my setup:
RB2011 as ovpn server
desktop as OpenVPN client using OpenVpnGui. I have OpenVPN Gui working with my home Ubuntu Gateway.
I've tried:
http://itsavedmyass.cyprusmania.net/rem ... -7-client/
http://wiki.mikrotik.com/wiki/OpenVPN
I did not try:
http://wiki.mikrotik.com/wiki/OpenVPN_C ... ep_by_Step
I think that this is at least one problem in my script :
Code: Select all
/interface bridge port add interface=$Eth1Name bridge=vpn-bridge
This is my setup script to run with a DEFAULT RB2011 configuration:
Code: Select all
#--- BEFORE THIS IS RUN YOU MUST IMPORT certificates for VPN
# sftp to 192.168.88.1 : RemoteNode.crt, RemoteNode.pem, ca.crt
# ssh to 192.168.88.1 :
# /certificate
# import file=RemoteNode.crt
# import file=RemoteNode.pem
# import file=ca.crt
/
#-- Set this manually for each computer
global MachineIp 172.20.66.2
global MachineMask 255.255.192.0
# global MachineDns 172.20.64.1
#-- This should be fixed for all RB2011
global IntranetIp 192.168.77.1
global IntranetMask 255.255.255.0
global IntranetDhcp 192.168.77.0/24
global DhcpdRange 192.168.77.200-192.168.77.254
global Computer1 192.168.77.2
global Computer2 192.168.77.3
global Voip 192.168.77.10
global Eth1Name eth1-gw
#--- Renaming Interfaces
/interface set ether1-gateway name=$Eth1Name
/interface set ether2 name="eth2"
/interface set ether3 name="eth3"
/interface set ether4 name="eth4"
/interface set ether5 name="eth5"
/interface set ether6 name="eth6"
/interface set ether7 name="eth7"
/interface set ether8 name="eth8"
/interface set ether9 name="eth9"
/interface set ether10 name="eth10"
/interface set bridge name="bridge"
/ip address add address $IntranetIp netmask $IntranetMask interface bridge comment="RB2011 Intranet";
/ip address add address $MachineIp netmask $MachineMask interface $Eth1Name comment="RB2011 Public";
#--- DHCP Client --- Don't ask for an IP address on the wireless network $Eth1Name
/ip dhcp-client
:foreach k in=[/ip dhcp-client find] do={
remove $k
}
#--- dhcpd --- DHCP SERVER on Intranet
/ip pool
:foreach k in=[/ip pool find] do={
remove $k
}
/ip pool add name=DHCPd ranges=$DhcpdRange
#--- Change default DHCP IP address range so we know the RB2011 config is applied
/ip dhcp-server
:foreach k in=[/ip dhcp-server find] do={
remove $k
}
/ip dhcp-server network
:foreach k in=[/ip dhcp-server network find] do={
remove $k
}
/ip dhcp-server add interface=bridge address-pool=DHCPd authoritative=yes disabled=no name=dhcpd
/ip dhcp-server network add address $IntranetDhcp dns-server $IntranetIp domain RB2011.com gateway $IntranetIp
#--- DNS
/ip dns static
:foreach k in=[/ip dns static find] do={
remove $k
}
add address=$IntranetIp disabled=no name=router
#--- Disable SIP from service ports ---
/ip firewall service-port
:foreach k in=[/ip firewall service-port find name~"sip"] do={
:put [/ip firewall service-port get $k ports]
disable $k
}
#--- Setup VPN ---
/certificate import file-name=RemoteNode.crt
/certificate import file-name=RemoteNode.pem
/certificate import file-name=ca.crt
/certificate print
#--- Setup VPN Networking --------------------
#--- Create a bridge called VPN-Bridge and put an Interface as part of it
/interface bridge add name=vpn-bridge
#--- I thinnk this is wrong... I think interface sould be the bridge that bridges all my InTRAnet together ???
