服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 当OpenVPN客户端打开,远程SSH访问不起作用
Intereting Posts
如何为OpenVPN服务器configuration多个地址池? ZFS / Solaris上的NFS IO优先级 如何从公共互联网电脑安全浏览? 是否有可能设置Java自动更新? 优点缺点? 针对Ubuntu 10.04的PCI-E 2.0 x8 SAS / SATA RAID控制器build议? 在AWS上运行nginx会发回“ERR_CONNECTION_TIMED_OUT”响应 .net web应用程序在IIS交换文件夹没有appdomain重新加载 使用上游和位置为php-fpm有什么区别? 运行域控制器的风险是什么,以便可以从互联网访问? AWS上的Gitlab Runner在一段时间后变得非常慢 awstats密码保护 没有域的WSUS URI用假子域和多个variables重写 IIS服务器为asp.net 4.0不起作用 在tomcat中定期的无反应

当OpenVPN客户端打开,远程SSH访问不起作用

我是一个新的用户论坛,我正在做我的第一个VPN设置。

我用PrivateInternetAccess购买了VPN服务。 我正在VMware ESXi远程主机上设置Linux VM(CentOS 6.5服务器)。 它位于另一个虚拟机的后面,它使得多个虚拟机具有NATfunction。 我可以完全访问ESXi主机和NAT服务器,进行必要的更改。

我在服务器上有一个openvpn客户端,它工作正常。

我的问题是,当我激活客户端和隧道的作品,我失去了通过SSH连接到服务器。

我想我必须添加一个规则来分开configuration文件或在Iptables保持打开SSH端口。

如果您需要任何附加信息,我会尽快添加。

=============

客户端configuration文件: 

client dev tun proto udp remote xxx.privateinternetaccess.com 1194 resolv-retry infinite nobind persist-key persist-tun ca /etc/openvpn/ca.crt crl-verify /etc/openvpn/crl.pem tls-client remote-cert-tls server comp-lzo reneg-sec 0 verb 4 # verbose mode status /etc/openvpn/openvpn-status.log log /etc/openvpn/openvpn-log.log auth-user-pass /etc/openvpn/login.pia

=============

曾经连接到VPN的IP客户端是(隧道ips每个会话更改): 

 eth1 Link encap:Ethernet HWaddr 00:0C:29:6F:FA:48 inet addr:192.168.100.13 Bcast:192.168.100.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 test 1: tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.113.1.6 PtP:10.113.1.5 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 test 2: tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.188.1.10 PtP:10.188.1.9 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 Tunnel vpn public IP: test 1: 93.115.83.16 test 2: 5.254.100.67 test 3: 93.115.85.39

=============

/ etc / sysconfig / iptables文件: 

 # Generated by iptables-save v1.4.7 on Fri Oct 24 08:19:30 2014 *mangle :PREROUTING ACCEPT [3340:3277701] :INPUT ACCEPT [3114:3220261] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [2532:706816] :POSTROUTING ACCEPT [2532:706816] COMMIT # Completed on Fri Oct 24 08:19:30 2014 # Generated by iptables-save v1.4.7 on Fri Oct 24 08:19:30 2014 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT # Completed on Fri Oct 24 08:19:30 2014 # Generated by iptables-save v1.4.7 on Fri Oct 24 08:19:30 2014 *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT # Completed on Fri Oct 24 08:19:30 2014

=============

iptables允许所有stream量,因为与vpn客户端的服务器是在另一个后面,这使得路由,没有过滤。

一旦连接到VPN,“iptables -L -n -v”的输出是: 

 Chain INPUT (policy ACCEPT 1185 packets, 1301K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 1490 packets, 568K bytes) pkts bytes target prot opt in out source destination

为“iptables -L -n -v -t nat” 

 Chain PREROUTING (policy ACCEPT 18 packets, 1475 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 4 packets, 236 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 4 packets, 236 bytes) pkts bytes target prot opt in out source destination

=============

运行vpn客户端之前的路由(netstat -rn) 

 Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 192.168.100.10 0.0.0.0 UG 0 0 0 eth1

运行vpn客户端后的路由(netstat -rn) 

 Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 10.110.1.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 93.115.85.39 192.168.100.10 255.255.255.255 UGH 0 0 0 eth1 10.110.1.1 10.110.1.5 255.255.255.255 UGH 0 0 0 tun0 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 10.110.1.5 128.0.0.0 UG 0 0 0 tun0 128.0.0.0 10.110.1.5 128.0.0.0 UG 0 0 0 tun0 0.0.0.0 192.168.100.10 0.0.0.0 UG 0 0 0 eth1

