Hello I''m hoping you guys can help me figure this out. When I use shorewall clear my windows openvpn client connects perfectly every time. But when I have the shorewall up 90% (not every time) it will connect for about a second and then the connection will reset and that will repeat over and over so i never don''t really get a steady connection at all. I can tell you that for the split second I do get a vaild IP on the network so i think that i get through alright, but when I am reset then it loses the IP and goes to 169.x.x.x So something is off with shorewall i guess... I''ll attach my client log along with my shorewall configs. Shorewall-Policy: ############################################################################### #SOURCE DEST POLICY LOG LIMIT:BURST # LEVEL loc net ACCEPT loc vpn ACCEPT vpn loc ACCEPT vpn fw ACCEPT vpn net ACCEPT net all DROP info # # THE FOLLOWING POLICY MUST BE LAST Shorewall-Interfaces: ############################################################################## net eth0 detect dhcp - br0 detect #vpn tap+ #ZONE INTERFACE BROADCAST OPTIONS # #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE Shorewall-Hosts: #ZONE HOST(S) OPTIONS loc br0:eth1 vpn br0:tap+ routeback #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE Shorewall-Tunnels: # ZONE openvpn:tcp:1194 net 0.0.0.0/0 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
openvpn:tcp:1194 net 0.0.0.0/0 doesn''t openvpn run over udp by default? from http://openvpn.net/howto.html: Starting the server First, make sure the OpenVPN server will be accessible from the internet. That means: opening up UDP port 1194 on the firewall (or whatever TCP/UDP port you''ve configured), or setting up a port forward rule to forward UDP port 1194 from the firewall/gateway to the machine running the OpenVPN server. Jerry Vonau ----- Original Message ----- From: <davenews@thebarnums.net> To: "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Thursday, March 17, 2005 22:22 Subject: [Shorewall-users] Openvpn Connection Reset> Hello I''m hoping you guys can help me figure this out. When I use > shorewall clear my windows openvpn client connects perfectly every > time. But when I have the shorewall up 90% (not every time) it will > connect for about a second and then the connection will reset and that > will repeat over and over so i never don''t really get a steady > connection at all. I can tell you that for the split second I do get a > vaild IP on the network so i think that i get through alright, but when > I am reset then it loses the IP and goes to 169.x.x.x So something is > off with shorewall i guess... > > I''ll attach my client log along with my shorewall configs. > > > Shorewall-Policy: >###############################################################################> #SOURCE DEST POLICY LOG LIMIT:BURST > # LEVEL > loc net ACCEPT > loc vpn ACCEPT > vpn loc ACCEPT > vpn fw ACCEPT > vpn net ACCEPT > net all DROP info > # > # THE FOLLOWING POLICY MUST BE LAST > > > Shorewall-Interfaces: > ############################################################################## > net eth0 detect dhcp > - br0 detect > #vpn tap+ > #ZONE INTERFACE BROADCAST OPTIONS > # > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > > Shorewall-Hosts: > #ZONE HOST(S) OPTIONS > loc br0:eth1 > vpn br0:tap+ routeback > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE > > > Shorewall-Tunnels: > # ZONE > openvpn:tcp:1194 net 0.0.0.0/0 > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > > >--------------------------------------------------------------------------------> Thu Mar 17 23:00:09 2005 NOTE: --user option is not implemented on Windows > Thu Mar 17 23:00:09 2005 NOTE: --group option is not implemented on Windows > Thu Mar 17 23:00:09 2005 OpenVPN 2.0_rc16 Win32-MinGW [SSL] [LZO] built on Feb20 2005> Thu Mar 17 23:00:09 2005 IMPORTANT: OpenVPN''s default port number is now 1194,based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.