SOLVED Troubleshooting installing OpenVPN in a jail

itskando

Contributor
Joined
Apr 30, 2018
Messages
172
did you try the ipfw.rules file i posted?

it didnt work for me with the version posted in that install guide.

try this:

Code:
#!/bin/sh                                                                    
EPAIR=$(/sbin/ifconfig -l | cut -d' ' -f2)                                  
ipfw -q -f flush                                                             
ipfw -q nat 1 config if ${EPAIR}                                             
ipfw -q add nat 1 all from 10.8.0.0/24 to any out via ${EPAIR}              
ipfw -q add nat 1 all from any to any in via ${EPAIR}                        
                                                                            
TUN=$(/sbin/ifconfig -l | cut -d' ' -f3)                                     
ifconfig ${TUN} name tun0


the difference is in the second, and second to last line. use this version, then reboot your server and try.

I saw your changes from tr(im) to cut, but
since the original guide has worked for so many others,
I didn't want to deviate from the original guide, if possible, and
I also assumed the issue is on my end - something that I'm not doing right.

You also had declined to use the ports listed,
which @Bibi40k had leaned against in a couple of posts with different users,
so I couldn't be sure if you had done other things differently and
I couldn't be sure if you had a specialized network configuration overall.

Still, your method has been on the backburner;
I might as well try at this point.

If I use your method on a more permanent basis though,
I will be working with an alternative configuration,
which means that help will be much harder to come by if things go wrong,
since I'm not following the guide.

I believe you later had a major problem, (but it was likely unrelated), and that
you still had loose issues too (but they may be something everyone is dealing with).
Still, the fatal server crashes caused by the jail if any of the vpn services are shut down,
a clean fix for that needs to be found.

also for your vnet questions.

in the jails setings click the VNET checkbox, and select 'vnet0' as the interface. then type whatever you want the IP address to be in the IPv4 line.

you also appear to be missing the first line of your server openvpn.conf file

Code:
local <JAIL-IP>

Yep, that's already been incorporated.
I'll try to update my file postings when I get home,
I tried to keep everything on here up to date,
but maybe it's gotten old.

(I'd do it now, but I don't have VPN access ; j )
 

itskando

Contributor
Joined
Apr 30, 2018
Messages
172
also for your vnet questions.

in the jails setings click the VNET checkbox, and select 'vnet0' as the interface. then type whatever you want the IP address to be in the IPv4 line.

Even though I did this, I'm pretty sure it's not in the guide.
I wish it had been.
When making a jail with a static IP,
should I enable VNET as a rule of thumb?

I think it was necessary for Plex.
I think it will be necessary for transmission.

you also appear to be missing the first line of your server openvpn.conf file

Code:
local <OPENVPN-JAIL-IP>

I didn't have this originally - I don't think it's in the guide.
I had to find it in the forums.
Should this be in the guide? Is it a new thing?
I think @Bibi40k said it was optional.

.

Finally, but unrelated, do you use a static IP address for your VPN jail?
And if so, it is in the middle of your DHCP reserved IP addresses?
Someone told me that was my problem, but it didn't seem that way.

(Thanks for responding too, btw - it's been a solo journey for a lot of this.)
 
Last edited:

gsrcrxsi

Explorer
Joined
Apr 15, 2018
Messages
86
I would give the cut command a try in your ipfw file. It’s what got it working on my systems.

That guide is based on the FeeNAS11 legacy GUI. I don’t remember seeing VNET options with the old jails, but it’s what I’ve used for all the new jails in 11.2.

And just for transparency, my jail is still in the old format, but I can’t edit any of the jail settings since I upgraded to 11.2. Let me check the network config of my other VPN on my NAS thats still on 11.1 and get back to you.

As far as I know you need that local line in your server config file. I did.

I use a static ip for my jail. I shrunk my DHCP range on my router from 1-255 to 1-100. All of my static IPs are outside of that. Above 100.
 

gsrcrxsi

Explorer
Joined
Apr 15, 2018
Messages
86
yeah I'm going to say that the VNET options are not mentioned in that guide because those options are not present in the older version of the webGUI.

I'm 99% sure you need it. I've needed it to get internet access in all my jails i've created so far in 11.2 for the jail to have internet access.

VNET checkbox checked
Interface "vnet0"
ipv4 address - 192.168.x.xxx (whatever you want your IP to be)
subnet mask - /24
ipv4 default router - 192.168.x.1 (your router's IP)
 

itskando

Contributor
Joined
Apr 30, 2018
Messages
172
My setup:
Code:
Public IP     : x.x.x.x            (private)
Domain        : nas.MYDOMAIN.com   (private)
Router/Gateway: 192.168.86.001     (static)
FreeNAS OS    : 192.168.86.003     (static)
OpenVPN Jail  : 192.168.86.020     (static, forwarding external port 443 to internal port 1194 on router)
macOS PC      : 192.168.86.021-200 (unique DHCP address)
Android phone : 192.168.86.021-200 (unique DHCP address)

ipfw.rules:
Code:
EPAIR=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep epair)
ipfw -q -f flush
ipfw -q nat 1 config if ${EPAIR}
ipfw -q add nat 1 all from 10.8.0.0/24 to any out via ${EPAIR}
ipfw -q add nat 1 all from any to any in via ${EPAIR}
TUN=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep tun)
ifconfig ${TUN} name tun0

server.conf:
Code:
local 192.168.86.20
port  1194
proto udp
dev   tun

ca   /usr/local/etc/openvpn/keys/ca.crt
cert /usr/local/etc/openvpn/keys/openvpn-server.crt
key  /usr/local/etc/openvpn/keys/openvpn-server.key
dh   /usr/local/etc/openvpn/keys/dh.pem

topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.86.0 255.255.255.0"
keepalive 10 120
tls-auth /usr/local/etc/openvpn/keys/ta.key 0 # This file is secret
remote-cert-tls client
cipher AES-256-CBC

compress lz4-v2
push "compress lz4-v2"

