OpenVPN-Paket

- - - Aktualisiert - - -
Finde es ziemlich kritisch ein Tool für so etwas sicherheitskritisches zu nutzen, für den der Quelltext nicht einsehbar ist...
Absolut nachvollziehbar, man könnte mal nachfragen, ob er ihn veröffentlichen würde.
Für mich sieht es aber tatsächlich so aus, als ob jemand der sich mit der Materie ganz gut auskennt (Admin im Forum dort) ein Tool gemacht hat um den Nutzern die Sache zu vereinfachen, ohne sich die Mühe zu machen das Ganze unter eine Lizenz zu stellen usw., bzw. auf später verschoben und nie dazu gekommen.

Quelltext einsehbar bedeutet übrigens auch nicht, dass jemand den Quelltext überprüft hätte... Das ist ungefähr die selbe Schein-Sicherheit wie Security-through-obscurity
 
Da ich momentan mal wieder nicht beim Server VorOrt bin, ist es etwa heikel die Zertifikate usw. zu ändern.

Ab wann werden die eingestellten Zertifikate usw. unter freetz gültig.
Schon wenn man bei den einzelnen Menüpunkten auf übernehmen klickt oder erst wenn man openvpn neustartet?


Quelltext einsehbar bedeutet übrigens auch nicht, dass jemand den Quelltext überprüft hätte... Das ist ungefähr die selbe Schein-Sicherheit wie Security-through-obscurity

Das ist mir natürlich bewusst, um genau zu sein weiß man noch nicht mal ob der Quelltext zum eigentlichen Programm gehört, es sei denn man kompiliert selber.
Aber die Wahrscheinlichkeit, dass ihn Jemand totgeflamt hätte, wenn es so wäre, wäre groß.

Den Quelltext zumindestens hätte ich überflogen.Aber jetzt habe ich mir die Zertifikate mit easy-rsa selbst erstellt.
 
Ich weiß nicht ob die Zertifikate sich anders verhalten, aber normal muss man den Service neustarten um Änderungen zu übernehmen.
 
"Leider" beides: Die Daten werden (nur) beim Neustart übernommen.
ABER: Wenn du die Zertifikate/Schlüssel in der GUI änderst, wird nach meiner Erinnerung die Änderung erkannt und dann auch der OpenVPN-Service neu gestartet ...
Gut ist also immer, wenn man einen weiteren/anderen Zugang hast (z.B. per SSH).

EDIT: Ja, ist so. Du kannst aber auch direkt was in die Dateien schreiben, ohne dass der Service neu gestartet wird:

Als Beispiel für das CA Zertifikat
Code:
cat "dein CA-Cert" > /tmp/flash/openvpn/ca.crt
#... ggf weitere Zertifikats- und Schlüssel-Dateien kopieren 
# dann "sichern"
modsave flash
 
Zuletzt bearbeitet:
Danke, dann werde ich über openvpn und telnet auf die Fritzbox gehen und es so machen wie du gesagt hast danke.

- - - Aktualisiert - - -

Code:
Thu Nov 17 15:05:06 2016 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Thu Nov 17 15:05:06 2016 WARNING: file 'static.key' is group or others accessible
Da ist wohl irgendwas schief gelaufen und ich muss mir nen Teamviewer PC besorgen^^
Weiß jemand was da schief gelaufen ist?

- - - Aktualisiert - - -

Hab mein Handy genommen und mich mit dem nativen VPN der Fritzbox verbunden.
War ein vi Fail...

Funzt jetzt vielen dank.

Muss mich jetzt mal einlesen wie man ins simple gui an verschiedene Clients verschiedene Konfigurationen pushed, könnte gut sein dass ich euch deswegen nochmal nerven muss^^
 
Du nutzt die "neue" GUI? Dazu findest du im Wiki auch ein kleines Beispiel, wie du Dinge abhängig vom CN machen kannst, z.B. IPs vergeben:

http://freetz.org/wiki/packages/openvpn#NeuesimpleGUIGUI2

Du kannst natürlich auch "einfach" ein "Client-Config-Dir" anlegen und dort pro Client eine Konfig hinterlegen...
 
Zuletzt bearbeitet:
Wenn ich 2 Clients habe muss ich zwangsweise das client-connect script nutzen?

Meine Aktuelle FB-Server Config:
Code:
proto tcp-server
dev tun
ca /tmp/flash/openvpn/ca.crt
cert /tmp/flash/openvpn/box.crt
key /tmp/flash/openvpn/box.key
dh /tmp/flash/openvpn/dh.pem
tls-server
tls-auth /tmp/flash/openvpn/static.key 0
port 1194
ifconfig 192.168.200.1 255.255.255.0
push "route-gateway 192.168.200.1"
topology subnet
push "topology subnet"
push "route 192.168.2.0 255.255.255.0"
max-clients 9
mode server
ifconfig-pool 192.168.200.100 192.168.200.250
push "route 192.168.200.1"
client-config-dir clients_openvpn
route 192.168.188.0 255.255.255.0 192.168.200.2
tun-mtu 1500
mssfix
log /var/tmp/debug_openvpn.out
verb 3
cipher BF-CBC
comp-lzo
float
keepalive 10 120
status /var/log/openvpn.log
--client-config-dir /var/tmp/flash/openvpn/clients_openvpn
persist-tun
persist-key
Vermute irgendwie das die Zeile "--client-config-dir /var/tmp/flash/openvpn/clients_openvpn" nicht funktioniert.

FB-Client:
Code:
proto tcp-client
dev tun
ca ca.crt
cert box.crt
key box.key
tls-client
tls-auth static.key 1
remote XXXX.myfritz.net
nobind
pull
redirect-gateway
tun-mtu 1500
mssfix
log debug_openvpn.out
verb 3
cipher BF-CBC
comp-lzo
float
keepalive 10 120
resolv-retry infinite
status openvpn.log
persist-tun
persist-key
http-proxy 172.20.XX.XX XXXX

Nun würde ich auf meinem Ubuntu gerne eine ähnliche Config haben.
Denn das interessante an der Config der FB-Client ist, dass jeglichertraffic der über den Proxy laufen kann direkt über den Proxy läuft und der Rest über die VPN verbindung.
Bloß dass Ubuntu eben kein eigenes Netz hat und somit das
Code:
route 192.168.188.0 255.255.255.0 192.168.200.2
für mich nicht zielführend ist...

Nunja, ich habe ehrlich gesagt von OpenVPN wenig ahnung und war Glücklich das mir vor einem Jahr Max da sehr viel geholfen hat.

Wenn ich mehrere Clients hab, wie weise ich diesen getrennt eine Config zu?
Brauch ich das client-connect Skript dafür?
 