=============

我已经解决了使用服务器和公共IP,我用来login之间的静态路由。 

 ip route add my.local.pc.ip/32 via 192.168.100.10 dev eth1

最好的祝福

我发现这个以前的post,我跟着他的步骤,改变我的networking设置,但我没有得到它的工作。

匿名化OpenVPN允许SSH访问内部服务器

我想我失去了一些东西或私人internetaccess设置(通过推接收)阻止生效。

任何想法如何继续testing?

openvpn客户端日志,动词4: 

 Mon Oct 27 17:54:14 2014 us=164352 Current Parameter Settings: Mon Oct 27 17:54:14 2014 us=164412 config = '/etc/openvpn/client.conf' Mon Oct 27 17:54:14 2014 us=164422 mode = 0 Mon Oct 27 17:54:14 2014 us=164429 persist_config = DISABLED Mon Oct 27 17:54:14 2014 us=164436 persist_mode = 1 Mon Oct 27 17:54:14 2014 us=164443 show_ciphers = DISABLED Mon Oct 27 17:54:14 2014 us=164449 show_digests = DISABLED Mon Oct 27 17:54:14 2014 us=164455 show_engines = DISABLED Mon Oct 27 17:54:14 2014 us=164461 genkey = DISABLED Mon Oct 27 17:54:14 2014 us=164467 key_pass_file = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164473 show_tls_ciphers = DISABLED Mon Oct 27 17:54:14 2014 us=164479 Connection profiles [default]: Mon Oct 27 17:54:14 2014 us=164485 proto = udp Mon Oct 27 17:54:14 2014 us=164491 local = '192.168.100.13' Mon Oct 27 17:54:14 2014 us=164497 local_port = 1194 Mon Oct 27 17:54:14 2014 us=164503 remote = 'ro.privateinternetaccess.com' Mon Oct 27 17:54:14 2014 us=164509 remote_port = 1194 Mon Oct 27 17:54:14 2014 us=164515 remote_float = DISABLED Mon Oct 27 17:54:14 2014 us=164521 bind_defined = DISABLED Mon Oct 27 17:54:14 2014 us=164527 bind_local = ENABLED Mon Oct 27 17:54:14 2014 us=164533 connect_retry_seconds = 5 Mon Oct 27 17:54:14 2014 us=164539 connect_timeout = 10 Mon Oct 27 17:54:14 2014 us=164545 connect_retry_max = 0 Mon Oct 27 17:54:14 2014 us=164551 socks_proxy_server = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164557 socks_proxy_port = 0 Mon Oct 27 17:54:14 2014 us=164563 socks_proxy_retry = DISABLED Mon Oct 27 17:54:14 2014 us=164568 tun_mtu = 1500 Mon Oct 27 17:54:14 2014 us=164574 tun_mtu_defined = ENABLED Mon Oct 27 17:54:14 2014 us=164580 link_mtu = 1500 Mon Oct 27 17:54:14 2014 us=164586 link_mtu_defined = DISABLED Mon Oct 27 17:54:14 2014 us=164592 tun_mtu_extra = 0 Mon Oct 27 17:54:14 2014 us=164598 tun_mtu_extra_defined = DISABLED Mon Oct 27 17:54:14 2014 us=164603 mtu_discover_type = -1 Mon Oct 27 17:54:14 2014 us=164609 fragment = 0 Mon Oct 27 17:54:14 2014 us=164615 mssfix = 1450 Mon Oct 27 17:54:14 2014 us=164621 explicit_exit_notification = 0 Mon Oct 27 17:54:14 2014 us=164628 Connection profiles END Mon Oct 27 17:54:14 2014 us=164634 remote_random = DISABLED Mon Oct 27 17:54:14 2014 us=164640 ipchange = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164646 dev = 'tun' Mon Oct 27 17:54:14 2014 us=164651 dev_type = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164657 dev_node = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164663 lladdr = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164669 topology = 1 Mon Oct 27 17:54:14 2014 us=164675 tun_ipv6 = DISABLED Mon Oct 27 17:54:14 2014 us=164681 ifconfig_local = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164686 ifconfig_remote_netmask = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164692 ifconfig_noexec = DISABLED Mon Oct 27 17:54:14 2014 us=164698 ifconfig_nowarn = DISABLED Mon Oct 27 17:54:14 2014 us=164704 ifconfig_ipv6_local = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164710 ifconfig_ipv6_netbits = 0 Mon Oct 27 17:54:14 2014 us=164715 ifconfig_ipv6_remote = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164721 shaper = 0 Mon Oct 27 17:54:14 2014 us=164727 mtu_test = 0 Mon Oct 27 17:54:14 2014 us=164733 mlock = DISABLED Mon Oct 27 17:54:14 2014 us=164739 keepalive_ping = 0 Mon Oct 27 17:54:14 2014 us=164745 keepalive_timeout = 0 Mon Oct 27 17:54:14 2014 us=164750 inactivity_timeout = 0 Mon Oct 27 17:54:14 2014 us=164756 ping_send_timeout = 0 Mon Oct 27 17:54:14 2014 us=164762 ping_rec_timeout = 0 Mon Oct 27 17:54:14 2014 us=164769 ping_rec_timeout_action = 0 Mon Oct 27 17:54:14 2014 us=164775 ping_timer_remote = DISABLED Mon Oct 27 17:54:14 2014 us=164781 remap_sigusr1 = 0 Mon Oct 27 17:54:14 2014 us=164787 persist_tun = ENABLED Mon Oct 27 17:54:14 2014 us=164793 persist_local_ip = DISABLED Mon Oct 27 17:54:14 2014 us=164798 persist_remote_ip = DISABLED Mon Oct 27 17:54:14 2014 us=164804 persist_key = ENABLED Mon Oct 27 17:54:14 2014 us=164810 passtos = DISABLED Mon Oct 27 17:54:14 2014 us=164816 resolve_retry_seconds = 