Re: [Openvpn-users] Problem after upgrade to FreeBSD 14 + OpenSSL 3.0.12 + openvpn-2.6.8_1

Budi Janto Tue, 12 Dec 2023 00:30:01 -0800

On 12/12/23 14:55, Gert Doering wrote:

Hi,


On Tue, Dec 12, 2023 at 02:29:27PM +0700, Budi Janto wrote:

I recently upgrading my server from FreeBSD 13.2 RELEASE to FreeBSD 14.0
RELEASE trough `freebsd-update`.


If you upgrade the server, please do also show the *server* log - it
might tell what's wrong (my crystall ball says it's "user openvpn"
conflicting with DCO).

The client log is not very informative here.

gert


Alright, here's is log server:

2023-12-12 15:10:37 us=663785 Note: '--allow-compression' is not set to 'no', disabling data channel offload. 2023-12-12 15:10:37 us=663836 Consider using the '--compress migrate' option. 2023-12-12 15:10:37 us=663841 WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure

2023-12-12 15:10:37 us=664155 Current Parameter Settings:

2023-12-12 15:10:37 us=664159 config = '/usr/local/etc/openvpn/server.conf'

2023-12-12 15:10:37 us=664162   mode = 1
2023-12-12 15:10:37 us=664164   show_ciphers = DISABLED
2023-12-12 15:10:37 us=664167   show_digests = DISABLED
2023-12-12 15:10:37 us=664169   show_engines = DISABLED
2023-12-12 15:10:37 us=664171   genkey = DISABLED
2023-12-12 15:10:37 us=664174   genkey_filename = '[UNDEF]'
2023-12-12 15:10:37 us=664176   key_pass_file = '[UNDEF]'
2023-12-12 15:10:37 us=664178   show_tls_ciphers = DISABLED
2023-12-12 15:10:37 us=664181   connect_retry_max = 0
2023-12-12 15:10:37 us=664183 Connection profiles [0]:
2023-12-12 15:10:37 us=664186   proto = udp
2023-12-12 15:10:37 us=664188   local = '[UNDEF]'
2023-12-12 15:10:37 us=664190   local_port = '5276'
2023-12-12 15:10:37 us=664193   remote = '[UNDEF]'
2023-12-12 15:10:37 us=664195   remote_port = '5276'
2023-12-12 15:10:37 us=664197   remote_float = DISABLED
2023-12-12 15:10:37 us=664199   bind_defined = DISABLED
2023-12-12 15:10:37 us=664201   bind_local = ENABLED
2023-12-12 15:10:37 us=664204   bind_ipv6_only = DISABLED
2023-12-12 15:10:37 us=664206   connect_retry_seconds = 1
2023-12-12 15:10:37 us=664208   connect_timeout = 120
2023-12-12 15:10:37 us=664211   socks_proxy_server = '[UNDEF]'
2023-12-12 15:10:37 us=664213   socks_proxy_port = '[UNDEF]'
2023-12-12 15:10:37 us=664215   tun_mtu = 1500
2023-12-12 15:10:37 us=664217   tun_mtu_defined = ENABLED
2023-12-12 15:10:37 us=664221   link_mtu = 1500
2023-12-12 15:10:37 us=664223   link_mtu_defined = DISABLED
2023-12-12 15:10:37 us=664226   tun_mtu_extra = 0
2023-12-12 15:10:37 us=664228   tun_mtu_extra_defined = DISABLED
2023-12-12 15:10:37 us=664230   tls_mtu = 1250
2023-12-12 15:10:37 us=664233   mtu_discover_type = -1
2023-12-12 15:10:37 us=664235   fragment = 0
2023-12-12 15:10:37 us=664237   mssfix = 1300
2023-12-12 15:10:37 us=664239   mssfix_encap = DISABLED
2023-12-12 15:10:37 us=664241   mssfix_fixed = DISABLED
2023-12-12 15:10:37 us=664243   explicit_exit_notification = 1
2023-12-12 15:10:37 us=664246   tls_auth_file = '[INLINE]'
2023-12-12 15:10:37 us=664248   key_direction = 0
2023-12-12 15:10:37 us=664250   tls_crypt_file = '[UNDEF]'