Vorweg: In der Konfig-Datei muss es immer ohne führende "--" Zeichen, es heißt dort also "client-config-dir <XY>".

Das hintere "--client-config-dir ..." ist also "falsch", das weiter davor stehende "richtig". Allerdings würde mit der "einfachen GUI" der volle Pfad benötigt, da das ohne "chroot" arbeitet...

Wenn du Ordner und Dateien anlegen kannst, ist ein CCD recht "trivial", weil die Steuerung, welcher Client was nimmt durch den Dateinamen einfach ist. Zwingend ist es aber nicht, du kannst auch über andere Mechanismen machen, wie auf der WIKI-Seite beschrieben.

Also per "CCD" ginge das so:

Ordner "/tmp/flash/openvpn/clients_openvpn" anlegen und dort je Client eine Datei anlegen, die genau so heißt, wie der CN im Zertifikat.
In diese Datei kommen dann die "individuellen" Dinge, z.B. eine definierte IP sowie eine Route dorthin:

Code:
# Inhalt von /tmp/flash/openvpn/clients_openvpn/Client17
# wirkt für den Client mit einem Zertifikat mit CN "Client17"
# der bekommt die IP 192.168.200.17 
# der Client soll 192.168.1.0 255.255.255.0 routen zu 192.168.200.1
# beim Client 192.168.200.17 ist das Netz 192.168.17.0 255.255.255.0

ifconfig-push 192.168.200.17 255.255.255.0
push "route 192.168.1.0 255.255.255.0 192.168.200.1"
# passend zum "globalen" Konfig-Eintrag:           route  192.168.17.0 255.255.255.0 192.168.200.17
iroute  192.168.17.0 255.255.255.0
 
Ok, vielen Dank, dass ist momentan die aktuelle FB-Server Config:
Code:
proto tcp-server
dev tun
ca /tmp/flash/openvpn/ca.crt
cert /tmp/flash/openvpn/box.crt
key /tmp/flash/openvpn/box.key
dh /tmp/flash/openvpn/dh.pem
tls-server
tls-auth /tmp/flash/openvpn/static.key 0
port 1194
ifconfig 192.168.200.1 255.255.255.0
push "route-gateway 192.168.200.1"
topology subnet
push "topology subnet"
push "route 192.168.2.0 255.255.255.0"
max-clients 9
mode server
ifconfig-pool 192.168.200.100 192.168.200.250
push "route 192.168.200.1" 
route 192.168.188.0 255.255.255.0 192.168.200.2
tun-mtu 1500
mssfix
log /var/tmp/debug_openvpn.out
verb 3
cipher BF-CBC
comp-lzo
float
keepalive 10 120
status /var/log/openvpn.log
client-config-dir /var/tmp/flash/openvpn/clients_openvpn
persist-tun
persist-key

Ich glaube ich muss die nochmal aufbauen.
Welche Config nimmt der denn wenn unter clients_openvpn kein Client gefunden wurde?
Weil das Netz zu Netz Routing der FB-Server und FB-Client ist bei mir eher die Ausnahme als die Regel.
Also wäre es schön in unter clients_openvpn die FB-Client ein zu tragen und sonst den Standardfall


Die Zeile
Code:
route 192.168.188.0 255.255.255.0 192.168.200.2
hat z.B. in der Standard Config nichts zu suchen oder?
 
In der Konfigurationsdatei des Servers im Beitrag #1249 sieht es aus wie bei Hempels unterm Sofa.

Es gibt nicht erst seit gestern ausgezeichnete Anleitungen zur Nutzung von OpenVPN im Netz.

Was tun gegen Denkfaulheit?
 
Einfach rausnehmen oder durch was anderes ersetzen?

¤dit:
AES-128-GCM geht noch nicht, da der OpenVPN Server <2.4 ist

Also wohl AES-128-CBC
Wie groß ist denn der Performanceunterschied zwischen 128 und 256?

Meine Fritzbox hat sich heute von 6.60 mit Freetz auf 6.60 ohne Freetz geupdatet (Ganze geschichte hier: http://www.ip-phone-forum.de/showthread.php?t=288755 )
Nach dem das wieder beseitigt war ist mir aufgefallen dass er meine in den Datein im Ordner /var/tmp/flash/openvpn/clients_openvpn wieder rückgängig gemacht hat.
Vermutlich also scheinbar nur flüchtig gespeichert hatte.

Was muss ich also tun, damit er diese Änderungen auch nach einem neustart noch hat?
 
Zuletzt bearbeitet:
Jo, AES-128-CBC läuft bei mir auch. Beim googlen hab ich jemanden gefunden der tatsächlich meinte 128 liefe doppelt soschnell wie 256, das will ich aber nicht so glauben.
Hier hat jemand versch. Cipher verglichen: (nicht explizit OpenVPN - und sicher keine FB)
http://blog.tuvpn.com/2011/02/vpn-performance-tests-for-different-ciphers-and-key-strengths/
Hier sogar im OVPN Wiki: http://wiki.openvpn.eu/index.php/Geschwindigkeitstest

Ich hab nicht so viel mit der FB zu tun, aber ich meine mich zu erinnern dass das ganze Zeug in tmp nur bis zum Neustart dort ist. Deshalb habe ich die gesamte Konfig in die Felder der (neueren) OVPN-GUI eingegeben (erst dort wird alles in Dateien geladen). Damit wird es jedes mal geschrieben wenn OVPN neustartet (oder die Box)
 
Mit einer eierlegenden Wollmilchsau aus den Hause AVM hat man miese Karten in Bezug auf VPN Transferleistung. Diese Erkenntnis sollte auch dieses Forum erreicht haben.

Spielt AVM eigentlich den Totengräber von Freetz oder wird Freetz von AVM tatkräftig unterstützt? Wer kennt sich da aus?
 
Ich bins mal wieder.

Folgende Config:
Beide Fritzboxen:
FB7490
Firmware: 113.06.83 rev43494
Freetz: devel-14163M

Server-Fritz!Box hängt hinter einem VDSL 100k Anschluss mit wechselnder IP.

Client Fritz!Box ist momentan per USB-Tethering an ein Smartphone angeschlossen, welches wiederum das öffentliche Wlan weitergibt.
Im öffentlichen Wlan muss man sich einmal nach Verbindung einloggen.

Da öffentliches Wlan, habe ich mich entschlossen redirect Gateway an zu schalten.
Problem an der Sache scheinbar (Achtung Mutmaßung):
Wenn die VPN Verbindung crasht, bleibt die alte redirect Route bestehen und Internet ist weg, weil er die IP der Server Fritzbox nicht kontaktieren kann, die redirekt Route aber noch eingerichtet ist.

