Closed Philippe34 closed 1 month ago
It would actually be good to see the log with TAP - from what you shared this seems to be a DCO issue (ping @lstipakov ) but "you should not ever see a dco-connect-error with TAP", so it can not really be "the same issue"...
@cron2 I share the same opinion of you I added disable-dco to use the TAP adapter
Here are the logs
2024-05-17 10:19:01 us=156000 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-05-17 10:19:01 us=156000 Current Parameter Settings:
2024-05-17 10:19:01 us=156000 config = 'client-auth-ldap-2.ovpn'
2024-05-17 10:19:01 us=156000 mode = 0
2024-05-17 10:19:01 us=156000 show_ciphers = DISABLED
2024-05-17 10:19:01 us=156000 show_digests = DISABLED
2024-05-17 10:19:01 us=156000 show_engines = DISABLED
2024-05-17 10:19:01 us=156000 genkey = DISABLED
2024-05-17 10:19:01 us=156000 genkey_filename = '[UNDEF]'
2024-05-17 10:19:01 us=156000 key_pass_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000 show_tls_ciphers = DISABLED
2024-05-17 10:19:01 us=156000 connect_retry_max = 0
2024-05-17 10:19:01 us=156000 Connection profiles [0]:
2024-05-17 10:19:01 us=156000 proto = tcp-client
2024-05-17 10:19:01 us=156000 local = '[UNDEF]'
2024-05-17 10:19:01 us=156000 local_port = '[UNDEF]'
2024-05-17 10:19:01 us=156000 remote = 'ovpn.XXX'
2024-05-17 10:19:01 us=156000 remote_port = '80'
2024-05-17 10:19:01 us=156000 remote_float = DISABLED
2024-05-17 10:19:01 us=156000 bind_defined = DISABLED
2024-05-17 10:19:01 us=156000 bind_local = DISABLED
2024-05-17 10:19:01 us=156000 bind_ipv6_only = DISABLED
2024-05-17 10:19:01 us=156000 connect_retry_seconds = 1
2024-05-17 10:19:01 us=156000 connect_timeout = 120
2024-05-17 10:19:01 us=156000 socks_proxy_server = '[UNDEF]'
2024-05-17 10:19:01 us=156000 socks_proxy_port = '[UNDEF]'
2024-05-17 10:19:01 us=156000 tun_mtu = 1500
2024-05-17 10:19:01 us=156000 tun_mtu_defined = ENABLED
2024-05-17 10:19:01 us=156000 link_mtu = 1500
2024-05-17 10:19:01 us=156000 link_mtu_defined = DISABLED
2024-05-17 10:19:01 us=156000 tun_mtu_extra = 0
2024-05-17 10:19:01 us=156000 tun_mtu_extra_defined = DISABLED
2024-05-17 10:19:01 us=156000 tls_mtu = 1250
2024-05-17 10:19:01 us=156000 mtu_discover_type = -1
2024-05-17 10:19:01 us=156000 fragment = 0
2024-05-17 10:19:01 us=156000 mssfix = 1390
2024-05-17 10:19:01 us=156000 mssfix_encap = DISABLED
2024-05-17 10:19:01 us=156000 mssfix_fixed = DISABLED
2024-05-17 10:19:01 us=156000 explicit_exit_notification = 0
2024-05-17 10:19:01 us=156000 tls_auth_file = '[INLINE]'
2024-05-17 10:19:01 us=156000 key_direction = 1
2024-05-17 10:19:01 us=156000 tls_crypt_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000 tls_crypt_v2_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000 Connection profiles END
2024-05-17 10:19:01 us=156000 remote_random = DISABLED
2024-05-17 10:19:01 us=156000 ipchange = '[UNDEF]'
2024-05-17 10:19:01 us=156000 dev = 'tun'
2024-05-17 10:19:01 us=156000 dev_type = '[UNDEF]'
2024-05-17 10:19:01 us=156000 dev_node = '[UNDEF]'
2024-05-17 10:19:01 us=156000 tuntap_options.disable_dco = ENABLED
2024-05-17 10:19:01 us=156000 lladdr = '[UNDEF]'
2024-05-17 10:19:01 us=156000 topology = 1
2024-05-17 10:19:01 us=156000 ifconfig_local = '[UNDEF]'
2024-05-17 10:19:01 us=156000 ifconfig_remote_netmask = '[UNDEF]'