2023-12-12 15:10:37 us=664252   tls_crypt_v2_file = '[UNDEF]'
2023-12-12 15:10:37 us=664254 Connection profiles END
2023-12-12 15:10:37 us=664257   remote_random = DISABLED
2023-12-12 15:10:37 us=664259   ipchange = '[UNDEF]'
2023-12-12 15:10:37 us=664261   dev = 'tun'
2023-12-12 15:10:37 us=664263   dev_type = '[UNDEF]'
2023-12-12 15:10:37 us=664265   dev_node = '[UNDEF]'
2023-12-12 15:10:37 us=664268   tuntap_options.disable_dco = ENABLED
2023-12-12 15:10:37 us=664270   lladdr = '[UNDEF]'
2023-12-12 15:10:37 us=664272   topology = 3
2023-12-12 15:10:37 us=664274   ifconfig_local = '10.10.10.1'
2023-12-12 15:10:37 us=664277   ifconfig_remote_netmask = '255.255.255.192'
2023-12-12 15:10:37 us=664279   ifconfig_noexec = DISABLED
2023-12-12 15:10:37 us=664281   ifconfig_nowarn = DISABLED
2023-12-12 15:10:37 us=664283   ifconfig_ipv6_local = '[UNDEF]'
2023-12-12 15:10:37 us=664285   ifconfig_ipv6_netbits = 0
2023-12-12 15:10:37 us=664288   ifconfig_ipv6_remote = '[UNDEF]'
2023-12-12 15:10:37 us=664290   shaper = 0
2023-12-12 15:10:37 us=664292   mtu_test = 0
2023-12-12 15:10:37 us=664294   mlock = DISABLED
2023-12-12 15:10:37 us=664296   keepalive_ping = 10
2023-12-12 15:10:37 us=664299   keepalive_timeout = 120
2023-12-12 15:10:37 us=664301   inactivity_timeout = 0
2023-12-12 15:10:37 us=664303   session_timeout = 0
2023-12-12 15:10:37 us=664305   inactivity_minimum_bytes = 0
2023-12-12 15:10:37 us=664307   ping_send_timeout = 10
2023-12-12 15:10:37 us=664309   ping_rec_timeout = 240
2023-12-12 15:10:37 us=664312   ping_rec_timeout_action = 2
2023-12-12 15:10:37 us=664320   ping_timer_remote = DISABLED
2023-12-12 15:10:37 us=664322   remap_sigusr1 = 0
2023-12-12 15:10:37 us=664325   persist_tun = ENABLED
2023-12-12 15:10:37 us=664327   persist_local_ip = DISABLED
2023-12-12 15:10:37 us=664329   persist_remote_ip = DISABLED
2023-12-12 15:10:37 us=664331   persist_key = ENABLED
2023-12-12 15:10:37 us=664334   passtos = DISABLED
2023-12-12 15:10:37 us=664336   resolve_retry_seconds = 1000000000
2023-12-12 15:10:37 us=664338   resolve_in_advance = DISABLED
2023-12-12 15:10:37 us=664340   username = 'openvpn'
2023-12-12 15:10:37 us=664343   groupname = 'openvpn'
2023-12-12 15:10:37 us=664345   chroot_dir = '[UNDEF]'
2023-12-12 15:10:37 us=664347   cd_dir = '/usr/local/etc/openvpn'
2023-12-12 15:10:37 us=664349   writepid = '/var/run/openvpn.pid'
2023-12-12 15:10:37 us=664352   up_script = '[UNDEF]'
2023-12-12 15:10:37 us=664354   down_script = '[UNDEF]'
2023-12-12 15:10:37 us=664356   down_pre = DISABLED
2023-12-12 15:10:37 us=664358   up_restart = DISABLED
2023-12-12 15:10:37 us=664360   up_delay = DISABLED
2023-12-12 15:10:37 us=664363   daemon = ENABLED
2023-12-12 15:10:37 us=664366   log = ENABLED
2023-12-12 15:10:37 us=664368   suppress_timestamps = DISABLED
2023-12-12 15:10:37 us=664371   machine_readable_output = DISABLED
2023-12-12 15:10:37 us=664373   nice = 0
2023-12-12 15:10:37 us=664375   verbosity = 4
2023-12-12 15:10:37 us=664377   mute = 0
2023-12-12 15:10:37 us=664380   gremlin = 0

2023-12-12 15:10:37 us=664382 status_file = '/var/log/openvpn/openvpn-status.log'