> Thu Mar 17 23:00:09 2005 WARNING: No server certificate verification methodhas been enabled. See http://openvpn.net/howto.html#mitm for more info.> Thu Mar 17 23:00:09 2005 Control Channel Authentication: using ''ta.key'' as aOpenVPN static key file> Thu Mar 17 23:00:09 2005 Outgoing Control Channel Authentication: Using 160bit message hash ''SHA1'' for HMAC authentication> Thu Mar 17 23:00:09 2005 Incoming Control Channel Authentication: Using 160bit message hash ''SHA1'' for HMAC authentication> Thu Mar 17 23:00:09 2005 Control Channel MTU parms [ L:1575 D:168 EF:68 EB:0ET:0 EL:0 ]> Thu Mar 17 23:00:10 2005 Data Channel MTU parms [ L:1575 D:1450 EF:43 EB:4ET:32 EL:0 ]> Thu Mar 17 23:00:10 2005 Local Options hash (VER=V4): ''8a6c6b5b'' > Thu Mar 17 23:00:10 2005 Expected Remote Options hash (VER=V4): ''47106f19'' > Thu Mar 17 23:00:10 2005 Attempting to establish TCP connection with70.176.14x.xxx:1194> Thu Mar 17 23:00:10 2005 TCP connection established with 70.176.14x.xxx:1194 > Thu Mar 17 23:00:10 2005 TCPv4_CLIENT link local: [undef] > Thu Mar 17 23:00:10 2005 TCPv4_CLIENT link remote: 70.176.14x.xxx:1194 > Thu Mar 17 23:00:10 2005 TLS: Initial packet from 70.176.14x.xxx:1194,sid=6c62d394 ceef1939> Thu Mar 17 23:00:12 2005 VERIFY OK: depth=1,/C=US/ST=AZ/L=Tempe/O=House/OU=IT/CN=x/emailAddress=administrator@x.org> Thu Mar 17 23:00:12 2005 VERIFY OK: depth=0,/C=US/ST=AZ/O=House/OU=IT/CN=x/emailAddress=administrator@x.org> Thu Mar 17 23:00:15 2005 Data Channel Encrypt: Cipher ''BF-CBC'' initializedwith 128 bit key> Thu Mar 17 23:00:15 2005 Data Channel Encrypt: Using 160 bit message hash''SHA1'' for HMAC authentication> Thu Mar 17 23:00:15 2005 Data Channel Decrypt: Cipher ''BF-CBC'' initializedwith 128 bit key> Thu Mar 17 23:00:15 2005 Data Channel Decrypt: Using 160 bit message hash''SHA1'' for HMAC authentication> Thu Mar 17 23:00:15 2005 Control Channel: TLSv1, cipher TLSv1/SSLv3DHE-RSA-AES256-SHA, 1024 bit RSA> Thu Mar 17 23:00:15 2005 [x] Peer Connection Initiated with70.176.14x.xxx:1194> Thu Mar 17 23:00:16 2005 SENT CONTROL [x]: ''PUSH_REQUEST'' (status=1) > Thu Mar 17 23:00:16 2005 PUSH: Received control message: ''PUSH_REPLY,route192.168.7.0 255.255.255.0,dhcp-option DNS 192.168.7.1,route-gateway 192.168.7.3,ping 10,ping-restart 120,ifconfig 192.168.7.232 255.255.255.0''> Thu Mar 17 23:00:16 2005 OPTIONS IMPORT: timers and/or timeouts modified > Thu Mar 17 23:00:16 2005 OPTIONS IMPORT: --ifconfig/up options modified > Thu Mar 17 23:00:16 2005 OPTIONS IMPORT: route options modified > Thu Mar 17 23:00:16 2005 OPTIONS IMPORT: --ip-win32 and/or --dhcp-optionoptions modified> Thu Mar 17 23:00:16 2005 ******** NOTE: Please manually set the IP/netmask of''Local Area Connection 5'' to 192.168.7.232/255.255.255.0 (if it is not already set)> Thu Mar 17 23:00:16 2005 TAP-WIN32 device [Local Area Connection 5] opened:\\.