2024-05-17 10:19:01 us=156000 ifconfig_noexec = DISABLED
2024-05-17 10:19:01 us=156000 ifconfig_nowarn = DISABLED
2024-05-17 10:19:01 us=156000 ifconfig_ipv6_local = '[UNDEF]'
2024-05-17 10:19:01 us=156000 ifconfig_ipv6_netbits = 0
2024-05-17 10:19:01 us=156000 ifconfig_ipv6_remote = '[UNDEF]'
2024-05-17 10:19:01 us=156000 shaper = 0
2024-05-17 10:19:01 us=156000 mtu_test = 0
2024-05-17 10:19:01 us=156000 mlock = DISABLED
2024-05-17 10:19:01 us=156000 keepalive_ping = 10
2024-05-17 10:19:01 us=156000 keepalive_timeout = 120
2024-05-17 10:19:01 us=156000 inactivity_timeout = 0
2024-05-17 10:19:01 us=156000 session_timeout = 0
2024-05-17 10:19:01 us=156000 inactivity_minimum_bytes = 0
2024-05-17 10:19:01 us=156000 ping_send_timeout = 10
2024-05-17 10:19:01 us=156000 ping_rec_timeout = 120
2024-05-17 10:19:01 us=156000 ping_rec_timeout_action = 2
2024-05-17 10:19:01 us=156000 ping_timer_remote = DISABLED
2024-05-17 10:19:01 us=156000 remap_sigusr1 = 0
2024-05-17 10:19:01 us=156000 persist_tun = ENABLED
2024-05-17 10:19:01 us=156000 persist_local_ip = DISABLED
2024-05-17 10:19:01 us=156000 persist_remote_ip = DISABLED
2024-05-17 10:19:01 us=156000 persist_key = ENABLED
2024-05-17 10:19:01 us=156000 passtos = DISABLED
2024-05-17 10:19:01 us=156000 resolve_retry_seconds = 1000000000
2024-05-17 10:19:01 us=156000 resolve_in_advance = DISABLED
2024-05-17 10:19:01 us=156000 username = '[UNDEF]'
2024-05-17 10:19:01 us=156000 groupname = '[UNDEF]'
2024-05-17 10:19:01 us=156000 chroot_dir = '[UNDEF]'
2024-05-17 10:19:01 us=156000 cd_dir = '[UNDEF]'
2024-05-17 10:19:01 us=156000 writepid = '[UNDEF]'
2024-05-17 10:19:01 us=156000 up_script = '[UNDEF]'
2024-05-17 10:19:01 us=156000 down_script = '[UNDEF]'
2024-05-17 10:19:01 us=156000 down_pre = DISABLED
2024-05-17 10:19:01 us=156000 up_restart = DISABLED
2024-05-17 10:19:01 us=156000 up_delay = DISABLED
2024-05-17 10:19:01 us=156000 daemon = DISABLED
2024-05-17 10:19:01 us=156000 log = ENABLED
2024-05-17 10:19:01 us=156000 suppress_timestamps = DISABLED
2024-05-17 10:19:01 us=156000 machine_readable_output = DISABLED
2024-05-17 10:19:01 us=156000 nice = 0
2024-05-17 10:19:01 us=156000 verbosity = 5
2024-05-17 10:19:01 us=156000 mute = 0
2024-05-17 10:19:01 us=156000 gremlin = 0
2024-05-17 10:19:01 us=156000 status_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000 status_file_version = 1
2024-05-17 10:19:01 us=156000 status_file_update_freq = 60
2024-05-17 10:19:01 us=156000 occ = ENABLED
2024-05-17 10:19:01 us=156000 rcvbuf = 0
2024-05-17 10:19:01 us=156000 sndbuf = 0
2024-05-17 10:19:01 us=156000 sockflags = 0
2024-05-17 10:19:01 us=156000 fast_io = DISABLED
2024-05-17 10:19:01 us=156000 comp.alg = 0
2024-05-17 10:19:01 us=156000 comp.flags = 24
2024-05-17 10:19:01 us=156000 route_script = '[UNDEF]'
2024-05-17 10:19:01 us=156000 route_default_gateway = '[UNDEF]'
2024-05-17 10:19:01 us=156000 route_default_metric = 0
2024-05-17 10:19:01 us=156000 route_noexec = DISABLED
2024-05-17 10:19:01 us=156000 route_delay = 5
2024-05-17 10:19:01 us=156000 route_delay_window = 30
2024-05-17 10:19:01 us=156000 route_delay_defined = ENABLED
2024-05-17 10:19:01 us=156000 route_nopull = DISABLED
2024-05-17 10:19:01 us=156000 route_gateway_via_dhcp = DISABLED