Config Server Fritzbox:
Code:
[COLOR=#000000][FONT=Arial]proto tcp-server[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]dev tun[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]ca /tmp/flash/openvpn/ca.crt[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]cert /tmp/flash/openvpn/box.crt[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]key /tmp/flash/openvpn/box.key[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]dh /tmp/flash/openvpn/dh.pem[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]tls-server[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]tls-auth /tmp/flash/openvpn/static.key 0[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]port 1194[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]ifconfig 192.168.200.1 255.255.255.0[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]push "route-gateway 192.168.200.1"[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]topology subnet[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]push "topology subnet"[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]push "route 192.168.2.0 255.255.255.0"[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]max-clients 9[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]mode server[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]ifconfig-pool 192.168.200.100 192.168.200.250[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]push "route 192.168.200.1"[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]route 192.168.188.0 255.255.255.0 192.168.200.2[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]tun-mtu 1500[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]mssfix[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]log /var/tmp/debug_openvpn.out[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]verb 3[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]cipher AES-128-CBC[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]comp-lzo[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]float[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]keepalive 10 120[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]status /var/log/openvpn.log[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]client-config-dir /var/tmp/flash/openvpn/clients_openvpn[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]persist-tun[/FONT][/COLOR]
[COLOR=#000000][FONT=Arial]persist-key
[/FONT][/COLOR]


Config Client Fritzbox:
Code:
proto tcp-client
dev tun
ca /tmp/flash/openvpn/ca.crt
cert /tmp/flash/openvpn/box.crt
key /tmp/flash/openvpn/box.key
tls-client
tls-auth /tmp/flash/openvpn/static.key 1
remote XXXXXXXX.myfritz.net
nobind
pull
redirect-gateway
tun-mtu 1500
mssfix
log /var/tmp/debug_openvpn.out
verb 3
cipher AES-128-CBC
comp-lzo
float
keepalive 10 120
resolv-retry infinite
status /var/log/openvpn.log
persist-tun
persist-key
#http-proxy XXX.XX.XX.XX XXXX

cat /var/tmp/debug_openvpn.out
Code:
Tue Apr 11 20:57:47 2017 OpenVPN 2.3.14 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [IPv6] built on Feb  3 2017
Tue Apr 11 20:57:47 2017 library versions: OpenSSL 0.9.8zh 3 Dec 2015, LZO 2.09
Tue Apr 11 20:57:47 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Apr 11 20:57:48 2017 Control Channel Authentication: using '/tmp/flash/openvpn/static.key' as a OpenVPN static key file
Tue Apr 11 20:57:48 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 11 20:57:48 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 11 20:57:48 2017 Socket Buffers: R=[87380->87380] S=[16384->16384]
Tue Apr 11 20:57:58 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Tue Apr 11 20:57:59 2017 Attempting to establish TCP connection with [AF_INET]XX.XXX.XX.XXX:1194 [nonblock]
Tue Apr 11 20:58:09 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Tue Apr 11 20:58:15 2017 TCP connection established with [AF_INET]XX.XXX.XX.XXX:1194
Tue Apr 11 20:58:15 2017 TCPv4_CLIENT link local: [undef]
Tue Apr 11 20:58:15 2017 TCPv4_CLIENT link remote: [AF_INET]XX.XXX.XX.XXX:1194
Tue Apr 11 20:58:15 2017 TLS: Initial packet from [AF_INET]XX.XXX.XX.XXX:1194, sid=6be83685 d8c5b9ca
Tue Apr 11 20:58:16 2017 VERIFY OK: depth=1, C=DE, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx CA, name=xxx, [email protected]
Tue Apr 11 20:58:16 2017 VERIFY OK: depth=0, C=DE, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx.myfritz.net, name=xxx, [email protected]
Tue Apr 11 20:58:22 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Apr 11 20:58:22 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 11 20:58:22 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Apr 11 20:58:22 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 11 20:58:22 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Apr 11 20:58:22 2017 [xxx.myfritz.net] Peer Connection Initiated with [AF_INET]XX.XXX.XX.XXX:1194
Tue Apr 11 20:58:24 2017 SENT CONTROL [xxx.myfritz.net]: 'PUSH_REQUEST' (status=1)
Tue Apr 11 20:58:25 2017 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.200.1,topology subnet,route 192.168.2.0 255.255.255.0,route 192.168.200.1,ping 10,ping-restart 120,route 192.168.200.1,ifconfig 192.168.200.100 255.255.255.0'
Tue Apr 11 20:58:25 2017 OPTIONS IMPORT: timers and/or timeouts modified
Tue Apr 11 20:58:25 2017 OPTIONS IMPORT: --ifconfig/up options modified
Tue Apr 11 20:58:25 2017 OPTIONS IMPORT: route options modified
Tue Apr 11 20:58:25 2017 OPTIONS IMPORT: route-related options modified
Tue Apr 11 20:58:25 2017 TUN/TAP device tun0 opened
Tue Apr 11 20:58:25 2017 TUN/TAP TX queue length set to 100
Tue Apr 11 20:58:25 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Apr 11 20:58:25 2017 /sbin/ifconfig tun0 192.168.200.100 netmask 255.255.255.0 mtu 1500 broadcast 192.168.200.255
Tue Apr 11 20:58:25 2017 /sbin/route add -net XX.XXX.XX.XXX netmask 255.255.255.255 dev dsl
Tue Apr 11 20:58:25 2017 /sbin/route del -net 0.0.0.0 netmask 0.0.0.0
Tue Apr 11 20:58:25 2017 /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.200.1
Tue Apr 11 20:58:25 2017 /sbin/route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.200.1
Tue Apr 11 20:58:25 2017 /sbin/route add -net 192.168.200.1 netmask 255.255.255.255 gw 192.168.200.1
Tue Apr 11 20:58:25 2017 /sbin/route add -net 192.168.200.1 netmask 255.255.255.255 gw 192.168.200.1
route: SIOCADDRT: File exists
Tue Apr 11 20:58:25 2017 ERROR: Linux route add command failed: external program exited with error status: 1
Tue Apr 11 20:58:25 2017 Initialization Sequence Completed
Tue Apr 11 21:58:22 2017 TLS: soft reset sec=0 bytes=14727894/-1 pkts=33457/0
Tue Apr 11 21:58:26 2017 VERIFY OK: depth=1, C=DE, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx CA, name=xxx, [email protected]
Tue Apr 11 21:58:26 2017 VERIFY OK: depth=0, C=DE, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx.myfritz.net, name=xxx, [email protected]
Tue Apr 11 21:58:30 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Apr 11 21:58:30 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 11 21:58:30 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Apr 11 21:58:30 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 11 21:58:30 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Apr 11 22:58:22 2017 TLS: tls_process: killed expiring key
Tue Apr 11 22:58:30 2017 TLS: soft reset sec=0 bytes=4884151/-1 pkts=9315/0
Tue Apr 11 22:58:31 2017 VERIFY OK: depth=1, C=DE, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx CA, name=xxx, [email protected]
Tue Apr 11 22:58:31 2017 VERIFY OK: depth=0, C=DE, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx.myfritz.net, name=xxx, [email protected]
Tue Apr 11 22:58:34 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Apr 11 22:58:34 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 11 22:58:34 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Apr 11 22:58:34 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 11 22:58:34 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Apr 11 23:58:30 2017 TLS: tls_process: killed expiring key
Tue Apr 11 23:58:35 2017 VERIFY OK: depth=1, C=DE, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx CA, name=xxx, [email protected]
Tue Apr 11 23:58:35 2017 VERIFY OK: depth=0, C=DE, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx.myfritz.net, name=xxx, [email protected]
Tue Apr 11 23:58:38 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Apr 11 23:58:38 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 11 23:58:38 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Apr 11 23:58:38 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Apr 11 23:58:38 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 00:16:57 2017 [xxx.myfritz.net] Inactivity timeout (--ping-restart), restarting
Wed Apr 12 00:16:57 2017 SIGUSR1[soft,ping-restart] received, process restarting
Wed Apr 12 00:16:57 2017 Restart pause, 5 second(s)
Wed Apr 12 00:17:02 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Apr 12 00:17:02 2017 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Apr 12 00:17:02 2017 Attempting to establish TCP connection with [AF_INET]XX.XXX.XX.XXX:1194 [nonblock]
Wed Apr 12 00:17:03 2017 TCP connection established with [AF_INET]XX.XXX.XX.XXX:1194
Wed Apr 12 00:17:03 2017 TCPv4_CLIENT link local: [undef]
Wed Apr 12 00:17:03 2017 TCPv4_CLIENT link remote: [AF_INET]XX.XXX.XX.XXX:1194
Wed Apr 12 00:17:04 2017 TLS: Initial packet from [AF_INET]XX.XXX.XX.XXX:1194, sid=c27d2a85 1b555ec1
Wed Apr 12 00:17:05 2017 VERIFY OK: depth=1, C=DE, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx CA, name=xxx, [email protected]
Wed Apr 12 00:17:05 2017 VERIFY OK: depth=0, C=DE, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx.myfritz.net, name=xxx, [email protected]
Wed Apr 12 00:17:07 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 00:17:07 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 00:17:07 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 00:17:07 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 00:17:07 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 00:17:07 2017 [xxx.myfritz.net] Peer Connection Initiated with [AF_INET]XX.XXX.XX.XXX:1194
Wed Apr 12 00:17:10 2017 SENT CONTROL [xxx.myfritz.net]: 'PUSH_REQUEST' (status=1)
Wed Apr 12 00:17:10 2017 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.200.1,topology subnet,route 192.168.2.0 255.255.255.0,route 192.168.200.1,ping 10,ping-restart 120,route 192.168.200.1,ifconfig 192.168.200.100 255.255.255.0'
Wed Apr 12 00:17:10 2017 OPTIONS IMPORT: timers and/or timeouts modified
Wed Apr 12 00:17:10 2017 OPTIONS IMPORT: --ifconfig/up options modified
Wed Apr 12 00:17:10 2017 OPTIONS IMPORT: route options modified
Wed Apr 12 00:17:10 2017 OPTIONS IMPORT: route-related options modified
Wed Apr 12 00:17:10 2017 Preserving previous TUN/TAP instance: tun0
Wed Apr 12 00:17:10 2017 Initialization Sequence Completed
Wed Apr 12 01:17:07 2017 TLS: soft reset sec=0 bytes=1366345/-1 pkts=4526/0
Wed Apr 12 01:17:09 2017 VERIFY OK: depth=1, C=DE, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx CA, name=xxx, [email protected]
Wed Apr 12 01:17:09 2017 VERIFY OK: depth=0, C=DE, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx.myfritz.net, name=xxx, [email protected]
Wed Apr 12 01:17:12 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 01:17:12 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 01:17:12 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 01:17:12 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 01:17:12 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 01:45:03 2017 [xxx.myfritz.net] Inactivity timeout (--ping-restart), restarting
Wed Apr 12 01:45:03 2017 SIGUSR1[soft,ping-restart] received, process restarting
Wed Apr 12 01:45:03 2017 Restart pause, 5 second(s)
Wed Apr 12 01:45:08 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Apr 12 01:45:08 2017 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Apr 12 01:45:28 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:45:48 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:46:13 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:46:38 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:47:03 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:47:28 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:47:53 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:48:18 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:48:43 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:49:08 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:49:33 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:49:58 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:50:23 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:50:48 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:51:13 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:51:38 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:52:03 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:52:28 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:52:53 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:53:19 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:53:44 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:54:09 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:54:34 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:54:59 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:55:24 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:55:49 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:56:14 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:56:39 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:57:04 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:57:29 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:57:54 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:58:19 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:58:44 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:59:09 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:59:34 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 01:59:59 2017 RESOLVE: Cannot resolve host address: xxx.myfritz.net: Name or service not known