2023-12-12 15:10:37 us=664384   status_file_version = 1
2023-12-12 15:10:37 us=664387   status_file_update_freq = 60
2023-12-12 15:10:37 us=664389   occ = ENABLED
2023-12-12 15:10:37 us=664391   rcvbuf = 0
2023-12-12 15:10:37 us=664393   sndbuf = 0
2023-12-12 15:10:37 us=664396   sockflags = 0
2023-12-12 15:10:37 us=664398   fast_io = DISABLED
2023-12-12 15:10:37 us=664400   comp.alg = 1
2023-12-12 15:10:37 us=664402   comp.flags = 24
2023-12-12 15:10:37 us=664405   route_script = '[UNDEF]'
2023-12-12 15:10:37 us=664407   route_default_gateway = '10.10.10.2'
2023-12-12 15:10:37 us=664409   route_default_metric = 0
2023-12-12 15:10:37 us=664411   route_noexec = DISABLED
2023-12-12 15:10:37 us=664414   route_delay = 0
2023-12-12 15:10:37 us=664416   route_delay_window = 30
2023-12-12 15:10:37 us=664418   route_delay_defined = DISABLED
2023-12-12 15:10:37 us=664420   route_nopull = DISABLED
2023-12-12 15:10:37 us=664422   route_gateway_via_dhcp = DISABLED
2023-12-12 15:10:37 us=664425   allow_pull_fqdn = DISABLED
2023-12-12 15:10:37 us=664427   management_addr = '127.0.0.1'
2023-12-12 15:10:37 us=664429   management_port = '5555'
2023-12-12 15:10:37 us=664432   management_user_pass = '[UNDEF]'
2023-12-12 15:10:37 us=664434   management_log_history_cache = 250
2023-12-12 15:10:37 us=664436   management_echo_buffer_size = 100
2023-12-12 15:10:37 us=664439   management_client_user = '[UNDEF]'
2023-12-12 15:10:37 us=664441   management_client_group = '[UNDEF]'
2023-12-12 15:10:37 us=664443   management_flags = 0
2023-12-12 15:10:37 us=664445   shared_secret_file = '[UNDEF]'
2023-12-12 15:10:37 us=664448   key_direction = 0
2023-12-12 15:10:37 us=664450   ciphername = 'AES-256-GCM'

2023-12-12 15:10:37 us=664452 ncp_ciphers = 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305'

2023-12-12 15:10:37 us=664454   authname = 'SHA512'
2023-12-12 15:10:37 us=664457   engine = DISABLED
2023-12-12 15:10:37 us=664459   replay = ENABLED
2023-12-12 15:10:37 us=664461   mute_replay_warnings = DISABLED
2023-12-12 15:10:37 us=664464   replay_window = 64
2023-12-12 15:10:37 us=664466   replay_time = 15
2023-12-12 15:10:37 us=664468   packet_id_file = '[UNDEF]'
2023-12-12 15:10:37 us=664470   test_crypto = DISABLED
2023-12-12 15:10:37 us=664473   tls_server = ENABLED
2023-12-12 15:10:37 us=664475   tls_client = DISABLED

2023-12-12 15:10:37 us=664477 ca_file = '/usr/local/etc/openvpn/easy-rsa/pki/ca.crt'

2023-12-12 15:10:37 us=664479   ca_path = '[UNDEF]'

2023-12-12 15:10:37 us=664482 dh_file = '/usr/local/etc/openvpn/easy-rsa/pki/dh.pem' 2023-12-12 15:10:37 us=664487 cert_file = '/usr/local/etc/openvpn/easy-rsa/pki/issued/corp.server.crt'

2023-12-12 15:10:37 us=664489   extra_certs_file = '[UNDEF]'

2023-12-12 15:10:37 us=664492 priv_key_file = '/usr/local/etc/openvpn/easy-rsa/pki/private/corp.server.key'

2023-12-12 15:10:37 us=664494   pkcs12_file = '[UNDEF]'
2023-12-12 15:10:37 us=664496   cipher_list = '[UNDEF]'
2023-12-12 15:10:37 us=664499   cipher_list_tls13 = '[UNDEF]'
2023-12-12 15:10:37 us=664501   tls_cert_profile = '[UNDEF]'
2023-12-12 15:10:37 us=664503   tls_verify = '[UNDEF]'
2023-12-12 15:10:37 us=664505   tls_export_cert = '[UNDEF]'
2023-12-12 15:10:37 us=664508   verify_x509_type = 0
2023-12-12 15:10:37 us=664510   verify_x509_name = '[UNDEF]'