2024-05-17 10:19:01 us=156000 allow_pull_fqdn = DISABLED
2024-05-17 10:19:01 us=156000 Pull filters:
2024-05-17 10:19:01 us=156000 ignore "route-method"
2024-05-17 10:19:01 us=156000 management_addr = '127.0.0.1'
2024-05-17 10:19:01 us=156000 management_port = '25340'
2024-05-17 10:19:01 us=156000 management_user_pass = 'stdin'
2024-05-17 10:19:01 us=156000 management_log_history_cache = 250
2024-05-17 10:19:01 us=156000 management_echo_buffer_size = 100
2024-05-17 10:19:01 us=156000 management_client_user = '[UNDEF]'
2024-05-17 10:19:01 us=156000 management_client_group = '[UNDEF]'
2024-05-17 10:19:01 us=156000 management_flags = 6
2024-05-17 10:19:01 us=156000 shared_secret_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000 key_direction = 1
2024-05-17 10:19:01 us=156000 ciphername = 'BF-CBC'
2024-05-17 10:19:01 us=156000 ncp_ciphers = 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305'
2024-05-17 10:19:01 us=156000 authname = 'SHA1'
2024-05-17 10:19:01 us=156000 engine = DISABLED
2024-05-17 10:19:01 us=156000 replay = ENABLED
2024-05-17 10:19:01 us=156000 mute_replay_warnings = DISABLED
2024-05-17 10:19:01 us=156000 replay_window = 64
2024-05-17 10:19:01 us=156000 replay_time = 15
2024-05-17 10:19:01 us=156000 packet_id_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000 test_crypto = DISABLED
2024-05-17 10:19:01 us=156000 tls_server = DISABLED
2024-05-17 10:19:01 us=156000 tls_client = ENABLED
2024-05-17 10:19:01 us=156000 ca_file = 'config-auth-ldap/ca.crt'
2024-05-17 10:19:01 us=156000 ca_path = '[UNDEF]'
2024-05-17 10:19:01 us=156000 dh_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000 cert_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000 extra_certs_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000 priv_key_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000 pkcs12_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000 cryptoapi_cert = '[UNDEF]'
2024-05-17 10:19:01 us=156000 cipher_list = '[UNDEF]'
2024-05-17 10:19:01 us=156000 cipher_list_tls13 = '[UNDEF]'
2024-05-17 10:19:01 us=156000 tls_cert_profile = '[UNDEF]'
2024-05-17 10:19:01 us=156000 tls_verify = '[UNDEF]'
2024-05-17 10:19:01 us=156000 tls_export_peer_cert_dir = '[UNDEF]'
2024-05-17 10:19:01 us=156000 verify_x509_type = 0
2024-05-17 10:19:01 us=156000 verify_x509_name = '[UNDEF]'
2024-05-17 10:19:01 us=156000 crl_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000 ns_cert_type = 0
2024-05-17 10:19:01 us=156000 remote_cert_ku[i] = 65535
2024-05-17 10:19:01 us=156000 remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000 remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000 remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000 remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000 remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000 remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000 remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000 remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000 remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000 remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000 remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000 remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000 remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000 remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000 remote_cert_ku[i] = 0