Wed Apr 12 02:00:04 2017 Attempting to establish TCP connection with [AF_INET]XX.XXX.XX.XXX:1194 [nonblock]
Wed Apr 12 02:00:14 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 02:00:20 2017 TCP connection established with [AF_INET]XX.XXX.XX.XXX:1194
Wed Apr 12 02:00:20 2017 TCPv4_CLIENT link local: [undef]
Wed Apr 12 02:00:20 2017 TCPv4_CLIENT link remote: [AF_INET]XX.XXX.XX.XXX:1194
Wed Apr 12 02:00:20 2017 TLS: Initial packet from [AF_INET]XX.XXX.XX.XXX:1194, sid=ba83e701 89d981e0
Wed Apr 12 02:00:22 2017 VERIFY OK: depth=1, C=DE, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx CA, name=xxx, [email protected]
Wed Apr 12 02:00:22 2017 VERIFY OK: depth=0, C=DE, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx.myfritz.net, name=xxx, [email protected]
Wed Apr 12 02:00:24 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 02:00:24 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 02:00:24 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 02:00:24 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 02:00:24 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 02:00:24 2017 [xxx.myfritz.net] Peer Connection Initiated with [AF_INET]XX.XXX.XX.XXX:1194
Wed Apr 12 02:00:26 2017 SENT CONTROL [xxx.myfritz.net]: 'PUSH_REQUEST' (status=1)
Wed Apr 12 02:00:26 2017 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.200.1,topology subnet,route 192.168.2.0 255.255.255.0,route 192.168.200.1,ping 10,ping-restart 120,route 192.168.200.1,ifconfig 192.168.200.100 255.255.255.0'
Wed Apr 12 02:00:26 2017 OPTIONS IMPORT: timers and/or timeouts modified
Wed Apr 12 02:00:26 2017 OPTIONS IMPORT: --ifconfig/up options modified
Wed Apr 12 02:00:26 2017 OPTIONS IMPORT: route options modified
Wed Apr 12 02:00:26 2017 OPTIONS IMPORT: route-related options modified
Wed Apr 12 02:00:26 2017 Preserving previous TUN/TAP instance: tun0
Wed Apr 12 02:00:26 2017 Initialization Sequence Completed
Wed Apr 12 03:00:24 2017 TLS: soft reset sec=0 bytes=1786239/-1 pkts=5795/0
Wed Apr 12 03:00:25 2017 VERIFY OK: depth=1, C=DE, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx CA, name=xxx, [email protected]
Wed Apr 12 03:00:25 2017 VERIFY OK: depth=0, C=DE, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx.myfritz.net, name=xxx, [email protected]
Wed Apr 12 03:00:28 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 03:00:28 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 03:00:28 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 03:00:28 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 03:00:28 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 04:00:24 2017 TLS: tls_process: killed expiring key
Wed Apr 12 04:00:28 2017 TLS: soft reset sec=0 bytes=1349570/-1 pkts=4398/0
Wed Apr 12 04:00:29 2017 VERIFY OK: depth=1, C=DE, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxx CA, name=xxx, [email protected]
Wed Apr 12 04:00:29 2017 VERIFY OK: depth=0, C=DE, ST=xxx, L=xxx, O=xxx, OU=xxx, CN=xxxx.myfritz.net, name=xxx, [email protected]
Wed Apr 12 04:00:32 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 04:00:32 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 04:00:32 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 04:00:32 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 04:00:32 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 04:54:12 2017 [xxx.myfritz.net] Inactivity timeout (--ping-restart), restarting
Wed Apr 12 04:54:12 2017 SIGUSR1[soft,ping-restart] received, process restarting
Wed Apr 12 04:54:12 2017 Restart pause, 5 second(s)
Wed Apr 12 04:54:17 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Apr 12 04:54:17 2017 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Apr 12 04:54:17 2017 Attempting to establish TCP connection with [AF_INET]87.174.46.110:1194 [nonblock]
Wed Apr 12 04:54:27 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:54:42 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:54:57 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:55:12 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:55:27 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:55:42 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:55:57 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:56:12 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:56:27 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:56:42 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:56:58 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:57:13 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:57:28 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:57:43 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:57:58 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:58:13 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:58:28 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:58:43 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:58:58 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:59:13 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:59:28 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:59:43 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 04:59:58 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:00:13 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:00:28 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:00:43 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:00:58 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:01:13 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:01:28 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:01:43 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:01:58 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:02:13 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:02:28 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:02:43 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:02:58 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:03:14 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:03:29 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:03:44 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:03:59 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:04:14 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:04:29 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:04:44 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:04:59 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:05:14 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:05:29 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:05:44 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:05:59 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:06:14 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:06:29 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:06:44 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:06:59 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:07:14 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:07:29 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:07:44 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:07:59 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:08:14 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:08:29 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:08:44 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:08:59 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:09:14 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:09:31 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:09:46 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:10:01 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:10:16 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:10:31 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:10:46 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:11:01 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:11:16 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:11:31 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:11:46 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:12:01 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:12:16 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:12:31 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:12:46 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:13:01 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:13:16 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:13:31 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:13:46 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:14:01 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:14:16 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:14:31 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:14:46 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:15:01 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:15:16 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:15:31 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:15:46 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:16:01 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:16:16 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:16:31 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:16:47 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:17:02 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:17:17 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:17:32 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:17:47 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:18:02 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:18:17 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:18:32 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:18:47 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:19:02 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:19:17 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:19:32 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:19:47 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:20:02 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:20:17 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:20:32 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:20:47 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:21:02 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:21:17 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:21:32 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:21:47 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:22:02 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:22:17 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:22:32 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:22:47 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:23:03 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:23:18 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:23:33 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:23:48 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:24:03 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:24:18 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Wed Apr 12 05:24:33 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoxxx: Connection timed out
Tue Apr 11 20:57:48 2017 SIGTERM[hard,init_instance] received, process exiting
(Um 20:XX Uhr gestern hab ich OpenVPN neu gestartet um wieder eine Verbindung zu haben)