/interface bridge port add interface=$Eth1Name bridge=vpn-bridge
#--- Setup the local IP address that the RB2011 will use to communicate with the computers on the VPN
/ip address add address=192.168.99.1/24 interface=vpn-bridge comment="Vpn LAN"
#--- Tell RouterOS that it can reach other VPN computers through its local VPN IP Address
/ip route add dst-address=192.168.99.0/24 gateway=192.168.99.1 comment="VPN Lan"
#--- Tell Router OS that the default Internet gateway is through its internal Intrenet IP Address
/ip route add gateway=192.168.77.1 comment="Internet Gateway"
#--- Setup VPN DHCPd addresses---------------
/ip pool add name=vpn-pool ranges=192.168.99.100-192.168.99.111
#--- OK Not really sure what this does ... I copied from Mikrotik ... Says adding a VPN user
/ppp profile add comment="Vpn Profile" local-address=192.168.99.1 name="RemoteNode" remote-address=vpn-pool use-encryption=required
#--- Put a username and password to this user ---
/ppp secret add name="Wenco" password="VerySecret" \
caller-id="" comment="" disabled=no \
routes="" service=any profile="RemoteNode"
#--- Tie the "VPN User" to the "oVPN Server". It think... but not sure. Copied this again from Mikrotik
/interface ovpn-server add name=ovpn-username user="Wenco"
#--- I can't even phatom wuy I need to bridge a user with the vpn-bridge... Copied this from Mikrotik
/interface bridge port add interface=ovpn-username bridge=vpn-bridge
#--- Configure the VPN Server and set it to use the above profile that we've just configured
/interface ovpn-server server
set auth=sha1,md5 certificate=cert1 \
cipher=blowfish128,aes128,aes192,aes256 default-profile="RemoteNode" \
enabled=yes keepalive-timeout=disabled max-mtu=1500 mode=ethernet netmask=24 \
port=1194 require-client-certificate=no
#--- These were part of the first simple attempt documented at the first link I tried
#/ppp secret add name=Wenco password="VerySecret" profile=ovpn service=ovpn
#/interface ovpn-server add name=ovpn user=Wenco
#/interface ovpn-server server set default-profile=ovpn enabled=yes mode=ethernet netmask=24 require-client-certificate=no certificate=cert1
:foreach k in=[/ip firewall filter find] do={
:local tmpvar [/ip firewall filter get $k in-interface];
:if ($tmpvar~$Eth1Name) do={
:put "Removing $k";
/ip firewall filter remove $k
}
}
#--- Accept the port forwording packets
/ip firewall filter add action=accept chain=input disabled=no protocol=tcp dst-port=1194 comment="OpenVPN"
/ip firewall filter add action=accept chain=input disabled=no protocol=tcp dst-port=3388-3389 comment="RemoteDesktop"
/ip firewall filter add action=accept chain=input disabled=no protocol=tcp dst-port=25000-26055 comment="Computer1"
/ip firewall filter add action=accept chain=input disabled=no protocol=udp dst-port=32100 comment="RTK"
#--- Secure the rest of the ports from the radio ----------------
/ip firewall filter add action=drop chain=input comment="Radio" disabled=no in-interface=$Eth1Name
#--- Set port forwarding
/ip firewall nat
#--- Remote Desktop
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=3389 to-ports=3389 to-addresses=$Computer1 in-interface=eth1-gw protocol=tcp comment=Computer1.Remote.Desktop
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=3388 to-ports=3389 to-addresses=$Computer2 in-interface=eth1-gw protocol=tcp comment=Computer2.Remote.Desktop
#--- Computer1 ports
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=26000-26055 to-ports=26000-26055 to-addresses=$Computer1 in-interface=eth1-gw protocol=tcp comment=Computer1
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=25000-25009 to-ports=25000-25009 to-addresses=$Computer1 in-interface=eth1-gw protocol=tcp comment=Computer1
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=32100 to-ports=32100 to-addresses=$Computer1 in-interface=eth1-gw protocol=udp comment=RTK
#--- Voip SIP pone: Cisco 7960
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=5060 to-ports=5060 to-addresses=$Voip in-interface=eth1-gw protocol=udp comment=Cisco.sip.7960
/ip firewall nat add action=dst-nat chain=dstnat disabled=no dst-port=30000-31000 to-ports=30000-31000 to-addresses=$Voip in-interface=eth1-gw protocol=udp comment=Cisco.rtp.7960
#--- Removing all IP addresses except "192.168.77.x" and $MachineIp
/ip address
:foreach k in=[/ip address find] do={
:local tmpvar [/ip address get $k address];
:if (!($tmpvar~"192.168.77*") and !($tmpvar~$MachineIp."*") and !($tmpvar~"192.168.99*") ) do={
:put "Removing $tmpvar"
/ip address remove $k
}
}
OpenVPN configuration:
Code: Select all
##############################################
# Sample client-side OpenVPN 2.0 config file #
##############################################
tls-client
client
proto tcp-client
dev tap
remote 172.20.66.2 1194
resolv-retry infinite
nobind
persist-key
tls-client
ca "C:\\Program Files (x86)\\OpenVPN\\Key\\RB2011\\ca.crt"
cert "C:\\Program Files (x86)\\OpenVPN\\Key\\RB2011\\User1.crt"
key "C:\\Program Files (x86)\\OpenVPN\\Key\\RB2011\\User1.key"
ping 10
verb 3
cipher AES-256-CBC
auth SHA1
pull
;auth-user-pass "C:\\Program Files (x86)\\OpenVPN\\Key\\RB2011\\auth.cfg"
;script-security 2 system
;route-up "route add LAN-IP mask 255.255.255.0 192.168.99.1"
Output from OpenVPN Gui:
Code: Select all
Fri Jul 26 15:54:29 2013 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Fri Jul 26 15:54:29 2013 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Fri Jul 26 15:54:29 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jul 26 15:54:29 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jul 26 15:54:33 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jul 26 15:54:33 2013 Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jul 26 15:54:33 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jul 26 15:54:33 2013 Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Fri Jul 26 15:54:33 2013 Local Options hash (VER=V4): 'b60e7885'
Fri Jul 26 15:54:33 2013 Expected Remote Options hash (VER=V4): 'fbeb66e6'
Fri Jul 26 15:54:33 2013 Attempting to establish TCP connection with 172.20.66.2:1194
Fri Jul 26 15:54:54 2013 TCP: connect to 172.20.66.2:1194 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
Fri Jul 26 15:54:59 2013 TCP connection established with 172.20.66.2:1194
Fri Jul 26 15:54:59 2013 TCPv4_CLIENT link local: [undef]
Fri Jul 26 15:54:59 2013 TCPv4_CLIENT link remote: 172.20.66.2:1194
Fri Jul 26 15:54:59 2013 TLS: Initial packet from 172.20.66.2:1194, sid=6c75ca7b 76997723
Fri Jul 26 15:55:00 2013 VERIFY OK: depth=1, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=Wenco/CN=WencoCanada/name=WencoCanada/emailAddress=politick@gmail.com
Fri Jul 26 15:55:00 2013 VERIFY OK: depth=0, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=RemoteNode/CN=RB2011/name=RB2011/emailAddress=politick@gmail.com
Fri Jul 26 15:55:00 2013 Connection reset, restarting [0]
Fri Jul 26 15:55:00 2013 TCP/UDP: Closing socket
Fri Jul 26 15:55:00 2013 SIGUSR1[soft,connection-reset] received, process restarting
Fri Jul 26 15:55:00 2013 Restart pause, 5 second(s)
Fri Jul 26 15:55:05 2013 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Fri Jul 26 15:55:05 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jul 26 15:55:05 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jul 26 15:55:05 2013 Re-using SSL/TLS context
Fri Jul 26 15:55:05 2013 Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jul 26 15:55:05 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jul 26 15:55:05 2013 Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Fri Jul 26 15:55:05 2013 Local Options hash (VER=V4): 'b60e7885'
Fri Jul 26 15:55:05 2013 Expected Remote Options hash (VER=V4): 'fbeb66e6'
Fri Jul 26 15:55:05 2013 Attempting to establish TCP connection with 172.20.66.2:1194
Fri Jul 26 15:55:05 2013 TCP connection established with 172.20.66.2:1194
Fri Jul 26 15:55:05 2013 TCPv4_CLIENT link local: [undef]
Fri Jul 26 15:55:05 2013 TCPv4_CLIENT link remote: 172.20.66.2:1194
Fri Jul 26 15:55:05 2013 TLS: Initial packet from 172.20.66.2:1194, sid=b396bae6 6f71dca0
Fri Jul 26 15:55:06 2013 VERIFY OK: depth=1, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=Wenco/CN=WencoCanada/name=WencoCanada/emailAddress=politick@gmail.com
Fri Jul 26 15:55:06 2013 VERIFY OK: depth=0, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=RemoteNode/CN=RB2011/name=RB2011/emailAddress=politick@gmail.com
Fri Jul 26 15:55:06 2013 Connection reset, restarting [0]
Fri Jul 26 15:55:06 2013 TCP/UDP: Closing socket
Fri Jul 26 15:55:06 2013 SIGUSR1[soft,connection-reset] received, process restarting
Fri Jul 26 15:55:06 2013 Restart pause, 5 second(s)
Fri Jul 26 15:55:11 2013 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Fri Jul 26 15:55:11 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jul 26 15:55:11 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jul 26 15:55:11 2013 Re-using SSL/TLS context
Fri Jul 26 15:55:11 2013 Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jul 26 15:55:11 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jul 26 15:55:11 2013 Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Fri Jul 26 15:55:11 2013 Local Options hash (VER=V4): 'b60e7885'
Fri Jul 26 15:55:11 2013 Expected Remote Options hash (VER=V4): 'fbeb66e6'
Fri Jul 26 15:55:11 2013 Attempting to establish TCP connection with 172.20.66.2:1194
Fri Jul 26 15:55:11 2013 TCP connection established with 172.20.66.2:1194
Fri Jul 26 15:55:11 2013 TCPv4_CLIENT link local: [undef]
Fri Jul 26 15:55:11 2013 TCPv4_CLIENT link remote: 172.20.66.2:1194
Fri Jul 26 15:55:11 2013 TLS: Initial packet from 172.20.66.2:1194, sid=29391202 a8e70ea3
Fri Jul 26 15:55:12 2013 VERIFY OK: depth=1, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=Wenco/CN=WencoCanada/name=WencoCanada/emailAddress=politick@gmail.com
Fri Jul 26 15:55:12 2013 VERIFY OK: depth=0, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=RemoteNode/CN=RB2011/name=RB2011/emailAddress=politick@gmail.com
Fri Jul 26 15:55:12 2013 Connection reset, restarting [0]
Fri Jul 26 15:55:12 2013 TCP/UDP: Closing socket
Fri Jul 26 15:55:12 2013 SIGUSR1[soft,connection-reset] received, process restarting
Fri Jul 26 15:55:12 2013 Restart pause, 5 second(s)
Fri Jul 26 15:55:17 2013 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Fri Jul 26 15:55:17 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jul 26 15:55:17 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jul 26 15:55:17 2013 Re-using SSL/TLS context
Fri Jul 26 15:55:17 2013 Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jul 26 15:55:17 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jul 26 15:55:17 2013 Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Fri Jul 26 15:55:17 2013 Local Options hash (VER=V4): 'b60e7885'
Fri Jul 26 15:55:17 2013 Expected Remote Options hash (VER=V4): 'fbeb66e6'
Fri Jul 26 15:55:17 2013 Attempting to establish TCP connection with 172.20.66.2:1194
Fri Jul 26 15:55:17 2013 TCP connection established with 172.20.66.2:1194
Fri Jul 26 15:55:17 2013 TCPv4_CLIENT link local: [undef]
Fri Jul 26 15:55:17 2013 TCPv4_CLIENT link remote: 172.20.66.2:1194
Fri Jul 26 15:55:17 2013 TLS: Initial packet from 172.20.66.2:1194, sid=185efb23 c12cadbc
Fri Jul 26 15:55:18 2013 VERIFY OK: depth=1, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=Wenco/CN=WencoCanada/name=WencoCanada/emailAddress=politick@gmail.com
Fri Jul 26 15:55:18 2013 VERIFY OK: depth=0, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=RemoteNode/CN=RB2011/name=RB2011/emailAddress=politick@gmail.com
Fri Jul 26 15:55:18 2013 Connection reset, restarting [0]
Fri Jul 26 15:55:18 2013 TCP/UDP: Closing socket
Fri Jul 26 15:55:18 2013 SIGUSR1[soft,connection-reset] received, process restarting
Fri Jul 26 15:55:18 2013 Restart pause, 5 second(s)
Fri Jul 26 15:55:23 2013 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Fri Jul 26 15:55:23 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jul 26 15:55:23 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jul 26 15:55:23 2013 Re-using SSL/TLS context
Fri Jul 26 15:55:23 2013 Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jul 26 15:55:23 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jul 26 15:55:23 2013 Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Fri Jul 26 15:55:23 2013 Local Options hash (VER=V4): 'b60e7885'
Fri Jul 26 15:55:23 2013 Expected Remote Options hash (VER=V4): 'fbeb66e6'
Fri Jul 26 15:55:23 2013 Attempting to establish TCP connection with 172.20.66.2:1194
Fri Jul 26 15:55:23 2013 TCP connection established with 172.20.66.2:1194
Fri Jul 26 15:55:23 2013 TCPv4_CLIENT link local: [undef]
Fri Jul 26 15:55:23 2013 TCPv4_CLIENT link remote: 172.20.66.2:1194
Fri Jul 26 15:55:23 2013 TLS: Initial packet from 172.20.66.2:1194, sid=cf70fc06 8eb5e243
Fri Jul 26 15:55:24 2013 VERIFY OK: depth=1, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=Wenco/CN=WencoCanada/name=WencoCanada/emailAddress=politick@gmail.com
Fri Jul 26 15:55:24 2013 VERIFY OK: depth=0, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=RemoteNode/CN=RB2011/name=RB2011/emailAddress=politick@gmail.com
Fri Jul 26 15:55:24 2013 Connection reset, restarting [0]
Fri Jul 26 15:55:24 2013 TCP/UDP: Closing socket
Fri Jul 26 15:55:24 2013 SIGUSR1[soft,connection-reset] received, process restarting
Fri Jul 26 15:55:24 2013 Restart pause, 5 second(s)
Fri Jul 26 15:55:29 2013 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Fri Jul 26 15:55:29 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jul 26 15:55:29 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jul 26 15:55:29 2013 Re-using SSL/TLS context
Fri Jul 26 15:55:29 2013 Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jul 26 15:55:29 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jul 26 15:55:29 2013 Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Fri Jul 26 15:55:29 2013 Local Options hash (VER=V4): 'b60e7885'
Fri Jul 26 15:55:29 2013 Expected Remote Options hash (VER=V4): 'fbeb66e6'
Fri Jul 26 15:55:29 2013 Attempting to establish TCP connection with 172.20.66.2:1194
Fri Jul 26 15:55:29 2013 TCP connection established with 172.20.66.2:1194
Fri Jul 26 15:55:29 2013 TCPv4_CLIENT link local: [undef]
Fri Jul 26 15:55:29 2013 TCPv4_CLIENT link remote: 172.20.66.2:1194
Fri Jul 26 15:55:29 2013 TLS: Initial packet from 172.20.66.2:1194, sid=9b6698b4 3858dac1
Fri Jul 26 15:55:30 2013 VERIFY OK: depth=1, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=Wenco/CN=WencoCanada/name=WencoCanada/emailAddress=politick@gmail.com
Fri Jul 26 15:55:30 2013 VERIFY OK: depth=0, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=RemoteNode/CN=RB2011/name=RB2011/emailAddress=politick@gmail.com
Fri Jul 26 15:55:31 2013 Connection reset, restarting [0]
Fri Jul 26 15:55:31 2013 TCP/UDP: Closing socket
Fri Jul 26 15:55:31 2013 SIGUSR1[soft,connection-reset] received, process restarting
Fri Jul 26 15:55:31 2013 Restart pause, 5 second(s)
Fri Jul 26 15:55:36 2013 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Fri Jul 26 15:55:36 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jul 26 15:55:36 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jul 26 15:55:36 2013 Re-using SSL/TLS context
Fri Jul 26 15:55:36 2013 Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jul 26 15:55:36 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jul 26 15:55:36 2013 Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Fri Jul 26 15:55:36 2013 Local Options hash (VER=V4): 'b60e7885'
Fri Jul 26 15:55:36 2013 Expected Remote Options hash (VER=V4): 'fbeb66e6'
Fri Jul 26 15:55:36 2013 Attempting to establish TCP connection with 172.20.66.2:1194
Fri Jul 26 15:55:36 2013 TCP connection established with 172.20.66.2:1194
Fri Jul 26 15:55:36 2013 TCPv4_CLIENT link local: [undef]
Fri Jul 26 15:55:36 2013 TCPv4_CLIENT link remote: 172.20.66.2:1194
Fri Jul 26 15:55:36 2013 TLS: Initial packet from 172.20.66.2:1194, sid=269eca11 9a2bd0fa
Fri Jul 26 15:55:36 2013 VERIFY OK: depth=1, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=Wenco/CN=WencoCanada/name=WencoCanada/emailAddress=politick@gmail.com
Fri Jul 26 15:55:36 2013 VERIFY OK: depth=0, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=RemoteNode/CN=RB2011/name=RB2011/emailAddress=politick@gmail.com
Fri Jul 26 15:55:37 2013 Connection reset, restarting [0]
Fri Jul 26 15:55:37 2013 TCP/UDP: Closing socket
Fri Jul 26 15:55:37 2013 SIGUSR1[soft,connection-reset] received, process restarting
Fri Jul 26 15:55:37 2013 Restart pause, 5 second(s)
Fri Jul 26 15:55:42 2013 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Fri Jul 26 15:55:42 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jul 26 15:55:42 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jul 26 15:55:42 2013 Re-using SSL/TLS context
Fri Jul 26 15:55:42 2013 Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jul 26 15:55:42 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jul 26 15:55:42 2013 Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Fri Jul 26 15:55:42 2013 Local Options hash (VER=V4): 'b60e7885'
Fri Jul 26 15:55:42 2013 Expected Remote Options hash (VER=V4): 'fbeb66e6'
Fri Jul 26 15:55:42 2013 Attempting to establish TCP connection with 172.20.66.2:1194
Fri Jul 26 15:55:42 2013 TCP connection established with 172.20.66.2:1194
Fri Jul 26 15:55:42 2013 TCPv4_CLIENT link local: [undef]
Fri Jul 26 15:55:42 2013 TCPv4_CLIENT link remote: 172.20.66.2:1194
Fri Jul 26 15:55:42 2013 TLS: Initial packet from 172.20.66.2:1194, sid=5163f1e3 b0e43c3b
Fri Jul 26 15:55:42 2013 VERIFY OK: depth=1, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=Wenco/CN=WencoCanada/name=WencoCanada/emailAddress=politick@gmail.com
Fri Jul 26 15:55:42 2013 VERIFY OK: depth=0, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=RemoteNode/CN=RB2011/name=RB2011/emailAddress=politick@gmail.com
Fri Jul 26 15:55:43 2013 Connection reset, restarting [0]
Fri Jul 26 15:55:43 2013 TCP/UDP: Closing socket
Fri Jul 26 15:55:43 2013 SIGUSR1[soft,connection-reset] received, process restarting
Fri Jul 26 15:55:43 2013 Restart pause, 5 second(s)
Fri Jul 26 15:55:48 2013 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Fri Jul 26 15:55:48 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jul 26 15:55:48 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jul 26 15:55:48 2013 Re-using SSL/TLS context
Fri Jul 26 15:55:48 2013 Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jul 26 15:55:48 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jul 26 15:55:48 2013 Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Fri Jul 26 15:55:48 2013 Local Options hash (VER=V4): 'b60e7885'
Fri Jul 26 15:55:48 2013 Expected Remote Options hash (VER=V4): 'fbeb66e6'
Fri Jul 26 15:55:48 2013 Attempting to establish TCP connection with 172.20.66.2:1194
Fri Jul 26 15:55:48 2013 TCP connection established with 172.20.66.2:1194
Fri Jul 26 15:55:48 2013 TCPv4_CLIENT link local: [undef]
Fri Jul 26 15:55:48 2013 TCPv4_CLIENT link remote: 172.20.66.2:1194
Fri Jul 26 15:55:48 2013 TLS: Initial packet from 172.20.66.2:1194, sid=6bee3997 69071497
Fri Jul 26 15:55:48 2013 VERIFY OK: depth=1, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=Wenco/CN=WencoCanada/name=WencoCanada/emailAddress=politick@gmail.com
Fri Jul 26 15:55:48 2013 VERIFY OK: depth=0, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=RemoteNode/CN=RB2011/name=RB2011/emailAddress=politick@gmail.com
Fri Jul 26 15:55:49 2013 Connection reset, restarting [0]
Fri Jul 26 15:55:49 2013 TCP/UDP: Closing socket
Fri Jul 26 15:55:49 2013 SIGUSR1[soft,connection-reset] received, process restarting
Fri Jul 26 15:55:49 2013 Restart pause, 5 second(s)
Fri Jul 26 15:55:54 2013 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Fri Jul 26 15:55:54 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jul 26 15:55:54 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jul 26 15:55:54 2013 Re-using SSL/TLS context
Fri Jul 26 15:55:54 2013 Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jul 26 15:55:54 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jul 26 15:55:54 2013 Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Fri Jul 26 15:55:54 2013 Local Options hash (VER=V4): 'b60e7885'
Fri Jul 26 15:55:54 2013 Expected Remote Options hash (VER=V4): 'fbeb66e6'
Fri Jul 26 15:55:54 2013 Attempting to establish TCP connection with 172.20.66.2:1194
Fri Jul 26 15:55:54 2013 TCP connection established with 172.20.66.2:1194
Fri Jul 26 15:55:54 2013 TCPv4_CLIENT link local: [undef]
Fri Jul 26 15:55:54 2013 TCPv4_CLIENT link remote: 172.20.66.2:1194
Fri Jul 26 15:55:54 2013 TLS: Initial packet from 172.20.66.2:1194, sid=04eaaff6 813cd470
Fri Jul 26 15:55:54 2013 VERIFY OK: depth=1, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=Wenco/CN=WencoCanada/name=WencoCanada/emailAddress=politick@gmail.com
Fri Jul 26 15:55:54 2013 VERIFY OK: depth=0, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=RemoteNode/CN=RB2011/name=RB2011/emailAddress=politick@gmail.com
Fri Jul 26 15:55:55 2013 Connection reset, restarting [0]
Fri Jul 26 15:55:55 2013 TCP/UDP: Closing socket
Fri Jul 26 15:55:55 2013 SIGUSR1[soft,connection-reset] received, process restarting
Fri Jul 26 15:55:55 2013 Restart pause, 5 second(s)
Fri Jul 26 15:56:00 2013 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Fri Jul 26 15:56:00 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jul 26 15:56:00 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jul 26 15:56:00 2013 Re-using SSL/TLS context
Fri Jul 26 15:56:00 2013 Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jul 26 15:56:00 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jul 26 15:56:00 2013 Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Fri Jul 26 15:56:00 2013 Local Options hash (VER=V4): 'b60e7885'
Fri Jul 26 15:56:00 2013 Expected Remote Options hash (VER=V4): 'fbeb66e6'
Fri Jul 26 15:56:00 2013 Attempting to establish TCP connection with 172.20.66.2:1194
Fri Jul 26 15:56:00 2013 TCP connection established with 172.20.66.2:1194
Fri Jul 26 15:56:00 2013 TCPv4_CLIENT link local: [undef]
Fri Jul 26 15:56:00 2013 TCPv4_CLIENT link remote: 172.20.66.2:1194
Fri Jul 26 15:56:00 2013 TLS: Initial packet from 172.20.66.2:1194, sid=9411e8ca 04b3313a
Fri Jul 26 15:56:01 2013 VERIFY OK: depth=1, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=Wenco/CN=WencoCanada/name=WencoCanada/emailAddress=politick@gmail.com
Fri Jul 26 15:56:01 2013 VERIFY OK: depth=0, /C=CA/ST=BC/L=Vancouver/O=Wenco/OU=RemoteNode/CN=RB2011/name=RB2011/emailAddress=politick@gmail.com
Fri Jul 26 15:56:01 2013 Connection reset, restarting [0]
Fri Jul 26 15:56:01 2013 TCP/UDP: Closing socket
Fri Jul 26 15:56:01 2013 SIGUSR1[soft,connection-reset] received, process restarting
Fri Jul 26 15:56:01 2013 Restart pause, 5 second(s)
Fri Jul 26 15:56:06 2013 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Fri Jul 26 15:56:06 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Jul 26 15:56:06 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jul 26 15:56:06 2013 Re-using SSL/TLS context
Fri Jul 26 15:56:06 2013 Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jul 26 15:56:06 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jul 26 15:56:06 2013 Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Fri Jul 26 15:56:06 2013 Local Options hash (VER=V4): 'b60e7885'
Fri Jul 26 15:56:06 2013 Expected Remote Options hash (VER=V4): 'fbeb66e6'
Fri Jul 26 15:56:06 2013 Attempting to establish TCP connection with 172.20.66.2:1194
Fri Jul 26 15:56:06 2013 TCP/UDP: Closing socket
Fri Jul 26 15:56:06 2013 SIGTERM[hard,init_instance] received, process exiting
Any help would be GREATLY appreciated...
I've spent the week on this...
Kind Regards,
Martin Politick.