I currently run the ssl vpn on the ASG v8.2 I installed the openvpn client app, but every time I connect, it forever loops disconnecting and reconnecting. I have included my logs. Please help!! Thanks!
Here is the server log:
Need IPv6 code in mroute_extract_addr_from_packet
Need IPv6 code in mroute_extract_addr_from_packet
[peanut] Inactivity timeout (--ping-restart), restarting
SIGUSR1[soft,ping-restart] received, client-instance restarting
openvpn[5918]: id="2202" severity="info" sys="SecureNet" sub="vpn" event="Connection terminated" username="***X" variant="ssl" srcip="X.X.X.X" virtual_ip="X.X.X.X"
PLUGIN_CALL: POST /usr/lib/openvpn-auth-aua.so/PLUGIN_CLIENT_DISCONNECT status=0
TCP/UDP: Closing socket
MULTI: multi_create_instance called
Re-using SSL/TLS context
LZO compression initialized
Control Channel MTU parms [ L:1540 D:140 EF:40 EB:0 ET:0 EL:0 ]
Data Channel MTU parms [ L:1540 D:1450 EF:40 EB:135 ET:0 EL:0 AF:3/1 ]
Local Options hash (VER=V4): '2837edb2'
Expected Remote Options hash (VER=V4): 'e0c76424'
TCP connection established with X.X.X.X:10091
Socket Buffers: R=[131072->131072] S=[131072->131072]
TCPv4_SERVER link local: [undef]
TCPv4_SERVER link remote: X.X.X.X:10091
TLS: Initial packet from X.X.X.X:10091, sid=4c664fbb f93ff8ae
VERIFY OK: depth=1, /C=us/L=***X/O=***X/CN=***X_VPN_CA/emailAddress=***X
VERIFY OK: depth=0, /C=us/L=***/O=***X/CN=***X/emailAddress=******X
PLUGIN_CALL: POST /usr/lib/openvpn-auth-aua.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
TLS: Username/Password authentication succeeded for username '***X'
Data Channel Encrypt: Cipher 'DES-EDE3-CBC' initialized with 192 bit key
Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Data Channel Decrypt: Cipher 'DES-EDE3-CBC' initialized with 192 bit key
Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
[peanut] Peer Connection Initiated with ***X
id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection started" username="***X" variant="ssl" srcip="***X" virtual_ip="***X"
PLUGIN_CALL: POST /usr/lib/openvpn-auth-aua.so/PLUGIN_CLIENT_CONNECT status=0
MULTI: Learn: 10.242.2.6 ->
MULTI: primary virtual IP for
PUSH: Received control message: 'PUSH_REQUEST'
SENT CONTROL [***X]: 'PUSH_REPLY,route remote_host 255.255.255.255 net_gateway,redirect-gateway def1,dhcp-option DNS 10.10.10.3,route ***X,topology net30,ping 10,ping-restart 120,ifconfig X.X.X.X.X' (status=1)
Need IPv6 code in mroute_extract_addr_from_packet
Need IPv6 code in mroute_extract_addr_from_packet
Need IPv6 code in mroute_extract_addr_from_packet
Need IPv6 code in mroute_extract_addr_from_packet
Here is the client log:
Fri Jan 06 14:22:24 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Fri Jan 06 14:22:33 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Fri Jan 06 14:22:33 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jan 06 14:22:33 2012 LZO compression initialized
Fri Jan 06 14:22:33 2012 Control Channel MTU parms [ L:1540 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jan 06 14:22:33 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jan 06 14:22:33 2012 Data Channel MTU parms [ L:1540 D:1450 EF:40 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Jan 06 14:22:33 2012 Local Options hash (VER=V4): 'e0c76424'
Fri Jan 06 14:22:33 2012 Expected Remote Options hash (VER=V4): '2837edb2'
Fri Jan 06 14:22:33 2012 Attempting to establish TCP connection with X.X.X.X:443
Fri Jan 06 14:22:33 2012 TCP connection established with X.X.X.X:443