Bin dort nur noch bis morgen, aber vielleicht ist es ja eine Kleinigkeit...

 
Meine Vermutung:
Zu dem Zeitpunkt hat die "Serverbox" die Internet-IP gewechselt. Der Client kennt aber nur die "alte" über das Internet und die "neue" wird falsch (durch den nicht vorhandenen VPN-Tunnel) geroutet...

Wenn es das ist, gäbe es mehrere mögliche Lösungen, z.B.:
- "Sicher" (x Minuten) nach dem Reconnect der Serverbox das OpenVPN restarten
- per Skript regelmäßig (z.B. jede Minute) die IP der Serverbox erfragen und beim Wechsel entweder eine Hostroute dafür über das "Internet" setzen oder Restart des OpenVPN
 
Ja, mit dem Wechsel hast du Recht, allerdings habe ich dafür zu häufig Probleme
Code:
Wed Apr 12 05:29:24 2017 OpenVPN 2.3.14 mips-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [IPv6] built on Feb  3 2017
Wed Apr 12 05:29:24 2017 library versions: OpenSSL 0.9.8zh 3 Dec 2015, LZO 2.09
Wed Apr 12 05:29:24 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Apr 12 05:29:24 2017 Control Channel Authentication: using '/tmp/flash/openvpn/static.key' as a OpenVPN static key file
Wed Apr 12 05:29:24 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 05:29:24 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 05:29:24 2017 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Apr 12 05:29:24 2017 Attempting to establish TCP connection with [AF_INET]XX.XXX.XX.XXX:1194 [nonblock]
Wed Apr 12 05:29:25 2017 TCP connection established with [AF_INET]XX.XXX.XX.XXX:1194
Wed Apr 12 05:29:25 2017 TCPv4_CLIENT link local: [undef]
Wed Apr 12 05:29:25 2017 TCPv4_CLIENT link remote: [AF_INET]XX.XXX.XX.XXX:1194
Wed Apr 12 05:29:26 2017 TLS: Initial packet from [AF_INET]XX.XXX.XX.XXX:1194, sid=899180ba 4323ebb7
Wed Apr 12 05:29:27 2017 VERIFY OK: depth=1, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX CA, name=XXX, [email protected]
Wed Apr 12 05:29:27 2017 VERIFY OK: depth=0, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX.myfritz.net, name=XXX, [email protected]
Wed Apr 12 05:29:29 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 05:29:29 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 05:29:29 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 05:29:29 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 05:29:29 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 05:29:29 2017 [XXX.myfritz.net] Peer Connection Initiated with [AF_INET]XX.XXX.XX.XXX:1194
Wed Apr 12 05:29:32 2017 SENT CONTROL [XXX.myfritz.net]: 'PUSH_REQUEST' (status=1)
Wed Apr 12 05:29:32 2017 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.200.1,topology subnet,route 192.168.2.0 255.255.255.0,route 192.168.200.1,ping 10,ping-restart 120,route 192.168.200.1,ifconfig 192.168.200.100 255.255.255.0'
Wed Apr 12 05:29:32 2017 OPTIONS IMPORT: timers and/or timeouts modified
Wed Apr 12 05:29:32 2017 OPTIONS IMPORT: --ifconfig/up options modified
Wed Apr 12 05:29:32 2017 OPTIONS IMPORT: route options modified
Wed Apr 12 05:29:32 2017 OPTIONS IMPORT: route-related options modified
Wed Apr 12 05:29:32 2017 TUN/TAP device tun0 opened
Wed Apr 12 05:29:32 2017 TUN/TAP TX queue length set to 100
Wed Apr 12 05:29:32 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Apr 12 05:29:32 2017 /sbin/ifconfig tun0 192.168.200.100 netmask 255.255.255.0 mtu 1500 broadcast 192.168.200.255
Wed Apr 12 05:29:32 2017 /sbin/route add -net XX.XXX.XX.XXX netmask 255.255.255.255 dev dsl
Wed Apr 12 05:29:32 2017 /sbin/route del -net 0.0.0.0 netmask 0.0.0.0
Wed Apr 12 05:29:32 2017 /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.200.1
Wed Apr 12 05:29:32 2017 /sbin/route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.200.1
Wed Apr 12 05:29:32 2017 /sbin/route add -net 192.168.200.1 netmask 255.255.255.255 gw 192.168.200.1
Wed Apr 12 05:29:32 2017 /sbin/route add -net 192.168.200.1 netmask 255.255.255.255 gw 192.168.200.1
route: SIOCADDRT: File exists
Wed Apr 12 05:29:32 2017 ERROR: Linux route add command failed: external program exited with error status: 1
Wed Apr 12 05:29:32 2017 Initialization Sequence Completed
Wed Apr 12 06:17:00 2017 [XXX.myfritz.net] Inactivity timeout (--ping-restart), restarting
Wed Apr 12 06:17:00 2017 SIGUSR1[soft,ping-restart] received, process restarting
Wed Apr 12 06:17:00 2017 Restart pause, 5 second(s)
Wed Apr 12 06:17:05 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Apr 12 06:17:05 2017 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Apr 12 06:17:06 2017 Attempting to establish TCP connection with [AF_INET]XX.XXX.XX.XXX:1194 [nonblock]
Wed Apr 12 06:17:07 2017 TCP connection established with [AF_INET]XX.XXX.XX.XXX:1194
Wed Apr 12 06:17:07 2017 TCPv4_CLIENT link local: [undef]
Wed Apr 12 06:17:07 2017 TCPv4_CLIENT link remote: [AF_INET]XX.XXX.XX.XXX:1194
Wed Apr 12 06:17:07 2017 TLS: Initial packet from [AF_INET]XX.XXX.XX.XXX:1194, sid=e48e5c7a 2106d94d
Wed Apr 12 06:17:08 2017 VERIFY OK: depth=1, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX CA, name=XXX, [email protected]
Wed Apr 12 06:17:08 2017 VERIFY OK: depth=0, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX.myfritz.net, name=XXX, [email protected]
Wed Apr 12 06:17:11 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 06:17:11 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 06:17:11 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 06:17:11 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 06:17:11 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 06:17:11 2017 [XXX.myfritz.net] Peer Connection Initiated with [AF_INET]XX.XXX.XX.XXX:1194
Wed Apr 12 06:17:13 2017 SENT CONTROL [XXX.myfritz.net]: 'PUSH_REQUEST' (status=1)
Wed Apr 12 06:17:13 2017 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.200.1,topology subnet,route 192.168.2.0 255.255.255.0,route 192.168.200.1,ping 10,ping-restart 120,route 192.168.200.1,ifconfig 192.168.200.100 255.255.255.0'
Wed Apr 12 06:17:13 2017 OPTIONS IMPORT: timers and/or timeouts modified
Wed Apr 12 06:17:13 2017 OPTIONS IMPORT: --ifconfig/up options modified
Wed Apr 12 06:17:13 2017 OPTIONS IMPORT: route options modified
Wed Apr 12 06:17:13 2017 OPTIONS IMPORT: route-related options modified
Wed Apr 12 06:17:13 2017 Preserving previous TUN/TAP instance: tun0
Wed Apr 12 06:17:13 2017 Initialization Sequence Completed
Wed Apr 12 07:17:11 2017 TLS: soft reset sec=0 bytes=242254/-1 pkts=1062/0
Wed Apr 12 07:17:12 2017 VERIFY OK: depth=1, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX CA, name=XXX, [email protected]
Wed Apr 12 07:17:12 2017 VERIFY OK: depth=0, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX.myfritz.net, name=XXX, [email protected]
Wed Apr 12 07:17:15 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 07:17:15 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 07:17:15 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 07:17:15 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 07:17:15 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 08:17:11 2017 TLS: tls_process: killed expiring key
Wed Apr 12 08:17:15 2017 TLS: soft reset sec=0 bytes=234802/-1 pkts=1041/0
Wed Apr 12 08:17:17 2017 VERIFY OK: depth=1, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX CA, name=XXX, [email protected]
Wed Apr 12 08:17:17 2017 VERIFY OK: depth=0, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX.myfritz.net, name=XXX, [email protected]
Wed Apr 12 08:17:19 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 08:17:19 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 08:17:19 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 08:17:19 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 08:17:19 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 09:17:15 2017 TLS: tls_process: killed expiring key
Wed Apr 12 09:17:19 2017 TLS: soft reset sec=0 bytes=229489/-1 pkts=1038/0
Wed Apr 12 09:17:20 2017 VERIFY OK: depth=1, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX CA, name=XXX, [email protected]
Wed Apr 12 09:17:20 2017 VERIFY OK: depth=0, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX.myfritz.net, name=XXX, [email protected]
Wed Apr 12 09:17:23 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 09:17:23 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 09:17:23 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 09:17:23 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 09:17:23 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 10:17:19 2017 TLS: tls_process: killed expiring key
Wed Apr 12 10:17:24 2017 VERIFY OK: depth=1, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX CA, name=XXX, [email protected]
Wed Apr 12 10:17:24 2017 VERIFY OK: depth=0, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX.myfritz.net, name=XXX, [email protected]
Wed Apr 12 10:17:27 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 10:17:27 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 10:17:27 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 10:17:27 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 10:17:27 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 11:17:23 2017 TLS: tls_process: killed expiring key
Wed Apr 12 11:17:27 2017 TLS: soft reset sec=0 bytes=233766/-1 pkts=1029/0
Wed Apr 12 11:17:29 2017 VERIFY OK: depth=1, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX CA, name=XXX, [email protected]
Wed Apr 12 11:17:29 2017 VERIFY OK: depth=0, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX.myfritz.net, name=XXX, [email protected]
Wed Apr 12 11:17:31 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 11:17:31 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 11:17:31 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 11:17:31 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 11:17:31 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 12:16:55 2017 [XXX.myfritz.net] Inactivity timeout (--ping-restart), restarting
Wed Apr 12 12:16:55 2017 SIGUSR1[soft,ping-restart] received, process restarting
Wed Apr 12 12:16:55 2017 Restart pause, 5 second(s)