user  nobody
group nobody

persist-key
persist-tun

status openvpn-status.log
verb 4
explicit-exit-notify 1

client.conf (embedded with the ca.crt, client.crt, client.key, ta.key files):
Code:
client
dev tun
proto udp
remote MYDOMAIN.com 443 # (private)
resolv-retry infinite
nobind

persist-key
persist-tun

remote-cert-tls server
cipher AES-256-CBC
verb 3

<ca>
-----BEGIN CERTIFICATE-----
MIIDXDCCAkSgAwIBAgIJAP2DH29HI+oVMA0GCSqGSIb3DQEBCwUAMCMxITAfBgNV
# [...] (private) [...]
aR6owDow6O18ayYm4nR7HVJ/WPaaqLilwcCj8l3TRpjGX5vmfEDzMMRwWLNX/oqF
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
MIIDZDCCAkygAwIBAgIQODq6G4kzSVBavPaEO5R/ljANBgkqhkiG9w0BAQsFADAj
# [...] (private) [...]
+iyfvZBYJZU=
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIgTqIiD1L3SMCAggA
# [...] (private) [...]
TYU=
-----END ENCRYPTED PRIVATE KEY-----
</key>

key-direction 1

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
b103fd071b45129c120b9aa451e6a42a
# [...] (private) [...]
ff1e3e255eb8d3d8089386fd2cf7a54a
-----END OpenVPN Static key V1-----
</tls-auth>
Note: Don't miss the key-direction 1 command before the <tls-auth>.
server.log
Code:
Sun Mar 10 21:46:40 2019 us=902280 Current Parameter Settings:
Sun Mar 10 21:46:40 2019 us=902397   config = '/usr/local/etc/openvpn/openvpn.conf'
Sun Mar 10 21:46:40 2019 us=902405   mode = 1
Sun Mar 10 21:46:40 2019 us=902411   show_ciphers = DISABLED
Sun Mar 10 21:46:40 2019 us=902417   show_digests = DISABLED
Sun Mar 10 21:46:40 2019 us=902422   show_engines = DISABLED
Sun Mar 10 21:46:40 2019 us=902428   genkey = DISABLED
Sun Mar 10 21:46:40 2019 us=902434   key_pass_file = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=902440   show_tls_ciphers = DISABLED
Sun Mar 10 21:46:40 2019 us=902445   connect_retry_max = 0
Sun Mar 10 21:46:40 2019 us=902451 Connection profiles [0]:
Sun Mar 10 21:46:40 2019 us=902457   proto = udp
Sun Mar 10 21:46:40 2019 us=902463   local = '192.168.86.20'
Sun Mar 10 21:46:40 2019 us=902469   local_port = '1194'
Sun Mar 10 21:46:40 2019 us=902475   remote = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=902480   remote_port = '1194'
Sun Mar 10 21:46:40 2019 us=902486   remote_float = DISABLED
Sun Mar 10 21:46:40 2019 us=902493   bind_defined = DISABLED
Sun Mar 10 21:46:40 2019 us=902499   bind_local = ENABLED
Sun Mar 10 21:46:40 2019 us=902504   bind_ipv6_only = DISABLED
Sun Mar 10 21:46:40 2019 us=902510   connect_retry_seconds = 5
Sun Mar 10 21:46:40 2019 us=902516   connect_timeout = 120
Sun Mar 10 21:46:40 2019 us=902522   socks_proxy_server = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=902527   socks_proxy_port = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=902533   tun_mtu = 1500
Sun Mar 10 21:46:40 2019 us=902539   tun_mtu_defined = ENABLED
Sun Mar 10 21:46:40 2019 us=902545   link_mtu = 1500
Sun Mar 10 21:46:40 2019 us=902550   link_mtu_defined = DISABLED
Sun Mar 10 21:46:40 2019 us=902556   tun_mtu_extra = 0
Sun Mar 10 21:46:40 2019 us=902562   tun_mtu_extra_defined = DISABLED
Sun Mar 10 21:46:40 2019 us=902568   mtu_discover_type = -1
Sun Mar 10 21:46:40 2019 us=902574   fragment = 0
Sun Mar 10 21:46:40 2019 us=902580   mssfix = 1450
Sun Mar 10 21:46:40 2019 us=902586   explicit_exit_notification = 1
Sun Mar 10 21:46:40 2019 us=902591 Connection profiles END
Sun Mar 10 21:46:40 2019 us=902597   remote_random = DISABLED
Sun Mar 10 21:46:40 2019 us=902603   ipchange = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=902609   dev = 'tun'
Sun Mar 10 21:46:40 2019 us=902615   dev_type = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=902620   dev_node = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=902626   lladdr = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=902632   topology = 3
Sun Mar 10 21:46:40 2019 us=902638   ifconfig_local = '10.8.0.1'
Sun Mar 10 21:46:40 2019 us=902644   ifconfig_remote_netmask = '255.255.255.0'
Sun Mar 10 21:46:40 2019 us=902649   ifconfig_noexec = DISABLED
Sun Mar 10 21:46:40 2019 us=902655   ifconfig_nowarn = DISABLED
Sun Mar 10 21:46:40 2019 us=902661   ifconfig_ipv6_local = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=902667   ifconfig_ipv6_netbits = 0
Sun Mar 10 21:46:40 2019 us=902673   ifconfig_ipv6_remote = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=902678   shaper = 0
Sun Mar 10 21:46:40 2019 us=902684   mtu_test = 0
Sun Mar 10 21:46:40 2019 us=902690   mlock = DISABLED
Sun Mar 10 21:46:40 2019 us=902696   keepalive_ping = 10
Sun Mar 10 21:46:40 2019 us=902701   keepalive_timeout = 120
Sun Mar 10 21:46:40 2019 us=902707   inactivity_timeout = 0
Sun Mar 10 21:46:40 2019 us=902713   ping_send_timeout = 10
Sun Mar 10 21:46:40 2019 us=902719   ping_rec_timeout = 240
Sun Mar 10 21:46:40 2019 us=902724   ping_rec_timeout_action = 2
Sun Mar 10 21:46:40 2019 us=902730   ping_timer_remote = DISABLED
Sun Mar 10 21:46:40 2019 us=902736   remap_sigusr1 = 0
Sun Mar 10 21:46:40 2019 us=902742   persist_tun = ENABLED
Sun Mar 10 21:46:40 2019 us=902747   persist_local_ip = DISABLED
Sun Mar 10 21:46:40 2019 us=902753   persist_remote_ip = DISABLED
Sun Mar 10 21:46:40 2019 us=902759   persist_key = ENABLED
Sun Mar 10 21:46:40 2019 us=902765   passtos = DISABLED
Sun Mar 10 21:46:40 2019 us=902771   resolve_retry_seconds = 1000000000
Sun Mar 10 21:46:40 2019 us=902782   resolve_in_advance = DISABLED
Sun Mar 10 21:46:40 2019 us=902788   username = 'nobody'
Sun Mar 10 21:46:40 2019 us=902794   groupname = 'nobody'
Sun Mar 10 21:46:40 2019 us=902800   chroot_dir = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=902805   cd_dir = '/usr/local/etc/openvpn/'
Sun Mar 10 21:46:40 2019 us=902812   writepid = '/var/run/openvpn.pid'
Sun Mar 10 21:46:40 2019 us=902818   up_script = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=902824   down_script = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=902830   down_pre = DISABLED
Sun Mar 10 21:46:40 2019 us=902835   up_restart = DISABLED
Sun Mar 10 21:46:40 2019 us=902841   up_delay = DISABLED
Sun Mar 10 21:46:40 2019 us=902847   daemon = ENABLED
Sun Mar 10 21:46:40 2019 us=902853   inetd = 0
Sun Mar 10 21:46:40 2019 us=902859   log = ENABLED
Sun Mar 10 21:46:40 2019 us=902864   suppress_timestamps = DISABLED
Sun Mar 10 21:46:40 2019 us=902870   machine_readable_output = DISABLED
Sun Mar 10 21:46:40 2019 us=902876   nice = 0
Sun Mar 10 21:46:40 2019 us=902882   verbosity = 4
Sun Mar 10 21:46:40 2019 us=902887   mute = 0
Sun Mar 10 21:46:40 2019 us=902893   gremlin = 0
Sun Mar 10 21:46:40 2019 us=902899   status_file = 'openvpn-status.log'
Sun Mar 10 21:46:40 2019 us=902904   status_file_version = 1
Sun Mar 10 21:46:40 2019 us=902910   status_file_update_freq = 60
Sun Mar 10 21:46:40 2019 us=902916   occ = ENABLED
Sun Mar 10 21:46:40 2019 us=902922   rcvbuf = 0
Sun Mar 10 21:46:40 2019 us=902927   sndbuf = 0
Sun Mar 10 21:46:40 2019 us=902933   sockflags = 0
Sun Mar 10 21:46:40 2019 us=902939   fast_io = DISABLED
Sun Mar 10 21:46:40 2019 us=902945   comp.alg = 11
Sun Mar 10 21:46:40 2019 us=902950   comp.flags = 0
Sun Mar 10 21:46:40 2019 us=902956   route_script = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=902962   route_default_gateway = '10.8.0.2'
Sun Mar 10 21:46:40 2019 us=902968   route_default_metric = 0
Sun Mar 10 21:46:40 2019 us=902973   route_noexec = DISABLED
Sun Mar 10 21:46:40 2019 us=902979   route_delay = 0
Sun Mar 10 21:46:40 2019 us=902985   route_delay_window = 30
Sun Mar 10 21:46:40 2019 us=902991   route_delay_defined = DISABLED
Sun Mar 10 21:46:40 2019 us=902996   route_nopull = DISABLED
Sun Mar 10 21:46:40 2019 us=903002   route_gateway_via_dhcp = DISABLED
Sun Mar 10 21:46:40 2019 us=903008   allow_pull_fqdn = DISABLED
Sun Mar 10 21:46:40 2019 us=903014   management_addr = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903020   management_port = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903025   management_user_pass = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903031   management_log_history_cache = 250
Sun Mar 10 21:46:40 2019 us=903037   management_echo_buffer_size = 100
Sun Mar 10 21:46:40 2019 us=903042   management_write_peer_info_file = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903048   management_client_user = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903053   management_client_group = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903059   management_flags = 0
Sun Mar 10 21:46:40 2019 us=903065   shared_secret_file = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903071   key_direction = 0
Sun Mar 10 21:46:40 2019 us=903077   ciphername = 'AES-256-CBC'
Sun Mar 10 21:46:40 2019 us=903083   ncp_enabled = ENABLED
Sun Mar 10 21:46:40 2019 us=903088   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sun Mar 10 21:46:40 2019 us=903094   authname = 'SHA1'
Sun Mar 10 21:46:40 2019 us=903100   prng_hash = 'SHA1'
Sun Mar 10 21:46:40 2019 us=903106   prng_nonce_secret_len = 16
Sun Mar 10 21:46:40 2019 us=903112   keysize = 0
Sun Mar 10 21:46:40 2019 us=903118   engine = DISABLED