Fri Jan 06 14:22:33 2012 TCPv4_CLIENT link local: [undef]
Fri Jan 06 14:22:33 2012 TCPv4_CLIENT link remote: X.X.X.X:443
Fri Jan 06 14:22:33 2012 TLS: Initial packet from X.X.X.X:443, sid=0a548065 391490b4
Fri Jan 06 14:22:33 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jan 06 14:22:34 2012 VERIFY OK: depth=1, /C=us/L=***X /O=***X/CN=***X_VPN_CA/emailAddress=***X
Fri Jan 06 14:22:34 2012 VERIFY X509NAME OK: /C=us/L=***X/O=***X/CN=***X/emailAddress=***X
Fri Jan 06 14:22:34 2012 VERIFY OK: depth=0, /C=us/L=***X/O=***X/CN=***X/emailAddress=***X
Fri Jan 06 14:22:34 2012 Data Channel Encrypt: Cipher 'DES-EDE3-CBC' initialized with 192 bit key
Fri Jan 06 14:22:34 2012 Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Fri Jan 06 14:22:34 2012 Data Channel Decrypt: Cipher 'DES-EDE3-CBC' initialized with 192 bit key
Fri Jan 06 14:22:34 2012 Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Fri Jan 06 14:22:34 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Jan 06 14:22:34 2012 [***X] Peer Connection Initiated with 149.8.128.214:443
Fri Jan 06 14:22:37 2012 SENT CONTROL [***X]: 'PUSH_REQUEST' (status=1)
Fri Jan 06 14:22:37 2012 PUSH: Received control message: 'PUSH_REPLY,route remote_host 255.255.255.255 net_gateway,redirect-gateway def1,dhcp-option DNS 10.10.10.3,route 10.242.2.1,topology net30,ping 10,ping-restart 120,ifconfig 10.242.2.6 10.242.2.5'
Fri Jan 06 14:22:37 2012 OPTIONS IMPORT: timers and/or timeouts modified
Fri Jan 06 14:22:37 2012 OPTIONS IMPORT: --ifconfig/up options modified
Fri Jan 06 14:22:37 2012 OPTIONS IMPORT: route options modified
Fri Jan 06 14:22:37 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Jan 06 14:22:37 2012 ROUTE default_gateway=X.X.X.X
Fri Jan 06 14:22:37 2012 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{************XX}.tap
Fri Jan 06 14:22:37 2012 TAP-Win32 Driver Version 9.9
Fri Jan 06 14:22:37 2012 TAP-Win32 MTU=1500
Fri Jan 06 14:22:37 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.242.2.6/255.255.255.252 on interface {************} [DHCP-serv: 10.242.2.5, lease-time: 31536000]
Fri Jan 06 14:22:37 2012 Successful ARP Flush on interface [34] {************XX}
Fri Jan 06 14:22:41 2012 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Fri Jan 06 14:22:41 2012 C:\WINDOWS\system32\route.exe ADD X.X.X.X MASK 255.255.255.255 X.X.X.X
Fri Jan 06 14:22:41 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Fri Jan 06 14:22:41 2012 Route addition via IPAPI succeeded [adaptive]
Fri Jan 06 14:22:41 2012 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.242.2.5
Fri Jan 06 14:22:41 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Jan 06 14:22:41 2012 Route addition via IPAPI succeeded [adaptive]
Fri Jan 06 14:22:41 2012 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.242.2.5
Fri Jan 06 14:22:41 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Jan 06 14:22:41 2012 Route addition via IPAPI succeeded [adaptive]
Fri Jan 06 14:22:41 2012 WARNING: potential route subnet conflict between local LAN [X.X.X.X/255.255.252.0] and remote VPN [X.X.X.X/255.255.255.255]
Fri Jan 06 14:22:41 2012 C:\WINDOWS\system32\route.exe ADD X.X.X.X MASK 255.255.255.255 X.X.X.X
Fri Jan 06 14:22:41 2012 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=13]
Fri Jan 06 14:22:41 2012 Route addition via IPAPI failed [adaptive]
Fri Jan 06 14:22:41 2012 Route addition fallback to route.exe
The route addition failed: The object already exists.