2023-12-12 15:10:37 us=664513 crl_file = '/usr/local/etc/openvpn/easy-rsa/pki/crl.pem'

2023-12-12 15:10:37 us=664515   ns_cert_type = 0
2023-12-12 15:10:37 us=664517   remote_cert_ku[i] = 65535
2023-12-12 15:10:37 us=664519   remote_cert_ku[i] = 0
2023-12-12 15:10:37 us=664522   remote_cert_ku[i] = 0
2023-12-12 15:10:37 us=664524   remote_cert_ku[i] = 0
2023-12-12 15:10:37 us=664526   remote_cert_ku[i] = 0
2023-12-12 15:10:37 us=664528   remote_cert_ku[i] = 0
2023-12-12 15:10:37 us=664530   remote_cert_ku[i] = 0
2023-12-12 15:10:37 us=664533   remote_cert_ku[i] = 0
2023-12-12 15:10:37 us=664535   remote_cert_ku[i] = 0
2023-12-12 15:10:37 us=664537   remote_cert_ku[i] = 0
2023-12-12 15:10:37 us=664539   remote_cert_ku[i] = 0
2023-12-12 15:10:37 us=664541   remote_cert_ku[i] = 0
2023-12-12 15:10:37 us=664543   remote_cert_ku[i] = 0
2023-12-12 15:10:37 us=664546   remote_cert_ku[i] = 0
2023-12-12 15:10:37 us=664548   remote_cert_ku[i] = 0
2023-12-12 15:10:37 us=664550   remote_cert_ku[i] = 0

2023-12-12 15:10:37 us=664552 remote_cert_eku = 'TLS Web Client Authentication'