\Global\{158A4135-9D9F-4019-87EE-82F963DF77C3}.tap> Thu Mar 17 23:00:16 2005 TAP-Win32 Driver Version 8.1 > Thu Mar 17 23:00:16 2005 TAP-Win32 MTU=1500 > Thu Mar 17 23:00:16 2005 Successful ARP Flush on interface [131075]{158A4135-9D9F-4019-87EE-82F963DF77C3}> Thu Mar 17 23:00:16 2005 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down > Thu Mar 17 23:00:16 2005 Route: Waiting for TUN/TAP interface to come up... > Thu Mar 17 23:00:17 2005 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down > Thu Mar 17 23:00:17 2005 Route: Waiting for TUN/TAP interface to come up... > Thu Mar 17 23:00:18 2005 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down > Thu Mar 17 23:00:18 2005 Route: Waiting for TUN/TAP interface to come up... > Thu Mar 17 23:00:19 2005 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down > Thu Mar 17 23:00:19 2005 Route: Waiting for TUN/TAP interface to come up... > Thu Mar 17 23:00:20 2005 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down > Thu Mar 17 23:00:20 2005 Route: Waiting for TUN/TAP interface to come up... > Thu Mar 17 23:00:21 2005 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down > Thu Mar 17 23:00:21 2005 Route: Waiting for TUN/TAP interface to come up... > Thu Mar 17 23:00:22 2005 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down > Thu Mar 17 23:00:22 2005 Route: Waiting for TUN/TAP interface to come up... > Thu Mar 17 23:00:23 2005 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down > Thu Mar 17 23:00:23 2005 Route: Waiting for TUN/TAP interface to come up... > Thu Mar 17 23:00:24 2005 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down > Thu Mar 17 23:00:24 2005 Route: Waiting for TUN/TAP interface to come up... > Thu Mar 17 23:00:25 2005 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down > Thu Mar 17 23:00:25 2005 Route: Waiting for TUN/TAP interface to come up... > Thu Mar 17 23:00:26 2005 Connection reset, restarting [0] > Thu Mar 17 23:00:26 2005 TCP/UDP: Closing socket > Thu Mar 17 23:00:26 2005 SIGUSR1[soft,connection-reset] received, processrestarting> Thu Mar 17 23:00:26 2005 Restart pause, 5 second(s) > Thu Mar 17 23:00:31 2005 IMPORTANT: OpenVPN''s default port number is now 1194,based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.> Thu Mar 17 23:00:31 2005 WARNING: No server certificate verification methodhas been enabled. See http://openvpn.net/howto.html#mitm for more info.> Thu Mar 17 23:00:31 2005 Re-using SSL/TLS context > Thu Mar 17 23:00:31 2005 Control Channel MTU parms [ L:1575 D:168 EF:68 EB:0ET:0 EL:0 ]> Thu Mar 17 23:00:31 2005 Data Channel MTU parms [ L:1575 D:1450 EF:43 EB:4ET:32 EL:0 ]> Thu Mar 17 23:00:31 2005 Local Options hash (VER=V4): ''8a6c6b5b'' > Thu Mar 17 23:00:31 2005 Expected Remote Options hash (VER=V4): ''47106f19'' > Thu Mar 17 23:00:31 2005 Attempting to establish TCP connection with70.176.14x.xxx:1194> Thu Mar 17 23:00:31 2005 TCP connection established with 70.176.14x.xxx:1194 > Thu Mar 17 23:00:31 2005 TCPv4_CLIENT link local: [undef] > Thu Mar 17 23:00:31 2005 TCPv4_CLIENT link remote: 70.176.14x.xxx:1194 > Thu Mar 17 23:00:31 2005 TLS: Initial packet from 70.176.14x.xxx:1194,sid=b23432df d182cf82> Thu Mar 17 23:00:33 2005 VERIFY OK: depth=1,/C=US/ST=AZ/L=Tempe/O=House/OU=IT/CN=x/emailAddress=administrator@x.org> Thu Mar 17 23:00:33 2005 VERIFY OK: depth=0,/C=US/ST=AZ/O=House/OU=IT/CN=x/emailAddress=administrator@x.org> Thu Mar 17 23:00:36 2005 Data Channel Encrypt: Cipher ''BF-CBC'' initializedwith 128 bit key> Thu Mar 17 23:00:36 2005 Data Channel Encrypt: Using 160 bit message hash''SHA1'' for HMAC authentication> Thu Mar 17 23:00:36 2005 Data Channel Decrypt: Cipher ''BF-CBC'' initializedwith 128 bit key> Thu Mar 17 23:00:36 2005 Data Channel Decrypt: Using 160 bit message hash''SHA1'' for HMAC authentication> Thu Mar 17 23:00:36 2005 Control Channel: TLSv1, cipher TLSv1/SSLv3DHE-RSA-AES256-SHA, 1024 bit RSA> Thu Mar 17 23:00:36 2005 [x] Peer Connection Initiated with70.176.14x.xxx:1194> Thu Mar 17 23:00:37 2005 SENT CONTROL [x]: ''PUSH_REQUEST'' (status=1) > Thu Mar 17 23:00:37 2005 PUSH: Received control message: ''PUSH_REPLY,route192.168.7.0 255.255.255.0,dhcp-option DNS 192.168.7.1,route-gateway 192.168.7.3,ping 10,ping-restart 120,ifconfig 192.168.7.232 255.255.255.0''> Thu Mar 17 23:00:37 2005 OPTIONS IMPORT: timers and/or timeouts modified > Thu Mar 17 23:00:37 2005 OPTIONS IMPORT: --ifconfig/up options modified > Thu Mar 17 23:00:37 2005 OPTIONS IMPORT: route options modified > Thu Mar 17 23:00:37 2005 OPTIONS IMPORT: --ip-win32 and/or --dhcp-optionoptions modified> Thu Mar 17 23:00:37 2005 Preserving previous TUN/TAP instance: Local AreaConnection 5> Thu Mar 17 23:00:37 2005 Initialization Sequence Completed > Thu Mar 17 23:00:46 2005 Connection reset, restarting [0] > Thu Mar 17 23:00:46 2005 TCP/UDP: Closing socket > Thu Mar 17 23:00:46 2005 SIGUSR1[soft,connection-reset] received, processrestarting> Thu Mar 17 23:00:46 2005 Restart pause, 5 second(s) > Thu Mar 17 23:00:51 2005 IMPORTANT: OpenVPN''s default port number is now 1194,based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.> Thu Mar 17 23:00:51 2005 WARNING: No server certificate verification methodhas been enabled. See http://openvpn.net/howto.html#mitm for more info.> Thu Mar 17 23:00:51 2005 Re-using SSL/TLS context--------------------------------------------------------------------------------> _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
davenews@thebarnums.net wrote:> Hello I''m hoping you guys can help me figure this out. When I use > shorewall clear my windows openvpn client connects perfectly every > time. But when I have the shorewall up 90% (not every time) it will > connect for about a second and then the connection will reset and that > will repeat over and over so i never don''t really get a steady > connection at all. I can tell you that for the split second I do get a > vaild IP on the network so i think that i get through alright, but when > I am reset then it loses the IP and goes to 169.x.x.x So something is > off with shorewall i guess... > > I''ll attach my client log along with my shorewall configs.We''d prefer to see the information we ask for at http://shorewall.net/support.htm. Your Windows box is establishing a TCP connection to your gateway on port 1194 and is exchanging packets. So your basic configuration of the tunnel is correct in Shorewall. Other than that, I can''t offer a guess. One comment though -- running a bridged OpenVPN session over TCP seems silly. I definitely believe that UDP is a better choice for a bridge. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Jerry Vonau wrote:>openvpn:tcp:1194 net 0.0.0.0/0 > >doesn''t openvpn run over udp by default? > >from http://openvpn.net/howto.html: > >Starting the server >First, make sure the OpenVPN server will be accessible from the internet. That >means: > >opening up UDP port 1194 on the firewall (or whatever TCP/UDP port you''ve >configured), or >setting up a port forward rule to forward UDP port 1194 from the >firewall/gateway to the machine running the OpenVPN server. > > > >Yes it does run over udp but i changed it to tcp. Perhaps I will change it back per Tom''s suggestion.>Jerry Vonau > >----- Original Message ----- >From: <davenews@thebarnums.net> >To: "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> >Sent: Thursday, March 17, 2005 22:22 >Subject: [Shorewall-users] Openvpn Connection Reset > > > > >>Hello I''m hoping you guys can help me figure this out. When I use >>shorewall clear my windows openvpn client connects perfectly every >>time. But when I have the shorewall up 90% (not every time) it will >>connect for about a second and then the connection will reset and that >>will repeat over and over so i never don''t really get a steady >>connection at all. I can tell you that for the split second I do get a >>vaild