199 SENT CONTROL [dc]: 'PUSH_REPLY,route-gateway 172.16.0.1,route 10.0.0.0 255.0.0.0,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0' (status=1)
Thu Nov 21 20:45:49 2013 MULTI: multi_create_instance called
Thu Nov 21 20:45:49 2013 Re-using SSL/TLS context
Thu Nov 21 20:45:49 2013 LZO compression initialized
Thu Nov 21 20:45:49 2013 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Nov 21 20:45:49 2013 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3/1 ]
Thu Nov 21 20:45:49 2013 Local Options hash (VER=V4): '77cf0943'
Thu Nov 21 20:45:49 2013 Expected Remote Options hash (VER=V4): '2547efd2'
Thu Nov 21 20:45:49 2013 TCP connection established with 192.168.1.10:49214
Thu Nov 21 20:45:49 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Nov 21 20:45:49 2013 TCPv4_SERVER link local: [undef]
Thu Nov 21 20:45:49 2013 TCPv4_SERVER link remote: 192.168.1.10:49214
Thu Nov 21 20:45:49 2013 192.168.1.10:49214 TLS: Initial packet from 192.168.1.10:49214, sid=2f30837b 971e5c77
Thu Nov 21 20:45:50 2013 dc/192.168.2.20:49199 Connection reset, restarting [-1]
Thu Nov 21 20:45:50 2013 dc/192.168.2.20:49199 SIGUSR1[soft,connection-reset] received, client-instance restarting
Thu Nov 21 20:45:50 2013 TCP/UDP: Closing socket
Thu Nov 21 20:45:50 2013 192.168.1.10:49214 VERIFY OK: depth=1, /C=RU/ST=Mocsow/L=Moscow/O=OpenVPN/emailAddress=admin@localhost
Thu Nov 21 20:45:50 2013 192.168.1.10:49214 VERIFY OK: depth=0, /C=RU/ST=Mocsow/O=OpenVPN/CN=dc/emailAddress=admin@localhost
Thu Nov 21 20:45:50 2013 192.168.1.10:49214 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:45:50 2013 192.168.1.10:49214 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:45:50 2013 192.168.1.10:49214 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Nov 21 20:45:50 2013 192.168.1.10:49214 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Nov 21 20:45:51 2013 192.168.1.10:49214 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Nov 21 20:45:51 2013 192.168.1.10:49214 [dc] Peer Connection Initiated with 192.168.1.10:49214
Thu Nov 21 20:45:51 2013 dc/192.168.1.10:49214 MULTI: Learn: 172.16.0.2 -> dc/192.168.1.10:49214
Thu Nov 21 20:45:51 2013 dc/192.168.1.10:49214 MULTI: primary virtual IP for dc/192.168.1.10:49214: 172.16.0.2
Thu Nov 21 20:45:53 2013 dc/192.168.1.10:49214 PUSH: Received control message: 'PUSH_REQUEST'
Thu Nov 21 20:45:53 2013 dc/192.168.1.10:49214 SENT CONTROL [dc]: 'PUSH_REPLY,route-gateway 172.16.0.1,route 10.0.0.0 255.0.0.0,route-gateway 172.16.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0' (status=1)

Comments

[Артур Артур]

Логи собирались с конфигурации что в описании изначально

[eisaev]

Судя по логам у вас у обоих клиентов ключи одинаковые и OpenVPN считает их за одного и того же клиента. Либо генерируйте разные ключи для разных клиентов (предпочтительнее), либо добавляйте параметр в конфиг сервера (duplicate-cn), как и подсказывают логи: MULTI: new connection by client 'dc' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.

[Артур Артур]

Заработало! Но сертификаты реально разные делал, интересно. Большое спасибо дружище!)))

[eisaev]

@aptu_24 Только решение не в вашем ответе с логами ;) А так незачто, конечно. А ключи могут быть и разными, но в обоих при генерации указано имя "dc".

Answer 3

[paxlo]

Тебе сервер кричит:

MULTI: new connection by client 'dc' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.

Если у тебя 2 и более клиента используют для подключения один и тот же ключ, то в конфиге сервера это нужно разрешить опцией duplicate-cn. Но лучше сгенерить отдельно для каждого клиента.

Answer 4

[Roxa17]

Всем добрый вечер. Хочу настроить соединение Windows Server-Mikrotik client.
Сервер все работает с Windows клиент подключается. А вот с Mikrotik выходит такой лог

Mon Jan 27 18:35:24 2020 us=698736 178.176.166.217:42205 Re-using SSL/TLS context
Mon Jan 27 18:35:24 2020 us=698736 178.176.166.217:42205 LZO compression initializing
Mon Jan 27 18:35:24 2020 us=698736 178.176.166.217:42205 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Mon Jan 27 18:35:24 2020 us=698736 178.176.166.217:42205 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Mon Jan 27 18:35:24 2020 us=698736 178.176.166.217:42205 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher DES-CBC,auth SHA1,keysize 64,key-method 2,tls-server'
Mon Jan 27 18:35:24 2020 us=698736 178.176.166.217:42205 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher DES-CBC,auth SHA1,keysize 64,key-method 2,tls-client'
Mon Jan 27 18:35:24 2020 us=698736 178.176.166.217:42205 TLS: Initial packet from [AF_INET6]::ffff:178.176.166.217:42205, sid=a51d79f7 e16f297a
Mon Jan 27 18:35:25 2020 us=587746 178.176.166.217:42205 VERIFY OK: depth=1, C=RU, ST=Sankt-Petersburg, L=Sankt-Petersburg, O=Organization, OU=DMOSK, CN=DMOSK, name=WIN-OOJVAP63PG8, emailAddress=admin@dssupport.ru
Mon Jan 27 18:35:25 2020 us=587746 178.176.166.217:42205 VERIFY OK: depth=0, C=RU, ST=Sankt-Petersburg, L=Sankt-Petersburg, O=Organization, OU=DMOSK, CN=client1, name=WIN-OOJVAP63PG8, emailAddress=admin@dssupport.ru
Mon Jan 27 18:35:25 2020 us=737788 178.176.166.217:42205 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1557'
Mon Jan 27 18:35:25 2020 us=737788 178.176.166.217:42205 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Mon Jan 27 18:35:25 2020 us=737788 178.176.166.217:42205 WARNING: 'cipher' is used inconsistently, local='cipher DES-CBC', remote='cipher AES-256-CBC'
Mon Jan 27 18:35:25 2020 us=737788 178.176.166.217:42205 WARNING: 'keysize' is used inconsistently, local='keysize 64', remote='keysize 256'
Mon Jan 27 18:35:25 2020 us=897815 178.176.166.217:42205 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Jan 27 18:35:25 2020 us=897815 178.176.166.217:42205 [client1] Peer Connection Initiated with [AF_INET6]::ffff:178.176.166.217:42205
Mon Jan 27 18:35:25 2020 us=897815 MULTI: new connection by client 'client1' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Mon Jan 27 18:35:25 2020 us=897815 MULTI_sva: pool returned IPv4=172.16.10.6, IPv6=(Not enabled)
Mon Jan 27 18:35:25 2020 us=897815 MULTI: Learn: 172.16.10.6 -> client1/178.176.166.217:42205
Mon Jan 27 18:35:25 2020 us=897815 MULTI: primary virtual IP for client1/178.176.166.217:42205: 172.16.10.6
Mon Jan 27 18:35:35 2020 us=901376 MULTI: multi_create_instance called

Comments

[Roxa17]

Так же при подключении с Windows Выходит это уведомление

Mon Jan 27 17:45:22 2020 WARNING: Ignoring option 'dh' in tls-client mode, please only include this in your server configuration
Mon Jan 27 17:45:22 2020 WARNING: No server certificate verification method has been enabled. See openvpn.net/howto.html#mitm for more info.
Mon Jan 27 17:45:29 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this