2023-12-12 15:10:37 us=664555   ssl_flags = 192
2023-12-12 15:10:37 us=664557   tls_timeout = 2
2023-12-12 15:10:37 us=664559   renegotiate_bytes = -1
2023-12-12 15:10:37 us=664562   renegotiate_packets = 0
2023-12-12 15:10:37 us=664564   renegotiate_seconds = 3600
2023-12-12 15:10:37 us=664566   handshake_window = 60
2023-12-12 15:10:37 us=664569   transition_window = 3600
2023-12-12 15:10:37 us=664571   single_session = DISABLED
2023-12-12 15:10:37 us=664573   push_peer_info = DISABLED
2023-12-12 15:10:37 us=664577   tls_exit = DISABLED
2023-12-12 15:10:37 us=664579   tls_crypt_v2_metadata = '[UNDEF]'
2023-12-12 15:10:37 us=664581   pkcs11_protected_authentication = DISABLED
2023-12-12 15:10:37 us=664584   pkcs11_protected_authentication = DISABLED
2023-12-12 15:10:37 us=664586   pkcs11_protected_authentication = DISABLED
2023-12-12 15:10:37 us=664588   pkcs11_protected_authentication = DISABLED
2023-12-12 15:10:37 us=664590   pkcs11_protected_authentication = DISABLED
2023-12-12 15:10:37 us=664593   pkcs11_protected_authentication = DISABLED
2023-12-12 15:10:37 us=664595   pkcs11_protected_authentication = DISABLED
2023-12-12 15:10:37 us=664597   pkcs11_protected_authentication = DISABLED
2023-12-12 15:10:37 us=664599   pkcs11_protected_authentication = DISABLED
2023-12-12 15:10:37 us=664602   pkcs11_protected_authentication = DISABLED
2023-12-12 15:10:37 us=664604   pkcs11_protected_authentication = DISABLED
2023-12-12 15:10:37 us=664606   pkcs11_protected_authentication = DISABLED
2023-12-12 15:10:37 us=664608   pkcs11_protected_authentication = DISABLED
2023-12-12 15:10:37 us=664610   pkcs11_protected_authentication = DISABLED
2023-12-12 15:10:37 us=664612   pkcs11_protected_authentication = DISABLED
2023-12-12 15:10:37 us=664615   pkcs11_protected_authentication = DISABLED
2023-12-12 15:10:37 us=664617   pkcs11_private_mode = 00000000
2023-12-12 15:10:37 us=664620   pkcs11_private_mode = 00000000
2023-12-12 15:10:37 us=664622   pkcs11_private_mode = 00000000
2023-12-12 15:10:37 us=664624   pkcs11_private_mode = 00000000
2023-12-12 15:10:37 us=664626   pkcs11_private_mode = 00000000
2023-12-12 15:10:37 us=664628   pkcs11_private_mode = 00000000
2023-12-12 15:10:37 us=664633   pkcs11_private_mode = 00000000
2023-12-12 15:10:37 us=664635   pkcs11_private_mode = 00000000
2023-12-12 15:10:37 us=664637   pkcs11_private_mode = 00000000
2023-12-12 15:10:37 us=664639   pkcs11_private_mode = 00000000
2023-12-12 15:10:37 us=664642   pkcs11_private_mode = 00000000
2023-12-12 15:10:37 us=664644   pkcs11_private_mode = 00000000
2023-12-12 15:10:37 us=664646   pkcs11_private_mode = 00000000
2023-12-12 15:10:37 us=664648   pkcs11_private_mode = 00000000
2023-12-12 15:10:37 us=664651   pkcs11_private_mode = 00000000
2023-12-12 15:10:37 us=664653   pkcs11_private_mode = 00000000
2023-12-12 15:10:37 us=664655   pkcs11_cert_private = DISABLED
2023-12-12 15:10:37 us=664658   pkcs11_cert_private = DISABLED
2023-12-12 15:10:37 us=664660   pkcs11_cert_private = DISABLED
2023-12-12 15:10:37 us=664662   pkcs11_cert_private = DISABLED
2023-12-12 15:10:37 us=664664   pkcs11_cert_private = DISABLED
2023-12-12 15:10:37 us=664667   pkcs11_cert_private = DISABLED
2023-12-12 15:10:37 us=664669   pkcs11_cert_private = DISABLED
2023-12-12 15:10:37 us=664671   pkcs11_cert_private = DISABLED
2023-12-12 15:10:37 us=664673   pkcs11_cert_private = DISABLED
2023-12-12 15:10:37 us=664676   pkcs11_cert_private = DISABLED
2023-12-12 15:10:37 us=664678   pkcs11_cert_private = DISABLED
2023-12-12 15:10:37 us=664680   pkcs11_cert_private = DISABLED
2023-12-12 15:10:37 us=664682   pkcs11_cert_private = DISABLED
2023-12-12 15:10:37 us=664684   pkcs11_cert_private = DISABLED
2023-12-12 15:10:37 us=664687   pkcs11_cert_private = DISABLED
2023-12-12 15:10:37 us=664689   pkcs11_cert_private = DISABLED
2023-12-12 15:10:37 us=664691   pkcs11_pin_cache_period = -1
2023-12-12 15:10:37 us=664694   pkcs11_id = '[UNDEF]'
2023-12-12 15:10:37 us=664696   pkcs11_id_management = DISABLED
2023-12-12 15:10:37 us=664699   server_network = 10.10.10.0
2023-12-12 15:10:37 us=664702   server_netmask = 255.255.255.192
2023-12-12 15:10:37 us=664707   server_network_ipv6 = ::
2023-12-12 15:10:37 us=664710   server_netbits_ipv6 = 0
2023-12-12 15:10:37 us=664713   server_bridge_ip = 0.0.0.0
2023-12-12 15:10:37 us=664715   server_bridge_netmask = 0.0.0.0
2023-12-12 15:10:37 us=664718   server_bridge_pool_start = 0.0.0.0
2023-12-12 15:10:37 us=664721   server_bridge_pool_end = 0.0.0.0
2023-12-12 15:10:37 us=664724   push_entry = 'route-gateway 10.10.10.1'
2023-12-12 15:10:37 us=664728   push_entry = 'topology subnet'
2023-12-12 15:10:37 us=664731   push_entry = 'ping 10'
2023-12-12 15:10:37 us=664733   push_entry = 'ping-restart 120'
2023-12-12 15:10:37 us=664736   ifconfig_pool_defined = ENABLED
2023-12-12 15:10:37 us=664738   ifconfig_pool_start = 10.10.10.2
2023-12-12 15:10:37 us=664741   ifconfig_pool_end = 10.10.10.62
2023-12-12 15:10:37 us=664744   ifconfig_pool_netmask = 255.255.255.192
2023-12-12 15:10:37 us=664747   ifconfig_pool_persist_filename = '[UNDEF]'
2023-12-12 15:10:37 us=664749   ifconfig_pool_persist_refresh_freq = 600
2023-12-12 15:10:37 us=664751   ifconfig_ipv6_pool_defined = DISABLED
2023-12-12 15:10:37 us=664754   ifconfig_ipv6_pool_base = ::
2023-12-12 15:10:37 us=664756   ifconfig_ipv6_pool_netbits = 0
2023-12-12 15:10:37 us=664759   n_bcast_buf = 256
2023-12-12 15:10:37 us=664761   tcp_queue_limit = 64
2023-12-12 15:10:37 us=664764   real_hash_size = 256
2023-12-12 15:10:37 us=664766   virtual_hash_size = 256
2023-12-12 15:10:37 us=664768   client_connect_script = '[UNDEF]'
2023-12-12 15:10:37 us=664771   learn_address_script = '[UNDEF]'
2023-12-12 15:10:37 us=664773   client_disconnect_script = '[UNDEF]'
2023-12-12 15:10:37 us=664775   client_crresponse_script = '[UNDEF]'

2023-12-12 15:10:37 us=664778 client_config_dir = '/usr/local/etc/openvpn/client'

2023-12-12 15:10:37 us=664780   ccd_exclusive = DISABLED
2023-12-12 15:10:37 us=664783   tmp_dir = '/tmp'
2023-12-12 15:10:37 us=664785   push_ifconfig_defined = DISABLED
2023-12-12 15:10:37 us=664788   push_ifconfig_local = 0.0.0.0
2023-12-12 15:10:37 us=664790   push_ifconfig_remote_netmask = 0.0.0.0
2023-12-12 15:10:37 us=664793   push_ifconfig_ipv6_defined = DISABLED
2023-12-12 15:10:37 us=664798   push_ifconfig_ipv6_local = ::/0
2023-12-12 15:10:37 us=664800   push_ifconfig_ipv6_remote = ::
2023-12-12 15:10:37 us=664803   enable_c2c = ENABLED
2023-12-12 15:10:37 us=664805   duplicate_cn = DISABLED
2023-12-12 15:10:37 us=664808   cf_max = 0
2023-12-12 15:10:37 us=664810   cf_per = 0
2023-12-12 15:10:37 us=664812   cf_initial_max = 100
2023-12-12 15:10:37 us=664815   cf_initial_per = 10
2023-12-12 15:10:37 us=664817   max_clients = 1024
2023-12-12 15:10:37 us=664820   max_routes_per_client = 256
2023-12-12 15:10:37 us=664822   auth_user_pass_verify_script = '[UNDEF]'

2023-12-12 15:10:37 us=664825 auth_user_pass_verify_script_via_file = DISABLED

2023-12-12 15:10:37 us=664827   auth_token_generate = DISABLED
2023-12-12 15:10:37 us=664830   auth_token_lifetime = 0
2023-12-12 15:10:37 us=664832   auth_token_secret_file = '[UNDEF]'
2023-12-12 15:10:37 us=664834   port_share_host = '[UNDEF]'
2023-12-12 15:10:37 us=664837   port_share_port = '[UNDEF]'
2023-12-12 15:10:37 us=664839   vlan_tagging = DISABLED
2023-12-12 15:10:37 us=664842   vlan_accept = all
2023-12-12 15:10:37 us=664844   vlan_pvid = 1
2023-12-12 15:10:37 us=664846   client = DISABLED
2023-12-12 15:10:37 us=664849   pull = DISABLED
2023-12-12 15:10:37 us=664851   auth_user_pass_file = '[UNDEF]'

2023-12-12 15:10:37 us=664854 OpenVPN 2.6.8 amd64-portbld-freebsd14.0 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] [DCO] 2023-12-12 15:10:37 us=664859 library versions: OpenSSL 3.0.12 24 Oct 2023, LZO 2.10 2023-12-12 15:10:37 us=664871 DCO version: FreeBSD 14.0-RELEASE-p2 #0: Tue Dec 5 00:31:31 UTC 2023 r...@amd64-builder.daemonology.net:/usr/obj/usr/src/amd64.amd64/sys/GENERIC 2023-12-12 15:10:37 us=665222 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:5555

2023-12-12 15:10:37 us=665690 GDG: problem writing to routing socket
2023-12-12 15:10:37 us=667221 Diffie-Hellman initialized with 2048 bit key

2023-12-12 15:10:37 us=669827 CRL: loaded 1 CRLs from file /usr/local/etc/openvpn/easy-rsa/pki/crl.pem 2023-12-12 15:10:37 us=670127 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2023-12-12 15:10:37 us=670139 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2023-12-12 15:10:37 us=670326 TLS-Auth MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]

2023-12-12 15:10:37 us=670453 TUN/TAP device /dev/tun1 opened
2023-12-12 15:10:37 us=670462 do_ifconfig, ipv4=1, ipv6=0
2023-12-12 15:10:37 us=670471 /sbin/ifconfig tun1 10.10.10.1/26 mtu 1500 up

2023-12-12 15:10:37 us=671669 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ] 2023-12-12 15:10:37 us=671835 Could not determine IPv4/IPv6 protocol. Using AF_INET6 2023-12-12 15:10:37 us=671848 Socket Buffers: R=[42080->42080] S=[9216->9216]

2023-12-12 15:10:37 us=671852 setsockopt(IPV6_V6ONLY=0)

2023-12-12 15:10:37 us=671866 UDPv6 link local (bound): [AF_INET6][undef]:5276

2023-12-12 15:10:37 us=671871 UDPv6 link remote: [AF_UNSPEC]
2023-12-12 15:10:37 us=671886 GID set to openvpn
2023-12-12 15:10:37 us=671893 UID set to openvpn
2023-12-12 15:10:37 us=671905 MULTI: multi_init called, r=256 v=256
2023-12-12 15:10:37 us=671923 IFCONFIG POOL IPv4: base=10.10.10.2 size=61
2023-12-12 15:10:37 us=671954 Initialization Sequence Completed

2023-12-12 15:10:45 us=197450 Connection Attempt MULTI: multi_create_instance called

2023-12-12 15:10:45 us=197479 192.168.99.15:61167 Re-using SSL/TLS context

2023-12-12 15:10:45 us=197530 192.168.99.15:61167 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2023-12-12 15:10:45 us=197539 192.168.99.15:61167 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2023-12-12 15:10:45 us=201525 192.168.99.15:61167 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ] 2023-12-12 15:10:45 us=201538 192.168.99.15:61167 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ] 2023-12-12 15:10:45 us=210766 192.168.99.15:61167 VERIFY OK: depth=1, CN=SERVER OVPN (CAV-X7)

2023-12-12 15:10:45 us=210870 192.168.99.15:61167 VERIFY KU OK

2023-12-12 15:10:45 us=210877 192.168.99.15:61167 Validating certificate extended key usage 2023-12-12 15:10:45 us=210882 192.168.99.15:61167 ++ Certificate has EKU (str) TLS Web Client Authentication, expects TLS Web Client Authentication

2023-12-12 15:10:45 us=210885 192.168.99.15:61167 VERIFY EKU OK

2023-12-12 15:10:45 us=210888 192.168.99.15:61167 VERIFY OK: depth=0, CN=KOSAMBI-PARK

2023-12-12 15:10:45 us=211104 192.168.99.15:61167 peer info: IV_VER=2.6.8
2023-12-12 15:10:45 us=211111 192.168.99.15:61167 peer info: IV_PLAT=win
2023-12-12 15:10:45 us=211114 192.168.99.15:61167 peer info: IV_TCPNL=1
2023-12-12 15:10:45 us=211116 192.168.99.15:61167 peer info: IV_MTU=1600
2023-12-12 15:10:45 us=211119 192.168.99.15:61167 peer info: IV_NCP=2

2023-12-12 15:10:45 us=211123 192.168.99.15:61167 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM

2023-12-12 15:10:45 us=211126 192.168.99.15:61167 peer info: IV_PROTO=990
2023-12-12 15:10:45 us=211129 192.168.99.15:61167 peer info: IV_LZO_STUB=1
2023-12-12 15:10:45 us=211131 192.168.99.15:61167 peer info: IV_COMP_STUB=1