IP on the network so i think that i get through alright, but when >>I am reset then it loses the IP and goes to 169.x.x.x So something is >>off with shorewall i guess... >> >>I''ll attach my client log along with my shorewall configs. >> >> >>Shorewall-Policy: >> >> >> >############################################################################### > > >>#SOURCE DEST POLICY LOG LIMIT:BURST >># LEVEL >>loc net ACCEPT >>loc vpn ACCEPT >>vpn loc ACCEPT >>vpn fw ACCEPT >>vpn net ACCEPT >>net all DROP info >># >># THE FOLLOWING POLICY MUST BE LAST >> >> >>Shorewall-Interfaces: >>############################################################################## >>net eth0 detect dhcp >>- br0 detect >>#vpn tap+ >>#ZONE INTERFACE BROADCAST OPTIONS >># >>#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE >> >> >>Shorewall-Hosts: >>#ZONE HOST(S) OPTIONS >>loc br0:eth1 >>vpn br0:tap+ routeback >>#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE >> >> >>Shorewall-Tunnels: >># ZONE >>openvpn:tcp:1194 net 0.0.0.0/0 >>#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE >> >> >> >> >> >> > > >-------------------------------------------------------------------------------- > > > > >>Thu Mar 17 23:00:09 2005 NOTE: --user option is not implemented on Windows >>Thu Mar 17 23:00:09 2005 NOTE: --group option is not implemented on Windows >>Thu Mar 17 23:00:09 2005 OpenVPN 2.0_rc16 Win32-MinGW [SSL] [LZO] built on Feb >> >> >20 2005 > > >>Thu Mar 17 23:00:09 2005 IMPORTANT: OpenVPN''s default port number is now 1194, >> >> >based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and >earlier used 5000 as the default port. > > >>Thu Mar 17 23:00:09 2005 WARNING: No server certificate verification method >> >> >has been enabled. See http://openvpn.net/howto.html#mitm for more info. > > >>Thu Mar 17 23:00:09 2005 Control Channel Authentication: using ''ta.key'' as a >> >> >OpenVPN static key file > > >>Thu Mar 17 23:00:09 2005 Outgoing Control Channel Authentication: Using 160 >> >> >bit message hash ''SHA1'' for HMAC authentication > > >>Thu Mar 17 23:00:09 2005 Incoming Control Channel Authentication: Using 160 >> >> >bit message hash ''SHA1'' for HMAC authentication > > >>Thu Mar 17 23:00:09 2005 Control Channel MTU parms [ L:1575 D:168 EF:68 EB:0 >> >> >ET:0 EL:0 ] > > >>Thu Mar 17 23:00:10 2005 Data Channel MTU parms [ L:1575 D:1450 EF:43 EB:4 >> >> >ET:32 EL:0 ] > > >>Thu Mar 17 23:00:10 2005 Local Options hash (VER=V4): ''8a6c6b5b'' >>Thu Mar 17 23:00:10 2005 Expected Remote Options hash (VER=V4): ''47106f19'' >>Thu Mar 17 23:00:10 2005 Attempting to establish TCP connection with >> >> >70.176.14x.xxx:1194 > > >>Thu Mar 17 23:00:10 2005 TCP connection established with 70.176.14x.xxx:1194 >>Thu Mar 17 23:00:10 2005 TCPv4_CLIENT link local: [undef] >>Thu Mar 17 23:00:10 2005 TCPv4_CLIENT link remote: 70.176.14x.xxx:1194 >>Thu Mar 17 23:00:10 2005 TLS: Initial packet from 70.176.14x.xxx:1194, >> >> >sid=6c62d394 ceef1939 > > >>Thu Mar 17 23:00:12 2005 VERIFY OK: depth=1, >> >> >/C=US/ST=AZ/L=Tempe/O=House/OU=IT/CN=x/emailAddress=administrator@x.org > > >>Thu Mar 17 23:00:12 2005 VERIFY OK: depth=0, >> >> >/C=US/ST=AZ/O=House/OU=IT/CN=x/emailAddress=administrator@x.org > > >>Thu Mar 17 23:00:15 2005 Data Channel Encrypt: Cipher ''BF-CBC'' initialized >> >> >with 128 bit key > > >>Thu Mar 17 23:00:15 2005 Data Channel Encrypt: Using 160 bit message hash >> >> >''SHA1'' for HMAC authentication > > >>Thu Mar 17 23:00:15 2005 Data Channel Decrypt: Cipher ''BF-CBC'' initialized >> >> >with 128 bit key > > >>Thu Mar 17 23:00:15 2005 Data Channel Decrypt: Using 160 bit message hash >> >> >''SHA1'' for HMAC authentication > > >>Thu Mar 