1000000000 Mon Oct 27 17:54:14 2014 us=164825 username = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164831 groupname = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164837 chroot_dir = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164843 cd_dir = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164849 writepid = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164854 up_script = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164860 down_script = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164866 down_pre = DISABLED Mon Oct 27 17:54:14 2014 us=164872 up_restart = DISABLED Mon Oct 27 17:54:14 2014 us=164878 up_delay = DISABLED Mon Oct 27 17:54:14 2014 us=164883 daemon = DISABLED Mon Oct 27 17:54:14 2014 us=164889 inetd = 0 Mon Oct 27 17:54:14 2014 us=164895 log = ENABLED Mon Oct 27 17:54:14 2014 us=164901 suppress_timestamps = DISABLED Mon Oct 27 17:54:14 2014 us=164907 nice = 0 Mon Oct 27 17:54:14 2014 us=164913 verbosity = 4 Mon Oct 27 17:54:14 2014 us=164918 mute = 0 Mon Oct 27 17:54:14 2014 us=164924 gremlin = 0 Mon Oct 27 17:54:14 2014 us=164930 status_file = '/etc/openvpn/openvpn-status.log' Mon Oct 27 17:54:14 2014 us=164936 status_file_version = 1 Mon Oct 27 17:54:14 2014 us=164942 status_file_update_freq = 60 Mon Oct 27 17:54:14 2014 us=164948 occ = ENABLED Mon Oct 27 17:54:14 2014 us=164954 rcvbuf = 65536 Mon Oct 27 17:54:14 2014 us=164960 sndbuf = 65536 Mon Oct 27 17:54:14 2014 us=164965 mark = 0 Mon Oct 27 17:54:14 2014 us=164971 sockflags = 0 Mon Oct 27 17:54:14 2014 us=164977 fast_io = DISABLED Mon Oct 27 17:54:14 2014 us=164983 lzo = 7 Mon Oct 27 17:54:14 2014 us=164988 route_script = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164994 route_default_gateway = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165000 route_default_metric = 0 Mon Oct 27 17:54:14 2014 us=165006 route_noexec = DISABLED Mon Oct 27 17:54:14 2014 us=165012 route_delay = 0 Mon Oct 27 17:54:14 2014 us=165018 route_delay_window = 30 Mon Oct 27 17:54:14 2014 us=165024 route_delay_defined = DISABLED Mon Oct 27 17:54:14 2014 us=165030 route_nopull = DISABLED Mon Oct 27 17:54:14 2014 us=165036 route_gateway_via_dhcp = DISABLED Mon Oct 27 17:54:14 2014 us=165042 max_routes = 100 Mon Oct 27 17:54:14 2014 us=165048 allow_pull_fqdn = DISABLED Mon Oct 27 17:54:14 2014 us=165054 management_addr = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165059 management_port = 0 Mon Oct 27 17:54:14 2014 us=165065 management_user_pass = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165071 management_log_history_cache = 250 Mon Oct 27 17:54:14 2014 us=165077 management_echo_buffer_size = 100 Mon Oct 27 17:54:14 2014 us=165083 management_write_peer_info_file = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165089 management_client_user = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165095 management_client_group = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165101 management_flags = 0 Mon Oct 27 17:54:14 2014 us=165107 shared_secret_file = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165113 key_direction = 0 Mon Oct 27 17:54:14 2014 us=165119 ciphername_defined = ENABLED Mon Oct 27 17:54:14 2014 us=165125 ciphername = 'BF-CBC' Mon Oct 27 17:54:14 2014 us=165131 authname_defined = ENABLED Mon Oct 27 17:54:14 2014 us=165136 authname = 'SHA1' Mon Oct 27 17:54:14 2014 us=165142 prng_hash = 'SHA1' Mon Oct 27 17:54:14 2014 us=165148 prng_nonce_secret_len = 16 Mon Oct 27 17:54:14 2014 us=165154 keysize = 0 Mon Oct 27 17:54:14 2014 us=165160 engine = DISABLED Mon Oct 27 17:54:14 2014 us=165166 replay = ENABLED Mon Oct 27 17:54:14 2014 us=165172 mute_replay_warnings = DISABLED Mon Oct 27 17:54:14 2014 us=165178 replay_window = 64 Mon Oct 27 17:54:14 2014 us=165184 replay_time = 15 Mon Oct 27 17:54:14 2014 us=165204 packet_id_file = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165211 use_iv = ENABLED Mon Oct 27 17:54:14 2014 us=165217 test_crypto = DISABLED Mon Oct 27 17:54:14 2014 us=165223 tls_server = DISABLED Mon Oct 27 17:54:14 2014 us=165229 tls_client = ENABLED Mon Oct 27 17:54:14 2014 us=165235 key_method = 2 Mon Oct 27 17:54:14 2014 us=165241 ca_file = '/etc/openvpn/ca.crt' Mon Oct 27 17:54:14 2014 us=165253 ca_path = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165260 dh_file = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165266 cert_file = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165272 