Wed Apr 12 12:17:00 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Apr 12 12:17:00 2017 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Apr 12 12:17:00 2017 Attempting to establish TCP connection with [AF_INET]XX.XXX.XX.XXX:1194 [nonblock]
Wed Apr 12 12:17:10 2017 TCP: connect to [AF_INET]XX.XXX.XX.XXX:1194 failed, will try again in 5 secoXXX: Connection timed out
Wed Apr 12 12:17:16 2017 TCP connection established with [AF_INET]XX.XXX.XX.XXX:1194
Wed Apr 12 12:17:16 2017 TCPv4_CLIENT link local: [undef]
Wed Apr 12 12:17:16 2017 TCPv4_CLIENT link remote: [AF_INET]XX.XXX.XX.XXX:1194
Wed Apr 12 12:17:16 2017 TLS: Initial packet from [AF_INET]XX.XXX.XX.XXX:1194, sid=74361677 1c3e0fdc
Wed Apr 12 12:17:17 2017 VERIFY OK: depth=1, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX CA, name=XXX, [email protected]
Wed Apr 12 12:17:17 2017 VERIFY OK: depth=0, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX.myfritz.net, name=XXX, [email protected]
Wed Apr 12 12:17:20 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 12:17:20 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 12:17:20 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 12:17:20 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 12:17:20 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 12:17:20 2017 [XXX.myfritz.net] Peer Connection Initiated with [AF_INET]XX.XXX.XX.XXX:1194
Wed Apr 12 12:17:22 2017 SENT CONTROL [XXX.myfritz.net]: 'PUSH_REQUEST' (status=1)
Wed Apr 12 12:17:23 2017 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.200.1,topology subnet,route 192.168.2.0 255.255.255.0,route 192.168.200.1,ping 10,ping-restart 120,route 192.168.200.1,ifconfig 192.168.200.100 255.255.255.0'
Wed Apr 12 12:17:23 2017 OPTIONS IMPORT: timers and/or timeouts modified
Wed Apr 12 12:17:23 2017 OPTIONS IMPORT: --ifconfig/up options modified
Wed Apr 12 12:17:23 2017 OPTIONS IMPORT: route options modified
Wed Apr 12 12:17:23 2017 OPTIONS IMPORT: route-related options modified
Wed Apr 12 12:17:23 2017 Preserving previous TUN/TAP instance: tun0
Wed Apr 12 12:17:23 2017 Initialization Sequence Completed
Wed Apr 12 13:17:20 2017 TLS: soft reset sec=0 bytes=241228/-1 pkts=1058/0
Wed Apr 12 13:17:21 2017 VERIFY OK: depth=1, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX CA, name=XXX, [email protected]
Wed Apr 12 13:17:21 2017 VERIFY OK: depth=0, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX.myfritz.net, name=XXX, [email protected]
Wed Apr 12 13:17:24 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 13:17:24 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 13:17:24 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 13:17:24 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 13:17:24 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 14:17:20 2017 TLS: tls_process: killed expiring key
Wed Apr 12 14:17:24 2017 TLS: soft reset sec=0 bytes=248056/-1 pkts=1050/0
Wed Apr 12 14:17:25 2017 VERIFY OK: depth=1, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX CA, name=XXX, [email protected]
Wed Apr 12 14:17:25 2017 VERIFY OK: depth=0, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX.myfritz.net, name=XXX, [email protected]
Wed Apr 12 14:17:28 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 14:17:28 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 14:17:28 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 14:17:28 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 14:17:28 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 15:17:24 2017 TLS: tls_process: killed expiring key
Wed Apr 12 15:17:28 2017 TLS: soft reset sec=0 bytes=266908/-1 pkts=1123/0
Wed Apr 12 15:17:30 2017 VERIFY OK: depth=1, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX CA, name=XXX, [email protected]
Wed Apr 12 15:17:30 2017 VERIFY OK: depth=0, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX.myfritz.net, name=XXX, [email protected]
Wed Apr 12 15:17:32 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 15:17:32 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 15:17:32 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 15:17:32 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 15:17:32 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 16:17:28 2017 TLS: tls_process: killed expiring key
Wed Apr 12 16:17:34 2017 VERIFY OK: depth=1, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX CA, name=XXX, [email protected]
Wed Apr 12 16:17:34 2017 VERIFY OK: depth=0, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX.myfritz.net, name=XXX, [email protected]
Wed Apr 12 16:17:36 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 16:17:36 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 16:17:36 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 16:17:36 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 16:17:36 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 17:17:33 2017 TLS: tls_process: killed expiring key
Wed Apr 12 17:17:36 2017 TLS: soft reset sec=0 bytes=27729955/-1 pkts=46572/0
Wed Apr 12 17:17:37 2017 VERIFY OK: depth=1, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX CA, name=XXX, [email protected]
Wed Apr 12 17:17:37 2017 VERIFY OK: depth=0, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX.myfritz.net, name=XXX, [email protected]
Wed Apr 12 17:17:40 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 17:17:40 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 17:17:40 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 17:17:40 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 17:17:40 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 18:16:52 2017 [XXX.myfritz.net] Inactivity timeout (--ping-restart), restarting
Wed Apr 12 18:16:52 2017 SIGUSR1[soft,ping-restart] received, process restarting
Wed Apr 12 18:16:52 2017 Restart pause, 5 second(s)
Wed Apr 12 18:16:57 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Apr 12 18:16:57 2017 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Apr 12 18:16:57 2017 Attempting to establish TCP connection with [AF_INET]XX.XXX.XX.XXX:1194 [nonblock]
Wed Apr 12 18:16:58 2017 TCP connection established with [AF_INET]XX.XXX.XX.XXX:1194
Wed Apr 12 18:16:58 2017 TCPv4_CLIENT link local: [undef]
Wed Apr 12 18:16:58 2017 TCPv4_CLIENT link remote: [AF_INET]XX.XXX.XX.XXX:1194
Wed Apr 12 18:16:59 2017 TLS: Initial packet from [AF_INET]XX.XXX.XX.XXX:1194, sid=14b2b7ec 8935c9dc
Wed Apr 12 18:17:00 2017 VERIFY OK: depth=1, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX CA, name=XXX, [email protected]
Wed Apr 12 18:17:00 2017 VERIFY OK: depth=0, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX.myfritz.net, name=XXX, [email protected]
Wed Apr 12 18:17:03 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 18:17:03 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 18:17:03 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 18:17:03 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 18:17:03 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 18:17:03 2017 [XXX.myfritz.net] Peer Connection Initiated with [AF_INET]XX.XXX.XX.XXX:1194
Wed Apr 12 18:17:05 2017 SENT CONTROL [XXX.myfritz.net]: 'PUSH_REQUEST' (status=1)
Wed Apr 12 18:17:05 2017 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.200.1,topology subnet,route 192.168.2.0 255.255.255.0,route 192.168.200.1,ping 10,ping-restart 120,route 192.168.200.1,ifconfig 192.168.200.100 255.255.255.0'
Wed Apr 12 18:17:05 2017 OPTIONS IMPORT: timers and/or timeouts modified
Wed Apr 12 18:17:05 2017 OPTIONS IMPORT: --ifconfig/up options modified
Wed Apr 12 18:17:05 2017 OPTIONS IMPORT: route options modified
Wed Apr 12 18:17:05 2017 OPTIONS IMPORT: route-related options modified
Wed Apr 12 18:17:05 2017 Preserving previous TUN/TAP instance: tun0
Wed Apr 12 18:17:05 2017 Initialization Sequence Completed
Wed Apr 12 19:17:04 2017 VERIFY OK: depth=1, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX CA, name=XXX, [email protected]
Wed Apr 12 19:17:04 2017 VERIFY OK: depth=0, C=DE, ST=XXX, L=XXX, O=XXX, OU=XXX, CN=XXX.myfritz.net, name=XXX, [email protected]
Wed Apr 12 19:17:06 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 19:17:06 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 19:17:06 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Apr 12 19:17:06 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 12 19:17:06 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Apr 12 19:40:13 2017 [XXX.myfritz.net] Inactivity timeout (--ping-restart), restarting
Wed Apr 12 19:40:13 2017 SIGUSR1[soft,ping-restart] received, process restarting
Wed Apr 12 19:40:13 2017 Restart pause, 5 second(s)
Wed Apr 12 19:40:18 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Wed Apr 12 19:40:18 2017 Socket Buffers: R=[87380->87380] S=[16384->16384]
Wed Apr 12 19:40:38 2017 RESOLVE: Cannot resolve host address: XXX.myfritz.net: Name or service not known
Wed Apr 12 19:40:58 2017 RESOLVE: Cannot resolve host address: XXX.myfritz.net: Name or service not known
Wed Apr 12 19:41:23 2017 RESOLVE: Cannot resolve host address: XXX.myfritz.net: Name or service not known
Wed Apr 12 19:41:48 2017 RESOLVE: Cannot resolve host address: XXX.myfritz.net: Name or service not known
Wed Apr 12 19:42:13 2017 RESOLVE: Cannot resolve host address: XXX.myfritz.net: Name or service not known
Wed Apr 12 19:42:38 2017 RESOLVE: Cannot resolve host address: XXX.myfritz.net: Name or service not known
Wed Apr 12 19:43:03 2017 RESOLVE: Cannot resolve host address: XXX.myfritz.net: Name or service not known
Wed Apr 12 19:43:28 2017 RESOLVE: Cannot resolve host address: XXX.myfritz.net: Name or service not known
Wed Apr 12 19:43:53 2017 RESOLVE: Cannot resolve host address: XXX.myfritz.net: Name or service not known
Wed Apr 12 19:44:18 2017 RESOLVE: Cannot resolve host address: XXX.myfritz.net: Name or service not known
Wed Apr 12 19:44:43 2017 RESOLVE: Cannot resolve host address: XXX.myfritz.net: Name or service not known
Wed Apr 12 05:29:24 2017 SIGTERM[hard,init_instance] received, process exiting

Ist aber erstmal egal, bin sowieso nur noch heute da, hab bloß nachgefragt falls es eine kleinigkeit ist.
 
Gibt es ne möglichkeit dem OpenVPN in freetz zu sagen, dass es sich solange versuchen soll mit dem OpenVPN wieder zu verbinden, bis es geklappt hat.

Wenn man Vorort ist, kann man einfach OpenVPN starten und es läuft wieder, aber wenn nicht ist es etwas unglücklich.

Also was ich suche ist so etwas wie:
Wenn der OpenVPN Dienst nicht läuft starte ihn.

Kommt selten vor, aber es kommt vor.
 
Zuletzt bearbeitet:
Mittels cron sollte das recht einfach möglich sein.
z.B. alle 5 Minuten testen, ob OpenVPN läuft (oder sogar, ob man "die Gegenseite" per Ping erreicht) und ansonsten z.B. ein "rc.openvpn restart" absetzen.

"Aus dem Kopf" also z.B. sowas in der crond, um alle 5 Minuten zu testen, ob in 2 Sekunden zumindest eine Antwort auf ein Ping der anderen Seite ankommt:

Code:
*/5 * * * *    ping -q -w 2 <ip.der.anderen.seite> 1>&2 2>/dev/null || rc.openvpn restart

[EDIT:] den fehlerhaften Befehl, auf den der nächste Beitrag hinweist, korrigiert. Dort stand vorher fälschlich "1&>2" statt "1>&2"
 
Zuletzt bearbeitet:

Statistik des Forums

Themen
246,146
Beiträge
2,246,879
Mitglieder
373,654
Neuestes Mitglied
hstoff
Holen Sie sich 3CX - völlig kostenlos!
Verbinden Sie Ihr Team und Ihre Kunden Telefonie Livechat Videokonferenzen

Gehostet oder selbst-verwaltet. Für bis zu 10 Nutzer dauerhaft kostenlos. Keine Kreditkartendetails erforderlich. Ohne Risiko testen.

3CX
Für diese E-Mail-Adresse besteht bereits ein 3CX-Konto. Sie werden zum Kundenportal weitergeleitet, wo Sie sich anmelden oder Ihr Passwort zurücksetzen können, falls Sie dieses vergessen haben.