Fri Jan 06 14:22:41 2012 C:\WINDOWS\system32\route.exe ADD 10.242.2.1 MASK 255.255.255.255 10.242.2.5
Fri Jan 06 14:22:41 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Jan 06 14:22:41 2012 Route addition via IPAPI succeeded [adaptive]
Fri Jan 06 14:22:41 2012 Initialization Sequence Completed
Fri Jan 06 14:23:02 2012 read TCPv4_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060)
Fri Jan 06 14:23:02 2012 Connection reset, restarting [-1]
Fri Jan 06 14:23:02 2012 TCP/UDP: Closing socket
Fri Jan 06 14:23:02 2012 SIGUSR1[soft,connection-reset] received, process restarting
Fri Jan 06 14:23:02 2012 Restart pause, 5 second(s)
Fri Jan 06 14:23:07 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Fri Jan 06 14:23:07 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Here is the server log:
Need IPv6 code in mroute_extract_addr_from_packet
Need IPv6 code in mroute_extract_addr_from_packet
[peanut] Inactivity timeout (--ping-restart), restarting
SIGUSR1[soft,ping-restart] received, client-instance restarting
openvpn[5918]: id="2202" severity="info" sys="SecureNet" sub="vpn" event="Connection terminated" username="***X" variant="ssl" srcip="X.X.X.X" virtual_ip="X.X.X.X"
PLUGIN_CALL: POST /usr/lib/openvpn-auth-aua.so/PLUGIN_CLIENT_DISCONNECT status=0
TCP/UDP: Closing socket
MULTI: multi_create_instance called
Re-using SSL/TLS context
LZO compression initialized
Control Channel MTU parms [ L:1540 D:140 EF:40 EB:0 ET:0 EL:0 ]
Data Channel MTU parms [ L:1540 D:1450 EF:40 EB:135 ET:0 EL:0 AF:3/1 ]
Local Options hash (VER=V4): '2837edb2'
Expected Remote Options hash (VER=V4): 'e0c76424'
TCP connection established with X.X.X.X:10091
Socket Buffers: R=[131072->131072] S=[131072->131072]
TCPv4_SERVER link local: [undef]
TCPv4_SERVER link remote: X.X.X.X:10091
TLS: Initial packet from X.X.X.X:10091, sid=4c664fbb f93ff8ae
VERIFY OK: depth=1, /C=us/L=***X/O=***X/CN=***X_VPN_CA/emailAddress=***X
VERIFY OK: depth=0, /C=us/L=***/O=***X/CN=***X/emailAddress=******X
PLUGIN_CALL: POST /usr/lib/openvpn-auth-aua.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
TLS: Username/Password authentication succeeded for username '***X'
Data Channel Encrypt: Cipher 'DES-EDE3-CBC' initialized with 192 bit key
Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Data Channel Decrypt: Cipher 'DES-EDE3-CBC' initialized with 192 bit key
Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
[peanut] Peer Connection Initiated with ***X
id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection started" username="***X" variant="ssl" srcip="***X" virtual_ip="***X"
PLUGIN_CALL: POST /usr/lib/openvpn-auth-aua.so/PLUGIN_CLIENT_CONNECT status=0
MULTI: Learn: 10.242.2.6 ->
MULTI: primary virtual IP for
PUSH: Received control message: 'PUSH_REQUEST'
SENT CONTROL [***X]: 'PUSH_REPLY,route remote_host 255.255.255.255 net_gateway,redirect-gateway def1,dhcp-option DNS 10.10.10.3,route ***X,topology net30,ping 10,ping-restart 120,ifconfig X.X.X.X.X' (status=1)
Need IPv6 code in mroute_extract_addr_from_packet
Need IPv6 code in mroute_extract_addr_from_packet
Need IPv6 code in mroute_extract_addr_from_packet
Need IPv6 code in mroute_extract_addr_from_packet
Here is the client log:
Fri Jan 06 14:22:24 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Fri Jan 06 14:22:33 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Fri Jan 06 14:22:33 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Jan 06 14:22:33 2012 LZO compression initialized
Fri Jan 06 14:22:33 2012 Control Channel MTU parms [ L:1540 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jan 06 14:22:33 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Jan 06 14:22:33 2012 Data Channel MTU parms [ L:1540 D:1450 EF:40 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Jan 06 14:22:33 2012 Local Options hash (VER=V4): 'e0c76424'
Fri Jan 06 14:22:33 2012 Expected Remote Options hash (VER=V4): '2837edb2'
Fri Jan 06 14:22:33 2012 Attempting to establish TCP connection with X.X.X.X:443
Fri Jan 06 14:22:33 2012 TCP connection established with X.X.X.X:443
Fri Jan 06 14:22:33 2012 TCPv4_CLIENT link local: [undef]
Fri Jan 06 14:22:33 2012 TCPv4_CLIENT link remote: X.X.X.X:443