Sun Mar 10 21:46:40 2019 us=903124   replay = ENABLED
Sun Mar 10 21:46:40 2019 us=903129   mute_replay_warnings = DISABLED
Sun Mar 10 21:46:40 2019 us=903135   replay_window = 64
Sun Mar 10 21:46:40 2019 us=903142   replay_time = 15
Sun Mar 10 21:46:40 2019 us=903147   packet_id_file = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903153   use_iv = ENABLED
Sun Mar 10 21:46:40 2019 us=903159   test_crypto = DISABLED
Sun Mar 10 21:46:40 2019 us=903165   tls_server = ENABLED
Sun Mar 10 21:46:40 2019 us=903170   tls_client = DISABLED
Sun Mar 10 21:46:40 2019 us=903176   key_method = 2
Sun Mar 10 21:46:40 2019 us=903182   ca_file = '/usr/local/etc/openvpn/keys/ca.crt'
Sun Mar 10 21:46:40 2019 us=903188   ca_path = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903193   dh_file = '/usr/local/etc/openvpn/keys/dh.pem'
Sun Mar 10 21:46:40 2019 us=903199   cert_file = '/usr/local/etc/openvpn/keys/openvpn-server.crt'
Sun Mar 10 21:46:40 2019 us=903205   extra_certs_file = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903211   priv_key_file = '/usr/local/etc/openvpn/keys/openvpn-server.key'
Sun Mar 10 21:46:40 2019 us=903216   pkcs12_file = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903222   cipher_list = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903228   tls_cert_profile = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903233   tls_verify = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903239   tls_export_cert = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903244   verify_x509_type = 0
Sun Mar 10 21:46:40 2019 us=903250   verify_x509_name = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903256   crl_file = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903261   ns_cert_type = 0
Sun Mar 10 21:46:40 2019 us=903267   remote_cert_ku[i] = 65535
Sun Mar 10 21:46:40 2019 us=903273   remote_cert_ku[i] = 0
Sun Mar 10 21:46:40 2019 us=903278   remote_cert_ku[i] = 0
Sun Mar 10 21:46:40 2019 us=903284   remote_cert_ku[i] = 0
Sun Mar 10 21:46:40 2019 us=903290   remote_cert_ku[i] = 0
Sun Mar 10 21:46:40 2019 us=903295   remote_cert_ku[i] = 0
Sun Mar 10 21:46:40 2019 us=903301   remote_cert_ku[i] = 0
Sun Mar 10 21:46:40 2019 us=903306   remote_cert_ku[i] = 0
Sun Mar 10 21:46:40 2019 us=903312   remote_cert_ku[i] = 0
Sun Mar 10 21:46:40 2019 us=903318   remote_cert_ku[i] = 0
Sun Mar 10 21:46:40 2019 us=903323   remote_cert_ku[i] = 0
Sun Mar 10 21:46:40 2019 us=903329   remote_cert_ku[i] = 0
Sun Mar 10 21:46:40 2019 us=903334   remote_cert_ku[i] = 0
Sun Mar 10 21:46:40 2019 us=903340   remote_cert_ku[i] = 0
Sun Mar 10 21:46:40 2019 us=903345   remote_cert_ku[i] = 0
Sun Mar 10 21:46:40 2019 us=903351   remote_cert_ku[i] = 0
Sun Mar 10 21:46:40 2019 us=903357   remote_cert_eku = 'TLS Web Client Authentication'
Sun Mar 10 21:46:40 2019 us=903362   ssl_flags = 0
Sun Mar 10 21:46:40 2019 us=903368   tls_timeout = 2
Sun Mar 10 21:46:40 2019 us=903374   renegotiate_bytes = -1
Sun Mar 10 21:46:40 2019 us=903379   renegotiate_packets = 0
Sun Mar 10 21:46:40 2019 us=903385   renegotiate_seconds = 3600
Sun Mar 10 21:46:40 2019 us=903391   handshake_window = 60
Sun Mar 10 21:46:40 2019 us=903397   transition_window = 3600
Sun Mar 10 21:46:40 2019 us=903402   single_session = DISABLED
Sun Mar 10 21:46:40 2019 us=903408   push_peer_info = DISABLED
Sun Mar 10 21:46:40 2019 us=903414   tls_exit = DISABLED
Sun Mar 10 21:46:40 2019 us=903419   tls_auth_file = '/usr/local/etc/openvpn/keys/ta.key'
Sun Mar 10 21:46:40 2019 us=903425   tls_crypt_file = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903432   server_network = 10.8.0.0
Sun Mar 10 21:46:40 2019 us=903438   server_netmask = 255.255.255.0
Sun Mar 10 21:46:40 2019 us=903445   server_network_ipv6 = ::
Sun Mar 10 21:46:40 2019 us=903451   server_netbits_ipv6 = 0
Sun Mar 10 21:46:40 2019 us=903457   server_bridge_ip = 0.0.0.0
Sun Mar 10 21:46:40 2019 us=903463   server_bridge_netmask = 0.0.0.0
Sun Mar 10 21:46:40 2019 us=903470   server_bridge_pool_start = 0.0.0.0
Sun Mar 10 21:46:40 2019 us=903476   server_bridge_pool_end = 0.0.0.0
Sun Mar 10 21:46:40 2019 us=903482   push_entry = 'route 192.168.86.0 255.255.255.0'
Sun Mar 10 21:46:40 2019 us=903488   push_entry = 'compress lz4-v2'
Sun Mar 10 21:46:40 2019 us=903493   push_entry = 'route-gateway 10.8.0.1'
Sun Mar 10 21:46:40 2019 us=903499   push_entry = 'topology subnet'
Sun Mar 10 21:46:40 2019 us=903505   push_entry = 'ping 10'
Sun Mar 10 21:46:40 2019 us=903510   push_entry = 'ping-restart 120'
Sun Mar 10 21:46:40 2019 us=903516   ifconfig_pool_defined = ENABLED
Sun Mar 10 21:46:40 2019 us=903522   ifconfig_pool_start = 10.8.0.2
Sun Mar 10 21:46:40 2019 us=903529   ifconfig_pool_end = 10.8.0.253
Sun Mar 10 21:46:40 2019 us=903535   ifconfig_pool_netmask = 255.255.255.0
Sun Mar 10 21:46:40 2019 us=903541   ifconfig_pool_persist_filename = 'ipp.txt'
Sun Mar 10 21:46:40 2019 us=903546   ifconfig_pool_persist_refresh_freq = 600
Sun Mar 10 21:46:40 2019 us=903552   ifconfig_ipv6_pool_defined = DISABLED
Sun Mar 10 21:46:40 2019 us=903558   ifconfig_ipv6_pool_base = ::
Sun Mar 10 21:46:40 2019 us=903564   ifconfig_ipv6_pool_netbits = 0
Sun Mar 10 21:46:40 2019 us=903569   n_bcast_buf = 256
Sun Mar 10 21:46:40 2019 us=903575   tcp_queue_limit = 64
Sun Mar 10 21:46:40 2019 us=903581   real_hash_size = 256
Sun Mar 10 21:46:40 2019 us=903587   virtual_hash_size = 256
Sun Mar 10 21:46:40 2019 us=903592   client_connect_script = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903598   learn_address_script = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903604   client_disconnect_script = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903610   client_config_dir = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903615   ccd_exclusive = DISABLED
Sun Mar 10 21:46:40 2019 us=903621   tmp_dir = '/tmp'
Sun Mar 10 21:46:40 2019 us=903627   push_ifconfig_defined = DISABLED
Sun Mar 10 21:46:40 2019 us=903633   push_ifconfig_local = 0.0.0.0
Sun Mar 10 21:46:40 2019 us=903639   push_ifconfig_remote_netmask = 0.0.0.0
Sun Mar 10 21:46:40 2019 us=903645   push_ifconfig_ipv6_defined = DISABLED
Sun Mar 10 21:46:40 2019 us=903651   push_ifconfig_ipv6_local = ::/0
Sun Mar 10 21:46:40 2019 us=903657   push_ifconfig_ipv6_remote = ::
Sun Mar 10 21:46:40 2019 us=903663   enable_c2c = DISABLED
Sun Mar 10 21:46:40 2019 us=903669   duplicate_cn = DISABLED
Sun Mar 10 21:46:40 2019 us=903674   cf_max = 0
Sun Mar 10 21:46:40 2019 us=903680   cf_per = 0
Sun Mar 10 21:46:40 2019 us=903686   max_clients = 1024
Sun Mar 10 21:46:40 2019 us=903692   max_routes_per_client = 256
Sun Mar 10 21:46:40 2019 us=903698   auth_user_pass_verify_script = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903703   auth_user_pass_verify_script_via_file = DISABLED
Sun Mar 10 21:46:40 2019 us=903709   auth_token_generate = DISABLED
Sun Mar 10 21:46:40 2019 us=903715   auth_token_lifetime = 0
Sun Mar 10 21:46:40 2019 us=903720   port_share_host = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903726   port_share_port = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903732   client = DISABLED
Sun Mar 10 21:46:40 2019 us=903737   pull = DISABLED
Sun Mar 10 21:46:40 2019 us=903743   auth_user_pass_file = '[UNDEF]'
Sun Mar 10 21:46:40 2019 us=903749 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Nov 29 2018
Sun Mar 10 21:46:40 2019 us=903757 library versions: OpenSSL 1.0.2o-freebsd  27 Mar 2018, LZO 2.10
Sun Mar 10 21:46:40 2019 us=904439 Diffie-Hellman initialized with 2048 bit key
Sun Mar 10 21:46:40 2019 us=904799 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 10 21:46:40 2019 us=904810 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 10 21:46:40 2019 us=904821 TLS-Auth MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Sun Mar 10 21:46:40 2019 us=904862 TUN/TAP device /dev/tun0 opened
Sun Mar 10 21:46:40 2019 us=904871 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Mar 10 21:46:40 2019 us=904884 /sbin/ifconfig tun0 10.8.0.1 10.8.0.2 mtu 1500 netmask 255.255.255.0 up
Sun Mar 10 21:46:40 2019 us=905851 /sbin/route add -net 10.8.0.0 10.8.0.2 255.255.255.0
add net 10.8.0.0: gateway 10.8.0.2
Sun Mar 10 21:46:40 2019 us=906519 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Sun Mar 10 21:46:40 2019 us=906758 Could not determine IPv4/IPv6 protocol. Using AF_INET
Sun Mar 10 21:46:40 2019 us=906775 Socket Buffers: R=[42080->42080] S=[9216->9216]
Sun Mar 10 21:46:40 2019 us=906791 UDPv4 link local (bound): [AF_INET]192.168.86.20:1194
Sun Mar 10 21:46:40 2019 us=906799 UDPv4 link remote: [AF_UNSPEC]
Sun Mar 10 21:46:40 2019 us=906807 GID set to nobody
Sun Mar 10 21:46:40 2019 us=906817 UID set to nobody
Sun Mar 10 21:46:40 2019 us=906827 MULTI: multi_init called, r=256 v=256
Sun Mar 10 21:46:40 2019 us=906844 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Sun Mar 10 21:46:40 2019 us=906853 IFCONFIG POOL LIST
Sun Mar 10 21:46:40 2019 us=906877 Initialization Sequence Completed


.
.
.

Command Line Interface:

.
.
.

iocage get ALL openVPN
Code:
root@Deetz:~ # iocage get all openVPN
CONFIG_VERSION:14.1
allow_chflags:0
allow_mlock:0
allow_mount:0
allow_mount_devfs:0
allow_mount_nullfs:0
allow_mount_procfs:0
allow_mount_tmpfs:0
allow_mount_zfs:0
allow_quotas:0
allow_raw_sockets:1
allow_set_hostname:1
allow_socket_af:0
allow_sysvipc:0
allow_tun:1
available:readonly
basejail:no
boot:on
bpf:no
children_max:0
cloned_release:11.2-RELEASE-p4
comment:none
compression:lz4
compressratio:readonly
coredumpsize:off
count:1
cpuset:off
cputime:off
datasize:off
dedup:off
defaultrouter:192.168.86.1
defaultrouter6:none
depends:none
devfs_ruleset:4
dhcp:off
enforce_statfs:2
exec_clean:1
exec_fib:0
exec_jail_user:root
exec_poststart:/usr/bin/true
exec_poststop:/usr/bin/true
exec_prestart:/usr/bin/true
exec_prestop:/usr/bin/true
exec_start:/bin/sh /etc/rc
exec_stop:/bin/sh /etc/rc.shutdown
exec_system_jail_user:0
exec_system_user:root
exec_timeout:60
host_domainname:none
host_hostname:openVPN
host_hostuuid:openVPN
host_time:yes
hostid:d3a23a44-8bf2-11e8-badd-0cc47a90dfc3
hostid_strict_check:off
interfaces:vnet0:bridge0
ip4:new
ip4_addr:vnet0|192.168.86.20/24
ip4_saddrsel:1
ip6:new
ip6_addr:none
ip6_saddrsel:1
jail_zfs:off
jail_zfs_dataset:iocage/jails/openVPN/data
jail_zfs_mountpoint:none
last_started:2019-03-06 00:53:56
login_flags:-f root
mac_prefix:02ff60
maxproc:off
memorylocked:off
memoryuse:off
mount_devfs:1
mount_fdescfs:1
mount_linprocfs:0
mount_procfs:0
mountpoint:readonly
msgqqueued:off
msgqsize:off
nmsgq:off
notes:none
nsemop:off
nshm:off
nthr:off
openfiles:off
origin:readonly
owner:root
pcpu:off
priority:99
pseudoterminals:off
quota:none
release:11.2-RELEASE-p4
reservation:none
resolver:/etc/resolv.conf
rlimits:off
securelevel:2
shmsize:off
stacksize:off
state:up
stop_timeout:30
swapuse:off
sync_state:none
sync_target:none
sync_tgt_zpool:none
sysvmsg:new
sysvsem:new
sysvshm:new
template:no
type:jail
used:readonly
vmemoryuse:off
vnet:on
vnet0_mac:02ff60c1316e 02ff60c1316f
vnet1_mac:none
vnet2_mac:none
vnet3_mac:none
vnet_default_interface:auto
vnet_interfaces:none
wallclock:off

ifconfig:
Code:
root@Deetz:~ # ifconfig
em0: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
    ether 0c:c4:7a:90:df:c3
    hwaddr 0c:c4:7a:90:df:c3
    nd6 options=9<PERFORMNUD,IFDISABLED>
    media: Ethernet autoselect
    status: no carrier
igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=2400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6>
    ether 0c:c4:7a:90:df:c2
    hwaddr 0c:c4:7a:90:df:c2
    inet 192.168.86.3 netmask 0xffffff00 broadcast 192.168.86.255
    nd6 options=9<PERFORMNUD,IFDISABLED>
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
    inet 127.0.0.1 netmask 0xff000000
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    groups: lo
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 02:f7:27:82:b9:00
    nd6 options=1<PERFORMNUD>
    groups: bridge
    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
    member: vnet0:3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 7 priority 128 path cost 2000
    member: vnet0:2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 6 priority 128 path cost 2000
    member: vnet0:1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 5 priority 128 path cost 2000
    member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 2 priority 128 path cost 20000
vnet0:1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    description: associated with jail: plex as nic: epair0b
    options=8<VLAN_MTU>
    ether 02:ff:60:14:fa:09
    hwaddr 02:5d:d0:00:05:0a
    nd6 options=1<PERFORMNUD>
    media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
    status: active
    groups: epair
vnet0:2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    description: associated with jail: openVPN as nic: epair0b
    options=8<VLAN_MTU>
    ether 02:ff:60:c1:31:6e
    hwaddr 02:5d:d0:00:06:0a
    nd6 options=1<PERFORMNUD>
    media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
    status: active
    groups: epair
vnet0:3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    description: associated with jail: transmission as nic: epair0b
    options=8<VLAN_MTU>
    ether 02:ff:60:03:aa:46
    hwaddr 02:5d:d0:00:07:0a
    nd6 options=1<PERFORMNUD>
    media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
    status: active
    groups: epair

Code:
root@openVPN:~ # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
    inet 127.0.0.1 netmask 0xff000000
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    groups: lo
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8<VLAN_MTU>
    ether 02:ff:60:c1:31:6f
    hwaddr 02:5d:d0:00:07:0b
    inet 192.168.86.20 netmask 0xffffff00 broadcast 192.168.86.255
    nd6 options=1<PERFORMNUD>
    media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
    status: active
    groups: epair
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    inet 10.8.0.1 --> 10.8.0.2 netmask 0xffffff00
    nd6 options=1<PERFORMNUD>
    groups: tun
    Opened by PID 10903

sockstat -4 -l:
Code:
root@openVPN:~ # sockstat -4 -l
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
nobody   openvpn    10903 7  udp4   192.168.86.20:1194    *:*

ps aux:
Code:
root@openVPN:~ # ps aux
USER     PID %CPU %MEM   VSZ  RSS TT  STAT STARTED    TIME COMMAND
root    4325  0.0  0.0  6412 2456  -  SsJ  Tue19   0:00.62 /usr/sbin/syslogd -c -ss
root    4386  0.0  0.0  6464 2536  -  IsJ  Tue19   0:01.06 /usr/sbin/cron -J 15 -s
nobody 10903  0.0  0.0 10288 6004  -  SsJ  Tue20   0:01.63 /usr/local/sbin/openvpn --cd /usr/local/etc/op
root    6551  0.0  0.0  6952 2932  3  IJ   19:07   0:00.00 login [pam] (login)
root    6552  0.0  0.0  7412 3880  3  SJ   19:07   0:00.01 -csh (csh)
root    7565  0.0  0.0  6912 2704  3  R+J  19:16   0:00.00 ps aux

service -e
Code:
root@openVPN:~ # service -e
/etc/rc.d/cleanvar
/etc/rc.d/netif
/etc/rc.d/ipfw
/etc/rc.d/newsyslog
/etc/rc.d/syslogd
/etc/rc.d/virecover
/usr/local/etc/rc.d/openvpn
/etc/rc.d/motd
/etc/rc.d/cron

nslookup
Code:
root@Deetz:~ # nslookup www.google.com
Server:        192.168.86.1
Address:    192.168.86.1#53

Non-authoritative answer:
Name:    www.google.com
Address: 172.217.12.196
Name:    www.google.com
Address: 2607:f8b0:4006:819::2004

Code:
root@openVPN:~ # nslookup www.google.com
nslookup: Command not found.

root@openVPN:~ # pkg install dns/bind-tools

[...]

root@openVPN:~ # nslookup www.google.com
Server:        192.168.86.1
Address:    192.168.86.1#53

Non-authoritative answer:
Name:    www.google.com
Address: 172.217.12.132
Name:    www.google.com
Address: 2607:f8b0:4006:819::2004
 
Last edited:

itskando

Contributor
Joined
Apr 30, 2018
Messages
172
OpenVPN log:
Code:
root@openVPN:~ # service openvpn stop
Stopping openvpn.
Waiting for PIDS: 10903.

root@openVPN:~ # openvpn --config /usr/local/etc/openvpn/openvpn.conf
Sun Mar 10 21:08:51 2019 us=491711 Current Parameter Settings:
Sun Mar 10 21:08:51 2019 us=491829   config = '/usr/local/etc/openvpn/openvpn.conf'
Sun Mar 10 21:08:51 2019 us=491833   mode = 1
Sun Mar 10 21:08:51 2019 us=491836   show_ciphers = DISABLED
Sun Mar 10 21:08:51 2019 us=491839   show_digests = DISABLED
Sun Mar 10 21:08:51 2019 us=491841   show_engines = DISABLED
Sun Mar 10 21:08:51 2019 us=491844   genkey = DISABLED
Sun Mar 10 21:08:51 2019 us=491847   key_pass_file = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=491850   show_tls_ciphers = DISABLED
Sun Mar 10 21:08:51 2019 us=491852   connect_retry_max = 0
Sun Mar 10 21:08:51 2019 us=491855 Connection profiles [0]:
Sun Mar 10 21:08:51 2019 us=491858   proto = udp
Sun Mar 10 21:08:51 2019 us=491861   local = '192.168.86.20'
Sun Mar 10 21:08:51 2019 us=491864   local_port = '1194'
Sun Mar 10 21:08:51 2019 us=491866   remote = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=491869   remote_port = '1194'
Sun Mar 10 21:08:51 2019 us=491872   remote_float = DISABLED
Sun Mar 10 21:08:51 2019 us=491874   bind_defined = DISABLED
Sun Mar 10 21:08:51 2019 us=491878   bind_local = ENABLED
Sun Mar 10 21:08:51 2019 us=491881   bind_ipv6_only = DISABLED
Sun Mar 10 21:08:51 2019 us=491884   connect_retry_seconds = 5
Sun Mar 10 21:08:51 2019 us=491886   connect_timeout = 120
Sun Mar 10 21:08:51 2019 us=491889   socks_proxy_server = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=491903   socks_proxy_port = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=491905   tun_mtu = 1500
Sun Mar 10 21:08:51 2019 us=491908   tun_mtu_defined = ENABLED
Sun Mar 10 21:08:51 2019 us=491911   link_mtu = 1500
Sun Mar 10 21:08:51 2019 us=491914   link_mtu_defined = DISABLED
Sun Mar 10 21:08:51 2019 us=491917   tun_mtu_extra = 0
Sun Mar 10 21:08:51 2019 us=491919   tun_mtu_extra_defined = DISABLED
Sun Mar 10 21:08:51 2019 us=491922   mtu_discover_type = -1
Sun Mar 10 21:08:51 2019 us=491925   fragment = 0
Sun Mar 10 21:08:51 2019 us=491928   mssfix = 1450
Sun Mar 10 21:08:51 2019 us=491931   explicit_exit_notification = 1
Sun Mar 10 21:08:51 2019 us=491934 Connection profiles END
Sun Mar 10 21:08:51 2019 us=491946   remote_random = DISABLED
Sun Mar 10 21:08:51 2019 us=491949   ipchange = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=491952   dev = 'tun'
Sun Mar 10 21:08:51 2019 us=491954   dev_type = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=491957   dev_node = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=491970   lladdr = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=491973   topology = 3
Sun Mar 10 21:08:51 2019 us=491975   ifconfig_local = '10.8.0.1'
Sun Mar 10 21:08:51 2019 us=491978   ifconfig_remote_netmask = '255.255.255.0'
Sun Mar 10 21:08:51 2019 us=491981   ifconfig_noexec = DISABLED
Sun Mar 10 21:08:51 2019 us=491984   ifconfig_nowarn = DISABLED
Sun Mar 10 21:08:51 2019 us=491997   ifconfig_ipv6_local = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=491999   ifconfig_ipv6_netbits = 0
Sun Mar 10 21:08:51 2019 us=492002   ifconfig_ipv6_remote = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492005   shaper = 0
Sun Mar 10 21:08:51 2019 us=492018   mtu_test = 0
Sun Mar 10 21:08:51 2019 us=492021   mlock = DISABLED
Sun Mar 10 21:08:51 2019 us=492023   keepalive_ping = 10
Sun Mar 10 21:08:51 2019 us=492026   keepalive_timeout = 120
Sun Mar 10 21:08:51 2019 us=492029   inactivity_timeout = 0
Sun Mar 10 21:08:51 2019 us=492032   ping_send_timeout = 10
Sun Mar 10 21:08:51 2019 us=492034   ping_rec_timeout = 240
Sun Mar 10 21:08:51 2019 us=492037   ping_rec_timeout_action = 2
Sun Mar 10 21:08:51 2019 us=492040   ping_timer_remote = DISABLED
Sun Mar 10 21:08:51 2019 us=492043   remap_sigusr1 = 0
Sun Mar 10 21:08:51 2019 us=492046   persist_tun = ENABLED
Sun Mar 10 21:08:51 2019 us=492058   persist_local_ip = DISABLED
Sun Mar 10 21:08:51 2019 us=492061   persist_remote_ip = DISABLED
Sun Mar 10 21:08:51 2019 us=492063   persist_key = ENABLED
Sun Mar 10 21:08:51 2019 us=492066   passtos = DISABLED
Sun Mar 10 21:08:51 2019 us=492069   resolve_retry_seconds = 1000000000
Sun Mar 10 21:08:51 2019 us=492072   resolve_in_advance = DISABLED
Sun Mar 10 21:08:51 2019 us=492085   username = 'nobody'
Sun Mar 10 21:08:51 2019 us=492087   groupname = 'nobody'
Sun Mar 10 21:08:51 2019 us=492090   chroot_dir = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492093   cd_dir = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492096   writepid = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492099   up_script = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492101   down_script = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492114   down_pre = DISABLED