2024-05-17 10:19:01 us=156000 remote_cert_eku = 'TLS Web Server Authentication'
2024-05-17 10:19:01 us=156000 ssl_flags = 192
2024-05-17 10:19:01 us=156000 tls_timeout = 2
2024-05-17 10:19:01 us=156000 renegotiate_bytes = -1
2024-05-17 10:19:01 us=156000 renegotiate_packets = 0
2024-05-17 10:19:01 us=156000 renegotiate_seconds = 3600
2024-05-17 10:19:01 us=156000 handshake_window = 60
2024-05-17 10:19:01 us=156000 transition_window = 3600
2024-05-17 10:19:01 us=156000 single_session = DISABLED
2024-05-17 10:19:01 us=156000 push_peer_info = DISABLED
2024-05-17 10:19:01 us=156000 tls_exit = DISABLED
2024-05-17 10:19:01 us=156000 tls_crypt_v2_metadata = '[UNDEF]'
2024-05-17 10:19:01 us=156000 pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_protected_authentication = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000 pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000 pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000 pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000 pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000 pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000 pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000 pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000 pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000 pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000 pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000 pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000 pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000 pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000 pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000 pkcs11_private_mode = 00000000
2024-05-17 10:19:01 us=156000 pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_cert_private = DISABLED
2024-05-17 10:19:01 us=156000 pkcs11_pin_cache_period = -1
2024-05-17 10:19:01 us=156000 pkcs11_id = '[UNDEF]'
2024-05-17 10:19:01 us=156000 pkcs11_id_management = DISABLED
2024-05-17 10:19:01 us=156000 server_network = 0.0.0.0
2024-05-17 10:19:01 us=156000 server_netmask = 0.0.0.0
2024-05-17 10:19:01 us=156000 server_network_ipv6 = ::
2024-05-17 10:19:01 us=156000 server_netbits_ipv6 = 0
2024-05-17 10:19:01 us=156000 server_bridge_ip = 0.0.0.0
2024-05-17 10:19:01 us=156000 server_bridge_netmask = 0.0.0.0
2024-05-17 10:19:01 us=156000 server_bridge_pool_start = 0.0.0.0
2024-05-17 10:19:01 us=156000 server_bridge_pool_end = 0.0.0.0
2024-05-17 10:19:01 us=156000 ifconfig_pool_defined = DISABLED
2024-05-17 10:19:01 us=156000 ifconfig_pool_start = 0.0.0.0
2024-05-17 10:19:01 us=156000 ifconfig_pool_end = 0.0.0.0
2024-05-17 10:19:01 us=156000 ifconfig_pool_netmask = 0.0.0.0
2024-05-17 10:19:01 us=156000 ifconfig_pool_persist_filename = '[UNDEF]'
2024-05-17 10:19:01 us=156000 ifconfig_pool_persist_refresh_freq = 600
2024-05-17 10:19:01 us=156000 ifconfig_ipv6_pool_defined = DISABLED
2024-05-17 10:19:01 us=156000 ifconfig_ipv6_pool_base = ::
2024-05-17 10:19:01 us=156000 ifconfig_ipv6_pool_netbits = 0
2024-05-17 10:19:01 us=156000 n_bcast_buf = 256
2024-05-17 10:19:01 us=156000 tcp_queue_limit = 64
2024-05-17 10:19:01 us=156000 real_hash_size = 256
2024-05-17 10:19:01 us=156000 virtual_hash_size = 256
2024-05-17 10:19:01 us=156000 client_connect_script = '[UNDEF]'
2024-05-17 10:19:01 us=156000 learn_address_script = '[UNDEF]'
2024-05-17 10:19:01 us=156000 client_disconnect_script = '[UNDEF]'
2024-05-17 10:19:01 us=156000 client_crresponse_script = '[UNDEF]'
2024-05-17 10:19:01 us=156000 client_config_dir = '[UNDEF]'
2024-05-17 10:19:01 us=156000 ccd_exclusive = DISABLED
2024-05-17 10:19:01 us=156000 tmp_dir = 'C:\Users\camps\AppData\Local\Temp\'
2024-05-17 10:19:01 us=156000 push_ifconfig_defined = DISABLED
2024-05-17 10:19:01 us=156000 push_ifconfig_local = 0.0.0.0
2024-05-17 10:19:01 us=156000 push_ifconfig_remote_netmask = 0.0.0.0
2024-05-17 10:19:01 us=156000 push_ifconfig_ipv6_defined = DISABLED
2024-05-17 10:19:01 us=156000 push_ifconfig_ipv6_local = ::/0
2024-05-17 10:19:01 us=156000 push_ifconfig_ipv6_remote = ::
2024-05-17 10:19:01 us=156000 enable_c2c = DISABLED
2024-05-17 10:19:01 us=156000 duplicate_cn = DISABLED
2024-05-17 10:19:01 us=156000 cf_max = 0
2024-05-17 10:19:01 us=156000 cf_per = 0
2024-05-17 10:19:01 us=156000 cf_initial_max = 100
2024-05-17 10:19:01 us=156000 cf_initial_per = 10
2024-05-17 10:19:01 us=156000 max_clients = 1024
2024-05-17 10:19:01 us=156000 max_routes_per_client = 256
2024-05-17 10:19:01 us=156000 auth_user_pass_verify_script = '[UNDEF]'
2024-05-17 10:19:01 us=156000 auth_user_pass_verify_script_via_file = DISABLED
2024-05-17 10:19:01 us=156000 auth_token_generate = DISABLED
2024-05-17 10:19:01 us=156000 force_key_material_export = DISABLED
2024-05-17 10:19:01 us=156000 auth_token_lifetime = 0
2024-05-17 10:19:01 us=156000 auth_token_secret_file = '[UNDEF]'
2024-05-17 10:19:01 us=156000 vlan_tagging = DISABLED
2024-05-17 10:19:01 us=156000 vlan_accept = all
2024-05-17 10:19:01 us=156000 vlan_pvid = 1
2024-05-17 10:19:01 us=156000 client = ENABLED
2024-05-17 10:19:01 us=156000 pull = ENABLED
2024-05-17 10:19:01 us=156000 auth_user_pass_file = 'stdin'
2024-05-17 10:19:01 us=156000 show_net_up = DISABLED
2024-05-17 10:19:01 us=156000 route_method = 3
2024-05-17 10:19:01 us=156000 block_outside_dns = DISABLED
2024-05-17 10:19:01 us=156000 ip_win32_defined = DISABLED
2024-05-17 10:19:01 us=156000 ip_win32_type = 3
2024-05-17 10:19:01 us=156000 dhcp_masq_offset = 0
2024-05-17 10:19:01 us=156000 dhcp_lease_time = 31536000
2024-05-17 10:19:01 us=156000 tap_sleep = 0
2024-05-17 10:19:01 us=156000 dhcp_options = 0x00000000
2024-05-17 10:19:01 us=156000 dhcp_renew = DISABLED
2024-05-17 10:19:01 us=156000 dhcp_pre_release = DISABLED
2024-05-17 10:19:01 us=156000 domain = '[UNDEF]'
2024-05-17 10:19:01 us=156000 netbios_scope = '[UNDEF]'
2024-05-17 10:19:01 us=156000 netbios_node_type = 0
2024-05-17 10:19:01 us=156000 disable_nbt = DISABLED
2024-05-17 10:19:01 us=156000 OpenVPN 2.6.10 [git:v2.6.10/ba0f62fb950c56a0] Windows [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Mar 20 2024
2024-05-17 10:19:01 us=156000 Windows version 10.0 (Windows 10 or greater), amd64 executable
2024-05-17 10:19:01 us=156000 library versions: OpenSSL 3.2.1 30 Jan 2024, LZO 2.10
2024-05-17 10:19:01 us=156000 DCO version: 1.0.1
2024-05-17 10:19:01 us=156000 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2024-05-17 10:19:01 us=156000 Need hold release from management interface, waiting...
2024-05-17 10:19:01 us=640000 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:62258
2024-05-17 10:19:01 us=750000 MANAGEMENT: CMD 'state on'
2024-05-17 10:19:01 us=750000 MANAGEMENT: CMD 'log on all'
2024-05-17 10:19:02 us=843000 MANAGEMENT: CMD 'echo on all'
2024-05-17 10:19:02 us=859000 MANAGEMENT: CMD 'bytecount 5'
2024-05-17 10:19:02 us=875000 MANAGEMENT: CMD 'state'
2024-05-17 10:19:02 us=875000 MANAGEMENT: CMD 'hold off'
2024-05-17 10:19:02 us=890000 MANAGEMENT: CMD 'hold release'
2024-05-17 10:19:11 us=62000 MANAGEMENT: CMD 'username "Auth" "XXX"'
2024-05-17 10:19:11 us=109000 MANAGEMENT: CMD 'password [...]'
2024-05-17 10:19:11 us=125000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-05-17 10:19:11 us=125000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-05-17 10:19:11 us=125000 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2024-05-17 10:19:11 us=125000 MANAGEMENT: >STATE:1715933951,RESOLVE,,,,,,
2024-05-17 10:19:11 us=140000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2024-05-17 10:19:11 us=140000 TCP/UDP: Preserving recently used remote address: [AF_INET]162.XXX:80
2024-05-17 10:19:11 us=140000 Socket Buffers: R=[65536->65536] S=[65536->65536]
2024-05-17 10:19:11 us=140000 Attempting to establish TCP connection with [AF_INET]162.XXX:80
2024-05-17 10:19:11 us=140000 MANAGEMENT: >STATE:1715933951,TCP_CONNECT,,,,,,
2024-05-17 10:19:11 us=140000 TCP connection established with [AF_INET]162.XXX:80
2024-05-17 10:19:11 us=140000 TCPv4_CLIENT link local: (not bound)
2024-05-17 10:19:11 us=140000 TCPv4_CLIENT link remote: [AF_INET]162.XXX:80
2024-05-17 10:19:11 us=140000 MANAGEMENT: >STATE:1715933951,WAIT,,,,,,
WR2024-05-17 10:19:11 us=156000 MANAGEMENT: >STATE:1715933951,AUTH,,,,,,
2024-05-17 10:19:11 us=156000 TLS: Initial packet from [AF_INET]162.XXX:80, sid=db067d6b 20fc27d5
2024-05-17 10:19:11 us=156000 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
WRRWR2024-05-17 10:19:11 us=171000 VERIFY OK: depth=1, CN=ies-CA
2024-05-17 10:19:11 us=171000 VERIFY KU OK
2024-05-17 10:19:11 us=171000 Validating certificate extended key usage
2024-05-17 10:19:11 us=171000 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-05-17 10:19:11 us=171000 VERIFY EKU OK
2024-05-17 10:19:11 us=171000 VERIFY OK: depth=0, CN=server
WRWRWR2024-05-17 10:19:11 us=250000 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
2024-05-17 10:19:11 us=250000 [server] Peer Connection Initiated with [AF_INET]162.38.134.154:80
2024-05-17 10:19:11 us=250000 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-05-17 10:19:11 us=250000 TLS: tls_multi_process: initial untrusted session promoted to trusted
W2024-05-17 10:19:12 us=500000 MANAGEMENT: >STATE:1715933952,GET_CONFIG,,,,,,
2024-05-17 10:19:12 us=500000 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
WRR2024-05-17 10:19:12 us=546000 PUSH: Received control message: 'PUSH_REPLY,route 162.38.XXX 255.255.255.255 net_gateway,route ....
