serversoftpack.ga

AES-CBC vs AES-GCM ping

Hey I just wanted to ask a quick question if AES-CBC is faster than GCM in terms of ping. So with which one will I have less ping?
Thanks in advance :)
submitted by Trifumpy to VPN [link] [comments]

AES GCM vs AES CBC - Which is more Secure

Anyone tell me what's difference between AES GCM and CBC Encryption method and tell which is more secure....
submitted by Pavithran-R to privacy [link] [comments]

OpenSSL AES-GCM vs AES-CTR with HMAC-SHA512, or Encrypt-then-MAC vs MAC-then-encrypt

I was looking into using OpenSSL's implementation of AES-GCM when I noticed that it's set up to do MAC-then-encrypt rather than Encrypt-then-MAC. Or in other words, it will attempt to decrypt the cipher text and then check it for authenticity. Everything I've read says that Encrypt-then-MAC, where the cipher text is checked for authenticity before decryption is attempted is the best practice.
I would rather use GCM and be sure I didn't screw up an implementation using HMAC, but I would also rather use Encrypt-then-MAC.
I'm wondering what specific threat models EtM vs MtE really matters and whether it's better to ensure that the implementation is correct.
submitted by kennbr to crypto [link] [comments]

Data Encryption, AES-128 (GCM) or AES-128 (CBC)?

Hi Guys,
I've been using PIA for around 10 months or so and my Data Encryption is currently set to AES-128 (CBC), i've not changed any settings since originally setting it up and i've recently recommended PIA to a friend who has since purchased and installed it.
Looking at the default settings on his PIA, i see he is using AES-128 (GCM) as default which is different to mine which is set to CBC? From what i remember when i originally set up PIA, there was no GCM or CBC option, just AES-128 or 256?
Which should i personally be using? I've tried to google the differences but quite simply i just dont understand, i've read 128 GCM is equal to 256 CBC and can also be faster in terms of download speeds, but i'm clueless which Data Encryption to chose.
Any help is much appreciated, we primarily only use PIA for torrents.
Thanks guys.
submitted by ViBE031 to PrivateInternetAccess [link] [comments]

CRYFS Default aes-256-gcm vs OSX AES-256

I currently have an OSX Encrypted SparseImage for all important family documents(Passport scans, etc) on my MACBOOK as we travel abroad or even if it gets stolen from home. Sparse Images are not very compatible with cloud storage and will often corrupt if they have to be backup through a cloud storage provider like DROPBOX or GDRIVE. I've been seeking an alternative and came upon CRYFS. Is this a secure, feasible alternative to my security needs?
submitted by barcef to crypto [link] [comments]

Why isn't 3DES-CBC for master password encryption authenticated, and can it be versioned towards AES-GCM?

submitted by atoponce to firefox [link] [comments]

r/crypto - CRYFS Default aes-256-gcm vs OSX AES-256

submitted by svanapps to CryptoToFuture [link] [comments]

Chacha20Poly1305 vs AES-256-GCM?

How do they compare? Is AES more secure than Chacha? My VPN offers both encryption methods.
submitted by CrisprXenome to cybersecurity [link] [comments]

Help with AES-CBC vs. AES-ECB for a situation

I understand ECB has it's issues, however given the situation below I'm wondering if there is any real benefit of using CBC over ECB in this particular case.
This is encrypting data in transmission (Low power RF not over the Internet) not storage
The plaintext will be appended with a nonce and the total size will never exceed a single 128 bit block per transmission
The nonce helps ensure the ciphertext will not repeat
The IV if CBC mode is used would be reused for all encryption operations and will not change (I know bad, but this is what I've been handed)
Given the above is there any real difference between using CBC mode vs ECB?
Thanks
submitted by lanlubber to crypto [link] [comments]

Specific SSL Ciphers Test

Have “TLS_RSA_WITH_AES_128_CBC_SHA256” as supported cipher in the server. But when I run openssl against it to verify, it seems negotiating with “ECDHE-RSA-AES128-GCM-SHA256”! The later is also supported cipher in the server.
  1. Does this mean the server is picking up better available cipher? CBC vs GCM mode?
  2. Is there a way to force from openssl (or any other command) to see if the server negotiates with specific cipher. For instance, in my case, trying to validate if “ TLS_RSA_WITH_AES_128_CBC_SHA256” works or not. Its says connected but Cipher is different listed. The cipher preference is “client” in server.
openssl s_client -connect 10.10.10.16:443 -tls1_2 -ciphersuites TLS_RSA_WITH_AES_128_CBC_SHA256 130 ⨯
CONNECTED(00000003)
Can't use SSL_get_servername
……
……
SSL handshake has read 1595 bytes and written 283 bytes
Verification error: self signed certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
submitted by Harry_pentest to cybersecurity [link] [comments]

AES-256 vs AES-256-CBC

If you could save me some time with a quick answer I would appreciate. It appears that the PA firewalls want to default to AES-256-CBC encryption in 8.0 now. The legacy firewall at the other end is using AES-256. What kind of problems can I expect if any? Im still waiting for him to let me know if his vendor can use the CBC option.
submitted by irritated_engineer to paloaltonetworks [link] [comments]

VPN issue with Yunohost that has been bugging me!

I wanted to use the VPN client with my self hosted Yunohost but keep running into issues. I tried 4 different VPN's and as of this morning purchased a new dedicated IP with a new services.

https://yunohost.org/en/providers/vpn

https://github.com/YunoHost-Apps/vpnclient_ynh

Now the issue is this, after uploading the config file ( ovpn ) through webadmin, it gives this message:

WARNING - Job for [email protected] failed because a timeout was exceeded.
WARNING - See "systemctl status [email protected]" and "journalctl -xe" for details. WARNING - tail: cannot open '/valog/openvpn-client.log' for reading: No such file or directory

When I SSH in and run "systemctl status [email protected]", I get this message"

 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
How do I add to Data Cipher as mentioned?
submitted by xkingxkaosx to selfhosted [link] [comments]

How to determine hex of cipher suite in use?

Just received this notice from a vendor today. It specifically states cipher with specific hex will no longer be supported. Looking at wiki.mozilla.org/Security/Cipher_Suites it show 2 hex vaule for each cipher. How do I determine which hex is being used? System is Windows 7 Pro.

Ciphers no longer accepted. The following cipher suites will no longer be supported:
Supported Ciphers. You will need to connect to us using one of the following cipher suites:
submitted by pikachu_55699 to cybersecurity [link] [comments]

Suddenly openvpn client asks about private key password.

I have been given the following openvpn config exported from a pfsense machine along with the .p12 and .key files.
dev tun persist-tun persist-key data-ciphers AES-256-GCM:CHACHA20-POLY1305:AES-256-CBC data-ciphers-fallback AES-256-CBC auth SHA512 tls-client client resolv-retry infinite remote 13.X.X.X 2325 udp4 nobind verify-x509-name "TH-OpenVPN-Cert" name auth-user-pass pkcs12 th-UDP4-2325-user01.p12 tls-auth themis-UDP4-2325-user01-tls.key 1 remote-cert-tls server explicit-exit-notify
So far (almost half a year) I've used to connect to the vpn by just providing a username and a password. Today When I tried to connect, it asked me also for private key password which I don't know which it is.
Is there something need to be changed in the config due to some openvpn update or something is going bad?
My openvpn version is :
OpenVPN 2.5.8 [git:makepkg/0357ceb877687faa+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov 1 2022 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
Any idea is welcome. I'm asking here because a couple of months ago our IT has left the company :-/
submitted by netpumber to sysadmin [link] [comments]

Random Timeouts on Multiple Items and Hosts

I have an environment of about 100 hosts with around 14k items monitored. I am using SNMP, SSH, ICMP, and HTTP requests, with most items being HTTP or SSH. All hosts are agentless. I am not sure on the correlation, but I am finding that many of my hosts are regularly showing timeouts when collecting data for particular items randomly. I have gone in and ran a test on the individual item right after the error and its always successful, yet I am seeing these random timeouts and no network changes were made. I did have an issue where my value cache was getting full and causing a bunch of issues so I increased it resolved the issue. Looking at my zabbix logs it seems the issue started shortly after that change. I have attached my config. Any advice is greatly appreciated. 

# This is a configuration file for Zabbix server daemon # To get more information about Zabbix, visit http://www.zabbix.com ############ GENERAL PARAMETERS ################# ### Option: ListenPort # Listen port for trapper. # # Mandatory: no # Range: 1024-32767 # Default: # ListenPort=10051 ### Option: SourceIP # Source IP address for outgoing connections. # # Mandatory: no # Default: # SourceIP= ### Option: LogType # Specifies where log messages are written to: # system - syslog # file - file specified with LogFile parameter # console - standard output # # Mandatory: no # Default: # LogType=file ### Option: LogFile # Log file name for LogType 'file' parameter. # # Mandatory: yes, if LogType is set to file, otherwise no # Default: # LogFile= LogFile=/valog/zabbix/zabbix_server.log ### Option: LogFileSize # Maximum size of log file in MB. # 0 - disable automatic log rotation. # # Mandatory: no # Range: 0-1024 # Default: # LogFileSize=1 LogFileSize=0 ### Option: DebugLevel # Specifies debug level: # 0 - basic information about starting and stopping of Zabbix processes # 1 - critical information # 2 - error information # 3 - warnings # 4 - for debugging (produces lots of information) # 5 - extended debugging (produces even more information) # # Mandatory: no # Range: 0-5 # Default: # DebugLevel=3 ### Option: PidFile # Name of PID file. # # Mandatory: no # Default: # PidFile=/tmp/zabbix_server.pid PidFile=/run/zabbix/zabbix_server.pid ### Option: SocketDir # IPC socket directory. # Directory to store IPC sockets used by internal Zabbix services. # # Mandatory: no # Default: # SocketDir=/tmp SocketDir=/run/zabbix ### Option: DBHost # Database host name. # If set to localhost, socket is used for MySQL. # If set to empty string, socket is used for PostgreSQL. # If set to empty string, the Net Service Name connection method is used to connect to Oracle database; also see # the TNS_ADMIN environment variable to specify the directory where the tnsnames.ora file is located. # # Mandatory: no # Default: #DBHost=localhost ### Option: DBName # Database name. # If the Net Service Name connection method is used to connect to Oracle database, specify the service name from # the tnsnames.ora file or set to empty string; also see the TWO_TASK environment variable if DBName is set to # empty string. # # Mandatory: yes # Default: # DBName= DBName=zabbix ### Option: DBSchema # Schema name. Used for PostgreSQL. # # Mandatory: no # Default: # DBSchema= ### Option: DBUser # Database user. # # Mandatory: no # Default: # DBUser= DBUser=zabbix ### Option: DBPassword # Database password. # Comment this line if no password is used. # # Mandatory: no # Default: DBPassword=Pass1w0rd ### Option: DBSocket # Path to MySQL socket. # # Mandatory: no # Default: # DBSocket= ### Option: DBPort # Database port when not using local socket. # If the Net Service Name connection method is used to connect to Oracle database, the port number from the # tnsnames.ora file will be used. The port number set here will be ignored. # # Mandatory: no # Range: 1024-65535 # Default: # DBPort= ### Option: AllowUnsupportedDBVersions # Allow server to work with unsupported database versions. # 0 - do not allow # 1 - allow # # Mandatory: no # Default: # AllowUnsupportedDBVersions=0 ### Option: HistoryStorageURL # History storage HTTP[S] URL. # # Mandatory: no # Default: # HistoryStorageURL= ### Option: HistoryStorageTypes # Comma separated list of value types to be sent to the history storage. # # Mandatory: no # Default: # HistoryStorageTypes=uint,dbl,str,log,text ### Option: HistoryStorageDateIndex # Enable preprocessing of history values in history storage to store values in different indices based on date. # 0 - disable # 1 - enable # # Mandatory: no # Default: # HistoryStorageDateIndex=0 ### Option: ExportDir # Directory for real time export of events, history and trends in newline delimited JSON format. # If set, enables real time export. # # Mandatory: no # Default: # ExportDir= ### Option: ExportFileSize # Maximum size per export file in bytes. # Only used for rotation if ExportDir is set. # # Mandatory: no # Range: 1M-1G # Default: # ExportFileSize=1G ### Option: ExportType # List of comma delimited types of real time export - allows to control export entities by their # type (events, history, trends) individually. # Valid only if ExportDir is set. # # Mandatory: no # Default: # ExportType=events,history,trends ############ ADVANCED PARAMETERS ################ ### Option: StartPollers # Number of pre-forked instances of pollers. # # Mandatory: no # Range: 0-1000 # Default: StartPollers=100 ### Option: StartIPMIPollers # Number of pre-forked instances of IPMI pollers. # The IPMI manager process is automatically started when at least one IPMI poller is started. # # Mandatory: no # Range: 0-1000 # Default: # StartIPMIPollers=0 ### Option: StartPreprocessors # Number of pre-forked instances of preprocessing workers. # The preprocessing manager process is automatically started when preprocessor worker is started. # # Mandatory: no # Range: 1-1000 # Default: StartPreprocessors=15 ### Option: StartPollersUnreachable # Number of pre-forked instances of pollers for unreachable hosts (including IPMI and Java). # At least one poller for unreachable hosts must be running if regular, IPMI or Java pollers # are started. # # Mandatory: no # Range: 0-1000 # Default: StartPollersUnreachable=50 ### Option: StartHistoryPollers # Number of pre-forked instances of history pollers. # Only required for calculated checks. # A database connection is required for each history poller instance. # # Mandatory: no # Range: 0-1000 # Default: # StartHistoryPollers=5 ### Option: StartTrappers # Number of pre-forked instances of trappers. # Trappers accept incoming connections from Zabbix sender, active agents and active proxies. # At least one trapper process must be running to display server availability and view queue # in the frontend. # # Mandatory: no # Range: 0-1000 # Default: StartTrappers=10 ### Option: StartPingers # Number of pre-forked instances of ICMP pingers. # # Mandatory: no # Range: 0-1000 # Default: StartPingers=50 ### Option: StartDiscoverers # Number of pre-forked instances of discoverers. # # Mandatory: no # Range: 0-250 # Default: StartDiscoverers=15 ### Option: StartHTTPPollers # Number of pre-forked instances of HTTP pollers. # # Mandatory: no # Range: 0-1000 # Default: StartHTTPPollers=5 ### Option: StartTimers # Number of pre-forked instances of timers. # Timers process maintenance periods. # Only the first timer process handles host maintenance updates. Problem suppression updates are shared # between all timers. # # Mandatory: no # Range: 1-1000 # Default: StartTimers=2 ### Option: StartEscalators # Number of pre-forked instances of escalators. # # Mandatory: no # Range: 1-100 # Default: StartEscalators=2 ### Option: StartAlerters # Number of pre-forked instances of alerters. # Alerters send the notifications created by action operations. # # Mandatory: no # Range: 1-100 # Default: StartAlerters=5 ### Option: JavaGateway # IP address (or hostname) of Zabbix Java gateway. # Only required if Java pollers are started. # # Mandatory: no # Default: # JavaGateway= ### Option: JavaGatewayPort # Port that Zabbix Java gateway listens on. # # Mandatory: no # Range: 1024-32767 # Default: # JavaGatewayPort=10052 ### Option: StartJavaPollers # Number of pre-forked instances of Java pollers. # # Mandatory: no # Range: 0-1000 # Default: # StartJavaPollers=0 ### Option: StartVMwareCollectors # Number of pre-forked vmware collector instances. # # Mandatory: no # Range: 0-250 # Default: # StartVMwareCollectors=0 ### Option: VMwareFrequency # How often Zabbix will connect to VMware service to obtain a new data. # # Mandatory: no # Range: 10-86400 # Default: # VMwareFrequency=60 ### Option: VMwarePerfFrequency # How often Zabbix will connect to VMware service to obtain performance data. # # Mandatory: no # Range: 10-86400 # Default: # VMwarePerfFrequency=60 ### Option: VMwareCacheSize # Size of VMware cache, in bytes. # Shared memory size for storing VMware data. # Only used if VMware collectors are started. # # Mandatory: no # Range: 256K-2G # Default: # VMwareCacheSize=8M ### Option: VMwareTimeout # Specifies how many seconds vmware collector waits for response from VMware service. # # Mandatory: no # Range: 1-300 # Default: # VMwareTimeout=10 ### Option: SNMPTrapperFile # Temporary file used for passing data from SNMP trap daemon to the server. # Must be the same as in zabbix_trap_receiver.pl or SNMPTT configuration file. # # Mandatory: no # Default: SNMPTrapperFile=/tmp/zabbix_traps.tmp #SNMPTrapperFile=/valog/snmptrap/snmptrap.log ### Option: StartSNMPTrapper # If 1, SNMP trapper process is started. # # Mandatory: no # Range: 0-1 # Default: StartSNMPTrapper=1 ### Option: ListenIP # List of comma delimited IP addresses that the trapper should listen on. # Trapper will listen on all network interfaces if this parameter is missing. # # Mandatory: no # Default: # ListenIP=0.0.0.0 ### Option: HousekeepingFrequency # How often Zabbix will perform housekeeping procedure (in hours). # Housekeeping is removing outdated information from the database. # To prevent Housekeeper from being overloaded, no more than 4 times HousekeepingFrequency # hours of outdated information are deleted in one housekeeping cycle, for each item. # To lower load on server startup housekeeping is postponed for 30 minutes after server start. # With HousekeepingFrequency=0 the housekeeper can be only executed using the runtime control option. # In this case the period of outdated information deleted in one housekeeping cycle is 4 times the # period since the last housekeeping cycle, but not less than 4 hours and not greater than 4 days. # # Mandatory: no # Range: 0-24 # Default: # HousekeepingFrequency=1 ### Option: MaxHousekeeperDelete # The table "housekeeper" contains "tasks" for housekeeping procedure in the format: # [housekeeperid], [tablename], [field], [value]. # No more than 'MaxHousekeeperDelete' rows (corresponding to [tablename], [field], [value]) # will be deleted per one task in one housekeeping cycle. # If set to 0 then no limit is used at all. In this case you must know what you are doing! # # Mandatory: no # Range: 0-1000000 # Default: # MaxHousekeeperDelete=5000 ### Option: CacheSize # Size of configuration cache, in bytes. # Shared memory size for storing host, item and trigger data. # # Mandatory: no # Range: 128K-64G # Default: CacheSize=1G ### Option: CacheUpdateFrequency # How often Zabbix will perform update of configuration cache, in seconds. # # Mandatory: no # Range: 1-3600 # Default: # CacheUpdateFrequency=60 ### Option: StartDBSyncers # Number of pre-forked instances of DB Syncers. # # Mandatory: no # Range: 1-100 # Default: # StartDBSyncers=4 ### Option: HistoryCacheSize # Size of history cache, in bytes. # Shared memory size for storing history data. # # Mandatory: no # Range: 128K-2G # Default: HistoryCacheSize=64M ### Option: HistoryIndexCacheSize # Size of history index cache, in bytes. # Shared memory size for indexing history cache. # # Mandatory: no # Range: 128K-2G # Default: HistoryIndexCacheSize=32M ### Option: TrendCacheSize # Size of trend write cache, in bytes. # Shared memory size for storing trends data. # # Mandatory: no # Range: 128K-2G # Default: TrendCacheSize=32M ### Option: TrendFunctionCacheSize # Size of trend function cache, in bytes. # Shared memory size for caching calculated trend function data. # # Mandatory: no # Range: 128K-2G # Default: # TrendFunctionCacheSize=4M ### Option: ValueCacheSize # Size of history value cache, in bytes. # Shared memory size for caching item history data requests. # Setting to 0 disables value cache. # # Mandatory: no # Range: 0,128K-64G # Default: ValueCacheSize=1G ### Option: Timeout # Specifies how long we wait for agent, SNMP device or external check (in seconds). # # Mandatory: no # Range: 1-30 # Default: # Timeout=3 Timeout=15 ### Option: TrapperTimeout # Specifies how many seconds trapper may spend processing new data. # # Mandatory: no # Range: 1-300 # Default: # TrapperTimeout=300 ### Option: UnreachablePeriod # After how many seconds of unreachability treat a host as unavailable. # # Mandatory: no # Range: 1-3600 # Default: # UnreachablePeriod=45 ### Option: UnavailableDelay # How often host is checked for availability during the unavailability period, in seconds. # # Mandatory: no # Range: 1-3600 # Default: # UnavailableDelay=60 ### Option: UnreachableDelay # How often host is checked for availability during the unreachability period, in seconds. # # Mandatory: no # Range: 1-3600 # Default: # UnreachableDelay=15 ### Option: AlertScriptsPath # Full path to location of custom alert scripts. # Default depends on compilation options. # To see the default path run command "zabbix_server --help". # # Mandatory: no # Default: # AlertScriptsPath=/uslib/zabbix/alertscripts ### Option: ExternalScripts # Full path to location of external scripts. # Default depends on compilation options. # To see the default path run command "zabbix_server --help". # # Mandatory: no # Default: # ExternalScripts=/uslib/zabbix/externalscripts ### Option: FpingLocation # Location of fping. # Make sure that fping binary has root ownership and SUID flag set. # # Mandatory: no # Default: # FpingLocation=/ussbin/fping ### Option: Fping6Location # Location of fping6. # Make sure that fping6 binary has root ownership and SUID flag set. # Make empty if your fping utility is capable to process IPv6 addresses. # # Mandatory: no # Default: # Fping6Location=/ussbin/fping6 ### Option: SSHKeyLocation # Location of public and private keys for SSH checks and actions. # # Mandatory: no # Default: # SSHKeyLocation= ### Option: LogSlowQueries # How long a database query may take before being logged (in milliseconds). # Only works if DebugLevel set to 3, 4 or 5. # 0 - don't log slow queries. # # Mandatory: no # Range: 1-3600000 # Default: # LogSlowQueries=0 LogSlowQueries=3000 ### Option: TmpDir # Temporary directory. # # Mandatory: no # Default: # TmpDir=/tmp ### Option: StartProxyPollers # Number of pre-forked instances of pollers for passive proxies. # # Mandatory: no # Range: 0-250 # Default: # StartProxyPollers=1 ### Option: ProxyConfigFrequency # How often Zabbix Server sends configuration data to a Zabbix Proxy in seconds. # This parameter is used only for proxies in the passive mode. # # Mandatory: no # Range: 1-3600*24*7 # Default: # ProxyConfigFrequency=300 ### Option: ProxyDataFrequency # How often Zabbix Server requests history data from a Zabbix Proxy in seconds. # This parameter is used only for proxies in the passive mode. # # Mandatory: no # Range: 1-3600 # Default: # ProxyDataFrequency=1 ### Option: StartLLDProcessors # Number of pre-forked instances of low level discovery processors. # # Mandatory: no # Range: 1-100 # Default: # StartLLDProcessors=2 ### Option: AllowRoot # Allow the server to run as 'root'. If disabled and the server is started by 'root', the server # will try to switch to the user specified by the User configuration option instead. # Has no effect if started under a regular user. # 0 - do not allow # 1 - allow # # Mandatory: no # Default: # AllowRoot=0 ### Option: User # Drop privileges to a specific, existing user on the system. # Only has effect if run as 'root' and AllowRoot is disabled. # # Mandatory: no # Default: # User=zabbix ### Option: Include # You may include individual files or all files in a directory in the configuration file. # Installing Zabbix will create include directory in /uslocal/etc, unless modified during the compile time. # # Mandatory: no # Default: # Include= # Include=/uslocal/etc/zabbix_server.general.conf # Include=/uslocal/etc/zabbix_server.conf.d/ # Include=/uslocal/etc/zabbix_server.conf.d/*.conf ### Option: SSLCertLocation # Location of SSL client certificates. # This parameter is used only in web monitoring. # Default depends on compilation options. # To see the default path run command "zabbix_server --help". # # Mandatory: no # Default: # SSLCertLocation=${datadir}/zabbix/ssl/certs ### Option: SSLKeyLocation # Location of private keys for SSL client certificates. # This parameter is used only in web monitoring. # Default depends on compilation options. # To see the default path run command "zabbix_server --help". # # Mandatory: no # Default: # SSLKeyLocation=${datadir}/zabbix/ssl/keys ### Option: SSLCALocation # Override the location of certificate authority (CA) files for SSL server certificate verification. # If not set, system-wide directory will be used. # This parameter is used in web monitoring, SMTP authentication, HTTP agent items and for communication with Vault. # # Mandatory: no # Default: # SSLCALocation= ### Option: StatsAllowedIP # List of comma delimited IP addresses, optionally in CIDR notation, or DNS names of external Zabbix instances. # Stats request will be accepted only from the addresses listed here. If this parameter is not set no stats requests # will be accepted. # If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally # and '::/0' will allow any IPv4 or IPv6 address. # '0.0.0.0/0' can be used to allow any IPv4 address. # Example: StatsAllowedIP=127.0.0.1,192.168.1.0/24,::1,2001:db8::/32,zabbix.example.com # # Mandatory: no # Default: # StatsAllowedIP= StatsAllowedIP=127.0.0.1 ####### LOADABLE MODULES ####### ### Option: LoadModulePath # Full path to location of server modules. # Default depends on compilation options. # To see the default path run command "zabbix_server --help". # # Mandatory: no # Default: # LoadModulePath=${libdir}/modules ### Option: LoadModule # Module to load at server startup. Modules are used to extend functionality of the server. # Formats: # LoadModule= # LoadModule= # LoadModule= # Either the module must be located in directory specified by LoadModulePath or the path must precede the module name. # If the preceding path is absolute (starts with '/') then LoadModulePath is ignored. # It is allowed to include multiple LoadModule parameters. # # Mandatory: no # Default: # LoadModule= ####### TLS-RELATED PARAMETERS ####### ### Option: TLSCAFile # Full pathname of a file containing the top-level CA(s) certificates for # peer certificate verification. # # Mandatory: no # Default: # TLSCAFile= ### Option: TLSCRLFile # Full pathname of a file containing revoked certificates. # # Mandatory: no # Default: # TLSCRLFile= ### Option: TLSCertFile # Full pathname of a file containing the server certificate or certificate chain. # # Mandatory: no # Default: # TLSCertFile= ### Option: TLSKeyFile # Full pathname of a file containing the server private key. # # Mandatory: no # Default: # TLSKeyFile= ####### For advanced users - TLS ciphersuite selection criteria ####### ### Option: TLSCipherCert13 # Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. # Override the default ciphersuite selection criteria for certificate-based encryption. # # Mandatory: no # Default: # TLSCipherCert13= ### Option: TLSCipherCert # GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. # Override the default ciphersuite selection criteria for certificate-based encryption. # Example for GnuTLS: # NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 # Example for OpenSSL: # EECDH+aRSA+AES128:RSA+aRSA+AES128 # # Mandatory: no # Default: # TLSCipherCert= ### Option: TLSCipherPSK13 # Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. # Override the default ciphersuite selection criteria for PSK-based encryption. # Example: # TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA25 6 # # Mandatory: no # Default: # TLSCipherPSK13= ### Option: TLSCipherPSK # GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. # Override the default ciphersuite selection criteria for PSK-based encryption. # Example for GnuTLS: # NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL # Example for OpenSSL: # kECDHEPSK+AES128:kPSK+AES128 # # Mandatory: no # Default: # TLSCipherPSK= ### Option: TLSCipherAll13 # Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. # Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. # Example: # TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA25 6:TLS_AES_128_GCM_SHA256 # # Mandatory: no # Default: # TLSCipherAll13= ### Option: TLSCipherAll # GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. # Override the default ciphersuite selection criteria for certificate- and PSK-based encryption. # Example for GnuTLS: # NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509 # Example for OpenSSL: # EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128 :kPSK+AES128 # # Mandatory: no # Default: # TLSCipherAll= ### Option: DBTLSConnect # Setting this option enforces to use TLS connection to database. # required - connect using TLS # verify_ca - connect using TLS and verify certificate # verify_full - connect using TLS, verify certificate and verify that database identity specified by DBHost # matches its certificate # On MySQL starting from 5.7.11 and PostgreSQL following values are supported: "required", "verify_ca" and # "verify_full". # On MariaDB starting from version 10.2.6 "required" and "verify_full" values are supported. # Default is not to set any option and behavior depends on database configuration # # Mandatory: no # Default: # DBTLSConnect= ### Option: DBTLSCAFile # Full pathname of a file containing the top-level CA(s) certificates for database certificate verification. # Supported only for MySQL and PostgreSQL # # Mandatory: no # (yes, if DBTLSConnect set to one of: verify_ca, verify_full) # Default: # DBTLSCAFile= ### Option: DBTLSCertFile # Full pathname of file containing Zabbix server certificate for authenticating to database. # Supported only for MySQL and PostgreSQL # # Mandatory: no # Default: # DBTLSCertFile= ### Option: DBTLSKeyFile # Full pathname of file containing the private key for authenticating to database. # Supported only for MySQL and PostgreSQL # # Mandatory: no # Default: # DBTLSKeyFile= ### Option: DBTLSCipher # The list of encryption ciphers that Zabbix server permits for TLS protocols up through TLSv1.2 # Supported only for MySQL # # Mandatory no # Default: # DBTLSCipher= ### Option: DBTLSCipher13 # The list of encryption ciphersuites that Zabbix server permits for TLSv1.3 protocol # Supported only for MySQL, starting from version 8.0.16 # # Mandatory no # Default: # DBTLSCipher13= ### Option: Vault # Specifies vault: # HashiCorp - HashiCorp KV Secrets Engine - Version 2 # CyberArk - CyberArk Central Credential Provider # # Mandatory: no # Default: # Vault=HashiCorp ### Option: VaultToken # Vault authentication token that should have been generated exclusively for Zabbix server with read only permission # to paths specified in Vault macros and read only permission to path specified in optional VaultDBPath # configuration parameter. # It is an error if VaultToken and VAULT_TOKEN environment variable are defined at the same time. # # Mandatory: no # (yes, if Vault is explicitly set to HashiCorp) # Default: # VaultToken= ### Option: VaultURL # Vault server HTTP[S] URL. System-wide CA certificates directory will be used if SSLCALocation is not specified. # # Mandatory: no # Default: # VaultURL=https://127.0.0.1:8200 ### Option: VaultDBPath # Vault path or query depending on the Vault from where credentials for database will be retrieved by keys. # Keys used for HashiCorp are 'password' and 'username'. # Example path: # secret/zabbix/database # Keys used for CyberArk are 'Content' and 'UserName'. # Example query: # AppID=zabbix_server&Query=Safe=passwordSafe;Object =zabbix_server_database # This option can only be used if DBUser and DBPassword are not specified. # # Mandatory: no # Default: # VaultDBPath= ### Option: VaultTLSCertFile # Name of the SSL certificate file used for client authentication. The certificate file must be in PEM1 format. # If the certificate file contains also the private key, leave the SSL key file field empty. The directory # containing this file is specified by configuration parameter SSLCertLocation. # # Mandatory: no # Default: # VaultTLSCertFile= ### Option: VaultTLSKeyFile # Name of the SSL private key file used for client authentication. The private key file must be in PEM1 format. # The directory containing this file is specified by configuration parameter SSLKeyLocation. # # Mandatory: no # Default: # VaultTLSKeyFile= ### Option: StartReportWriters # Number of pre-forked report writer instances. # # Mandatory: no # Range: 0-100 # Default: StartReportWriters=3 ### Option: WebServiceURL # URL to Zabbix web service, used to perform web related tasks. # Example: http://localhost:10053/report # # Mandatory: no # Default: WebServiceURL=127.0.0.1:10053/report ### Option: ServiceManagerSyncFrequency # How often Zabbix will synchronize configuration of a service manager (in seconds). # # Mandatory: no # Range: 1-3600 # Default: # ServiceManagerSyncFrequency=60 ### Option: ProblemHousekeepingFrequency # How often Zabbix will delete problems for deleted triggers (in seconds). # # Mandatory: no # Range: 1-3600 # Default: # ProblemHousekeepingFrequency=60 ## Option: StartODBCPollers # Number of pre-forked ODBC poller instances. # # Mandatory: no # Range: 0-1000 # Default: # StartODBCPollers=1 ####### For advanced users - TCP-related fine-tuning parameters ####### ## Option: ListenBacklog # The maximum number of pending connections in the queue. This parameter is passed to # listen() function as argument 'backlog' (see "man listen"). # # Mandatory: no # Range: 0 - INT_MAX (depends on system, too large values may be silently truncated to implementation-specified maximum) # Default: SOMAXCONN (hard-coded constant, depends on system) # ListenBacklog= ####### High availability cluster parameters ####### ## Option: HANodeName # The high availability cluster node name. # When empty, server is working in standalone mode; a node with empty name is registered with address for the frontend to connect to. # # Mandatory: no # Default: # HANodeName= ## Option: NodeAddress # IP or hostname with optional port to specify how frontend should connect to the server. # Format: 
[:port] # # This option can be overridden by address specified in frontend configuration. # # Mandatory: no # Default: # NodeAddress=localhost:10051
submitted by Only-Imagination2578 to zabbix [link] [comments]

SSL VPN (6.4) CBC ciphers

Hi All,
I have an issue where I need to disable the CBC ciphers for SSL VPN as they fail a pen test (comes up with a Lucky 13 vulnerability).
From what I can tell, though, the only way to do that is to set banned-cipher AES CAMELLIA.
This leaves the following ciphers for TLS1.2 (according to nmap):
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp384r1)
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (dh 2048)
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 (secp384r1)
TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 (dh 2048)
TLS_RSA_WITH_ARIA_256_GCM_SHA384 (rsa 4096)
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 (secp384r1)
TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 (dh 2048)
TLS_RSA_WITH_ARIA_128_GCM_SHA256 (rsa 4096)
The issue I have is that with just this cipher set available the client prompts that it requires authentication and prompts for a certificate. Client Auth is not set up on this config so it errors. If I enable TLS1.3 then it works great but annoyingly there are a large number of clients which don't support it.
Has anyone managed to get this working/have I missed something?
submitted by Remarkable_Run_5744 to fortinet [link] [comments]

Remote Access Server OpenVPN

2022-11-16 14:20:12 OpenVPN 2.5.7 [git:release/2.5/3d792ae9557b959e] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 28 2022 2022-11-16 14:20:12 Windows version 10.0 (Windows 10 or greater) 64bit 2022-11-16 14:20:12 library versions: OpenSSL 1.1.1o 3 May 2022, LZO 2.10 2022-11-16 14:20:12 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194 2022-11-16 14:20:12 UDPv4 link local: (not bound) 2022-11-16 14:20:12 UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1194 2022-11-16 14:21:12 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2022-11-16 14:21:12 TLS Error: TLS handshake failed 2022-11-16 14:21:12 SIGUSR1[soft,tls-error] received, process restarting
I am at a loss here, I know this is probably a misconfigure on my end however after 2 whole days of fiddling with it I'm not sure where to look anymore! This was previously working and with no changes on the network I'm not sure why it stopped working.