priv_key_file = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165278 pkcs12_file = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165284 cipher_list = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165290 tls_verify = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165296 tls_export_cert = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165302 verify_x509_type = 0 Mon Oct 27 17:54:14 2014 us=165308 verify_x509_name = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165313 crl_file = '/etc/openvpn/crl.pem' Mon Oct 27 17:54:14 2014 us=165319 ns_cert_type = 0 Mon Oct 27 17:54:14 2014 us=165325 remote_cert_ku[i] = 160 Mon Oct 27 17:54:14 2014 us=165331 remote_cert_ku[i] = 136 Mon Oct 27 17:54:14 2014 us=165337 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165343 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165348 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165354 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165360 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165366 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165371 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165377 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165383 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165389 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165394 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165400 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165406 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165412 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165418 remote_cert_eku = 'TLS Web Server Authentication' Mon Oct 27 17:54:14 2014 us=165424 ssl_flags = 0 Mon Oct 27 17:54:14 2014 us=165430 tls_timeout = 2 Mon Oct 27 17:54:14 2014 us=165436 renegotiate_bytes = 0 Mon Oct 27 17:54:14 2014 us=165442 renegotiate_packets = 0 Mon Oct 27 17:54:14 2014 us=165447 renegotiate_seconds = 0 Mon Oct 27 17:54:14 2014 us=165453 handshake_window = 60 Mon Oct 27 17:54:14 2014 us=165459 transition_window = 3600 Mon Oct 27 17:54:14 2014 us=165465 single_session = DISABLED Mon Oct 27 17:54:14 2014 us=165471 push_peer_info = DISABLED Mon Oct 27 17:54:14 2014 us=165476 tls_exit = DISABLED Mon Oct 27 17:54:14 2014 us=165482 tls_auth_file = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165488 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165494 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165500 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165506 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165512 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165518 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165524 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165529 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165535 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165541 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165547 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165553 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165559 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165564 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165570 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165576 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165582 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165588 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165594 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165600 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165606 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165617 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165624 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165630 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165636 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165642 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165648 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165654 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165660 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165666 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165672 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165678 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165683 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165689 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165695 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165701 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165707 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165712 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165718 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165724 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165730 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165736 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165741 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165747 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165753 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165759 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165764 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165770 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165776 pkcs11_pin_cache_period = -1 Mon Oct 27 17:54:14 2014 us=165782 pkcs11_id = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165788 pkcs11_id_management = DISABLED Mon Oct 27 17:54:14 2014 us=166003 server_network = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166025 server_netmask = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166034 server_network_ipv6 = :: Mon Oct 27 17:54:14 2014 us=166040 server_netbits_ipv6 = 0 Mon Oct 27 17:54:14 2014 us=166047 server_bridge_ip = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166053 server_bridge_netmask = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166060 server_bridge_pool_start = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166067 server_bridge_pool_end = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166073 ifconfig_pool_defined = DISABLED Mon Oct 27 17:54:14 2014 us=166079 ifconfig_pool_start = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166086 ifconfig_pool_end = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166092 ifconfig_pool_netmask = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166098 ifconfig_pool_persist_filename = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=166105 ifconfig_pool_persist_refresh_freq = 600 Mon Oct 27 17:54:14 2014 us=166111 ifconfig_ipv6_pool_defined = DISABLED Mon Oct 27 17:54:14 2014 us=166117 ifconfig_ipv6_pool_base = :: Mon Oct 27 17:54:14 2014 us=166123 ifconfig_ipv6_pool_netbits = 0 Mon Oct 27 17:54:14 2014 us=166129 n_bcast_buf = 256 Mon Oct 27 17:54:14 2014 us=166135 tcp_queue_limit = 64 Mon Oct 27 17:54:14 2014 us=166141 real_hash_size = 256 Mon Oct 27 17:54:14 2014 us=166147 virtual_hash_size = 256 Mon Oct 27 17:54:14 2014 us=166153 client_connect_script = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=166159 learn_address_script = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=166165 client_disconnect_script = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=166172 client_config_dir = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=166178 ccd_exclusive = DISABLED Mon Oct 27 17:54:14 2014 us=166184 tmp_dir = '/tmp' Mon Oct 27 17:54:14 2014 us=166203 push_ifconfig_defined = DISABLED Mon Oct 27 17:54:14 2014 us=166210 push_ifconfig_local = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166217 push_ifconfig_remote_netmask = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166223 push_ifconfig_ipv6_defined = DISABLED Mon Oct 27 17:54:14 2014 us=166240 push_ifconfig_ipv6_local = ::/0 Mon Oct 27 17:54:14 2014 us=166248 push_ifconfig_ipv6_remote = :: Mon Oct 27 17:54:14 2014 us=166254 enable_c2c = DISABLED Mon Oct 27 17:54:14 2014 us=166260 duplicate_cn = DISABLED Mon Oct 27 17:54:14 2014 us=166266 cf_max = 0 Mon Oct 27 17:54:14 2014 us=166272 cf_per = 0 Mon Oct 27 17:54:14 2014 us=166278 max_clients = 1024 Mon Oct 27 17:54:14 2014 us=166284 max_routes_per_client = 256 Mon Oct 27 17:54:14 2014 us=166290 auth_user_pass_verify_script = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=166296 auth_user_pass_verify_script_via_file = DISABLED Mon Oct 27 17:54:14 2014 us=166302 port_share_host = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=166308 port_share_port = 0 Mon Oct 27 17:54:14 2014 us=166314 client = ENABLED Mon Oct 27 17:54:14 2014 us=166320 pull = ENABLED Mon Oct 27 17:54:14 2014 us=166326 auth_user_pass_file = '/etc/openvpn/login.pia' Mon Oct 27 17:54:14 2014 us=166334 OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 2013 Mon Oct 27 17:54:14 2014 us=199516 LZO compression initialized Mon Oct 27 17:54:14 2014 us=199583 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Mon Oct 27 17:54:14 2014 us=199625 Socket Buffers: R=[124928->131072] S=[124928->131072] Mon Oct 27 17:54:14 2014 us=202292 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Oct 27 17:54:14 2014 us=202322 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client' Mon Oct 27 17:54:14 2014 us=202330 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server' Mon Oct 27 17:54:14 2014 us=202348 Local Options hash (VER=V4): '41690919' Mon Oct 27 17:54:14 2014 us=202359 Expected Remote Options hash (VER=V4): '530fdded' Mon Oct 27 17:54:14 2014 us=202372 UDPv4 link local (bound): [AF_INET]192.168.100.13:1194 Mon Oct 27 17:54:14 2014 us=202379 UDPv4 link remote: [AF_INET]93.115.83.244:1194 Mon Oct 27 17:54:14 2014 us=239323 TLS: Initial packet from [AF_INET]93.115.83.244:1194, sid=bb2e3c12 9e137b77 Mon Oct 27 17:54:14 2014 us=239417 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Mon Oct 27 17:54:14 2014 us=472807 CRL CHECK OK: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected] Mon Oct 27 17:54:14 2014 us=472851 VERIFY OK: depth=1, C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected] Mon Oct 27 17:54:14 2014 us=472999 Validating certificate key usage Mon Oct 27 17:54:14 2014 us=473009 ++ Certificate has key usage 00a0, expects 00a0 Mon Oct 27 17:54:14 2014 us=473016 VERIFY KU OK Mon Oct 27 17:54:14 2014 us=473025 Validating certificate extended key usage Mon Oct 27 17:54:14 2014 us=473033 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Mon Oct 27 17:54:14 2014 us=473040 VERIFY EKU OK Mon Oct 27 17:54:14 2014 us=473087 CRL CHECK OK: C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, [email protected] Mon Oct 27 17:54:14 2014 us=473106 VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, [email protected] Mon Oct 27 17:54:14 2014 us=639441 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Oct 27 17:54:14 2014 us=639472 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Oct 27 17:54:14 2014 us=639518 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Oct 27 17:54:14 2014 us=639526 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Oct 27 17:54:14 2014 us=639577 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Mon Oct 27 17:54:14 2014 us=639597 [Private Internet Access] Peer Connection Initiated with [AF_INET]93.115.83.244:1194 Mon Oct 27 17:54:16 2014 us=697840 SENT CONTROL [Private Internet Access]: 'PUSH_REQUEST' (status=1) Mon Oct 27 17:54:16 2014 us=734290 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,route 10.126.1.1,topology net30,ifconfig 10.126.1.6 10.126.1.5' Mon Oct 27 17:54:16 2014 us=734376 OPTIONS IMPORT: timers and/or timeouts modified Mon Oct 27 17:54:16 2014 us=734386 OPTIONS IMPORT: --ifconfig/up options modified Mon Oct 27 17:54:16 2014 us=734393 OPTIONS IMPORT: route options modified Mon Oct 27 17:54:16 2014 us=734398 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Mon Oct 27 17:54:16 2014 us=734549 ROUTE_GATEWAY 192.168.100.10/255.255.255.0 IFACE=eth1 HWADDR=00:0c:29:6f:fa:48 Mon Oct 27 17:54:16 2014 us=746608 TUN/TAP device tun0 opened Mon Oct 27 17:54:16 2014 us=746628 TUN/TAP TX queue length set to 100 Mon Oct 27 17:54:16 2014 us=746641 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Mon Oct 27 17:54:16 2014 us=746659 /sbin/ip link set dev tun0 up mtu 1500 Mon Oct 27 17:54:16 2014 us=748139 /sbin/ip addr add dev tun0 local 10.126.1.6 peer 10.126.1.5 Mon Oct 27 17:54:16 2014 us=748976 /sbin/ip route add 93.115.83.244/32 via 192.168.100.10 Mon Oct 27 17:54:16 2014 us=749737 /sbin/ip route add 0.0.0.0/1 via 10.126.1.5 Mon Oct 27 17:54:16 2014 us=750310 /sbin/ip route add 128.0.0.0/1 via 10.126.1.5 Mon Oct 27 17:54:16 2014 us=750803 /sbin/ip route add 10.126.1.1/32 via 10.126.1.5 Mon Oct 27 17:54:16 2014 us=751309 Initialization Sequence Completed Mon Oct 27 17:56:45 2014 us=819279 event_wait : Interrupted system call (code=4) Mon Oct 27 17:56:45 2014 us=819485 TCP/UDP: Closing socket Mon Oct 27 17:56:45 2014 us=819530 /sbin/ip route del 10.126.1.1/32 Mon Oct 27 17:56:45 2014 us=820269 /sbin/ip route del 93.115.83.244/32 Mon Oct 27 17:56:45 2014 us=820850 /sbin/ip route del 0.0.0.0/1 Mon Oct 27 17:56:45 2014 us=821401 /sbin/ip route del 128.0.0.0/1 Mon Oct 27 17:56:45 2014 us=821927 Closing TUN/TAP interface Mon Oct 27 17:56:45 2014 us=821953 /sbin/ip addr del dev tun0 local 10.126.1.6 peer 10.126.1.5 Mon Oct 27 17:56:45 2014 us=834264 SIGINT[hard,] received, process exiting