17 23:00:15 2005 Control Channel: TLSv1, cipher TLSv1/SSLv3 >> >> >DHE-RSA-AES256-SHA, 1024 bit RSA > > >>Thu Mar 17 23:00:15 2005 [x] Peer Connection Initiated with >> >> >70.176.14x.xxx:1194 > > >>Thu Mar 17 23:00:16 2005 SENT CONTROL [x]: ''PUSH_REQUEST'' (status=1) >>Thu Mar 17 23:00:16 2005 PUSH: Received control message: ''PUSH_REPLY,route >> >> >192.168.7.0 255.255.255.0,dhcp-option DNS 192.168.7.1,route-gateway >192.168.7.3,ping 10,ping-restart 120,ifconfig 192.168.7.232 255.255.255.0'' > > >>Thu Mar 17 23:00:16 2005 OPTIONS IMPORT: timers and/or timeouts modified >>Thu Mar 17 23:00:16 2005 OPTIONS IMPORT: --ifconfig/up options modified >>Thu Mar 17 23:00:16 2005 OPTIONS IMPORT: route options modified >>Thu Mar 17 23:00:16 2005 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option >> >> >options modified > > >>Thu Mar 17 23:00:16 2005 ******** NOTE: Please manually set the IP/netmask of >> >> >''Local Area Connection 5'' to 192.168.7.232/255.255.255.0 (if it is not already >set) > > >>Thu Mar 17 23:00:16 2005 TAP-WIN32 device [Local Area Connection 5] opened: >> >> >\\.\Global\{158A4135-9D9F-4019-87EE-82F963DF77C3}.tap > > >>Thu Mar 17 23:00:16 2005 TAP-Win32 Driver Version 8.1 >>Thu Mar 17 23:00:16 2005 TAP-Win32 MTU=1500 >>Thu Mar 17 23:00:16 2005 Successful ARP Flush on interface [131075] >> >> >{158A4135-9D9F-4019-87EE-82F963DF77C3} > > >>Thu Mar 17 23:00:16 2005 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down >>Thu Mar 17 23:00:16 2005 Route: Waiting for TUN/TAP interface to come up... >>Thu Mar 17 23:00:17 2005 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down >>Thu Mar 17 23:00:17 2005 Route: Waiting for TUN/TAP interface to come up... >>Thu Mar 17 23:00:18 2005 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down >>Thu Mar 17 23:00:18 2005 Route: Waiting for TUN/TAP interface to come up... >>Thu Mar 17 23:00:19 2005 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down >>Thu Mar 17 23:00:19 2005 Route: Waiting for TUN/TAP interface to come up... >>Thu Mar 17 23:00:20 2005 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down >>Thu Mar 17 23:00:20 2005 Route: Waiting for TUN/TAP interface to come up... >>Thu Mar 17 23:00:21 2005 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down >>Thu Mar 17 23:00:21 2005 Route: Waiting for TUN/TAP interface to come up... >>Thu Mar 17 23:00:22 2005 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down >>Thu Mar 17 23:00:22 2005 Route: Waiting for TUN/TAP interface to come up... >>Thu Mar 17 23:00:23 2005 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down >>Thu Mar 17 23:00:23 2005 Route: Waiting for TUN/TAP interface to come up... >>Thu Mar 17 23:00:24 2005 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down >>Thu Mar 17 23:00:24 2005 Route: Waiting for TUN/TAP interface to come up... >>Thu Mar 17 23:00:25 2005 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down >>Thu Mar 17 23:00:25 2005 Route: Waiting for TUN/TAP interface to come up... >>Thu Mar 17 23:00:26 2005 Connection reset, restarting [0] >>Thu Mar 17 23:00:26 2005 TCP/UDP: Closing socket >>Thu Mar 17 23:00:26 2005 SIGUSR1[soft,connection-reset] received, process >> >> >restarting > > >>Thu Mar 17 23:00:26 2005 Restart pause, 5 second(s) >>Thu Mar 17 23:00:31 2005 IMPORTANT: OpenVPN''s default port number is now 1194, >> >> >based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and >earlier used 5000 as the default port. > > >>Thu Mar 17 23:00:31 2005 WARNING: No server certificate verification method >> >> >has been enabled. See http://openvpn.net/howto.html#mitm for more info. > > >>Thu Mar 17 23:00:31 2005 Re-using SSL/TLS context >>Thu Mar 17 23:00:31 2005 Control Channel MTU parms [ L:1575 D:168 EF:68 EB:0 >> >> >ET:0 EL:0 ] > > >>Thu Mar 17 23:00:31 2005 Data Channel MTU parms [ L:1575 D:1450 EF:43 EB:4 >> >> >ET:32 EL:0 ] > > >>Thu Mar 17 23:00:31 2005 Local Options hash (VER=V4): ''8a6c6b5b'' >>Thu Mar 17 23:00:31 2005 Expected Remote Options hash (VER=V4): ''47106f19'' >>Thu Mar 17 23:00:31 2005 Attempting to establish TCP connection with >> >> >70.176.14x.xxx:1194 > > >>Thu Mar 17 23:00:31 2005 TCP connection established with 70.176.14x.xxx:1194 >>Thu Mar 17 23:00:31 2005 TCPv4_CLIENT link local: [undef] >>Thu Mar 17 23:00:31 2005 TCPv4_CLIENT link remote: 70.176.14x.xxx:1194 >>Thu Mar 17 23:00:31 2005 TLS: Initial packet from 70.176.14x.xxx:1194, >> >> >sid=b23432df d182cf82 > > >>Thu Mar 17 23:00:33 2005 VERIFY OK: depth=1, >> >> >/C=US/ST=AZ/L=Tempe/O=House/OU=IT/CN=x/emailAddress=administrator@x.org > > >>Thu Mar 17 23:00:33 2005 VERIFY OK: depth=0, >> >> >/C=US/ST=AZ/O=House/OU=IT/CN=x/emailAddress=administrator@x.org > > >>Thu Mar 17 23:00:36 2005 Data Channel Encrypt: Cipher ''BF-CBC'' initialized >> >> >with 128 bit key > > >>Thu Mar 17 23:00:36 2005 Data Channel Encrypt: Using 160 bit message hash >> >> >''SHA1'' for HMAC authentication > > >>Thu Mar 17 23:00:36 2005 Data Channel Decrypt: Cipher ''BF-CBC'' initialized >> >> >with 128 bit key > > >>Thu Mar 17 23:00:36 2005 Data Channel Decrypt: Using 160 bit message hash >> >> >''SHA1'' for HMAC authentication > > >>Thu Mar 17 23:00:36 2005 Control Channel: TLSv1, cipher TLSv1/SSLv3 >> >> >DHE-RSA-AES256-SHA, 1024 bit RSA > > >>Thu Mar 17 23:00:36 2005 [x] Peer Connection Initiated with >> >> >70.176.14x.xxx:1194 > > >>Thu Mar 17 23:00:37 2005 SENT CONTROL [x]: ''PUSH_REQUEST'' (status=1) >>Thu Mar 17 23:00:37 2005 PUSH: Received control message: ''PUSH_REPLY,route >> >> >192.168.7.0 255.255.255.0,dhcp-option DNS 192.168.7.1,route-gateway >192.168.7.3,ping 10,ping-restart 120,ifconfig 192.168.7.232 255.255.255.0'' > > >>Thu Mar 17 23:00:37 2005 OPTIONS IMPORT: timers and/or timeouts modified >>Thu Mar 17 23:00:37 2005 OPTIONS IMPORT: --ifconfig/up options modified >>Thu Mar 17 23:00:37 2005 OPTIONS IMPORT: route options modified >>Thu Mar 17 23:00:37 2005 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option >> >> >options modified > > >>Thu Mar 17 23:00:37 2005 Preserving previous TUN/TAP instance: Local Area >> >> >Connection 5 > > >>Thu Mar 17 23:00:37 2005 Initialization Sequence Completed >>Thu Mar 17 23:00:46 2005 Connection reset, restarting [0] >>Thu Mar 17 23:00:46 2005 TCP/UDP: Closing socket >>Thu Mar 17 23:00:46 2005 SIGUSR1[soft,connection-reset] received, process >> >> >restarting > > >>Thu Mar 17 23:00:46 2005 Restart pause, 5 second(s) >>Thu Mar 17 23:00:51 2005 IMPORTANT: OpenVPN''s default port number is now 1194, >> >> >based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and >earlier used 5000 as the default port. > > >>Thu Mar 17 23:00:51 2005 WARNING: No server certificate verification method >> >> >has been enabled. See http://openvpn.net/howto.html#mitm for more info. > > >>Thu Mar 17 23:00:51 2005 Re-using SSL/TLS context >> >> > > >-------------------------------------------------------------------------------- > > > > >>_______________________________________________ >>Shorewall-users mailing list >>Post: Shorewall-users@lists.shorewall.net >>Subscribe/Unsubscribe: >> >> >https://lists.shorewall.net/mailman/listinfo/shorewall-users > > >>Support: http://www.shorewall.net/support.htm >>FAQ: http://www.shorewall.net/FAQ.htm >> >> > >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users >Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm > > > > >