search

OpenVPN / openvpn-gui

OpenVPN GUI is a graphical frontend for OpenVPN running on Windows 7 / 8 / 10. It creates an icon in the notification area from which you can control OpenVPN to start/stop your VPN tunnels, view the log and do other useful things.
Other
1.38k stars 397 forks source link

OpenVPN DCO connect error with TCP port on Windows client #688

Closed Philippe34 closed 1 month ago

Philippe34 commented 1 month ago

Hi, Openvpn server 2.4.12 OpenVPN GUI v11.48.0.0 client 2.6.10 on Windows 11 Professionnal 23H2

My connection with the server is done on UDP port 1194 and everything works perfectly.

Now I add a second openvpn instance on the server because I want the client can connect on a TCP 80 port (sometimes the UDP port 1194 is not open on the network firewall). The instances work on the server :

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      0          34246483   39394/openvpn
udp        0      0 0.0.0.0:1194            0.0.0.0:*                           0          33813657   35775/openvpn

I add a second configuration on client with : proto tcp and remote server 80 The connection is established, but is cut after a few seconds The same issue described on the forum: https://forums.openvpn.net/viewtopic.php?t=35419#p110702

2024-05-16 16:57:05 us=234000 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-05-16 16:57:05 us=250000 Current Parameter Settings:
2024-05-16 16:57:05 us=250000   config = 'client-auth-ldap-2.ovpn'
2024-05-16 16:57:05 us=250000   mode = 0
2024-05-16 16:57:05 us=250000   show_ciphers = DISABLED
2024-05-16 16:57:05 us=250000   show_digests = DISABLED
2024-05-16 16:57:05 us=250000   show_engines = DISABLED
2024-05-16 16:57:05 us=250000   genkey = DISABLED
2024-05-16 16:57:05 us=250000   genkey_filename = '[UNDEF]'
2024-05-16 16:57:05 us=250000   key_pass_file = '[UNDEF]'
2024-05-16 16:57:05 us=250000   show_tls_ciphers = DISABLED
2024-05-16 16:57:05 us=250000   connect_retry_max = 0
2024-05-16 16:57:05 us=250000 Connection profiles [0]:
2024-05-16 16:57:05 us=250000   proto = tcp-client
2024-05-16 16:57:05 us=250000   local = '[UNDEF]'
2024-05-16 16:57:05 us=250000   local_port = '[UNDEF]'
2024-05-16 16:57:05 us=250000   remote = 'ovpn.XXX'
2024-05-16 16:57:05 us=250000   remote_port = '80'
2024-05-16 16:57:05 us=250000   remote_float = DISABLED
2024-05-16 16:57:05 us=250000   bind_defined = DISABLED
2024-05-16 16:57:05 us=250000   bind_local = DISABLED
2024-05-16 16:57:05 us=250000   bind_ipv6_only = DISABLED
2024-05-16 16:57:05 us=250000   connect_retry_seconds = 1
2024-05-16 16:57:05 us=250000   connect_timeout = 120
2024-05-16 16:57:05 us=250000   socks_proxy_server = '[UNDEF]'
2024-05-16 16:57:05 us=250000   socks_proxy_port = '[UNDEF]'
2024-05-16 16:57:05 us=250000   tun_mtu = 1500
2024-05-16 16:57:05 us=250000   tun_mtu_defined = ENABLED
2024-05-16 16:57:05 us=250000   link_mtu = 1500
2024-05-16 16:57:05 us=250000   link_mtu_defined = DISABLED
2024-05-16 16:57:05 us=250000   tun_mtu_extra = 0
2024-05-16 16:57:05 us=250000   tun_mtu_extra_defined = DISABLED
2024-05-16 16:57:05 us=250000   tls_mtu = 1250
2024-05-16 16:57:05 us=250000   mtu_discover_type = -1
2024-05-16 16:57:05 us=250000   fragment = 0
2024-05-16 16:57:05 us=250000   mssfix = 1390
2024-05-16 16:57:05 us=250000   mssfix_encap = DISABLED
2024-05-16 16:57:05 us=250000   mssfix_fixed = DISABLED
2024-05-16 16:57:05 us=250000   explicit_exit_notification = 0
2024-05-16 16:57:05 us=250000   tls_auth_file = '[INLINE]'
2024-05-16 16:57:05 us=250000   key_direction = 1
2024-05-16 16:57:05 us=250000   tls_crypt_file = '[UNDEF]'
2024-05-16 16:57:05 us=250000   tls_crypt_v2_file = '[UNDEF]'
2024-05-16 16:57:05 us=250000 Connection profiles END
2024-05-16 16:57:05 us=250000   remote_random = DISABLED
2024-05-16 16:57:05 us=250000   ipchange = '[UNDEF]'
2024-05-16 16:57:05 us=250000   dev = 'tun'
2024-05-16 16:57:05 us=250000   dev_type = '[UNDEF]'
2024-05-16 16:57:05 us=250000   dev_node = '[UNDEF]'
2024-05-16 16:57:05 us=250000   tuntap_options.disable_dco = DISABLED
2024-05-16 16:57:05 us=250000   lladdr = '[UNDEF]'
2024-05-16 16:57:05 us=250000   topology = 1
2024-05-16 16:57:05 us=250000   ifconfig_local = '[UNDEF]'
2024-05-16 16:57:05 us=250000   ifconfig_remote_netmask = '[UNDEF]'
2024-05-16 16:57:05 us=250000   ifconfig_noexec = DISABLED
2024-05-16 16:57:05 us=250000   ifconfig_nowarn = DISABLED
2024-05-16 16:57:05 us=250000   ifconfig_ipv6_local = '[UNDEF]'
2024-05-16 16:57:05 us=250000   ifconfig_ipv6_netbits = 0
2024-05-16 16:57:05 us=250000   ifconfig_ipv6_remote = '[UNDEF]'
2024-05-16 16:57:05 us=250000   shaper = 0
2024-05-16 16:57:05 us=250000   mtu_test = 0
2024-05-16 16:57:05 us=250000   mlock = DISABLED
2024-05-16 16:57:05 us=250000   keepalive_ping = 10
2024-05-16 16:57:05 us=250000   keepalive_timeout = 120
2024-05-16 16:57:05 us=250000   inactivity_timeout = 0
2024-05-16 16:57:05 us=250000   session_timeout = 0
2024-05-16 16:57:05 us=250000   inactivity_minimum_bytes = 0
2024-05-16 16:57:05 us=250000   ping_send_timeout = 10
2024-05-16 16:57:05 us=250000   ping_rec_timeout = 120
2024-05-16 16:57:05 us=250000   ping_rec_timeout_action = 2
2024-05-16 16:57:05 us=250000   ping_timer_remote = DISABLED
2024-05-16 16:57:05 us=250000   remap_sigusr1 = 0
2024-05-16 16:57:05 us=250000   persist_tun = ENABLED
2024-05-16 16:57:05 us=250000   persist_local_ip = DISABLED
2024-05-16 16:57:05 us=250000   persist_remote_ip = DISABLED
2024-05-16 16:57:05 us=250000   persist_key = ENABLED
2024-05-16 16:57:05 us=250000   passtos = DISABLED
2024-05-16 16:57:05 us=250000   resolve_retry_seconds = 1000000000
2024-05-16 16:57:05 us=250000   resolve_in_advance = DISABLED
2024-05-16 16:57:05 us=250000   username = '[UNDEF]'
2024-05-16 16:57:05 us=250000   groupname = '[UNDEF]'
2024-05-16 16:57:05 us=250000   chroot_dir = '[UNDEF]'
2024-05-16 16:57:05 us=250000   cd_dir = '[UNDEF]'
2024-05-16 16:57:05 us=250000   writepid = '[UNDEF]'
2024-05-16 16:57:05 us=250000   up_script = '[UNDEF]'
2024-05-16 16:57:05 us=250000   down_script = '[UNDEF]'
2024-05-16 16:57:05 us=250000   down_pre = DISABLED
2024-05-16 16:57:05 us=250000   up_restart = DISABLED
2024-05-16 16:57:05 us=250000   up_delay = DISABLED
2024-05-16 16:57:05 us=250000   daemon = DISABLED
2024-05-16 16:57:05 us=250000   log = ENABLED
2024-05-16 16:57:05 us=250000   suppress_timestamps = DISABLED
2024-05-16 16:57:05 us=250000   machine_readable_output = DISABLED
2024-05-16 16:57:05 us=250000   nice = 0
2024-05-16 16:57:05 us=250000   verbosity = 5
2024-05-16 16:57:05 us=250000   mute = 0
2024-05-16 16:57:05 us=250000   gremlin = 0
2024-05-16 16:57:05 us=250000   status_file = '[UNDEF]'
2024-05-16 16:57:05 us=250000   status_file_version = 1
2024-05-16 16:57:05 us=250000   status_file_update_freq = 60
2024-05-16 16:57:05 us=250000   occ = ENABLED
2024-05-16 16:57:05 us=250000   rcvbuf = 0
2024-05-16 16:57:05 us=250000   sndbuf = 0
2024-05-16 16:57:05 us=250000   sockflags = 0
2024-05-16 16:57:05 us=250000   fast_io = DISABLED
2024-05-16 16:57:05 us=250000   comp.alg = 0
2024-05-16 16:57:05 us=250000   comp.flags = 152
2024-05-16 16:57:05 us=250000   route_script = '[UNDEF]'
2024-05-16 16:57:05 us=250000   route_default_gateway = '[UNDEF]'
2024-05-16 16:57:05 us=250000   route_default_metric = 0
2024-05-16 16:57:05 us=250000   route_noexec = DISABLED
2024-05-16 16:57:05 us=250000   route_delay = 0
2024-05-16 16:57:05 us=250000   route_delay_window = 30
2024-05-16 16:57:05 us=250000   route_delay_defined = DISABLED
2024-05-16 16:57:05 us=250000   route_nopull = DISABLED
2024-05-16 16:57:05 us=250000   route_gateway_via_dhcp = DISABLED
2024-05-16 16:57:05 us=250000   allow_pull_fqdn = DISABLED
2024-05-16 16:57:05 us=250000   Pull filters:
2024-05-16 16:57:05 us=250000     ignore "route-method"
2024-05-16 16:57:05 us=250000   management_addr = '127.0.0.1'
2024-05-16 16:57:05 us=250000   management_port = '25340'
2024-05-16 16:57:05 us=250000   management_user_pass = 'stdin'
2024-05-16 16:57:05 us=250000   management_log_history_cache = 250
2024-05-16 16:57:05 us=250000   management_echo_buffer_size = 100
2024-05-16 16:57:05 us=250000   management_client_user = '[UNDEF]'
2024-05-16 16:57:05 us=250000   management_client_group = '[UNDEF]'
2024-05-16 16:57:05 us=250000   management_flags = 6
2024-05-16 16:57:05 us=250000   shared_secret_file = '[UNDEF]'
2024-05-16 16:57:05 us=250000   key_direction = 1
2024-05-16 16:57:05 us=250000   ciphername = 'BF-CBC'
2024-05-16 16:57:05 us=250000   ncp_ciphers = 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305'
2024-05-16 16:57:05 us=250000   authname = 'SHA1'
2024-05-16 16:57:05 us=250000   engine = DISABLED
2024-05-16 16:57:05 us=250000   replay = ENABLED
2024-05-16 16:57:05 us=250000   mute_replay_warnings = DISABLED
2024-05-16 16:57:05 us=250000   replay_window = 64
2024-05-16 16:57:05 us=250000   replay_time = 15
2024-05-16 16:57:05 us=250000   packet_id_file = '[UNDEF]'
2024-05-16 16:57:05 us=250000   test_crypto = DISABLED
2024-05-16 16:57:05 us=250000   tls_server = DISABLED
2024-05-16 16:57:05 us=250000   tls_client = ENABLED
2024-05-16 16:57:05 us=250000   ca_file = 'config-auth-ldap/ca.crt'
2024-05-16 16:57:05 us=250000   ca_path = '[UNDEF]'
2024-05-16 16:57:05 us=250000   dh_file = '[UNDEF]'
2024-05-16 16:57:05 us=250000   cert_file = '[UNDEF]'
2024-05-16 16:57:05 us=250000   extra_certs_file = '[UNDEF]'
2024-05-16 16:57:05 us=250000   priv_key_file = '[UNDEF]'
2024-05-16 16:57:05 us=250000   pkcs12_file = '[UNDEF]'
2024-05-16 16:57:05 us=250000   cryptoapi_cert = '[UNDEF]'
2024-05-16 16:57:05 us=250000   cipher_list = '[UNDEF]'
2024-05-16 16:57:05 us=250000   cipher_list_tls13 = '[UNDEF]'
2024-05-16 16:57:05 us=250000   tls_cert_profile = '[UNDEF]'
2024-05-16 16:57:05 us=250000   tls_verify = '[UNDEF]'
2024-05-16 16:57:05 us=250000   tls_export_peer_cert_dir = '[UNDEF]'
2024-05-16 16:57:05 us=250000   verify_x509_type = 0
2024-05-16 16:57:05 us=250000   verify_x509_name = '[UNDEF]'
2024-05-16 16:57:05 us=250000   crl_file = '[UNDEF]'
2024-05-16 16:57:05 us=250000   ns_cert_type = 0
2024-05-16 16:57:05 us=250000   remote_cert_ku[i] = 65535
2024-05-16 16:57:05 us=250000   remote_cert_ku[i] = 0
2024-05-16 16:57:05 us=250000   remote_cert_ku[i] = 0
2024-05-16 16:57:05 us=250000   remote_cert_ku[i] = 0
2024-05-16 16:57:05 us=250000   remote_cert_ku[i] = 0
2024-05-16 16:57:05 us=250000   remote_cert_ku[i] = 0
2024-05-16 16:57:05 us=250000   remote_cert_ku[i] = 0
2024-05-16 16:57:05 us=250000   remote_cert_ku[i] = 0
2024-05-16 16:57:05 us=250000   remote_cert_ku[i] = 0
2024-05-16 16:57:05 us=250000   remote_cert_ku[i] = 0
2024-05-16 16:57:05 us=250000   remote_cert_ku[i] = 0
2024-05-16 16:57:05 us=250000   remote_cert_ku[i] = 0
2024-05-16 16:57:05 us=250000   remote_cert_ku[i] = 0
2024-05-16 16:57:05 us=250000   remote_cert_ku[i] = 0
2024-05-16 16:57:05 us=250000   remote_cert_ku[i] = 0
2024-05-16 16:57:05 us=250000   remote_cert_ku[i] = 0
2024-05-16 16:57:05 us=250000   remote_cert_eku = 'TLS Web Server Authentication'
2024-05-16 16:57:05 us=250000   ssl_flags = 192
2024-05-16 16:57:05 us=250000   tls_timeout = 2
2024-05-16 16:57:05 us=250000   renegotiate_bytes = -1
2024-05-16 16:57:05 us=250000   renegotiate_packets = 0
2024-05-16 16:57:05 us=250000   renegotiate_seconds = 3600
2024-05-16 16:57:05 us=250000   handshake_window = 60
2024-05-16 16:57:05 us=250000   transition_window = 3600
2024-05-16 16:57:05 us=250000   single_session = DISABLED
2024-05-16 16:57:05 us=250000   push_peer_info = DISABLED
2024-05-16 16:57:05 us=250000   tls_exit = DISABLED
2024-05-16 16:57:05 us=250000   tls_crypt_v2_metadata = '[UNDEF]'
2024-05-16 16:57:05 us=250000   pkcs11_protected_authentication = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_protected_authentication = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_protected_authentication = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_protected_authentication = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_protected_authentication = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_protected_authentication = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_protected_authentication = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_protected_authentication = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_protected_authentication = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_protected_authentication = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_protected_authentication = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_protected_authentication = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_protected_authentication = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_protected_authentication = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_protected_authentication = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_protected_authentication = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_private_mode = 00000000
2024-05-16 16:57:05 us=250000   pkcs11_private_mode = 00000000
2024-05-16 16:57:05 us=250000   pkcs11_private_mode = 00000000
2024-05-16 16:57:05 us=250000   pkcs11_private_mode = 00000000
2024-05-16 16:57:05 us=250000   pkcs11_private_mode = 00000000
2024-05-16 16:57:05 us=250000   pkcs11_private_mode = 00000000
2024-05-16 16:57:05 us=250000   pkcs11_private_mode = 00000000
2024-05-16 16:57:05 us=250000   pkcs11_private_mode = 00000000
2024-05-16 16:57:05 us=250000   pkcs11_private_mode = 00000000
2024-05-16 16:57:05 us=250000   pkcs11_private_mode = 00000000
2024-05-16 16:57:05 us=250000   pkcs11_private_mode = 00000000
2024-05-16 16:57:05 us=250000   pkcs11_private_mode = 00000000
2024-05-16 16:57:05 us=250000   pkcs11_private_mode = 00000000
2024-05-16 16:57:05 us=250000   pkcs11_private_mode = 00000000
2024-05-16 16:57:05 us=250000   pkcs11_private_mode = 00000000
2024-05-16 16:57:05 us=250000   pkcs11_private_mode = 00000000
2024-05-16 16:57:05 us=250000   pkcs11_cert_private = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_cert_private = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_cert_private = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_cert_private = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_cert_private = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_cert_private = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_cert_private = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_cert_private = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_cert_private = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_cert_private = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_cert_private = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_cert_private = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_cert_private = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_cert_private = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_cert_private = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_cert_private = DISABLED
2024-05-16 16:57:05 us=250000   pkcs11_pin_cache_period = -1
2024-05-16 16:57:05 us=250000   pkcs11_id = '[UNDEF]'
2024-05-16 16:57:05 us=250000   pkcs11_id_management = DISABLED
2024-05-16 16:57:05 us=250000   server_network = 0.0.0.0
2024-05-16 16:57:05 us=250000   server_netmask = 0.0.0.0
2024-05-16 16:57:05 us=250000   server_network_ipv6 = ::
2024-05-16 16:57:05 us=250000   server_netbits_ipv6 = 0
2024-05-16 16:57:05 us=250000   server_bridge_ip = 0.0.0.0
2024-05-16 16:57:05 us=250000   server_bridge_netmask = 0.0.0.0
2024-05-16 16:57:05 us=250000   server_bridge_pool_start = 0.0.0.0
2024-05-16 16:57:05 us=250000   server_bridge_pool_end = 0.0.0.0
2024-05-16 16:57:05 us=250000   ifconfig_pool_defined = DISABLED
2024-05-16 16:57:05 us=250000   ifconfig_pool_start = 0.0.0.0
2024-05-16 16:57:05 us=250000   ifconfig_pool_end = 0.0.0.0
2024-05-16 16:57:05 us=250000   ifconfig_pool_netmask = 0.0.0.0
2024-05-16 16:57:05 us=250000   ifconfig_pool_persist_filename = '[UNDEF]'
2024-05-16 16:57:05 us=250000   ifconfig_pool_persist_refresh_freq = 600
2024-05-16 16:57:05 us=250000   ifconfig_ipv6_pool_defined = DISABLED
2024-05-16 16:57:05 us=250000   ifconfig_ipv6_pool_base = ::
2024-05-16 16:57:05 us=250000   ifconfig_ipv6_pool_netbits = 0
2024-05-16 16:57:05 us=250000   n_bcast_buf = 256
2024-05-16 16:57:05 us=250000   tcp_queue_limit = 64
2024-05-16 16:57:05 us=250000   real_hash_size = 256
2024-05-16 16:57:05 us=250000   virtual_hash_size = 256
2024-05-16 16:57:05 us=250000   client_connect_script = '[UNDEF]'
2024-05-16 16:57:05 us=250000   learn_address_script = '[UNDEF]'
2024-05-16 16:57:05 us=250000   client_disconnect_script = '[UNDEF]'
2024-05-16 16:57:05 us=250000   client_crresponse_script = '[UNDEF]'
2024-05-16 16:57:05 us=250000   client_config_dir = '[UNDEF]'
2024-05-16 16:57:05 us=250000   ccd_exclusive = DISABLED
2024-05-16 16:57:05 us=250000   tmp_dir = 'C:\Users\XXX'
2024-05-16 16:57:05 us=250000   push_ifconfig_defined = DISABLED
2024-05-16 16:57:05 us=250000   push_ifconfig_local = 0.0.0.0
2024-05-16 16:57:05 us=250000   push_ifconfig_remote_netmask = 0.0.0.0
2024-05-16 16:57:05 us=250000   push_ifconfig_ipv6_defined = DISABLED
2024-05-16 16:57:05 us=250000   push_ifconfig_ipv6_local = ::/0
2024-05-16 16:57:05 us=250000   push_ifconfig_ipv6_remote = ::
2024-05-16 16:57:05 us=250000   enable_c2c = DISABLED
2024-05-16 16:57:05 us=250000   duplicate_cn = DISABLED
2024-05-16 16:57:05 us=250000   cf_max = 0
2024-05-16 16:57:05 us=250000   cf_per = 0
2024-05-16 16:57:05 us=250000   cf_initial_max = 100
2024-05-16 16:57:05 us=250000   cf_initial_per = 10
2024-05-16 16:57:05 us=250000   max_clients = 1024
2024-05-16 16:57:05 us=250000   max_routes_per_client = 256
2024-05-16 16:57:05 us=250000   auth_user_pass_verify_script = '[UNDEF]'
2024-05-16 16:57:05 us=250000   auth_user_pass_verify_script_via_file = DISABLED
2024-05-16 16:57:05 us=250000   auth_token_generate = DISABLED
2024-05-16 16:57:05 us=250000   force_key_material_export = DISABLED
2024-05-16 16:57:05 us=250000   auth_token_lifetime = 0
2024-05-16 16:57:05 us=250000   auth_token_secret_file = '[UNDEF]'
2024-05-16 16:57:05 us=250000   vlan_tagging = DISABLED
2024-05-16 16:57:05 us=250000   vlan_accept = all
2024-05-16 16:57:05 us=250000   vlan_pvid = 1
2024-05-16 16:57:05 us=250000   client = ENABLED
2024-05-16 16:57:05 us=250000   pull = ENABLED
2024-05-16 16:57:05 us=250000   auth_user_pass_file = 'stdin'
2024-05-16 16:57:05 us=250000   show_net_up = DISABLED
2024-05-16 16:57:05 us=250000   route_method = 3
2024-05-16 16:57:05 us=250000   block_outside_dns = DISABLED
2024-05-16 16:57:05 us=250000   ip_win32_defined = DISABLED
2024-05-16 16:57:05 us=250000   ip_win32_type = 1
2024-05-16 16:57:05 us=250000   dhcp_masq_offset = 0
2024-05-16 16:57:05 us=250000   dhcp_lease_time = 31536000
2024-05-16 16:57:05 us=250000   tap_sleep = 0
2024-05-16 16:57:05 us=250000   dhcp_options = 0x00000000
2024-05-16 16:57:05 us=250000   dhcp_renew = DISABLED
2024-05-16 16:57:05 us=250000   dhcp_pre_release = DISABLED
2024-05-16 16:57:05 us=250000   domain = '[UNDEF]'
2024-05-16 16:57:05 us=250000   netbios_scope = '[UNDEF]'
2024-05-16 16:57:05 us=250000   netbios_node_type = 0
2024-05-16 16:57:05 us=250000   disable_nbt = DISABLED
2024-05-16 16:57:05 us=250000 OpenVPN 2.6.10 [git:v2.6.10/ba0f62fb950c56a0] Windows [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Mar 20 2024
2024-05-16 16:57:05 us=250000 Windows version 10.0 (Windows 10 or greater), amd64 executable
2024-05-16 16:57:05 us=250000 library versions: OpenSSL 3.2.1 30 Jan 2024, LZO 2.10
2024-05-16 16:57:05 us=250000 DCO version: 1.0.1
2024-05-16 16:57:05 us=250000 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2024-05-16 16:57:05 us=250000 Need hold release from management interface, waiting...
2024-05-16 16:57:05 us=703000 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:57134
2024-05-16 16:57:05 us=812000 MANAGEMENT: CMD 'state on'
2024-05-16 16:57:05 us=812000 MANAGEMENT: CMD 'log on all'
2024-05-16 16:57:06 us=921000 MANAGEMENT: CMD 'echo on all'
2024-05-16 16:57:06 us=937000 MANAGEMENT: CMD 'bytecount 5'
2024-05-16 16:57:06 us=953000 MANAGEMENT: CMD 'state'
2024-05-16 16:57:06 us=968000 MANAGEMENT: CMD 'hold off'
2024-05-16 16:57:06 us=968000 MANAGEMENT: CMD 'hold release'
2024-05-16 16:57:11 us=750000 MANAGEMENT: CMD 'username "Auth" "XXX"'
2024-05-16 16:57:11 us=812000 MANAGEMENT: CMD 'password [...]'
2024-05-16 16:57:11 us=828000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-05-16 16:57:11 us=828000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-05-16 16:57:11 us=828000 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2024-05-16 16:57:11 us=828000 MANAGEMENT: >STATE:1715871431,RESOLVE,,,,,,
2024-05-16 16:57:11 us=843000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2024-05-16 16:57:11 us=843000 TCP/UDP: Preserving recently used remote address: [AF_INET]162.XXX:80
2024-05-16 16:57:11 us=859000 ovpn-dco device [OpenVPN Data Channel Offload] opened
2024-05-16 16:57:11 us=859000 TCP_CLIENT link local: (not bound)
2024-05-16 16:57:11 us=859000 TCP_CLIENT link remote: [AF_INET]162.XXX:80
2024-05-16 16:57:11 us=859000 MANAGEMENT: >STATE:1715871431,WAIT,,,,,,
WR2024-05-16 16:57:11 us=875000 MANAGEMENT: >STATE:1715871431,AUTH,,,,,,
2024-05-16 16:57:11 us=875000 TLS: Initial packet from [AF_INET]162.XXX:80, sid=a945f170 42190cce
2024-05-16 16:57:11 us=875000 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
WRRWR2024-05-16 16:57:11 us=890000 VERIFY OK: depth=1, CN=ies-CA
2024-05-16 16:57:11 us=890000 VERIFY KU OK
2024-05-16 16:57:11 us=890000 Validating certificate extended key usage
2024-05-16 16:57:11 us=890000 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-05-16 16:57:11 us=890000 VERIFY EKU OK
2024-05-16 16:57:11 us=890000 VERIFY OK: depth=0, CN=server
RWWRWR2024-05-16 16:57:11 us=953000 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
2024-05-16 16:57:11 us=953000 [server] Peer Connection Initiated with [AF_INET]162.XXX:80
2024-05-16 16:57:11 us=953000 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-05-16 16:57:11 us=953000 TLS: tls_multi_process: initial untrusted session promoted to trusted
W2024-05-16 16:57:13 MANAGEMENT: >STATE:1715871433,GET_CONFIG,,,,,,
2024-05-16 16:57:13 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
WRR2024-05-16 16:57:13 us=46000 PUSH: Received control message: 'PUSH_REPLY,route XXX ....
2024-05-16 16:57:13 us=46000 OPTIONS IMPORT: --ifconfig/up options modified
2024-05-16 16:57:13 us=46000 OPTIONS IMPORT: route options modified
2024-05-16 16:57:13 us=46000 OPTIONS IMPORT: route-related options modified
2024-05-16 16:57:13 us=46000 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-05-16 16:57:13 us=46000 interactive service msg_channel=496
2024-05-16 16:57:13 us=140000 ROUTE_GATEWAY XXXX
2024-05-16 16:57:13 us=156000 do_ifconfig, ipv4=1, ipv6=0
2024-05-16 16:57:13 us=156000 MANAGEMENT: >STATE:1715871433,ASSIGN_IP,,10.10.2.2,,,,
2024-05-16 16:57:13 us=156000 INET address service: add 10.10.2.2/24
2024-05-16 16:57:13 us=156000 Setting IPv4 dns servers on 'OpenVPN Data Channel Offload' (if_index = 31) using service
2024-05-16 16:57:14 us=421000 IPv4 dns servers set using service
2024-05-16 16:57:14 us=421000 IPv4 MTU set to 1500 on interface 31 using service
2024-05-16 16:57:14 us=421000 MANAGEMENT: >STATE:1715871434,ADD_ROUTES,,,,,,
2024-05-16 16:57:14 us=421000 C:\WINDOWS\system32\route.exe XXX ...
...

2024-05-16 16:57:15 us=109000 Route addition via service succeeded
2024-05-16 16:57:15 us=109000 Data Channel MTU parms [ mss_fix:1324 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2024-05-16 16:57:15 us=109000 Initialization Sequence Completed
2024-05-16 16:57:15 us=109000 MANAGEMENT: >STATE:1715871435,CONNECTED,SUCCESS,10.10.2.2,162.XXX,,
2024-05-16 16:57:15 us=109000 Data Channel: cipher 'AES-256-GCM', peer-id: 0
2024-05-16 16:57:15 us=109000 Timers: ping 10, ping-restart 120
WR2024-05-16 16:57:34 us=281000 Connection reset, restarting [-1]
2024-05-16 16:57:34 us=281000 SIGUSR1[soft,connection-reset] received, process restarting
2024-05-16 16:57:34 us=281000 MANAGEMENT: >STATE:1715871454,RECONNECTING,connection-reset,,,,,
2024-05-16 16:57:34 us=281000 Restart pause, 1 second(s)
2024-05-16 16:57:35 us=281000 Re-using SSL/TLS context
2024-05-16 16:57:35 us=281000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-05-16 16:57:35 us=281000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-05-16 16:57:35 us=281000 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2024-05-16 16:57:35 us=281000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2024-05-16 16:57:35 us=281000 TCP/UDP: Preserving recently used remote address: [AF_INET]162.XXX:80
2024-05-16 16:57:56 us=343000 **dco connect error: Le délai de temporisation de sémaphore a expiré**.   (errno=121)
2024-05-16 16:57:56 us=343000 SIGUSR1[soft,dco-connect-error] received, process restarting
2024-05-16 16:57:56 us=343000 MANAGEMENT: >STATE:1715871476,RECONNECTING,dco-connect-error,,,,,
2024-05-16 16:57:56 us=343000 Restart pause, 1 second(s)
2024-05-16 16:57:57 us=343000 Re-using SSL/TLS context
2024-05-16 16:57:57 us=343000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-05-16 16:57:57 us=343000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-05-16 16:57:57 us=343000 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2024-05-16 16:57:57 us=343000 MANAGEMENT: >STATE:1715871477,RESOLVE,,,,,,
2024-05-16 16:57:57 us=359000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2024-05-16 16:57:57 us=359000 TCP/UDP: Preserving recently used remote address: [AF_INET]162.XXX:80
2024-05-16 16:58:18 us=406000 dco connect error: Le délai de temporisation de sémaphore a expiré.   (errno=121)
2024-05-16 16:58:18 us=406000 SIGUSR1[soft,dco-connect-error] received, process restarting
2024-05-16 16:58:18 us=406000 MANAGEMENT: >STATE:1715871498,RECONNECTING,dco-connect-error,,,,,
2024-05-16 16:58:18 us=406000 Restart pause, 1 second(s)
2024-05-16 16:58:19 us=406000 Re-using SSL/TLS context
2024-05-16 16:58:19 us=406000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-05-16 16:58:19 us=406000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-05-16 16:58:19 us=406000 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2024-05-16 16:58:19 us=406000 MANAGEMENT: >STATE:1715871499,RESOLVE,,,,,,
2024-05-16 16:58:19 us=406000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2024-05-16 16:58:19 us=406000 TCP/UDP: Preserving recently used remote address: [AF_INET]162.XXX:80
2024-05-16 16:58:40 us=453000 dco connect error: Le délai de temporisation de sémaphore a expiré.   (errno=121)
2024-05-16 16:58:40 us=453000 SIGUSR1[soft,dco-connect-error] received, process restarting
2024-05-16 16:58:40 us=453000 MANAGEMENT: >STATE:1715871520,RECONNECTING,dco-connect-error,,,,,
2024-05-16 16:58:40 us=453000 Restart pause, 1 second(s)
2024-05-16 16:58:41 us=468000 Re-using SSL/TLS context
2024-05-16 16:58:41 us=468000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-05-16 16:58:41 us=468000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-05-16 16:58:41 us=468000 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2024-05-16 16:58:41 us=468000 MANAGEMENT: >STATE:1715871521,RESOLVE,,,,,,
2024-05-16 16:58:41 us=468000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2024-05-16 16:58:41 us=468000 TCP/UDP: Preserving recently used remote address: [AF_INET]162.XXX:80

I tried to add : disable-dco, but it is the same issue with TAP-Windows adapter.

I think it is because i try to connect with TCP that this issue appears. If i change the configuration on UDP 80, everything works. No logs on the server, so i think it is a client problem.

Is there a solution to make working openvpn on TCP ?

Thanks

cron2 commented 1 month ago

It would actually be good to see the log with TAP - from what you shared this seems to be a DCO issue (ping @lstipakov ) but "you should not ever see a dco-connect-error with TAP", so it can not really be "the same issue"...

Philippe34 commented 1 month ago

@cron2 I share the same opinion of you I added disable-dco to use the TAP adapter

Here are the logs

2024-05-17 10:19:01 us=156000 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-05-17 10:19:01 us=156000 Current Parameter Settings:
2024-05-17 10:19:01 us=156000   config = 'client-auth-ldap-2.ovpn'
2024-05-17 10:19:01 us=156000   mode = 0
2024-05-17 10:19:01 us=156000   show_ciphers = DISABLED
2024-05-17 10:19:01 us=156000   show_digests = DISABLED
2024-05-17 10:19:01 us=156000   show_engines = DISABLED
2024-05-17 10:19:01 us=156000   genkey = DISABLED
2024-05-17 10:19:01 us=156000   genkey_filename = '[UNDEF]'
2024-05-17 10:19:01 us=156000   key_pass_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000   show_tls_ciphers = DISABLED
2024-05-17 10:19:01 us=156000   connect_retry_max = 0
2024-05-17 10:19:01 us=156000 Connection profiles [0]:
2024-05-17 10:19:01 us=156000   proto = tcp-client
2024-05-17 10:19:01 us=156000   local = '[UNDEF]'
2024-05-17 10:19:01 us=156000   local_port = '[UNDEF]'
2024-05-17 10:19:01 us=156000   remote = 'ovpn.XXX'
2024-05-17 10:19:01 us=156000   remote_port = '80'
2024-05-17 10:19:01 us=156000   remote_float = DISABLED
2024-05-17 10:19:01 us=156000   bind_defined = DISABLED
2024-05-17 10:19:01 us=156000   bind_local = DISABLED
2024-05-17 10:19:01 us=156000   bind_ipv6_only = DISABLED
2024-05-17 10:19:01 us=156000   connect_retry_seconds = 1
2024-05-17 10:19:01 us=156000   connect_timeout = 120
2024-05-17 10:19:01 us=156000   socks_proxy_server = '[UNDEF]'
2024-05-17 10:19:01 us=156000   socks_proxy_port = '[UNDEF]'
2024-05-17 10:19:01 us=156000   tun_mtu = 1500
2024-05-17 10:19:01 us=156000   tun_mtu_defined = ENABLED
2024-05-17 10:19:01 us=156000   link_mtu = 1500
2024-05-17 10:19:01 us=156000   link_mtu_defined = DISABLED
2024-05-17 10:19:01 us=156000   tun_mtu_extra = 0
2024-05-17 10:19:01 us=156000   tun_mtu_extra_defined = DISABLED
2024-05-17 10:19:01 us=156000   tls_mtu = 1250
2024-05-17 10:19:01 us=156000   mtu_discover_type = -1
2024-05-17 10:19:01 us=156000   fragment = 0
2024-05-17 10:19:01 us=156000   mssfix = 1390
2024-05-17 10:19:01 us=156000   mssfix_encap = DISABLED
2024-05-17 10:19:01 us=156000   mssfix_fixed = DISABLED
2024-05-17 10:19:01 us=156000   explicit_exit_notification = 0
2024-05-17 10:19:01 us=156000   tls_auth_file = '[INLINE]'
2024-05-17 10:19:01 us=156000   key_direction = 1
2024-05-17 10:19:01 us=156000   tls_crypt_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000   tls_crypt_v2_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000 Connection profiles END
2024-05-17 10:19:01 us=156000   remote_random = DISABLED
2024-05-17 10:19:01 us=156000   ipchange = '[UNDEF]'
2024-05-17 10:19:01 us=156000   dev = 'tun'
2024-05-17 10:19:01 us=156000   dev_type = '[UNDEF]'
2024-05-17 10:19:01 us=156000   dev_node = '[UNDEF]'
2024-05-17 10:19:01 us=156000   tuntap_options.disable_dco = ENABLED
2024-05-17 10:19:01 us=156000   lladdr = '[UNDEF]'
2024-05-17 10:19:01 us=156000   topology = 1
2024-05-17 10:19:01 us=156000   ifconfig_local = '[UNDEF]'
2024-05-17 10:19:01 us=156000   ifconfig_remote_netmask = '[UNDEF]'
2024-05-17 10:19:01 us=156000   ifconfig_noexec = DISABLED
2024-05-17 10:19:01 us=156000   ifconfig_nowarn = DISABLED
2024-05-17 10:19:01 us=156000   ifconfig_ipv6_local = '[UNDEF]'
2024-05-17 10:19:01 us=156000   ifconfig_ipv6_netbits = 0
2024-05-17 10:19:01 us=156000   ifconfig_ipv6_remote = '[UNDEF]'
2024-05-17 10:19:01 us=156000   shaper = 0
2024-05-17 10:19:01 us=156000   mtu_test = 0
2024-05-17 10:19:01 us=156000   mlock = DISABLED
2024-05-17 10:19:01 us=156000   keepalive_ping = 10
2024-05-17 10:19:01 us=156000   keepalive_timeout = 120
2024-05-17 10:19:01 us=156000   inactivity_timeout = 0
2024-05-17 10:19:01 us=156000   session_timeout = 0
2024-05-17 10:19:01 us=156000   inactivity_minimum_bytes = 0
2024-05-17 10:19:01 us=156000   ping_send_timeout = 10
2024-05-17 10:19:01 us=156000   ping_rec_timeout = 120
2024-05-17 10:19:01 us=156000   ping_rec_timeout_action = 2
2024-05-17 10:19:01 us=156000   ping_timer_remote = DISABLED
2024-05-17 10:19:01 us=156000   remap_sigusr1 = 0
2024-05-17 10:19:01 us=156000   persist_tun = ENABLED
2024-05-17 10:19:01 us=156000   persist_local_ip = DISABLED
2024-05-17 10:19:01 us=156000   persist_remote_ip = DISABLED
2024-05-17 10:19:01 us=156000   persist_key = ENABLED
2024-05-17 10:19:01 us=156000   passtos = DISABLED
2024-05-17 10:19:01 us=156000   resolve_retry_seconds = 1000000000
2024-05-17 10:19:01 us=156000   resolve_in_advance = DISABLED
2024-05-17 10:19:01 us=156000   username = '[UNDEF]'
2024-05-17 10:19:01 us=156000   groupname = '[UNDEF]'
2024-05-17 10:19:01 us=156000   chroot_dir = '[UNDEF]'
2024-05-17 10:19:01 us=156000   cd_dir = '[UNDEF]'
2024-05-17 10:19:01 us=156000   writepid = '[UNDEF]'
2024-05-17 10:19:01 us=156000   up_script = '[UNDEF]'
2024-05-17 10:19:01 us=156000   down_script = '[UNDEF]'
2024-05-17 10:19:01 us=156000   down_pre = DISABLED
2024-05-17 10:19:01 us=156000   up_restart = DISABLED
2024-05-17 10:19:01 us=156000   up_delay = DISABLED
2024-05-17 10:19:01 us=156000   daemon = DISABLED
2024-05-17 10:19:01 us=156000   log = ENABLED
2024-05-17 10:19:01 us=156000   suppress_timestamps = DISABLED
2024-05-17 10:19:01 us=156000   machine_readable_output = DISABLED
2024-05-17 10:19:01 us=156000   nice = 0
2024-05-17 10:19:01 us=156000   verbosity = 5
2024-05-17 10:19:01 us=156000   mute = 0
2024-05-17 10:19:01 us=156000   gremlin = 0
2024-05-17 10:19:01 us=156000   status_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000   status_file_version = 1
2024-05-17 10:19:01 us=156000   status_file_update_freq = 60
2024-05-17 10:19:01 us=156000   occ = ENABLED
2024-05-17 10:19:01 us=156000   rcvbuf = 0
2024-05-17 10:19:01 us=156000   sndbuf = 0
2024-05-17 10:19:01 us=156000   sockflags = 0
2024-05-17 10:19:01 us=156000   fast_io = DISABLED
2024-05-17 10:19:01 us=156000   comp.alg = 0
2024-05-17 10:19:01 us=156000   comp.flags = 24
2024-05-17 10:19:01 us=156000   route_script = '[UNDEF]'
2024-05-17 10:19:01 us=156000   route_default_gateway = '[UNDEF]'
2024-05-17 10:19:01 us=156000   route_default_metric = 0
2024-05-17 10:19:01 us=156000   route_noexec = DISABLED
2024-05-17 10:19:01 us=156000   route_delay = 5
2024-05-17 10:19:01 us=156000   route_delay_window = 30
2024-05-17 10:19:01 us=156000   route_delay_defined = ENABLED
2024-05-17 10:19:01 us=156000   route_nopull = DISABLED
2024-05-17 10:19:01 us=156000   route_gateway_via_dhcp = DISABLED
2024-05-17 10:19:01 us=156000   allow_pull_fqdn = DISABLED
2024-05-17 10:19:01 us=156000   Pull filters:
2024-05-17 10:19:01 us=156000     ignore "route-method"
2024-05-17 10:19:01 us=156000   management_addr = '127.0.0.1'
2024-05-17 10:19:01 us=156000   management_port = '25340'
2024-05-17 10:19:01 us=156000   management_user_pass = 'stdin'
2024-05-17 10:19:01 us=156000   management_log_history_cache = 250
2024-05-17 10:19:01 us=156000   management_echo_buffer_size = 100
2024-05-17 10:19:01 us=156000   management_client_user = '[UNDEF]'
2024-05-17 10:19:01 us=156000   management_client_group = '[UNDEF]'
2024-05-17 10:19:01 us=156000   management_flags = 6
2024-05-17 10:19:01 us=156000   shared_secret_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000   key_direction = 1
2024-05-17 10:19:01 us=156000   ciphername = 'BF-CBC'
2024-05-17 10:19:01 us=156000   ncp_ciphers = 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305'
2024-05-17 10:19:01 us=156000   authname = 'SHA1'
2024-05-17 10:19:01 us=156000   engine = DISABLED
2024-05-17 10:19:01 us=156000   replay = ENABLED
2024-05-17 10:19:01 us=156000   mute_replay_warnings = DISABLED
2024-05-17 10:19:01 us=156000   replay_window = 64
2024-05-17 10:19:01 us=156000   replay_time = 15
2024-05-17 10:19:01 us=156000   packet_id_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000   test_crypto = DISABLED
2024-05-17 10:19:01 us=156000   tls_server = DISABLED
2024-05-17 10:19:01 us=156000   tls_client = ENABLED
2024-05-17 10:19:01 us=156000   ca_file = 'config-auth-ldap/ca.crt'
2024-05-17 10:19:01 us=156000   ca_path = '[UNDEF]'
2024-05-17 10:19:01 us=156000   dh_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000   cert_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000   extra_certs_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000   priv_key_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000   pkcs12_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000   cryptoapi_cert = '[UNDEF]'
2024-05-17 10:19:01 us=156000   cipher_list = '[UNDEF]'
2024-05-17 10:19:01 us=156000   cipher_list_tls13 = '[UNDEF]'
2024-05-17 10:19:01 us=156000   tls_cert_profile = '[UNDEF]'
2024-05-17 10:19:01 us=156000   tls_verify = '[UNDEF]'
2024-05-17 10:19:01 us=156000   tls_export_peer_cert_dir = '[UNDEF]'
2024-05-17 10:19:01 us=156000   verify_x509_type = 0
2024-05-17 10:19:01 us=156000   verify_x509_name = '[UNDEF]'
2024-05-17 10:19:01 us=156000   crl_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000   ns_cert_type = 0
2024-05-17 10:19:01 us=156000   remote_cert_ku[i] = 65535
2024-05-17 10:19:01 us=156000   remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000   remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000   remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000   remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000   remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000   remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000   remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000   remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000   remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000   remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000   remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000   remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000   remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000   remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000   remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000   remote_cert_eku = 'TLS Web Server Authentication'
2024-05-17 10:19:01 us=156000   ssl_flags = 192
2024-05-17 10:19:01 us=156000   tls_timeout = 2
2024-05-17 10:19:01 us=156000   renegotiate_bytes = -1
2024-05-17 10:19:01 us=156000   renegotiate_packets = 0
2024-05-17 10:19:01 us=156000   renegotiate_seconds = 3600
2024-05-17 10:19:01 us=156000   handshake_window = 60
2024-05-17 10:19:01 us=156000   transition_window = 3600
2024-05-17 10:19:01 us=156000   single_session = DISABLED
2024-05-17 10:19:01 us=156000   push_peer_info = DISABLED
2024-05-17 10:19:01 us=156000   tls_exit = DISABLED
2024-05-17 10:19:01 us=156000   tls_crypt_v2_metadata = '[UNDEF]'
2024-05-17 10:19:01 us=156000   pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000   pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000   pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000   pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000   pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000   pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000   pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000   pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000   pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000   pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000   pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000   pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000   pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000   pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000   pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000   pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000   pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000   pkcs11_pin_cache_period = -1
2024-05-17 10:19:01 us=156000   pkcs11_id = '[UNDEF]'
2024-05-17 10:19:01 us=156000   pkcs11_id_management = DISABLED
2024-05-17 10:19:01 us=156000   server_network = 0.0.0.0
2024-05-17 10:19:01 us=156000   server_netmask = 0.0.0.0
2024-05-17 10:19:01 us=156000   server_network_ipv6 = ::
2024-05-17 10:19:01 us=156000   server_netbits_ipv6 = 0
2024-05-17 10:19:01 us=156000   server_bridge_ip = 0.0.0.0
2024-05-17 10:19:01 us=156000   server_bridge_netmask = 0.0.0.0
2024-05-17 10:19:01 us=156000   server_bridge_pool_start = 0.0.0.0
2024-05-17 10:19:01 us=156000   server_bridge_pool_end = 0.0.0.0
2024-05-17 10:19:01 us=156000   ifconfig_pool_defined = DISABLED
2024-05-17 10:19:01 us=156000   ifconfig_pool_start = 0.0.0.0
2024-05-17 10:19:01 us=156000   ifconfig_pool_end = 0.0.0.0
2024-05-17 10:19:01 us=156000   ifconfig_pool_netmask = 0.0.0.0
2024-05-17 10:19:01 us=156000   ifconfig_pool_persist_filename = '[UNDEF]'
2024-05-17 10:19:01 us=156000   ifconfig_pool_persist_refresh_freq = 600
2024-05-17 10:19:01 us=156000   ifconfig_ipv6_pool_defined = DISABLED
2024-05-17 10:19:01 us=156000   ifconfig_ipv6_pool_base = ::
2024-05-17 10:19:01 us=156000   ifconfig_ipv6_pool_netbits = 0
2024-05-17 10:19:01 us=156000   n_bcast_buf = 256
2024-05-17 10:19:01 us=156000   tcp_queue_limit = 64
2024-05-17 10:19:01 us=156000   real_hash_size = 256
2024-05-17 10:19:01 us=156000   virtual_hash_size = 256
2024-05-17 10:19:01 us=156000   client_connect_script = '[UNDEF]'
2024-05-17 10:19:01 us=156000   learn_address_script = '[UNDEF]'
2024-05-17 10:19:01 us=156000   client_disconnect_script = '[UNDEF]'
2024-05-17 10:19:01 us=156000   client_crresponse_script = '[UNDEF]'
2024-05-17 10:19:01 us=156000   client_config_dir = '[UNDEF]'
2024-05-17 10:19:01 us=156000   ccd_exclusive = DISABLED
2024-05-17 10:19:01 us=156000   tmp_dir = 'C:\Users\camps\AppData\Local\Temp\'
2024-05-17 10:19:01 us=156000   push_ifconfig_defined = DISABLED
2024-05-17 10:19:01 us=156000   push_ifconfig_local = 0.0.0.0
2024-05-17 10:19:01 us=156000   push_ifconfig_remote_netmask = 0.0.0.0
2024-05-17 10:19:01 us=156000   push_ifconfig_ipv6_defined = DISABLED
2024-05-17 10:19:01 us=156000   push_ifconfig_ipv6_local = ::/0
2024-05-17 10:19:01 us=156000   push_ifconfig_ipv6_remote = ::
2024-05-17 10:19:01 us=156000   enable_c2c = DISABLED
2024-05-17 10:19:01 us=156000   duplicate_cn = DISABLED
2024-05-17 10:19:01 us=156000   cf_max = 0
2024-05-17 10:19:01 us=156000   cf_per = 0
2024-05-17 10:19:01 us=156000   cf_initial_max = 100
2024-05-17 10:19:01 us=156000   cf_initial_per = 10
2024-05-17 10:19:01 us=156000   max_clients = 1024
2024-05-17 10:19:01 us=156000   max_routes_per_client = 256
2024-05-17 10:19:01 us=156000   auth_user_pass_verify_script = '[UNDEF]'
2024-05-17 10:19:01 us=156000   auth_user_pass_verify_script_via_file = DISABLED
2024-05-17 10:19:01 us=156000   auth_token_generate = DISABLED
2024-05-17 10:19:01 us=156000   force_key_material_export = DISABLED
2024-05-17 10:19:01 us=156000   auth_token_lifetime = 0
2024-05-17 10:19:01 us=156000   auth_token_secret_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000   vlan_tagging = DISABLED
2024-05-17 10:19:01 us=156000   vlan_accept = all
2024-05-17 10:19:01 us=156000   vlan_pvid = 1
2024-05-17 10:19:01 us=156000   client = ENABLED
2024-05-17 10:19:01 us=156000   pull = ENABLED
2024-05-17 10:19:01 us=156000   auth_user_pass_file = 'stdin'
2024-05-17 10:19:01 us=156000   show_net_up = DISABLED
2024-05-17 10:19:01 us=156000   route_method = 3
2024-05-17 10:19:01 us=156000   block_outside_dns = DISABLED
2024-05-17 10:19:01 us=156000   ip_win32_defined = DISABLED
2024-05-17 10:19:01 us=156000   ip_win32_type = 3
2024-05-17 10:19:01 us=156000   dhcp_masq_offset = 0
2024-05-17 10:19:01 us=156000   dhcp_lease_time = 31536000
2024-05-17 10:19:01 us=156000   tap_sleep = 0
2024-05-17 10:19:01 us=156000   dhcp_options = 0x00000000
2024-05-17 10:19:01 us=156000   dhcp_renew = DISABLED
2024-05-17 10:19:01 us=156000   dhcp_pre_release = DISABLED
2024-05-17 10:19:01 us=156000   domain = '[UNDEF]'
2024-05-17 10:19:01 us=156000   netbios_scope = '[UNDEF]'
2024-05-17 10:19:01 us=156000   netbios_node_type = 0
2024-05-17 10:19:01 us=156000   disable_nbt = DISABLED
2024-05-17 10:19:01 us=156000 OpenVPN 2.6.10 [git:v2.6.10/ba0f62fb950c56a0] Windows [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Mar 20 2024
2024-05-17 10:19:01 us=156000 Windows version 10.0 (Windows 10 or greater), amd64 executable
2024-05-17 10:19:01 us=156000 library versions: OpenSSL 3.2.1 30 Jan 2024, LZO 2.10
2024-05-17 10:19:01 us=156000 DCO version: 1.0.1
2024-05-17 10:19:01 us=156000 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2024-05-17 10:19:01 us=156000 Need hold release from management interface, waiting...
2024-05-17 10:19:01 us=640000 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:62258
2024-05-17 10:19:01 us=750000 MANAGEMENT: CMD 'state on'
2024-05-17 10:19:01 us=750000 MANAGEMENT: CMD 'log on all'
2024-05-17 10:19:02 us=843000 MANAGEMENT: CMD 'echo on all'
2024-05-17 10:19:02 us=859000 MANAGEMENT: CMD 'bytecount 5'
2024-05-17 10:19:02 us=875000 MANAGEMENT: CMD 'state'
2024-05-17 10:19:02 us=875000 MANAGEMENT: CMD 'hold off'
2024-05-17 10:19:02 us=890000 MANAGEMENT: CMD 'hold release'
2024-05-17 10:19:11 us=62000 MANAGEMENT: CMD 'username "Auth" "XXX"'
2024-05-17 10:19:11 us=109000 MANAGEMENT: CMD 'password [...]'
2024-05-17 10:19:11 us=125000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-05-17 10:19:11 us=125000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-05-17 10:19:11 us=125000 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2024-05-17 10:19:11 us=125000 MANAGEMENT: >STATE:1715933951,RESOLVE,,,,,,
2024-05-17 10:19:11 us=140000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2024-05-17 10:19:11 us=140000 TCP/UDP: Preserving recently used remote address: [AF_INET]162.XXX:80
2024-05-17 10:19:11 us=140000 Socket Buffers: R=[65536->65536] S=[65536->65536]
2024-05-17 10:19:11 us=140000 Attempting to establish TCP connection with [AF_INET]162.XXX:80
2024-05-17 10:19:11 us=140000 MANAGEMENT: >STATE:1715933951,TCP_CONNECT,,,,,,
2024-05-17 10:19:11 us=140000 TCP connection established with [AF_INET]162.XXX:80
2024-05-17 10:19:11 us=140000 TCPv4_CLIENT link local: (not bound)
2024-05-17 10:19:11 us=140000 TCPv4_CLIENT link remote: [AF_INET]162.XXX:80
2024-05-17 10:19:11 us=140000 MANAGEMENT: >STATE:1715933951,WAIT,,,,,,
WR2024-05-17 10:19:11 us=156000 MANAGEMENT: >STATE:1715933951,AUTH,,,,,,
2024-05-17 10:19:11 us=156000 TLS: Initial packet from [AF_INET]162.XXX:80, sid=db067d6b 20fc27d5
2024-05-17 10:19:11 us=156000 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
WRRWR2024-05-17 10:19:11 us=171000 VERIFY OK: depth=1, CN=ies-CA
2024-05-17 10:19:11 us=171000 VERIFY KU OK
2024-05-17 10:19:11 us=171000 Validating certificate extended key usage
2024-05-17 10:19:11 us=171000 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-05-17 10:19:11 us=171000 VERIFY EKU OK
2024-05-17 10:19:11 us=171000 VERIFY OK: depth=0, CN=server
WRWRWR2024-05-17 10:19:11 us=250000 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
2024-05-17 10:19:11 us=250000 [server] Peer Connection Initiated with [AF_INET]162.38.134.154:80
2024-05-17 10:19:11 us=250000 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-05-17 10:19:11 us=250000 TLS: tls_multi_process: initial untrusted session promoted to trusted
W2024-05-17 10:19:12 us=500000 MANAGEMENT: >STATE:1715933952,GET_CONFIG,,,,,,
2024-05-17 10:19:12 us=500000 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
WRR2024-05-17 10:19:12 us=546000 PUSH: Received control message: 'PUSH_REPLY,route 162.38.XXX 255.255.255.255 net_gateway,route ....
2024-05-17 10:19:12 us=546000 OPTIONS IMPORT: --ifconfig/up options modified
2024-05-17 10:19:12 us=546000 OPTIONS IMPORT: route options modified
2024-05-17 10:19:12 us=546000 OPTIONS IMPORT: route-related options modified
2024-05-17 10:19:12 us=546000 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-05-17 10:19:12 us=546000 interactive service msg_channel=620
2024-05-17 10:19:12 us=562000 ROUTE_GATEWAY 162.XXX/255.255.254.0 I=21 HWADDR=cc:48:3a:b5:bc:49
2024-05-17 10:19:12 us=562000 open_tun
2024-05-17 10:19:12 us=578000 tap-windows6 device [Connexion au réseau local] opened
2024-05-17 10:19:12 us=593000 TAP-Windows Driver Version 9.27 
2024-05-17 10:19:12 us=593000 TAP-Windows MTU=1500
2024-05-17 10:19:12 us=593000 Set TAP-Windows TUN subnet mode network/local/netmask = 10.10.2.0/10.10.2.2/255.255.255.0 [SUCCEEDED]
2024-05-17 10:19:12 us=593000 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.2.2/255.255.255.0 on interface {BBCFBE65-3D72-4255-AD58-CDD135596B9D} [DHCP-serv: 10.10.2.0, lease-time: 31536000]
2024-05-17 10:19:12 us=593000 DHCP option string: 060ca226 8603c133 9898c133 9899
2024-05-17 10:19:12 us=609000 Successful ARP Flush on interface [24] {BBCFBE65-3D72-4255-AD58-CDD135596B9D}
2024-05-17 10:19:12 us=656000 do_ifconfig, ipv4=1, ipv6=0
2024-05-17 10:19:12 us=656000 MANAGEMENT: >STATE:1715933952,ASSIGN_IP,,10.10.2.2,,,,
2024-05-17 10:19:12 us=656000 IPv4 MTU set to 1500 on interface 24 using service
2024-05-17 10:19:12 us=656000 Data Channel MTU parms [ mss_fix:1324 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2024-05-17 10:19:12 us=656000 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2024-05-17 10:19:12 us=656000 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2024-05-17 10:19:12 us=656000 Data Channel: cipher 'AES-256-GCM', peer-id: 0
2024-05-17 10:19:12 us=656000 Timers: ping 10, ping-restart 120
WrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrW2024-05-17 10:19:18 us=78000 TEST ROUTES: 18/18 succeeded len=18 ret=1 a=0 u/d=up
2024-05-17 10:19:18 us=78000 MANAGEMENT: >STATE:1715933958,ADD_ROUTES,,,,,,
2024-05-17 10:19:18 us=78000 C:\WINDOWS\system32\route.exe ADD 162.XXX MASK 255.255.255.255 162.XXX IF 21
...
2024-05-17 10:19:18 us=578000 Route addition via service succeeded
2024-05-17 10:19:18 us=578000 Initialization Sequence Completed
2024-05-17 10:19:18 us=578000 MANAGEMENT: >STATE:1715933958,CONNECTED,SUCCESS,10.10.2.2,162.XXX,80,162.XXX,62267
rWrWrWrWrWrWrWrWrWrWrWRrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrW2024-05-17 10:19:40 us=171000 read TCPv4_CLIENT: Connection timed out (WSAETIMEDOUT) (fd=230,code=10060)
2024-05-17 10:19:40 us=171000 Connection reset, restarting [-1]
2024-05-17 10:19:40 us=171000 TCP/UDP: Closing socket
2024-05-17 10:19:40 us=171000 SIGUSR1[soft,connection-reset] received, process restarting
2024-05-17 10:19:40 us=171000 MANAGEMENT: >STATE:1715933980,RECONNECTING,connection-reset,,,,,
2024-05-17 10:19:40 us=171000 Restart pause, 1 second(s)
2024-05-17 10:19:41 us=187000 Re-using SSL/TLS context
2024-05-17 10:19:41 us=187000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-05-17 10:19:41 us=187000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-05-17 10:19:41 us=187000 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2024-05-17 10:19:41 us=187000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2024-05-17 10:19:41 us=187000 TCP/UDP: Preserving recently used remote address: [AF_INET]162.XXX:80
2024-05-17 10:19:41 us=187000 Socket Buffers: R=[65536->65536] S=[65536->65536]
2024-05-17 10:19:41 us=187000 Attempting to establish TCP connection with [AF_INET]162.XXX:80
2024-05-17 10:19:41 us=187000 MANAGEMENT: >STATE:1715933981,TCP_CONNECT,,,,,,
schwabe commented 1 month ago

So the TAP connection also fails as well. So it might "only" that the connection timeout is not properly communicated with a proper message.

selvanair commented 1 month ago

Connection timed out (WSAETIMEDOUT) (fd=230,code=10060)

This may be what is happening with dco too --- semaphore timeout is often a less useful way of saying some I/O completion routine timed out which is now clear that its WSAETIMEDOUT.

I would suspect something wrong with the local network. Does this happen with multiple windows machines or only some?

Philippe34 commented 1 month ago

Hi @selvanair Connecting other TCP is something I'm trying, so I can't say for other machines yet. When i tested, I was in the same local network as the openvpn server. Later, I established a connection from my home Wifi, and the connection was successful and did not disconnect after a few seconds. So, I can say it is working. I don't need to use openvpn in the same local network, but outside, like I did from my home. Next week, I will do an another test with my office Wifi. Normally, it should be fine because it is an another network. Il will confirm you.

I can say that when I use openvpn other UDP in the same network, I never get disconnected, but when I do openvpn TCP, it does. Do you think it's usual ?

Thanks

selvanair commented 1 month ago

I can say that when I use openvpn other UDP in the same network, I never get disconnected, but when I do openvpn TCP, it does. Do you think it's usual ?

No, this is not usual. As its working from outside, but not from the local LAN, could be some misconfigured routing too. I see only one route being set (direct route to the server via net-gateway?) which is redundant in this case but harmless. On the LAN it will just cause some ICMP redirect messages.

We have not seen your server / client configs for udp vs tcp to know whether there any offending settings. Also too much is elided from the logs -- like routes, push reply.

Preferably mask the prefix part of IP addresses leaving the lower bytes in clear: For example, IP x.y.134.154 and network x.y.134.0/24 instead of 162.38.xxx and 162.138.yyy/24 provides more privacy and more useful information. That said we already know your server IP from the first post :)

Philippe34 commented 1 month ago

@selvanair Thanks for your advice on writing IP addresses. I'll remember it To conclude, some tests that I carried out from my compagny networks. First, only connected by Wifi : openVPN other TCP 80 works I added the ethernet connection : OK I disconnected Wifi, just keeping Ethernet : disconnected

I asked a colleague to try using his computer (Windows 11). His client was openvpn-gui 2.4.9 : it works. I asked him to install the last version, openvpn 2.6.10 : it works.

I can see the problem was not on his machine, but only mine. I can figure out why my machine had this kind of issue (my network card ? something else ?).

Thank you for all your answers.

Philippe34 commented 1 month ago

Thanks