I am making a OpenVPN remote access server on a xg-7100, I've made it through the wizard and manually (both have the same issue as above). Firewall rule is created on the WAN and OpenVPN, Server is set to Remote Access (SSL/TLS) client is set to Peer to Peer (SSL/TLS). Both UDP and ports set correctly, All addressing is showing correct. CA and Server Certificate have been created by the wizard and I have tried it manual as well. I've been following the Netgate provided guide on their website but feel like I'm missing something.
Server Config Mostly Defaults
Tunnel Network set to something outside my LAN
IPV4 LAN entered correctly
Dynamic IP

Client Config
dev tun persist-tun persist-key data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC data-ciphers-fallback AES-256-CBC auth SHA256 tls-client client resolv-retry infinite remote xxx.xxx.xxx.xxx 1194 udp4 nobind verify-x509-name "Generic" name remote-cert-tls server explicit-exit-notify
Is there something abundantly obvious I'm missing here?
submitted by Lazy-Procedure5716 to OpenVPN [link] [comments]

After update the openvpn asks for private key password in a PKI senario.

Hello.
I have been given the following openvpn config exported from a pfsense machine along with the .p12 and .key files.
dev tun persist-tun persist-key data-ciphers AES-256-GCM:CHACHA20-POLY1305:AES-256-CBC data-ciphers-fallback AES-256-CBC auth SHA512 tls-client client resolv-retry infinite remote 13.X.X.X 2325 udp4 nobind verify-x509-name "TH-OpenVPN-Cert" name auth-user-pass pkcs12 th-UDP4-2325-user01.p12 tls-auth themis-UDP4-2325-user01-tls.key 1 remote-cert-tls server explicit-exit-notify
So far (almost half a year) I've used to connect to the vpn by just providing a username and a password. Today (after system update) when I tried to connect, it asked me also for private key password which I don't know which it is.
The updated OpenVPN version is :
OpenVPN 2.5.8 [git:makepkg/0357ceb877687faa+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov 1 2022 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
This whole issue disappears when I downgrade the version of the openvpn and the openssl (libssl more specifically)
Because I don't want to have old software in my pc, is there anyway to deal with this phenomenon?
Can I change something in the configuration to make openvpn to not ask for private key password?
submitted by netpumber to OpenVPN [link] [comments]

OpenVPN issue with default route

Hello,

I'm evaluating CHR with RouterOS 7.6 as a VPN Server (IKEv2 and OVPN).

I've configure an OpenVPNServer but the client are unable to connect when their config request all traffic through the VPN.

Server config:
/interface ovpn-server server set certificate=xxxx cipher=aes256 default-profile=PPP enabled=yes /ppp profile add dns-server=x.x.x.x,y.y.y.y local-address=z.z.z.z name=PPP only-one=no remote-address=Pool-VPN-Backup remote-ipv6-prefix-pool=VPN-ipv6 use-encryption=yes /ip pool add name=Pool-VPN-Backup ranges=a.a.a.1-a.a.a.249,b.b.b.1-b.b.b.249 /ipv6 pool add name=VPN-ipv6 prefix=xx:zz:yy::/48 prefix-length=64 /ppp aaa set use-radius=yes /radius add address=k.k.k.k comment=Freeradius service=ppp,ipsec
Firewall rules:

/ip firewall filter add action=accept chain=input comment=PPTP-TCP dst-port=1723 protocol=tcp add action=accept chain=input comment=PPTP-GRE protocol=gre add action=accept chain=input comment=DNS src-address-list=DNS add action=accept chain=input comment=ICMP protocol=icmp add action=accept chain=input comment=L2TP-UDP dst-port=500,4500,1701 protocol=udp add action=accept chain=input comment=L2TP-IPSec-ESP protocol=ipsec-esp add action=accept chain=input comment=L2TP-IPSEC-AH protocol=ipsec-ah add action=accept chain=input comment="Traffic from VPN client remote network" src-address=l.l.l.0/24 add action=accept chain=input comment="TCP Established" connection-state=established add action=drop chain=input comment="Block"
Client config:

client dev tun proto tcp-client remote z.z.z.z persist-key persist-tun port 1194 auth SHA1 verb 4 mute 10 auth-user-pass tls-client remote-cert-tls server cipher AES-256-CBC redirect-gateway def1  xxxxxx
OVPN client log is:

Wed Oct 26 10:01:32 2022 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. Wed Oct 26 10:01:32 2022 Current Parameter Settings: Wed Oct 26 10:01:32 2022 config = 'Client.ovpn' Wed Oct 26 10:01:32 2022 mode = 0 Wed Oct 26 10:01:32 2022 show_ciphers = DISABLED Wed Oct 26 10:01:32 2022 show_digests = DISABLED Wed Oct 26 10:01:32 2022 show_engines = DISABLED Wed Oct 26 10:01:32 2022 genkey = DISABLED Wed Oct 26 10:01:32 2022 genkey_filename = '[UNDEF]' Wed Oct 26 10:01:32 2022 key_pass_file = '[UNDEF]' Wed Oct 26 10:01:32 2022 show_tls_ciphers = DISABLED Wed Oct 26 10:01:32 2022 NOTE: --mute triggered... Wed Oct 26 10:01:32 2022 292 variation(s) on previous 10 message(s) suppressed by --mute Wed Oct 26 10:01:32 2022 OpenVPN 2.5.7 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on May 27 2022 Wed Oct 26 10:01:32 2022 Windows version 10.0 (Windows 10 or greater) 64bit Wed Oct 26 10:01:32 2022 library versions: OpenSSL 1.1.1o 3 May 2022, LZO 2.10 Wed Oct 26 10:01:32 2022 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341 Wed Oct 26 10:01:32 2022 Need hold release from management interface, waiting... Wed Oct 26 10:01:32 2022 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341 Wed Oct 26 10:01:33 2022 MANAGEMENT: CMD 'state on' Wed Oct 26 10:01:33 2022 MANAGEMENT: CMD 'log all on' Wed Oct 26 10:01:33 2022 MANAGEMENT: CMD 'echo all on' Wed Oct 26 10:01:33 2022 MANAGEMENT: CMD 'bytecount 5' Wed Oct 26 10:01:33 2022 MANAGEMENT: CMD 'hold off' Wed Oct 26 10:01:33 2022 MANAGEMENT: CMD 'hold release' Wed Oct 26 10:01:36 2022 MANAGEMENT: CMD 'username "Auth" "xxxxx"' Wed Oct 26 10:01:36 2022 MANAGEMENT: CMD 'password [...]' Wed Oct 26 10:01:36 2022 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ] Wed Oct 26 10:01:36 2022 MANAGEMENT: >STATE:1666789296,RESOLVE,,,,,, Wed Oct 26 10:01:36 2022 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ] Wed Oct 26 10:01:36 2022 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client' Wed Oct 26 10:01:36 2022 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server' Wed Oct 26 10:01:36 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]z.z.z.z:1194 Wed Oct 26 10:01:36 2022 Socket Buffers: R=[65536->65536] S=[65536->65536] Wed Oct 26 10:01:36 2022 Attempting to establish TCP connection with [AF_INET]z.z.z.z:1194 [nonblock] Wed Oct 26 10:01:36 2022 MANAGEMENT: >STATE:1666789296,TCP_CONNECT,,,,,, Wed Oct 26 10:01:36 2022 TCP connection established with [AF_INET]z.z.z.z:1194 Wed Oct 26 10:01:36 2022 TCP_CLIENT link local: (not bound) Wed Oct 26 10:01:36 2022 TCP_CLIENT link remote: [AF_INET]z.z.z.z:1194 Wed Oct 26 10:01:36 2022 MANAGEMENT: >STATE:1666789296,WAIT,,,,,, Wed Oct 26 10:01:36 2022 MANAGEMENT: >STATE:1666789296,AUTH,,,,,, Wed Oct 26 10:01:36 2022 TLS: Initial packet from [AF_INET]z.z.z.z:1194, sid=c3fb5479 ddfb427e Wed Oct 26 10:01:36 2022 VERIFY OK: depth=3, OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign Wed Oct 26 10:01:36 2022 VERIFY OK: depth=2, C=BE, O=GlobalSign nv-sa, CN=Trusted Root TLS CA SHA256 G3 Wed Oct 26 10:01:36 2022 VERIFY OK: depth=1, C=BR, O=xxxxxxxxxxxxx Wed Oct 26 10:01:36 2022 VERIFY KU OK Wed Oct 26 10:01:36 2022 Validating certificate extended key usage Wed Oct 26 10:01:36 2022 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Wed Oct 26 10:01:36 2022 VERIFY EKU OK Wed Oct 26 10:01:36 2022 VERIFY OK: depth=0, C=.............. Wed Oct 26 10:01:36 2022 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256 Wed Oct 26 10:01:36 2022 [z.z.z.z] Peer Connection Initiated with [AF_INET]z.z.z.z:1194 Wed Oct 26 10:01:37 2022 Key [AF_INET]z.z.z.z:1194 [0] not initialized (yet), dropping packet. Wed Oct 26 10:01:37 2022 MANAGEMENT: >STATE:1666789297,GET_CONFIG,,,,,, Wed Oct 26 10:01:37 2022 SENT CONTROL [z.z.z.z]: 'PUSH_REQUEST' (status=1) Wed Oct 26 10:01:37 2022 Key [AF_INET]z.z.z.z:1194 [0] not initialized (yet), dropping packet. Wed Oct 26 10:01:38 2022 Key [AF_INET]z.z.z.z:1194 [0] not initialized (yet), dropping packet. Wed Oct 26 10:01:38 2022 Key [AF_INET]z.z.z.z:1194 [0] not initialized (yet), dropping packet. Wed Oct 26 10:01:42 2022 SENT CONTROL [z.z.z.z]: 'PUSH_REQUEST' (status=1) Wed Oct 26 10:01:48 2022 SENT CONTROL [z.z.z.z]: 'PUSH_REQUEST' (status=1) Wed Oct 26 10:01:48 2022 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS x.x.x.x,dhcp-option DNS y.y.y.y,ping 20,ping-restart 60,topology subnet,route-gateway z.z.z.z,ifconfig a.a.a.239 255.255.255.0' Wed Oct 26 10:01:48 2022 OPTIONS IMPORT: timers and/or timeouts modified Wed Oct 26 10:01:48 2022 OPTIONS IMPORT: --ifconfig/up options modified Wed Oct 26 10:01:48 2022 OPTIONS IMPORT: route-related options modified Wed Oct 26 10:01:48 2022 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Wed Oct 26 10:01:48 2022 Using peer cipher 'AES-256-CBC' Wed Oct 26 10:01:48 2022 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key Wed Oct 26 10:01:48 2022 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Oct 26 10:01:48 2022 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key Wed Oct 26 10:01:48 2022 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Oct 26 10:01:48 2022 interactive service msg_channel=780 Wed Oct 26 10:01:48 2022 open_tun Wed Oct 26 10:01:48 2022 tap-windows6 device [OpenVPN TAP-Windows6] opened Wed Oct 26 10:01:48 2022 TAP-Windows Driver Version 9.24 Wed Oct 26 10:01:48 2022 TAP-Windows MTU=1500 Wed Oct 26 10:01:48 2022 Set TAP-Windows TUN subnet mode network/local/netmask = a.a.a.0/a.a.a.239/255.255.255.0 [SUCCEEDED] Wed Oct 26 10:01:48 2022 Notified TAP-Windows driver to set a DHCP IP/netmask of a.a.a.239/255.255.255.0 on interface {32077BDB-F0CF-47A5-99B3-5B2E6726A8F4} [DHCP-serv: a.a.a.0, lease-time: 31536000] Wed Oct 26 10:01:48 2022 DHCP option string: 060896a2 010196a2 0202 Wed Oct 26 10:01:48 2022 Successful ARP Flush on interface [7] {32077BDB-F0CF-47A5-99B3-5B2E6726A8F4} Wed Oct 26 10:01:48 2022 do_ifconfig, ipv4=1, ipv6=0 Wed Oct 26 10:01:48 2022 MANAGEMENT: >STATE:1666789308,ASSIGN_IP,,a.a.a.239,,,, Wed Oct 26 10:01:48 2022 IPv4 MTU set to 1500 on interface 7 using service Wed Oct 26 10:01:53 2022 TEST ROUTES: 0/1 succeeded len=0 ret=0 a=0 u/d=up Wed Oct 26 10:01:53 2022 Route: Waiting for TUN/TAP interface to come up... Wed Oct 26 10:01:58 2022 TEST ROUTES: 0/1 succeeded len=0 ret=0 a=0 u/d=up Wed Oct 26 10:01:58 2022 Route: Waiting for TUN/TAP interface to come up... .... Wed Oct 26 10:02:22 2022 TEST ROUTES: 0/1 succeeded len=0 ret=0 a=0 u/d=up Wed Oct 26 10:02:22 2022 Route: Waiting for TUN/TAP interface to come up... Wed Oct 26 10:02:23 2022 TEST ROUTES: 0/1 succeeded len=0 ret=0 a=0 u/d=up Wed Oct 26 10:02:23 2022 C:\WINDOWS\system32\route.exe ADD z.z.z.z MASK 255.255.255.255 l.l.l.254 Wed Oct 26 10:02:23 2022 Route addition via service succeeded Wed Oct 26 10:02:23 2022 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 z.z.z.z Wed Oct 26 10:02:23 2022 Warning: route gateway is not reachable on any active network adapters: z.z.z.z Wed Oct 26 10:02:23 2022 Route addition via service failed Wed Oct 26 10:02:23 2022 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 z.z.z.z Wed Oct 26 10:02:23 2022 Warning: route gateway is not reachable on any active network adapters: z.z.z.z Wed Oct 26 10:02:23 2022 Route addition via service failed Wed Oct 26 10:02:23 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Wed Oct 26 10:02:23 2022 SYSTEM ROUTING TABLE Wed Oct 26 10:02:23 2022 0.0.0.0 0.0.0.0 l.l.l.254 p=0 i=10 t=4 pr=3 a=2726 h=0 m=25/0/0/0/0 Wed Oct 26 10:02:23 2022 127.0.0.0 255.0.0.0 127.0.0.1 p=0 i=1 t=3 pr=2 a=2952 h=0 m=331/0/0/0/0 Wed Oct 26 10:02:23 2022 127.0.0.1 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=2952 h=0 m=331/0/0/0/0 Wed Oct 26 10:02:23 2022 127.255.255.255 255.255.255.255 127.0.0.1 p=0 i=1 t=3 pr=2 a=2952 h=0 m=331/0/0/0/0 Wed Oct 26 10:02:23 2022 z.z.z.z 255.255.255.255 l.l.l.254 p=0 i=10 t=4 pr=3 a=0 h=0 m=281/0/0/0/0 .... Wed Oct 26 10:02:23 2022 a.a.a.0 255.255.255.0 a.a.a.239 p=0 i=7 t=3 pr=2 a=35 h=0 m=281/0/0/0/0 Wed Oct 26 10:02:23 2022 a.a.a.239 255.255.255.255 a.a.a.239 p=0 i=7 t=3 pr=2 a=35 h=0 m=281/0/0/0/0 Wed Oct 26 10:02:23 2022 a.a.a.255 255.255.255.255 a.a.a.239 p=0 i=7 t=3 pr=2 a=35 h=0 m=281/0/0/0/0 ... Wed Oct 26 10:02:23 2022 SYSTEM ADAPTER LIST Wed Oct 26 10:02:23 2022 Microsoft Hyper-V Network Adapter #2 Wed Oct 26 10:02:23 2022 Index = 10 Wed Oct 26 10:02:23 2022 GUID = {560F93A1-A3DB-4910-8EC4-2FAC201DBF14} Wed Oct 26 10:02:23 2022 IP = l.l.l.40/255.255.255.0 Wed Oct 26 10:02:23 2022 MAC = 00:15:5d:f8:49:0a Wed Oct 26 10:02:23 2022 GATEWAY = l.l.l.254/255.255.255.255 Wed Oct 26 10:02:23 2022 DHCP SERV = xxxxx Wed Oct 26 10:02:23 2022 DHCP LEASE OBTAINED = 2022-10-26 10:01:57 Wed Oct 26 10:02:23 2022 DHCP LEASE EXPIRES = 2022-10-26 10:06:57 Wed Oct 26 10:02:23 2022 DNS SERV = yyyyy Wed Oct 26 10:02:23 2022 Wintun Userspace Tunnel Wed Oct 26 10:02:23 2022 Index = 17 Wed Oct 26 10:02:23 2022 GUID = {EC2350B6-0D63-4C60-8FB1-5FEDB20DEA70} Wed Oct 26 10:02:23 2022 IP = 0.0.0.0/0.0.0.0 Wed Oct 26 10:02:23 2022 MAC = Wed Oct 26 10:02:23 2022 GATEWAY = 0.0.0.0/255.255.255.255 Wed Oct 26 10:02:23 2022 DNS SERV = Wed Oct 26 10:02:23 2022 TAP-Windows Adapter V9 Wed Oct 26 10:02:23 2022 Index = 7 Wed Oct 26 10:02:23 2022 GUID = {32077BDB-F0CF-47A5-99B3-5B2E6726A8F4} Wed Oct 26 10:02:23 2022 IP = a.a.a.239/255.255.255.0 Wed Oct 26 10:02:23 2022 MAC = 00:ff:32:07:7b:db Wed Oct 26 10:02:23 2022 GATEWAY = 0.0.0.0/255.255.255.255 Wed Oct 26 10:02:23 2022 DHCP SERV = a.a.a.0/255.255.255.255 Wed Oct 26 10:02:23 2022 DHCP LEASE OBTAINED = 2022-10-26 10:01:48 Wed Oct 26 10:02:23 2022 DHCP LEASE EXPIRES = 2023-10-26 10:01:48 Wed Oct 26 10:02:23 2022 DNS SERV = x.x.x.x/255.255.255.255 y.y.y.y/255.255.255.255 Wed Oct 26 10:02:23 2022 Initialization Sequence Completed With Errors ( see http://openvpn.net/faq.html#dhcpclientserv ) Wed Oct 26 10:02:23 2022 MANAGEMENT: >STATE:1666789343,CONNECTED,ERROR,a.a.a.239,z.z.z.z,1194,l.l.l.l.40,49958
Any ideas what may be happening?
submitted by keitarobr to mikrotik [link] [comments]

Cannot get OpenVPN to work with Private Internet Access on Windows 7 Virtual Machine

So I'm using OpenVPN 2.5.8, the latest one I could find as of today. It's installed in a Windows 7 Pro SP1 VM in VMWare Workstation 16 Pro
I followed this guide from PIA https://helpdesk.privateinternetaccess.com/guides/windows/windows-installing-openvpn#windows-installing-openvpn_step-2-select-your-bit-version
I downloaded the OpenVPN configs from the link on step 9.
However, I cannot seem to connect to the VPN when using the OpenVPN GUI.
I get this:
Thu Dec 1 23:04:54 2022 DEPRECATED OPTION: --cipher set to 'aes-128-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-128-cbc' to --data-ciphers or change --cipher 'aes-128-cbc' to --data-ciphers-fallback 'aes-128-cbc' to silence this warning. Thu Dec 1 23:04:54 2022 OpenVPN 2.5.8 [git:release/2.5/0357ceb877687faa] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Nov 11 2022 Thu Dec 1 23:04:54 2022 Windows version 6.1 (Windows 7) 64bit Thu Dec 1 23:04:54 2022 library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10 Thu Dec 1 23:05:08 2022 CRL: loaded 1 CRLs from file -----BEGIN X509 CRL---- Thu Dec 1 23:05:08 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.132:1198 Thu Dec 1 23:05:08 2022 UDP link local: (not bound) Thu Dec 1 23:05:08 2022 UDP link remote: [AF_INET]31.171.154.132:1198 Thu Dec 1 23:06:08 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:06:08 2022 TLS Error: TLS handshake failed Thu Dec 1 23:06:08 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:06:13 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.140:1198 Thu Dec 1 23:06:13 2022 UDP link local: (not bound) Thu Dec 1 23:06:13 2022 UDP link remote: [AF_INET]31.171.154.140:1198 Thu Dec 1 23:07:13 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:07:13 2022 TLS Error: TLS handshake failed Thu Dec 1 23:07:13 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:07:18 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.132:1198 Thu Dec 1 23:07:18 2022 UDP link local: (not bound) Thu Dec 1 23:07:18 2022 UDP link remote: [AF_INET]31.171.154.132:1198 Thu Dec 1 23:08:18 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:08:18 2022 TLS Error: TLS handshake failed Thu Dec 1 23:08:18 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:08:23 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.140:1198 Thu Dec 1 23:08:23 2022 UDP link local: (not bound) Thu Dec 1 23:08:23 2022 UDP link remote: [AF_INET]31.171.154.140:1198 Thu Dec 1 23:09:23 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:09:23 2022 TLS Error: TLS handshake failed Thu Dec 1 23:09:23 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:09:28 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.140:1198 Thu Dec 1 23:09:28 2022 UDP link local: (not bound) Thu Dec 1 23:09:28 2022 UDP link remote: [AF_INET]31.171.154.140:1198 Thu Dec 1 23:10:28 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:10:28 2022 TLS Error: TLS handshake failed Thu Dec 1 23:10:28 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:10:33 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.132:1198 Thu Dec 1 23:10:33 2022 UDP link local: (not bound) Thu Dec 1 23:10:33 2022 UDP link remote: [AF_INET]31.171.154.132:1198 Thu Dec 1 23:11:34 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:11:34 2022 TLS Error: TLS handshake failed Thu Dec 1 23:11:34 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:11:39 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.123:1198 Thu Dec 1 23:11:39 2022 UDP link local: (not bound) Thu Dec 1 23:11:39 2022 UDP link remote: [AF_INET]31.171.154.123:1198 Thu Dec 1 23:12:39 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:12:39 2022 TLS Error: TLS handshake failed Thu Dec 1 23:12:39 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:12:44 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.77:1198 Thu Dec 1 23:12:44 2022 UDP link local: (not bound) Thu Dec 1 23:12:44 2022 UDP link remote: [AF_INET]31.171.154.77:1198 Thu Dec 1 23:13:44 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:13:44 2022 TLS Error: TLS handshake failed Thu Dec 1 23:13:44 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:13:49 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.117:1198 Thu Dec 1 23:13:49 2022 UDP link local: (not bound) Thu Dec 1 23:13:49 2022 UDP link remote: [AF_INET]31.171.154.117:1198 Thu Dec 1 23:14:49 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:14:49 2022 TLS Error: TLS handshake failed Thu Dec 1 23:14:49 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:14:54 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.77:1198 Thu Dec 1 23:14:54 2022 UDP link local: (not bound) Thu Dec 1 23:14:54 2022 UDP link remote: [AF_INET]31.171.154.77:1198 Thu Dec 1 23:15:54 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:15:54 2022 TLS Error: TLS handshake failed Thu Dec 1 23:15:54 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:16:04 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.123:1198 Thu Dec 1 23:16:04 2022 UDP link local: (not bound) Thu Dec 1 23:16:04 2022 UDP link remote: [AF_INET]31.171.154.123:1198 Thu Dec 1 23:17:04 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:17:04 2022 TLS Error: TLS handshake failed Thu Dec 1 23:17:04 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:17:14 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.117:1198 Thu Dec 1 23:17:14 2022 UDP link local: (not bound) Thu Dec 1 23:17:14 2022 UDP link remote: [AF_INET]31.171.154.117:1198 Thu Dec 1 23:18:14 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:18:14 2022 TLS Error: TLS handshake failed Thu Dec 1 23:18:14 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:18:24 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.123:1198 Thu Dec 1 23:18:24 2022 UDP link local: (not bound) Thu Dec 1 23:18:24 2022 UDP link remote: [AF_INET]31.171.154.123:1198 Thu Dec 1 23:19:24 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:19:24 2022 TLS Error: TLS handshake failed Thu Dec 1 23:19:24 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:19:44 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.77:1198 Thu Dec 1 23:19:44 2022 UDP link local: (not bound) Thu Dec 1 23:19:44 2022 UDP link remote: [AF_INET]31.171.154.77:1198 Thu Dec 1 23:20:44 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:20:44 2022 TLS Error: TLS handshake failed Thu Dec 1 23:20:44 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:21:04 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.117:1198 Thu Dec 1 23:21:04 2022 UDP link local: (not bound) Thu Dec 1 23:21:04 2022 UDP link remote: [AF_INET]31.171.154.117:1198
Help would be appreciated.
The only reason I even bothered with OpenVPN is because the PIA client doesn't work with Windows 7. It does quite well on my Windows 10 VM though. If you have alternatives of making PIA work with Windows 7, I'd love some input.
submitted by JaseMarix to PrivateInternetAccess [link] [comments]

OpenVPN connect works, OpenVPN for android fails to connect

Config comes from a netgear r7960p. I'd prefer to use OpenVPN for android since I split usage for specific apps.
Anyone have any insight?
2022-11-27 09:24:17 official build 0.7.41 running on samsung SM-G981U (kona), Android 13 (TP1A.220624.014) API 33, ABI arm64-v8a, (samsung/x1qsqx/x1q:13/TP1A.220624.014/G981USQU3GVK1:userelease-keys) 2022-11-27 09:24:17 Building configuration… 2022-11-27 09:24:17 started Socket Thread 2022-11-27 09:24:17 Network Status: CONNECTED LTE to MOBILE fast.t-mobile.com 2022-11-27 09:24:17 Debug state info: CONNECTED LTE to MOBILE fast.t-mobile.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 2022-11-27 09:24:17 P:WARNING: linker: Warning: "/data/app/~~HTooGGLFf3IOb4yXnD-LPw==/de.blinkt.openvpn-YZ6PjBQdZLr27BAFY2BH_A==/lib/arm64/libovpnexec.so" is not a directory (ignoring) 2022-11-27 09:24:17 Debug state info: CONNECTED LTE to MOBILE fast.t-mobile.com, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED 2022-11-27 09:24:17 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set. 2022-11-27 09:24:17 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 2022-11-27 09:24:17 Current Parameter Settings: 2022-11-27 09:24:17 config = 'stdin' 2022-11-27 09:24:17 mode = 0 2022-11-27 09:24:17 show_ciphers = DISABLED 2022-11-27 09:24:17 show_digests = DISABLED 2022-11-27 09:24:17 show_engines = DISABLED 2022-11-27 09:24:17 genkey = DISABLED 2022-11-27 09:24:17 genkey_filename = '[UNDEF]' 2022-11-27 09:24:17 Waiting 0s seconds between connection attempt 2022-11-27 09:24:17 key_pass_file = '[UNDEF]' 2022-11-27 09:24:17 show_tls_ciphers = DISABLED 2022-11-27 09:24:17 connect_retry_max = 0 2022-11-27 09:24:17 Connection profiles [0]: 2022-11-27 09:24:17 proto = udp 2022-11-27 09:24:17 local = '[UNDEF]' 2022-11-27 09:24:17 local_port = '[UNDEF]' 2022-11-27 09:24:17 remote = 'NGUYEN9769.LOREXDDNS.NET' 2022-11-27 09:24:17 remote_port = '12973' 2022-11-27 09:24:17 remote_float = DISABLED 2022-11-27 09:24:17 bind_defined = DISABLED 2022-11-27 09:24:17 bind_local = DISABLED 2022-11-27 09:24:17 bind_ipv6_only = DISABLED 2022-11-27 09:24:17 connect_retry_seconds = 2 2022-11-27 09:24:17 connect_timeout = 120 2022-11-27 09:24:17 socks_proxy_server = '[UNDEF]' 2022-11-27 09:24:17 socks_proxy_port = '[UNDEF]' 2022-11-27 09:24:17 tun_mtu = 1500 2022-11-27 09:24:17 tun_mtu_defined = ENABLED 2022-11-27 09:24:17 link_mtu = 1500 2022-11-27 09:24:17 link_mtu_defined = DISABLED 2022-11-27 09:24:17 tun_mtu_extra = 0 2022-11-27 09:24:17 tun_mtu_extra_defined = DISABLED 2022-11-27 09:24:17 tls_mtu = 1250 2022-11-27 09:24:17 mtu_discover_type = -1 2022-11-27 09:24:17 fragment = 0 2022-11-27 09:24:17 mssfix = 1492 2022-11-27 09:24:17 mssfix_encap = ENABLED 2022-11-27 09:24:17 mssfix_fixed = DISABLED 2022-11-27 09:24:17 explicit_exit_notification = 0 2022-11-27 09:24:17 tls_auth_file = '[UNDEF]' 2022-11-27 09:24:17 key_direction = not set 2022-11-27 09:24:17 tls_crypt_file = '[UNDEF]' 2022-11-27 09:24:17 tls_crypt_v2_file = '[UNDEF]' 2022-11-27 09:24:17 Connection profiles END 2022-11-27 09:24:17 remote_random = DISABLED 2022-11-27 09:24:17 ipchange = '[UNDEF]' 2022-11-27 09:24:17 dev = 'tun' 2022-11-27 09:24:17 dev_type = '[UNDEF]' 2022-11-27 09:24:17 dev_node = '[UNDEF]' 2022-11-27 09:24:17 lladdr = '[UNDEF]' 2022-11-27 09:24:17 topology = 1 2022-11-27 09:24:17 ifconfig_local = '[UNDEF]' 2022-11-27 09:24:17 ifconfig_remote_netmask = '[UNDEF]' 2022-11-27 09:24:17 ifconfig_noexec = DISABLED 2022-11-27 09:24:17 ifconfig_nowarn = ENABLED 2022-11-27 09:24:17 ifconfig_ipv6_local = '[UNDEF]' 2022-11-27 09:24:17 ifconfig_ipv6_netbits = 0 2022-11-27 09:24:17 ifconfig_ipv6_remote = '[UNDEF]' 2022-11-27 09:24:17 shaper = 0 2022-11-27 09:24:17 mtu_test = 0 2022-11-27 09:24:17 mlock = DISABLED 2022-11-27 09:24:17 keepalive_ping = 0 2022-11-27 09:24:17 keepalive_timeout = 0 2022-11-27 09:24:17 inactivity_timeout = 0 2022-11-27 09:24:17 inactivity_minimum_bytes = 0 2022-11-27 09:24:17 ping_send_timeout = 0 2022-11-27 09:24:17 ping_rec_timeout = 0 2022-11-27 09:24:17 ping_rec_timeout_action = 0 2022-11-27 09:24:17 ping_timer_remote = DISABLED 2022-11-27 09:24:17 remap_sigusr1 = 0 2022-11-27 09:24:17 persist_tun = ENABLED 2022-11-27 09:24:17 persist_local_ip = DISABLED 2022-11-27 09:24:17 persist_remote_ip = DISABLED 2022-11-27 09:24:17 persist_key = DISABLED 2022-11-27 09:24:17 passtos = DISABLED 2022-11-27 09:24:17 resolve_retry_seconds = 1000000000 2022-11-27 09:24:17 resolve_in_advance = ENABLED 2022-11-27 09:24:17 username = '[UNDEF]' 2022-11-27 09:24:17 groupname = '[UNDEF]' 2022-11-27 09:24:17 chroot_dir = '[UNDEF]' 2022-11-27 09:24:17 cd_dir = '[UNDEF]' 2022-11-27 09:24:17 writepid = '[UNDEF]' 2022-11-27 09:24:17 up_script = '[UNDEF]' 2022-11-27 09:24:17 down_script = '[UNDEF]' 2022-11-27 09:24:17 down_pre = DISABLED 2022-11-27 09:24:17 up_restart = DISABLED 2022-11-27 09:24:17 up_delay = DISABLED 2022-11-27 09:24:17 daemon = DISABLED 2022-11-27 09:24:17 log = DISABLED 2022-11-27 09:24:17 suppress_timestamps = DISABLED 2022-11-27 09:24:17 machine_readable_output = ENABLED 2022-11-27 09:24:17 nice = 0 2022-11-27 09:24:17 verbosity = 4 2022-11-27 09:24:17 mute = 0 2022-11-27 09:24:17 gremlin = 0 2022-11-27 09:24:17 status_file = '[UNDEF]' 2022-11-27 09:24:17 status_file_version = 1 2022-11-27 09:24:17 status_file_update_freq = 60 2022-11-27 09:24:17 occ = ENABLED 2022-11-27 09:24:17 rcvbuf = 0 2022-11-27 09:24:17 sndbuf = 0 2022-11-27 09:24:17 sockflags = 0 2022-11-27 09:24:17 fast_io = DISABLED 2022-11-27 09:24:17 comp.alg = 2 2022-11-27 09:24:17 comp.flags = 1 2022-11-27 09:24:17 route_script = '[UNDEF]' 2022-11-27 09:24:17 route_default_gateway = '[UNDEF]' 2022-11-27 09:24:17 route_default_metric = 0 2022-11-27 09:24:17 route_noexec = DISABLED 2022-11-27 09:24:17 route_delay = 0 2022-11-27 09:24:17 route_delay_window = 30 2022-11-27 09:24:17 route_delay_defined = DISABLED 2022-11-27 09:24:17 route_nopull = DISABLED 2022-11-27 09:24:17 route_gateway_via_dhcp = DISABLED 2022-11-27 09:24:17 allow_pull_fqdn = DISABLED 2022-11-27 09:24:17 management_addr = '/data/use0/de.blinkt.openvpn/cache/mgmtsocket' 2022-11-27 09:24:17 management_port = 'unix' 2022-11-27 09:24:17 management_user_pass = '[UNDEF]' 2022-11-27 09:24:17 management_log_history_cache = 250 2022-11-27 09:24:17 management_echo_buffer_size = 100 2022-11-27 09:24:17 management_client_user = '[UNDEF]' 2022-11-27 09:24:17 management_client_group = '[UNDEF]' 2022-11-27 09:24:17 management_flags = 16678 2022-11-27 09:24:17 shared_secret_file = '[UNDEF]' 2022-11-27 09:24:17 key_direction = not set 2022-11-27 09:24:17 ciphername = 'AES-128-CBC' 2022-11-27 09:24:17 ncp_ciphers = 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305' 2022-11-27 09:24:17 authname = 'SHA1' 2022-11-27 09:24:17 engine = DISABLED 2022-11-27 09:24:17 replay = ENABLED 2022-11-27 09:24:17 mute_replay_warnings = DISABLED 2022-11-27 09:24:17 replay_window = 64 2022-11-27 09:24:17 replay_time = 15 2022-11-27 09:24:17 packet_id_file = '[UNDEF]' 2022-11-27 09:24:17 test_crypto = DISABLED 2022-11-27 09:24:17 tls_server = DISABLED 2022-11-27 09:24:17 tls_client = ENABLED 2022-11-27 09:24:17 ca_file = '[INLINE]' 2022-11-27 09:24:17 ca_path = '[UNDEF]' 2022-11-27 09:24:17 dh_file = '[UNDEF]' 2022-11-27 09:24:17 cert_file = '[INLINE]' 2022-11-27 09:24:17 extra_certs_file = '[UNDEF]' 2022-11-27 09:24:17 priv_key_file = '[INLINE]' 2022-11-27 09:24:17 pkcs12_file = '[UNDEF]' 2022-11-27 09:24:17 cipher_list = '[UNDEF]' 2022-11-27 09:24:17 cipher_list_tls13 = '[UNDEF]' 2022-11-27 09:24:17 tls_cert_profile = '[UNDEF]' 2022-11-27 09:24:17 tls_verify = '[UNDEF]' 2022-11-27 09:24:17 tls_export_cert = '[UNDEF]' 2022-11-27 09:24:17 verify_x509_type = 0 2022-11-27 09:24:17 verify_x509_name = '[UNDEF]' 2022-11-27 09:24:17 crl_file = '[UNDEF]' 2022-11-27 09:24:17 ns_cert_type = 0 2022-11-27 09:24:17 remote_cert_ku[i] = 0 2022-11-27 09:24:17 remote_cert_ku[i] = 0 2022-11-27 09:24:17 remote_cert_ku[i] = 0 2022-11-27 09:24:17 remote_cert_ku[i] = 0 2022-11-27 09:24:17 remote_cert_ku[i] = 0 2022-11-27 09:24:17 remote_cert_ku[i] = 0 2022-11-27 09:24:17 remote_cert_ku[i] = 0 2022-11-27 09:24:17 remote_cert_ku[i] = 0 2022-11-27 09:24:17 remote_cert_ku[i] = 0 2022-11-27 09:24:17 remote_cert_ku[i] = 0 2022-11-27 09:24:17 remote_cert_ku[i] = 0 2022-11-27 09:24:17 remote_cert_ku[i] = 0 2022-11-27 09:24:17 remote_cert_ku[i] = 0 2022-11-27 09:24:17 remote_cert_ku[i] = 0 2022-11-27 09:24:17 remote_cert_ku[i] = 0 2022-11-27 09:24:17 remote_cert_ku[i] = 0 2022-11-27 09:24:17 remote_cert_eku = '[UNDEF]' 2022-11-27 09:24:17 ssl_flags = 192 2022-11-27 09:24:17 tls_timeout = 2 2022-11-27 09:24:17 renegotiate_bytes = -1 2022-11-27 09:24:17 renegotiate_packets = 0 2022-11-27 09:24:17 renegotiate_seconds = 3600 2022-11-27 09:24:17 handshake_window = 60 2022-11-27 09:24:17 transition_window = 3600 2022-11-27 09:24:17 single_session = DISABLED 2022-11-27 09:24:17 push_peer_info = DISABLED 2022-11-27 09:24:17 tls_exit = DISABLED 2022-11-27 09:24:17 tls_crypt_v2_metadata = '[UNDEF]' 2022-11-27 09:24:17 server_network = 0.0.0.0 2022-11-27 09:24:17 server_netmask = 0.0.0.0 2022-11-27 09:24:17 server_network_ipv6 = :: 2022-11-27 09:24:17 server_netbits_ipv6 = 0 2022-11-27 09:24:17 server_bridge_ip = 0.0.0.0 2022-11-27 09:24:17 server_bridge_netmask = 0.0.0.0 2022-11-27 09:24:17 server_bridge_pool_start = 0.0.0.0 2022-11-27 09:24:17 server_bridge_pool_end = 0.0.0.0 2022-11-27 09:24:17 ifconfig_pool_defined = DISABLED 2022-11-27 09:24:17 ifconfig_pool_start = 0.0.0.0 2022-11-27 09:24:17 ifconfig_pool_end = 0.0.0.0 2022-11-27 09:24:17 ifconfig_pool_netmask = 0.0.0.0 2022-11-27 09:24:17 ifconfig_pool_persist_filename = '[UNDEF]' 2022-11-27 09:24:17 ifconfig_pool_persist_refresh_freq = 600 2022-11-27 09:24:17 ifconfig_ipv6_pool_defined = DISABLED 2022-11-27 09:24:17 ifconfig_ipv6_pool_base = :: 2022-11-27 09:24:17 ifconfig_ipv6_pool_netbits = 0 2022-11-27 09:24:17 n_bcast_buf = 256 2022-11-27 09:24:17 tcp_queue_limit = 64 2022-11-27 09:24:17 real_hash_size = 256 2022-11-27 09:24:17 virtual_hash_size = 256 2022-11-27 09:24:17 client_connect_script = '[UNDEF]' 2022-11-27 09:24:17 learn_address_script = '[UNDEF]' 2022-11-27 09:24:17 client_disconnect_script = '[UNDEF]' 2022-11-27 09:24:17 client_config_dir = '[UNDEF]' 2022-11-27 09:24:17 ccd_exclusive = DISABLED 2022-11-27 09:24:17 tmp_dir = '/data/data/de.blinkt.openvpn/cache' 2022-11-27 09:24:17 push_ifconfig_defined = DISABLED 2022-11-27 09:24:17 push_ifconfig_local = 0.0.0.0 2022-11-27 09:24:17 push_ifconfig_remote_netmask = 0.0.0.0 2022-11-27 09:24:17 push_ifconfig_ipv6_defined = DISABLED 2022-11-27 09:24:17 push_ifconfig_ipv6_local = ::/0 2022-11-27 09:24:17 push_ifconfig_ipv6_remote = :: 2022-11-27 09:24:17 enable_c2c = DISABLED 2022-11-27 09:24:17 duplicate_cn = DISABLED 2022-11-27 09:24:17 cf_max = 0 2022-11-27 09:24:17 cf_per = 0 2022-11-27 09:24:17 max_clients = 1024 2022-11-27 09:24:17 max_routes_per_client = 256 2022-11-27 09:24:17 auth_user_pass_verify_script = '[UNDEF]' 2022-11-27 09:24:17 auth_user_pass_verify_script_via_file = DISABLED 2022-11-27 09:24:17 auth_token_generate = DISABLED 2022-11-27 09:24:17 auth_token_lifetime = 0 2022-11-27 09:24:17 auth_token_secret_file = '[UNDEF]' 2022-11-27 09:24:17 port_share_host = '[UNDEF]' 2022-11-27 09:24:17 port_share_port = '[UNDEF]' 2022-11-27 09:24:17 vlan_tagging = DISABLED 2022-11-27 09:24:17 vlan_accept = all 2022-11-27 09:24:17 vlan_pvid = 1 2022-11-27 09:24:17 client = ENABLED 2022-11-27 09:24:17 pull = ENABLED 2022-11-27 09:24:17 auth_user_pass_file = '[UNDEF]' 2022-11-27 09:24:17 OpenVPN 2.6-icsopenvpn [git:icsopenvpn/v0.7.40-0-g28cb5982] arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Sep 4 2022 2022-11-27 09:24:17 library versions: OpenSSL 3.0.5 5 Jul 2022, LZO 2.10 2022-11-27 09:24:17 MANAGEMENT: Connected to management server at /data/use0/de.blinkt.openvpn/cache/mgmtsocket 2022-11-27 09:24:17 MANAGEMENT: CMD 'version 3' 2022-11-27 09:24:17 MANAGEMENT: CMD 'hold release' 2022-11-27 09:24:17 MANAGEMENT: CMD 'bytecount 2' 2022-11-27 09:24:17 MANAGEMENT: CMD 'state on' 2022-11-27 09:24:17 MANAGEMENT: >STATE:1669569857,RESOLVE,,,,,, 2022-11-27 09:24:22 MANAGEMENT: CMD 'proxy NONE' 2022-11-27 09:24:23 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 2022-11-27 09:24:23 LZO compression initializing 2022-11-27 09:24:23 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ] 2022-11-27 09:24:23 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ] 2022-11-27 09:24:23 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,key-method 2,tls-client' 2022-11-27 09:24:23 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,key-method 2,tls-server' 2022-11-27 09:24:23 TCP/UDP: Preserving recently used remote address: [AF_INET6]XXX.XXX.XXX.XXX:12973 2022-11-27 09:24:23 Socket Buffers: R=[229376->229376] S=[229376->229376] 2022-11-27 09:24:23 MANAGEMENT: CMD 'needok 'PROTECTFD' ok' 2022-11-27 09:24:23 UDPv6 link local: (not bound) 2022-11-27 09:24:23 UDPv6 link remote: [AF_INET6]XXX.XXX.XXX.XXX:12973 2022-11-27 09:24:23 MANAGEMENT: >STATE:1669569863,WAIT,,,,,, 2022-11-27 09:24:24 read UDPv6 [ECONNREFUSED]: Connection refused (fd=4,code=111) 2022-11-27 09:24:25 read UDPv6 [ECONNREFUSED]: Connection refused (fd=4,code=111) 2022-11-27 09:24:30 read UDPv6 [ECONNREFUSED]: Connection refused (fd=4,code=111) 2022-11-27 09:24:39 read UDPv6 [ECONNREFUSED]: Connection refused (fd=4,code=111) 2022-11-27 09:24:54 read UDPv6 [ECONNREFUSED]: Connection refused (fd=4,code=111) 2022-11-27 09:25:24 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2022-11-27 09:25:24 TLS Error: TLS handshake failed 2022-11-27 09:25:24 TCP/UDP: Closing socket 2022-11-27 09:25:24 SIGUSR1[soft,tls-error] received, process restarting 2022-11-27 09:25:24 MANAGEMENT: >STATE:1669569924,RECONNECTING,tls-error,,,,, 2022-11-27 09:25:24 Waiting 2s seconds between connection attempt 2022-11-27 09:25:26 MANAGEMENT: CMD 'hold release' 2022-11-27 09:25:26 MANAGEMENT: CMD 'bytecount 2' 2022-11-27 09:25:26 MANAGEMENT: CMD 'state on' 2022-11-27 09:25:26 MANAGEMENT: CMD 'proxy NONE' 2022-11-27 09:25:27 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 2022-11-27 09:25:27 LZO compression initializing 2022-11-27 09:25:27 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ] 2022-11-27 09:25:27 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ] 2022-11-27 09:25:27 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,key-method 2,tls-client' 2022-11-27 09:25:27 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,key-method 2,tls-server' 2022-11-27 09:25:27 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:12973 2022-11-27 09:25:27 Socket Buffers: R=[229376->229376] S=[229376->229376] 2022-11-27 09:25:27 MANAGEMENT: CMD 'needok 'PROTECTFD' ok' 2022-11-27 09:25:27 UDPv4 link local: (not bound) 2022-11-27 09:25:27 UDPv4 link remote: [AF_INET]XXX.XXX.XXX.XXX:12973 2022-11-27 09:25:27 MANAGEMENT: >STATE:1669569927,WAIT,,,,,, 2022-11-27 09:26:29 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2022-11-27 09:26:29 TLS Error: TLS handshake failed 2022-11-27 09:26:29 TCP/UDP: Closing socket 2022-11-27 09:26:29 SIGUSR1[soft,tls-error] received, process restarting 2022-11-27 09:26:29 MANAGEMENT: >STATE:1669569989,RECONNECTING,tls-error,,,,, 2022-11-27 09:26:29 Waiting 2s seconds between connection attempt 2022-11-27 09:26:31 MANAGEMENT: CMD 'hold release' 2022-11-27 09:26:31 MANAGEMENT: CMD 'bytecount 2' 2022-11-27 09:26:31 MANAGEMENT: CMD 'state on' 2022-11-27 09:26:31 MANAGEMENT: CMD 'proxy NONE' 2022-11-27 09:26:32 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 2022-11-27 09:26:32 LZO compression initializing 2022-11-27 09:26:32 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ] 2022-11-27 09:26:32 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ] 2022-11-27 09:26:32 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,key-method 2,tls-client' 2022-11-27 09:26:32 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,auth SHA1,keysize 128,key-method 2,tls-server' 2022-11-27 09:26:32 TCP/UDP: Preserving recently used remote address: [AF_INET6]XXX.XXX.XXX.XXX:12973 2022-11-27 09:26:32 Socket Buffers: R=[229376->229376] S=[229376->229376] 2022-11-27 09:26:32 MANAGEMENT: CMD 'needok 'PROTECTFD' ok' 2022-11-27 09:26:32 UDPv6 link local: (not bound) 2022-11-27 09:26:32 UDPv6 link remote: [AF_INET6]XXX.XXX.XXX.XXX:12973 2022-11-27 09:26:32 MANAGEMENT: >STATE:1669569992,WAIT,,,,,,

submitted by offeredthrowaway to OpenVPN [link] [comments]

Cannot get OpenVPN to work with Private Internet Access on Windows 7 VMware

So I'm using OpenVPN 2.5.8, the latest one I could find as of today. It's installed in a Windows 7 Pro SP1 in VMWare Workstation 16 Pro
I followed this guide from PIA https://helpdesk.privateinternetaccess.com/guides/windows/windows-installing-openvpn#windows-installing-openvpn_step-2-select-your-bit-version
I downloaded the OpenVPN configs from the link on step 9.
However, I cannot seem to connect to the VPN when using the OpenVPN GUI.
I get this:
Thu Dec 1 23:04:54 2022 DEPRECATED OPTION: --cipher set to 'aes-128-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-128-cbc' to --data-ciphers or change --cipher 'aes-128-cbc' to --data-ciphers-fallback 'aes-128-cbc' to silence this warning. Thu Dec 1 23:04:54 2022 OpenVPN 2.5.8 [git:release/2.5/0357ceb877687faa] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Nov 11 2022 Thu Dec 1 23:04:54 2022 Windows version 6.1 (Windows 7) 64bit Thu Dec 1 23:04:54 2022 library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10 Thu Dec 1 23:05:08 2022 CRL: loaded 1 CRLs from file -----BEGIN X509 CRL---- Thu Dec 1 23:05:08 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.132:1198 Thu Dec 1 23:05:08 2022 UDP link local: (not bound) Thu Dec 1 23:05:08 2022 UDP link remote: [AF_INET]31.171.154.132:1198 Thu Dec 1 23:06:08 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:06:08 2022 TLS Error: TLS handshake failed Thu Dec 1 23:06:08 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:06:13 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.140:1198 Thu Dec 1 23:06:13 2022 UDP link local: (not bound) Thu Dec 1 23:06:13 2022 UDP link remote: [AF_INET]31.171.154.140:1198 Thu Dec 1 23:07:13 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:07:13 2022 TLS Error: TLS handshake failed Thu Dec 1 23:07:13 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:07:18 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.132:1198 Thu Dec 1 23:07:18 2022 UDP link local: (not bound) Thu Dec 1 23:07:18 2022 UDP link remote: [AF_INET]31.171.154.132:1198 Thu Dec 1 23:08:18 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:08:18 2022 TLS Error: TLS handshake failed Thu Dec 1 23:08:18 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:08:23 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.140:1198 Thu Dec 1 23:08:23 2022 UDP link local: (not bound) Thu Dec 1 23:08:23 2022 UDP link remote: [AF_INET]31.171.154.140:1198 Thu Dec 1 23:09:23 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:09:23 2022 TLS Error: TLS handshake failed Thu Dec 1 23:09:23 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:09:28 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.140:1198 Thu Dec 1 23:09:28 2022 UDP link local: (not bound) Thu Dec 1 23:09:28 2022 UDP link remote: [AF_INET]31.171.154.140:1198 Thu Dec 1 23:10:28 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:10:28 2022 TLS Error: TLS handshake failed Thu Dec 1 23:10:28 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:10:33 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.132:1198 Thu Dec 1 23:10:33 2022 UDP link local: (not bound) Thu Dec 1 23:10:33 2022 UDP link remote: [AF_INET]31.171.154.132:1198 Thu Dec 1 23:11:34 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:11:34 2022 TLS Error: TLS handshake failed Thu Dec 1 23:11:34 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:11:39 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.123:1198 Thu Dec 1 23:11:39 2022 UDP link local: (not bound) Thu Dec 1 23:11:39 2022 UDP link remote: [AF_INET]31.171.154.123:1198 Thu Dec 1 23:12:39 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:12:39 2022 TLS Error: TLS handshake failed Thu Dec 1 23:12:39 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:12:44 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.77:1198 Thu Dec 1 23:12:44 2022 UDP link local: (not bound) Thu Dec 1 23:12:44 2022 UDP link remote: [AF_INET]31.171.154.77:1198 Thu Dec 1 23:13:44 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:13:44 2022 TLS Error: TLS handshake failed Thu Dec 1 23:13:44 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:13:49 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.117:1198 Thu Dec 1 23:13:49 2022 UDP link local: (not bound) Thu Dec 1 23:13:49 2022 UDP link remote: [AF_INET]31.171.154.117:1198 Thu Dec 1 23:14:49 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:14:49 2022 TLS Error: TLS handshake failed Thu Dec 1 23:14:49 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:14:54 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.77:1198 Thu Dec 1 23:14:54 2022 UDP link local: (not bound) Thu Dec 1 23:14:54 2022 UDP link remote: [AF_INET]31.171.154.77:1198 Thu Dec 1 23:15:54 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:15:54 2022 TLS Error: TLS handshake failed Thu Dec 1 23:15:54 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:16:04 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.123:1198 Thu Dec 1 23:16:04 2022 UDP link local: (not bound) Thu Dec 1 23:16:04 2022 UDP link remote: [AF_INET]31.171.154.123:1198 Thu Dec 1 23:17:04 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:17:04 2022 TLS Error: TLS handshake failed Thu Dec 1 23:17:04 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:17:14 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.117:1198 Thu Dec 1 23:17:14 2022 UDP link local: (not bound) Thu Dec 1 23:17:14 2022 UDP link remote: [AF_INET]31.171.154.117:1198 Thu Dec 1 23:18:14 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:18:14 2022 TLS Error: TLS handshake failed Thu Dec 1 23:18:14 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:18:24 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.123:1198 Thu Dec 1 23:18:24 2022 UDP link local: (not bound) Thu Dec 1 23:18:24 2022 UDP link remote: [AF_INET]31.171.154.123:1198 Thu Dec 1 23:19:24 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:19:24 2022 TLS Error: TLS handshake failed Thu Dec 1 23:19:24 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:19:44 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.77:1198 Thu Dec 1 23:19:44 2022 UDP link local: (not bound) Thu Dec 1 23:19:44 2022 UDP link remote: [AF_INET]31.171.154.77:1198 Thu Dec 1 23:20:44 2022 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Thu Dec 1 23:20:44 2022 TLS Error: TLS handshake failed Thu Dec 1 23:20:44 2022 SIGUSR1[soft,tls-error] received, process restarting Thu Dec 1 23:21:04 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.154.117:1198 Thu Dec 1 23:21:04 2022 UDP link local: (not bound) Thu Dec 1 23:21:04 2022 UDP link remote: [AF_INET]31.171.154.117:1198
I'd love to get this fixed. Their VPN is working quite well in Windows 10.
submitted by JaseMarix to OpenVPN [link] [comments]

canucks vs flames 1994 game 7 avion presidencial usa costo 5005 hil mar drive din en iso 3834-5 barriga de tanquinho em um mes salsa viva ecuador 2020 guayaquil structural steel section sizes uk 125cc honda supersport braconajul in delta dunarii what is the best scroll saw for beginners bilal 2020 hbabna cards against humanity 10 days of gifts jobs 56283 mix and match curse words nomenclature ... > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > boston vs nyc streets snow fast and furious 6 auto vin diesel center square aflam4you resumen del libro la hoja roja sgs 1-35 canopy hinge more than words choreography dance not done yet soja letra traduzida differential and integral calculus 6th edition pdf triathlon spd vs spd sl pedals base plates 10 x 10 quien gano cotto o martinez > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > # Host-block file # URL: https://sebsauvage.net/hosts/hosts-adguard # More information: https://sebsauvage.net/wiki/doku.php?id=dns-blocklist # Generated on : 2020-11 ... man utd vs bayern munich 1999 full match youtube bassoon speaker keys rally aosta 2020 ottobre kunai de naruto real avvocato ferrara palermo ministrul comunicatiilor jeff preiss low down trailer vw transporter t5 2.0 tdi 102 cafetaria schelfhorst almelo safety officer interview schedule yeast cell rupture oricos full cup review nobivac vaccine schedule mimon alwajdi 2020 pasos inocentes wiki l ... cardio vs strength training for fast weight loss pnr checking for flight show processing image while page loading javascript what are your priorities as a hca sportstv12com forever 21 plastic flower ring review mahdy reza hbj who's who in energy gluteus maximus flap video alinder londono nike earnings release call friends store old town spring fotos de vestidos de novia cortos y sencillos uk ...

[index] [24145] [22904] [25356] [14127] [8284] [21584] [20147] [26255] [1795] [27143]

#