Fri Jan 06 14:22:33 2012 TLS: Initial packet from X.X.X.X:443, sid=0a548065 391490b4
Fri Jan 06 14:22:33 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Jan 06 14:22:34 2012 VERIFY OK: depth=1, /C=us/L=***X /O=***X/CN=***X_VPN_CA/emailAddress=***X
Fri Jan 06 14:22:34 2012 VERIFY X509NAME OK: /C=us/L=***X/O=***X/CN=***X/emailAddress=***X
Fri Jan 06 14:22:34 2012 VERIFY OK: depth=0, /C=us/L=***X/O=***X/CN=***X/emailAddress=***X
Fri Jan 06 14:22:34 2012 Data Channel Encrypt: Cipher 'DES-EDE3-CBC' initialized with 192 bit key
Fri Jan 06 14:22:34 2012 Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Fri Jan 06 14:22:34 2012 Data Channel Decrypt: Cipher 'DES-EDE3-CBC' initialized with 192 bit key
Fri Jan 06 14:22:34 2012 Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Fri Jan 06 14:22:34 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Jan 06 14:22:34 2012 [***X] Peer Connection Initiated with 149.8.128.214:443
Fri Jan 06 14:22:37 2012 SENT CONTROL [***X]: 'PUSH_REQUEST' (status=1)
Fri Jan 06 14:22:37 2012 PUSH: Received control message: 'PUSH_REPLY,route remote_host 255.255.255.255 net_gateway,redirect-gateway def1,dhcp-option DNS 10.10.10.3,route 10.242.2.1,topology net30,ping 10,ping-restart 120,ifconfig 10.242.2.6 10.242.2.5'
Fri Jan 06 14:22:37 2012 OPTIONS IMPORT: timers and/or timeouts modified
Fri Jan 06 14:22:37 2012 OPTIONS IMPORT: --ifconfig/up options modified
Fri Jan 06 14:22:37 2012 OPTIONS IMPORT: route options modified
Fri Jan 06 14:22:37 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Jan 06 14:22:37 2012 ROUTE default_gateway=X.X.X.X
Fri Jan 06 14:22:37 2012 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{************XX}.tap
Fri Jan 06 14:22:37 2012 TAP-Win32 Driver Version 9.9
Fri Jan 06 14:22:37 2012 TAP-Win32 MTU=1500
Fri Jan 06 14:22:37 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.242.2.6/255.255.255.252 on interface {************} [DHCP-serv: 10.242.2.5, lease-time: 31536000]
Fri Jan 06 14:22:37 2012 Successful ARP Flush on interface [34] {************XX}
Fri Jan 06 14:22:41 2012 TEST ROUTES: 3/3 succeeded len=2 ret=1 a=0 u/d=up
Fri Jan 06 14:22:41 2012 C:\WINDOWS\system32\route.exe ADD X.X.X.X MASK 255.255.255.255 X.X.X.X
Fri Jan 06 14:22:41 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Fri Jan 06 14:22:41 2012 Route addition via IPAPI succeeded [adaptive]
Fri Jan 06 14:22:41 2012 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.242.2.5
Fri Jan 06 14:22:41 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Jan 06 14:22:41 2012 Route addition via IPAPI succeeded [adaptive]
Fri Jan 06 14:22:41 2012 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.242.2.5
Fri Jan 06 14:22:41 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Jan 06 14:22:41 2012 Route addition via IPAPI succeeded [adaptive]
Fri Jan 06 14:22:41 2012 WARNING: potential route subnet conflict between local LAN [X.X.X.X/255.255.252.0] and remote VPN [X.X.X.X/255.255.255.255]
Fri Jan 06 14:22:41 2012 C:\WINDOWS\system32\route.exe ADD X.X.X.X MASK 255.255.255.255 X.X.X.X
Fri Jan 06 14:22:41 2012 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=13]
Fri Jan 06 14:22:41 2012 Route addition via IPAPI failed [adaptive]
Fri Jan 06 14:22:41 2012 Route addition fallback to route.exe
The route addition failed: The object already exists.
Fri Jan 06 14:22:41 2012 C:\WINDOWS\system32\route.exe ADD 10.242.2.1 MASK 255.255.255.255 10.242.2.5
Fri Jan 06 14:22:41 2012 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Fri Jan 06 14:22:41 2012 Route addition via IPAPI succeeded [adaptive]
Fri Jan 06 14:22:41 2012 Initialization Sequence Completed
Fri Jan 06 14:23:02 2012 read TCPv4_CLIENT: Connection timed out (WSAETIMEDOUT) (code=10060)
Fri Jan 06 14:23:02 2012 Connection reset, restarting [-1]
Fri Jan 06 14:23:02 2012 TCP/UDP: Closing socket
Fri Jan 06 14:23:02 2012 SIGUSR1[soft,connection-reset] received, process restarting
Fri Jan 06 14:23:02 2012 Restart pause, 5 second(s)
Fri Jan 06 14:23:07 2012 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Fri Jan 06 14:23:07 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables