Khain, walaczę cały czas. Dodałem takie komendy:
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
iptables -A INPUT -i tun0 -j ACCEPT
Dla łańcucha OUTPUT wywala mi błąd " Can't use -i with OUTPUT". Powiem szczerze, tak jak w miarę rozumiem ideę iptables, tak samo narzędzie dla mnie to czarna magia. Te wszystkie maskarady i inne opcje przyprawiają mnie o ból głowy.
Nie mniej powoli posuwam się do przodu i powoli są efekty. Jednak gdzieś jeszcze coś jest popitolone w konfiguracji firewalla, tak mi się wydaje. Najlepiej to wyczyściłbym całą konfigurację firewalla spróbował zrobić to od zera. Mam pełno wpisów w iptables (iptables –L), które średnio rozumie, po drodze jeszzce doinstalowałem ufw.
Generalnie w tej chwili mam tak, że jestem w stanie dostać się do swojego lan’u z zewnątrz, a więc mamy sukces Nie mniej to połączenie umiera co jakiś czas i nie mogę dojść przyczyny. Wczoraj sporo siedziałem nad tym i zauważyłem, że uruchomienie klienta na androidzie powoduje, że tracę połączenie do lanu, tzn. ping z przykładowo 172.16.0.3 do 192.168.1.1 przestaje odpowiadać w momencie kiedy klient vpn z androida uzyskuje połączenie. Zauważyłem też, że uruchomienie komendy
po wcześniejszym rozłączeniu androida, naprawia tą sytuację. Nie wiem czy to normalne ale nie następuje to od razu, ale po jakiejś chwili, nie mniej pingi wracają. Samo połączenie do serwera vpn jest stabilne, wczoraj zostawiłem laptopa na noc połączonego do vpn’a i można było go pingać do dzisiaj. Postaram się dzisiaj nie łączyć się z androida i zobaczyć, czy połączenie do lanu się nie zerwie z jakiejś innej przyczyny. W załączniku wrzucam log z serwera vpn, który był zrzucany w scenariuszu: połączenie aktywne do lanu -> połączenia z klienta z androida -> połączenie zerwane -> restart srevera vpn -> przywrócone połączenie. Moment zerwania połączenia i jego powrotu zaznaczyłem komentarzem. W tym logu mam 3 klientów vpn: tomek_vostro (172.16.0.3-windows), tomek_an1 (172.16.0.4-android), tomek_itm (172.16.0.5-widows).
Dodatkow, po połączeniu się z androida mam dostęp do adresów 172.16.0.XXX, ale nie do adresów 192.168.1.1. W logu klienta vpn na androidzie zauważyłem taki błąd: tun_prop_route_error: route destinations other than vpn_gateway or net_gateway are not supported android. Trochę poczytałem I zmodyfikowałem plik /etc/openvpn/ccd/tomek_an1:
Bez tej linii push nie łączył mi się nawet z 172.16.0.XXX. Poza tym w logu servera cały czas widać komunikaty:
Tue Jan 31 00:15:21 2017 us=946603 tomek_itm/77.112.5.102:56118 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:15:22 2017 us=149547 tomek_itm/77.112.5.102:56118 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:15:22 2017 us=559523 tomek_itm/77.112.5.102:56118 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:15:23 2017 us=9507 tomek_itm/77.112.5.102:56118 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:16:33 2017 us=892783 tomek_vostro/94.254.128.244:39616 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:16:34 2017 us=292230 tomek_vostro/94.254.128.244:39616 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:17:01 2017 us=977647 MULTI: multi_create_instance called
Tue Jan 31 00:17:01 2017 us=977735 94.254.128.244:39618 Re-using SSL/TLS context
Tue Jan 31 00:17:01 2017 us=977779 94.254.128.244:39618 LZO compression initialized
Tue Jan 31 00:17:01 2017 us=977893 94.254.128.244:39618 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue Jan 31 00:17:01 2017 us=977910 94.254.128.244:39618 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jan 31 00:17:01 2017 us=977941 94.254.128.244:39618 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Tue Jan 31 00:17:01 2017 us=977952 94.254.128.244:39618 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Tue Jan 31 00:17:01 2017 us=977971 94.254.128.244:39618 Local Options hash (VER=V4): '0b024030'
Tue Jan 31 00:17:01 2017 us=977985 94.254.128.244:39618 Expected Remote Options hash (VER=V4): '5b243d85'
Tue Jan 31 00:17:01 2017 us=978019 94.254.128.244:39618 TLS: Initial packet from [AF_INET]94.254.128.244:39618, sid=539814ae 39892105
Tue Jan 31 00:17:02 2017 us=14848 94.254.128.244:39618 PID_ERR replay-window backtrack occurred [1] [TLS_AUTH-0] [0_1] 1485818220:3 1485818220:2 t=1485818222[0] r=[-1,64,15,1,1] sl=[61,3,64,528]
Tue Jan 31 00:17:02 2017 us=696089 94.254.128.244:39618 VERIFY OK: depth=1, C=PL, ST=mazowieckie, L=Warsaw, O=Tomasz Lewandowski, OU=telewy, CN=Tomasz Lewandowski CA, name=server, emailAddress=tomasz.lewandowski@mail.com
Tue Jan 31 00:17:02 2017 us=696332 94.254.128.244:39618 VERIFY OK: depth=0, C=PL, ST=mazowieckie, L=Warsaw, O=Tomasz Lewandowski, OU=telewy, CN=tomek_an1, name=server, emailAddress=tomasz.lewandowski@mail.com
Tue Jan 31 00:17:02 2017 us=733904 94.254.128.244:39618 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jan 31 00:17:02 2017 us=733968 94.254.128.244:39618 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 31 00:17:02 2017 us=733988 94.254.128.244:39618 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jan 31 00:17:02 2017 us=734008 94.254.128.244:39618 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 31 00:17:02 2017 us=760319 94.254.128.244:39618 Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 2048 bit RSA
Tue Jan 31 00:17:02 2017 us=760371 94.254.128.244:39618 [tomek_an1] Peer Connection Initiated with [AF_INET]94.254.128.244:39618
Tue Jan 31 00:17:02 2017 us=760436 tomek_an1/94.254.128.244:39618 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/tomek_an1
Tue Jan 31 00:17:02 2017 us=760616 tomek_an1/94.254.128.244:39618 MULTI: Learn: 172.16.0.4 -> tomek_an1/94.254.128.244:39618
Tue Jan 31 00:17:02 2017 us=760641 tomek_an1/94.254.128.244:39618 MULTI: primary virtual IP for tomek_an1/94.254.128.244:39618: 172.16.0.4
Tue Jan 31 00:17:02 2017 us=760661 tomek_an1/94.254.128.244:39618 MULTI: internal route 192.168.1.0/24 -> tomek_an1/94.254.128.244:39618
Tue Jan 31 00:17:02 2017 us=760684 tomek_an1/94.254.128.244:39618 MULTI: Learn: 192.168.1.0/24 -> tomek_an1/94.254.128.244:39618
Tue Jan 31 00:17:02 2017 us=772537 tomek_an1/94.254.128.244:39618 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jan 31 00:17:02 2017 us=772568 tomek_an1/94.254.128.244:39618 send_push_reply(): safe_cap=940
Tue Jan 31 00:17:02 2017 us=772644 tomek_an1/94.254.128.244:39618 SENT CONTROL [tomek_an1]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0 172.16.0.2,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 172.16.0.1,redirect-gateway def1,topology subnet,ping 10,ping-restart 120,route 192.168.1.0 255.255.255.0 172.16.0.1,ifconfig 172.16.0.4 255.255.255.0' (status=1)
Tue Jan 31 00:17:02 2017 us=865018 MULTI: Learn: 192.168.1.2 -> tomek_an1/94.254.128.244:39618
Tue Jan 31 00:17:03 2017 us=230673 MULTI: Learn: 192.168.1.1 -> tomek_an1/94.254.128.244:39618
//tutaj ping do 192.168.1.1 z tomek_vostro (172.16.0.3) przestał działać
Tue Jan 31 00:17:14 2017 us=740603 tomek/94.254.162.175:15344 MULTI: bad source address from client [192.168.1.2], packet dropped
Tue Jan 31 00:17:15 2017 us=20999 tomek/94.254.162.175:15344 MULTI: bad source address from client [192.168.1.2], packet dropped
Tue Jan 31 00:17:15 2017 us=304778 tomek/94.254.162.175:15344 MULTI: bad source address from client [192.168.1.2], packet dropped
Tue Jan 31 00:17:15 2017 us=900381 tomek/94.254.162.175:15344 MULTI: bad source address from client [192.168.1.2], packet dropped
Tue Jan 31 00:17:17 2017 us=81262 tomek/94.254.162.175:15344 MULTI: bad source address from client [192.168.1.2], packet dropped
Tue Jan 31 00:17:19 2017 us=408499 tomek/94.254.162.175:15344 MULTI: bad source address from client [192.168.1.2], packet dropped
Tue Jan 31 00:17:20 2017 us=920299 tomek/94.254.162.175:15344 MULTI: bad source address from client [192.168.1.2], packet dropped
Tue Jan 31 00:17:21 2017 us=240423 tomek/94.254.162.175:15344 MULTI: bad source address from client [192.168.1.2], packet dropped
Tue Jan 31 00:17:21 2017 us=540679 tomek/94.254.162.175:15344 MULTI: bad source address from client [192.168.1.2], packet dropped
Tue Jan 31 00:17:22 2017 us=140596 tomek/94.254.162.175:15344 MULTI: bad source address from client [192.168.1.2], packet dropped
Tue Jan 31 00:17:23 2017 us=360681 tomek/94.254.162.175:15344 MULTI: bad source address from client [192.168.1.2], packet dropped
Tue Jan 31 00:17:24 2017 us=100554 tomek/94.254.162.175:15344 MULTI: bad source address from client [192.168.1.2], packet dropped
Tue Jan 31 00:17:25 2017 us=791446 tomek/94.254.162.175:15344 MULTI: bad source address from client [192.168.1.2], packet dropped
Tue Jan 31 00:17:33 2017 us=870243 tomek/94.254.162.175:15344 MULTI: bad source address from client [192.168.1.2], packet dropped
Tue Jan 31 00:17:33 2017 us=870310 tomek_an1/94.254.128.244:39618 SIGTERM[soft,remote-exit] received, client-instance exiting
Tue Jan 31 00:17:33 2017 us=870736 tomek/94.254.162.175:15344 MULTI: bad source address from client [192.168.1.2], packet dropped
Tue Jan 31 00:17:40 2017 us=428732 tomek/94.254.162.175:15344 MULTI: bad source address from client [192.168.1.2], packet dropped
Tue Jan 31 00:17:52 2017 us=228988 tomek/94.254.162.175:15344 MULTI: bad source address from client [192.168.1.2], packet dropped
Tue Jan 31 00:17:54 2017 us=147253 tomek_itm/77.112.5.102:56118 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:17:55 2017 us=147154 tomek_itm/77.112.5.102:56118 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:17:57 2017 us=155228 tomek_itm/77.112.5.102:56118 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:17:59 2017 us=891324 tomek/94.254.162.175:15344 MULTI: bad source address from client [192.168.1.2], packet dropped
Tue Jan 31 00:18:01 2017 us=147096 tomek_itm/77.112.5.102:56118 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:18:09 2017 us=147148 tomek_itm/77.112.5.102:56118 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:18:25 2017 us=148052 tomek_itm/77.112.5.102:56118 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:18:29 2017 us=715622 tomek/94.254.162.175:15344 MULTI: bad source address from client [192.168.1.2], packet dropped
Tue Jan 31 00:18:38 2017 us=948795 tomek/94.254.162.175:15344 MULTI: bad source address from client [192.168.1.2], packet dropped
Tue Jan 31 00:22:12 2017 us=363510 tomek_vostro/94.254.128.244:39639 PID_ERR replay-window backtrack occurred [1] [SSL-0] [0_00000000000000000000000000000000000001111111111111111111111111] 0:169 0:168 t=1485818532[0] r=[-4,64,15,1,1] sl=[23,64,64,528]
Tue Jan 31 00:22:12 2017 us=405637 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:12 2017 us=405692 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:12 2017 us=419309 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:12 2017 us=490325 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:12 2017 us=524997 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:12 2017 us=639643 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:12 2017 us=642971 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:12 2017 us=818254 MULTI: multi_create_instance called
Tue Jan 31 00:22:12 2017 us=818363 77.112.5.102:52014 Re-using SSL/TLS context
Tue Jan 31 00:22:12 2017 us=818415 77.112.5.102:52014 LZO compression initialized
Tue Jan 31 00:22:12 2017 us=818598 77.112.5.102:52014 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue Jan 31 00:22:12 2017 us=818630 77.112.5.102:52014 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Jan 31 00:22:12 2017 us=818677 77.112.5.102:52014 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Tue Jan 31 00:22:12 2017 us=818713 77.112.5.102:52014 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Tue Jan 31 00:22:12 2017 us=818743 77.112.5.102:52014 Local Options hash (VER=V4): '0b024030'
Tue Jan 31 00:22:12 2017 us=818767 77.112.5.102:52014 Expected Remote Options hash (VER=V4): '5b243d85'
Tue Jan 31 00:22:12 2017 us=818811 77.112.5.102:52014 TLS: Initial packet from [AF_INET]77.112.5.102:52014, sid=1382462e 4e7f4780
Tue Jan 31 00:22:12 2017 us=829385 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:12 2017 us=832164 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:12 2017 us=832214 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:12 2017 us=893597 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:12 2017 us=893676 tomek_vostro/94.254.128.244:39639 PID_ERR replay-window backtrack occurred [2] [SSL-0] [00_0000000000000000000000000000000000000000000000000000000000000] 0:196 0:194 t=1485818532[0] r=[-4,64,15,2,1] sl=[60,64,64,528]
Tue Jan 31 00:22:12 2017 us=899529 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:12 2017 us=899576 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:13 2017 us=32710 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:13 2017 us=50090 MULTI: Learn: 192.168.1.1 -> tomek_vostro/94.254.128.244:39639
Tue Jan 31 00:22:13 2017 us=138534 MULTI: Learn: 192.168.1.2 -> tomek_vostro/94.254.128.244:39639
Tue Jan 31 00:22:13 2017 us=268012 77.112.5.102:52014 VERIFY OK: depth=1, C=PL, ST=mazowieckie, L=Warsaw, O=Tomasz Lewandowski, OU=telewy, CN=Tomasz Lewandowski CA, name=server, emailAddress=tomasz.lewandowski@mail.com
Tue Jan 31 00:22:13 2017 us=268412 77.112.5.102:52014 VERIFY OK: depth=0, C=PL, ST=mazowieckie, L=Warsaw, O=Tomasz Lewandowski, OU=telewy, CN=tomek_itm, name=server, emailAddress=tomasz.lewandowski@mail.com
Tue Jan 31 00:22:13 2017 us=326490 77.112.5.102:52014 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jan 31 00:22:13 2017 us=326550 77.112.5.102:52014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 31 00:22:13 2017 us=326570 77.112.5.102:52014 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jan 31 00:22:13 2017 us=326589 77.112.5.102:52014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 31 00:22:13 2017 us=329011 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:13 2017 us=365139 77.112.5.102:52014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Jan 31 00:22:13 2017 us=365217 77.112.5.102:52014 [tomek_itm] Peer Connection Initiated with [AF_INET]77.112.5.102:52014
Tue Jan 31 00:22:13 2017 us=365282 tomek_itm/77.112.5.102:52014 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/tomek_itm
Tue Jan 31 00:22:13 2017 us=365449 tomek_itm/77.112.5.102:52014 MULTI: Learn: 172.16.0.5 -> tomek_itm/77.112.5.102:52014
Tue Jan 31 00:22:13 2017 us=365473 tomek_itm/77.112.5.102:52014 MULTI: primary virtual IP for tomek_itm/77.112.5.102:52014: 172.16.0.5
Tue Jan 31 00:22:13 2017 us=365493 tomek_itm/77.112.5.102:52014 MULTI: internal route 192.168.1.0/24 -> tomek_itm/77.112.5.102:52014
Tue Jan 31 00:22:13 2017 us=365533 tomek_itm/77.112.5.102:52014 MULTI: Learn: 192.168.1.0/24 -> tomek_itm/77.112.5.102:52014
Tue Jan 31 00:22:13 2017 us=388173 tomek_itm/77.112.5.102:52014 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jan 31 00:22:13 2017 us=388208 tomek_itm/77.112.5.102:52014 send_push_reply(): safe_cap=940
Tue Jan 31 00:22:13 2017 us=388248 tomek_itm/77.112.5.102:52014 SENT CONTROL [tomek_itm]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0 172.16.0.2,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 172.16.0.1,redirect-gateway def1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.5 255.255.255.0' (status=1)
Tue Jan 31 00:22:13 2017 us=391386 MULTI: Learn: 192.168.1.2 -> tomek_itm/77.112.5.102:52014
Tue Jan 31 00:22:14 2017 us=677245 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:14 2017 us=677343 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:18 2017 us=49612 MULTI: Learn: 192.168.1.1 -> tomek_itm/77.112.5.102:52014
Tue Jan 31 00:22:20 2017 us=24243 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:20 2017 us=24286 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:20 2017 us=24418 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:34 2017 us=918304 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
//tutaj ping do 192.168.1.1 z tomek_vostro (172.16.0.3) zaczął działać
Tue Jan 31 00:22:42 2017 us=190973 94.254.162.175:15344 VERIFY OK: depth=1, C=PL, ST=mazowieckie, L=Warsaw, O=Tomasz Lewandowski, OU=telewy, CN=Tomasz Lewandowski CA, name=server, emailAddress=tomasz.lewandowski@mail.com
Tue Jan 31 00:22:42 2017 us=191313 94.254.162.175:15344 VERIFY OK: depth=0, C=PL, ST=mazowieckie, L=Warsaw, O=Tomasz Lewandowski, OU=telewy, CN=tomek, name=server, emailAddress=tomasz.lewandowski@mail.com
Tue Jan 31 00:22:42 2017 us=253313 94.254.162.175:15344 NOTE: Options consistency check may be skewed by version differences
Tue Jan 31 00:22:42 2017 us=253390 94.254.162.175:15344 WARNING: 'version' is used inconsistently, local='version V4', remote='version V0 UNDEF'
Tue Jan 31 00:22:42 2017 us=253414 94.254.162.175:15344 WARNING: 'dev-type' is present in local config but missing in remote config, local='dev-type tun'
Tue Jan 31 00:22:42 2017 us=253434 94.254.162.175:15344 WARNING: 'link-mtu' is present in local config but missing in remote config, local='link-mtu 1558'
Tue Jan 31 00:22:42 2017 us=253454 94.254.162.175:15344 WARNING: 'tun-mtu' is present in local config but missing in remote config, local='tun-mtu 1500'
Tue Jan 31 00:22:42 2017 us=253473 94.254.162.175:15344 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Tue Jan 31 00:22:42 2017 us=253493 94.254.162.175:15344 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher AES-256-CBC'
Tue Jan 31 00:22:42 2017 us=253512 94.254.162.175:15344 WARNING: 'auth' is present in local config but missing in remote config, local='auth SHA1'
Tue Jan 31 00:22:42 2017 us=253531 94.254.162.175:15344 WARNING: 'keysize' is present in local config but missing in remote config, local='keysize 256'
Tue Jan 31 00:22:42 2017 us=253551 94.254.162.175:15344 WARNING: 'tls-auth' is present in local config but missing in remote config, local='tls-auth'
Tue Jan 31 00:22:42 2017 us=253570 94.254.162.175:15344 WARNING: 'key-method' is present in local config but missing in remote config, local='key-method 2'
Tue Jan 31 00:22:42 2017 us=253590 94.254.162.175:15344 WARNING: 'tls-client' is present in local config but missing in remote config, local='tls-client'
Tue Jan 31 00:22:42 2017 us=253722 94.254.162.175:15344 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jan 31 00:22:42 2017 us=253768 94.254.162.175:15344 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 31 00:22:42 2017 us=253788 94.254.162.175:15344 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Jan 31 00:22:42 2017 us=253806 94.254.162.175:15344 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 31 00:22:42 2017 us=277197 94.254.162.175:15344 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Jan 31 00:22:42 2017 us=277254 94.254.162.175:15344 [tomek] Peer Connection Initiated with [AF_INET]94.254.162.175:15344
Tue Jan 31 00:22:42 2017 us=277318 tomek/94.254.162.175:15344 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/ccd/tomek
Tue Jan 31 00:22:42 2017 us=277482 tomek/94.254.162.175:15344 MULTI: Learn: 172.16.0.2 -> tomek/94.254.162.175:15344
Tue Jan 31 00:22:42 2017 us=277506 tomek/94.254.162.175:15344 MULTI: primary virtual IP for tomek/94.254.162.175:15344: 172.16.0.2
Tue Jan 31 00:22:42 2017 us=277527 tomek/94.254.162.175:15344 MULTI: internal route 192.168.1.0/24 -> tomek/94.254.162.175:15344
Tue Jan 31 00:22:42 2017 us=277548 tomek/94.254.162.175:15344 MULTI: Learn: 192.168.1.0/24 -> tomek/94.254.162.175:15344
Tue Jan 31 00:22:42 2017 us=868267 MULTI: Learn: 192.168.1.2 -> tomek/94.254.162.175:15344
Tue Jan 31 00:22:43 2017 us=49233 MULTI: Learn: 192.168.1.1 -> tomek/94.254.162.175:15344
Tue Jan 31 00:22:44 2017 us=427238 tomek/94.254.162.175:15344 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jan 31 00:22:44 2017 us=427312 tomek/94.254.162.175:15344 send_push_reply(): safe_cap=940
Tue Jan 31 00:22:44 2017 us=427355 tomek/94.254.162.175:15344 SENT CONTROL [tomek]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0 172.16.0.2,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route-gateway 172.16.0.1,redirect-gateway def1,topology subnet,ping 10,ping-restart 120,ifconfig 172.16.0.2 255.255.255.0' (status=1)
Tue Jan 31 00:22:48 2017 us=585852 tomek_itm/77.112.5.102:52014 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:22:48 2017 us=617917 tomek_itm/77.112.5.102:52014 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:22:48 2017 us=624936 tomek_itm/77.112.5.102:52014 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:22:48 2017 us=905994 tomek/94.254.162.175:15344 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jan 31 00:22:49 2017 us=27853 tomek_itm/77.112.5.102:52014 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:22:49 2017 us=58012 tomek_itm/77.112.5.102:52014 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:22:51 2017 us=284137 tomek_itm/77.112.5.102:52014 PID_ERR replay-window backtrack occurred [2] [SSL-0] [00_0000001111111111111111112222222222222222222222222222222222222] 0:180 0:178 t=1485818571[0] r=[-4,64,15,2,1] sl=[12,64,64,528]
Tue Jan 31 00:22:51 2017 us=909215 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:52 2017 us=329354 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:22:54 2017 us=294967 tomek_itm/77.112.5.102:52014 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:22:57 2017 us=686847 tomek_itm/77.112.5.102:52014 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:22:58 2017 us=781921 tomek_itm/77.112.5.102:52014 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:22:58 2017 us=926880 tomek_itm/77.112.5.102:52014 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:22:59 2017 us=166918 tomek_itm/77.112.5.102:52014 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:22:59 2017 us=614795 tomek_itm/77.112.5.102:52014 MULTI: bad source address from client [fe80::945:a361:76f2:fd9e], packet dropped
Tue Jan 31 00:23:04 2017 us=48849 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:23:04 2017 us=68259 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:23:04 2017 us=81376 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:23:04 2017 us=509210 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:23:04 2017 us=538743 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:23:04 2017 us=915757 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:23:04 2017 us=935838 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:23:04 2017 us=935899 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:23:05 2017 us=29000 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:23:05 2017 us=349288 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
Tue Jan 31 00:23:06 2017 us=907924 tomek_vostro/94.254.128.244:39639 MULTI: bad source address from client [fe80::b0c7:1c51:ceb8:b41f], packet dropped
root@debian:/etc/openvpn#