2024-05-17 10:19:12 us=546000 OPTIONS IMPORT: --ifconfig/up options modified
2024-05-17 10:19:12 us=546000 OPTIONS IMPORT: route options modified
2024-05-17 10:19:12 us=546000 OPTIONS IMPORT: route-related options modified
2024-05-17 10:19:12 us=546000 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-05-17 10:19:12 us=546000 interactive service msg_channel=620
2024-05-17 10:19:12 us=562000 ROUTE_GATEWAY 162.XXX/255.255.254.0 I=21 HWADDR=cc:48:3a:b5:bc:49
2024-05-17 10:19:12 us=562000 open_tun
2024-05-17 10:19:12 us=578000 tap-windows6 device [Connexion au réseau local] opened
2024-05-17 10:19:12 us=593000 TAP-Windows Driver Version 9.27
2024-05-17 10:19:12 us=593000 TAP-Windows MTU=1500
2024-05-17 10:19:12 us=593000 Set TAP-Windows TUN subnet mode network/local/netmask = 10.10.2.0/10.10.2.2/255.255.255.0 [SUCCEEDED]
2024-05-17 10:19:12 us=593000 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.10.2.2/255.255.255.0 on interface {BBCFBE65-3D72-4255-AD58-CDD135596B9D} [DHCP-serv: 10.10.2.0, lease-time: 31536000]
2024-05-17 10:19:12 us=593000 DHCP option string: 060ca226 8603c133 9898c133 9899
2024-05-17 10:19:12 us=609000 Successful ARP Flush on interface [24] {BBCFBE65-3D72-4255-AD58-CDD135596B9D}
2024-05-17 10:19:12 us=656000 do_ifconfig, ipv4=1, ipv6=0
2024-05-17 10:19:12 us=656000 MANAGEMENT: >STATE:1715933952,ASSIGN_IP,,10.10.2.2,,,,
2024-05-17 10:19:12 us=656000 IPv4 MTU set to 1500 on interface 24 using service
2024-05-17 10:19:12 us=656000 Data Channel MTU parms [ mss_fix:1324 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2024-05-17 10:19:12 us=656000 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2024-05-17 10:19:12 us=656000 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2024-05-17 10:19:12 us=656000 Data Channel: cipher 'AES-256-GCM', peer-id: 0
2024-05-17 10:19:12 us=656000 Timers: ping 10, ping-restart 120
WrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrW2024-05-17 10:19:18 us=78000 TEST ROUTES: 18/18 succeeded len=18 ret=1 a=0 u/d=up
2024-05-17 10:19:18 us=78000 MANAGEMENT: >STATE:1715933958,ADD_ROUTES,,,,,,
2024-05-17 10:19:18 us=78000 C:\WINDOWS\system32\route.exe ADD 162.XXX MASK 255.255.255.255 162.XXX IF 21
...
2024-05-17 10:19:18 us=578000 Route addition via service succeeded
2024-05-17 10:19:18 us=578000 Initialization Sequence Completed
2024-05-17 10:19:18 us=578000 MANAGEMENT: >STATE:1715933958,CONNECTED,SUCCESS,10.10.2.2,162.XXX,80,162.XXX,62267
rWrWrWrWrWrWrWrWrWrWrWRrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrW2024-05-17 10:19:40 us=171000 read TCPv4_CLIENT: Connection timed out (WSAETIMEDOUT) (fd=230,code=10060)
2024-05-17 10:19:40 us=171000 Connection reset, restarting [-1]
2024-05-17 10:19:40 us=171000 TCP/UDP: Closing socket
2024-05-17 10:19:40 us=171000 SIGUSR1[soft,connection-reset] received, process restarting
2024-05-17 10:19:40 us=171000 MANAGEMENT: >STATE:1715933980,RECONNECTING,connection-reset,,,,,
2024-05-17 10:19:40 us=171000 Restart pause, 1 second(s)
2024-05-17 10:19:41 us=187000 Re-using SSL/TLS context
2024-05-17 10:19:41 us=187000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-05-17 10:19:41 us=187000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2024-05-17 10:19:41 us=187000 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2024-05-17 10:19:41 us=187000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2024-05-17 10:19:41 us=187000 TCP/UDP: Preserving recently used remote address: [AF_INET]162.XXX:80
2024-05-17 10:19:41 us=187000 Socket Buffers: R=[65536->65536] S=[65536->65536]
2024-05-17 10:19:41 us=187000 Attempting to establish TCP connection with [AF_INET]162.XXX:80
2024-05-17 10:19:41 us=187000 MANAGEMENT: >STATE:1715933981,TCP_CONNECT,,,,,,
So the TAP connection also fails as well. So it might "only" that the connection timeout is not properly communicated with a proper message.
Connection timed out (WSAETIMEDOUT) (fd=230,code=10060)
This may be what is happening with dco too --- semaphore timeout is often a less useful way of saying some I/O completion routine timed out which is now clear that its WSAETIMEDOUT.
I would suspect something wrong with the local network. Does this happen with multiple windows machines or only some?
Hi @selvanair Connecting other TCP is something I'm trying, so I can't say for other machines yet. When i tested, I was in the same local network as the openvpn server. Later, I established a connection from my home Wifi, and the connection was successful and did not disconnect after a few seconds. So, I can say it is working. I don't need to use openvpn in the same local network, but outside, like I did from my home. Next week, I will do an another test with my office Wifi. Normally, it should be fine because it is an another network. Il will confirm you.
I can say that when I use openvpn other UDP in the same network, I never get disconnected, but when I do openvpn TCP, it does. Do you think it's usual ?
Thanks
I can say that when I use openvpn other UDP in the same network, I never get disconnected, but when I do openvpn TCP, it does. Do you think it's usual ?
No, this is not usual. As its working from outside, but not from the local LAN, could be some misconfigured routing too. I see only one route being set (direct route to the server via net-gateway?) which is redundant in this case but harmless. On the LAN it will just cause some ICMP redirect messages.
We have not seen your server / client configs for udp vs tcp to know whether there any offending settings. Also too much is elided from the logs -- like routes, push reply.
Preferably mask the prefix part of IP addresses leaving the lower bytes in clear: For example, IP x.y.134.154 and network x.y.134.0/24 instead of 162.38.xxx and 162.138.yyy/24 provides more privacy and more useful information. That said we already know your server IP from the first post :)
@selvanair Thanks for your advice on writing IP addresses. I'll remember it To conclude, some tests that I carried out from my compagny networks. First, only connected by Wifi : openVPN other TCP 80 works I added the ethernet connection : OK I disconnected Wifi, just keeping Ethernet : disconnected
I asked a colleague to try using his computer (Windows 11). His client was openvpn-gui 2.4.9 : it works. I asked him to install the last version, openvpn 2.6.10 : it works.
I can see the problem was not on his machine, but only mine. I can figure out why my machine had this kind of issue (my network card ? something else ?).
Thank you for all your answers.
Thanks
Hi, Openvpn server 2.4.12 OpenVPN GUI v11.48.0.0 client 2.6.10 on Windows 11 Professionnal 23H2
My connection with the server is done on UDP port 1194 and everything works perfectly.
Now I add a second openvpn instance on the server because I want the client can connect on a TCP 80 port (sometimes the UDP port 1194 is not open on the network firewall). The instances work on the server :
I add a second configuration on client with : proto tcp and remote server 80 The connection is established, but is cut after a few seconds The same issue described on the forum: https://forums.openvpn.net/viewtopic.php?t=35419#p110702
I tried to add : disable-dco, but it is the same issue with TAP-Windows adapter.
I think it is because i try to connect with TCP that this issue appears. If i change the configuration on UDP 80, everything works. No logs on the server, so i think it is a client problem.
Is there a solution to make working openvpn on TCP ?
Thanks