2023-12-12 15:10:45 us=211136 192.168.99.15:61167 peer info: IV_COMP_STUBv2=1 2023-12-12 15:10:45 us=211139 192.168.99.15:61167 peer info: IV_GUI_VER=OpenVPN_GUI_11.46.0.0 2023-12-12 15:10:45 us=211142 192.168.99.15:61167 peer info: IV_SSO=openurl,webauth,crtext 2023-12-12 15:10:45 us=211196 192.168.99.15:61167 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1 2023-12-12 15:10:45 us=211233 192.168.99.15:61167 TLS: tls_multi_process: initial untrusted session promoted to trusted 2023-12-12 15:10:45 us=211814 192.168.99.15:61167 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519 2023-12-12 15:10:45 us=211827 192.168.99.15:61167 [KOSAMBI-PARK] Peer Connection Initiated with [AF_INET6]::ffff:192.168.99.15:61167 2023-12-12 15:10:45 us=211838 KOSAMBI-PARK/192.168.99.15:61167 MULTI_sva: pool returned IPv4=10.10.10.2, IPv6=(Not enabled) 2023-12-12 15:10:45 us=211980 KOSAMBI-PARK/192.168.99.15:61167 OPTIONS IMPORT: reading client specific options from: /usr/local/etc/openvpn/client/KOSAMBI-PARK 2023-12-12 15:10:45 us=212099 KOSAMBI-PARK/192.168.99.15:61167 MULTI: Learn: 10.10.10.4 -> KOSAMBI-PARK/192.168.99.15:61167 2023-12-12 15:10:45 us=212104 KOSAMBI-PARK/192.168.99.15:61167 MULTI: primary virtual IP for KOSAMBI-PARK/192.168.99.15:61167: 10.10.10.4 2023-12-12 15:10:45 us=212128 KOSAMBI-PARK/192.168.99.15:61167 Data Channel MTU parms [ mss_fix:1235 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ] 2023-12-12 15:10:45 us=212171 KOSAMBI-PARK/192.168.99.15:61167 Outgoing dynamic tls-crypt: Cipher 'AES-256-CTR' initialized with 256 bit key 2023-12-12 15:10:45 us=212184 KOSAMBI-PARK/192.168.99.15:61167 Outgoing dynamic tls-crypt: Using 256 bit message hash 'SHA256' for HMAC authentication 2023-12-12 15:10:45 us=212190 KOSAMBI-PARK/192.168.99.15:61167 Incoming dynamic tls-crypt: Cipher 'AES-256-CTR' initialized with 256 bit key 2023-12-12 15:10:45 us=212199 KOSAMBI-PARK/192.168.99.15:61167 Incoming dynamic tls-crypt: Using 256 bit message hash 'SHA256' for HMAC authentication 2023-12-12 15:10:45 us=212224 KOSAMBI-PARK/192.168.99.15:61167 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2023-12-12 15:10:45 us=212231 KOSAMBI-PARK/192.168.99.15:61167 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2023-12-12 15:10:45 us=212259 KOSAMBI-PARK/192.168.99.15:61167 SENT CONTROL [KOSAMBI-PARK]: 'PUSH_REPLY,route-gateway 10.10.10.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.10.10.4 255.255.255.192,peer-id 0,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500' (status=1) 2023-12-12 15:10:45 us=256528 KOSAMBI-PARK/192.168.99.15:61167 MULTI: bad source address from client [::], packet dropped 2023-12-12 15:10:46 us=248726 KOSAMBI-PARK/192.168.99.15:61167 Data Channel: cipher 'AES-256-GCM', peer-id: 0, compression: 'stub' 2023-12-12 15:10:46 us=248733 KOSAMBI-PARK/192.168.99.15:61167 Timers: ping 10, ping-restart 240 2023-12-12 15:10:46 us=248738 KOSAMBI-PARK/192.168.99.15:61167 Protocol options: explicit-exit-notify 1, protocol-flags cc-exit tls-ekm dyn-tls-crypt

Only from local LAN (192.168.99.15), from outside WAN can not connected, otherwise if outside WAN connected, from local LAN can not connected. Before upgrade to FreeBSD 14.0 RELEASE, from local LAN & Outside WAN can be connected simultaneously.


--
Regards,
Budi Janto

OpenPGP_signature.asc
Description: OpenPGP digital signature

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Re: [Openvpn-users] Problem after upgrade to FreeBSD 14 + OpenSSL 3.0.12 + openvpn-2.6.8_1

Reply via email to