Sun Mar 10 21:08:51 2019 us=492117   up_restart = DISABLED
Sun Mar 10 21:08:51 2019 us=492119   up_delay = DISABLED
Sun Mar 10 21:08:51 2019 us=492122   daemon = DISABLED
Sun Mar 10 21:08:51 2019 us=492125   inetd = 0
Sun Mar 10 21:08:51 2019 us=492127   log = DISABLED
Sun Mar 10 21:08:51 2019 us=492130   suppress_timestamps = DISABLED
Sun Mar 10 21:08:51 2019 us=492133   machine_readable_output = DISABLED
Sun Mar 10 21:08:51 2019 us=492135   nice = 0
Sun Mar 10 21:08:51 2019 us=492138   verbosity = 4
Sun Mar 10 21:08:51 2019 us=492141   mute = 0
Sun Mar 10 21:08:51 2019 us=492144   gremlin = 0
Sun Mar 10 21:08:51 2019 us=492147   status_file = 'openvpn-status.log'
Sun Mar 10 21:08:51 2019 us=492149   status_file_version = 1
Sun Mar 10 21:08:51 2019 us=492152   status_file_update_freq = 60
Sun Mar 10 21:08:51 2019 us=492155   occ = ENABLED
Sun Mar 10 21:08:51 2019 us=492158   rcvbuf = 0
Sun Mar 10 21:08:51 2019 us=492160   sndbuf = 0
Sun Mar 10 21:08:51 2019 us=492163   sockflags = 0
Sun Mar 10 21:08:51 2019 us=492166   fast_io = DISABLED
Sun Mar 10 21:08:51 2019 us=492169   comp.alg = 11
Sun Mar 10 21:08:51 2019 us=492171   comp.flags = 0
Sun Mar 10 21:08:51 2019 us=492174   route_script = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492177   route_default_gateway = '10.8.0.2'
Sun Mar 10 21:08:51 2019 us=492179   route_default_metric = 0
Sun Mar 10 21:08:51 2019 us=492182   route_noexec = DISABLED
Sun Mar 10 21:08:51 2019 us=492185   route_delay = 0
Sun Mar 10 21:08:51 2019 us=492188   route_delay_window = 30
Sun Mar 10 21:08:51 2019 us=492190   route_delay_defined = DISABLED
Sun Mar 10 21:08:51 2019 us=492193   route_nopull = DISABLED
Sun Mar 10 21:08:51 2019 us=492196   route_gateway_via_dhcp = DISABLED
Sun Mar 10 21:08:51 2019 us=492199   allow_pull_fqdn = DISABLED
Sun Mar 10 21:08:51 2019 us=492201   management_addr = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492204   management_port = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492207   management_user_pass = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492210   management_log_history_cache = 250
Sun Mar 10 21:08:51 2019 us=492213   management_echo_buffer_size = 100
Sun Mar 10 21:08:51 2019 us=492215   management_write_peer_info_file = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492218   management_client_user = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492221   management_client_group = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492224   management_flags = 0
Sun Mar 10 21:08:51 2019 us=492226   shared_secret_file = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492229   key_direction = 0
Sun Mar 10 21:08:51 2019 us=492232   ciphername = 'AES-256-CBC'
Sun Mar 10 21:08:51 2019 us=492234   ncp_enabled = ENABLED
Sun Mar 10 21:08:51 2019 us=492237   ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
Sun Mar 10 21:08:51 2019 us=492240   authname = 'SHA1'
Sun Mar 10 21:08:51 2019 us=492243   prng_hash = 'SHA1'
Sun Mar 10 21:08:51 2019 us=492246   prng_nonce_secret_len = 16
Sun Mar 10 21:08:51 2019 us=492248   keysize = 0
Sun Mar 10 21:08:51 2019 us=492251   engine = DISABLED
Sun Mar 10 21:08:51 2019 us=492254   replay = ENABLED
Sun Mar 10 21:08:51 2019 us=492256   mute_replay_warnings = DISABLED
Sun Mar 10 21:08:51 2019 us=492259   replay_window = 64
Sun Mar 10 21:08:51 2019 us=492262   replay_time = 15
Sun Mar 10 21:08:51 2019 us=492264   packet_id_file = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492267   use_iv = ENABLED
Sun Mar 10 21:08:51 2019 us=492270   test_crypto = DISABLED
Sun Mar 10 21:08:51 2019 us=492273   tls_server = ENABLED
Sun Mar 10 21:08:51 2019 us=492275   tls_client = DISABLED
Sun Mar 10 21:08:51 2019 us=492278   key_method = 2
Sun Mar 10 21:08:51 2019 us=492281   ca_file = '/usr/local/etc/openvpn/keys/ca.crt'
Sun Mar 10 21:08:51 2019 us=492284   ca_path = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492286   dh_file = '/usr/local/etc/openvpn/keys/dh.pem'
Sun Mar 10 21:08:51 2019 us=492289   cert_file = '/usr/local/etc/openvpn/keys/openvpn-server.crt'
Sun Mar 10 21:08:51 2019 us=492292   extra_certs_file = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492295   priv_key_file = '/usr/local/etc/openvpn/keys/openvpn-server.key'
Sun Mar 10 21:08:51 2019 us=492299   pkcs12_file = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492302   cipher_list = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492304   tls_cert_profile = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492307   tls_verify = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492310   tls_export_cert = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492312   verify_x509_type = 0
Sun Mar 10 21:08:51 2019 us=492315   verify_x509_name = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492318   crl_file = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492320   ns_cert_type = 0
Sun Mar 10 21:08:51 2019 us=492323   remote_cert_ku[i] = 65535
Sun Mar 10 21:08:51 2019 us=492326   remote_cert_ku[i] = 0
Sun Mar 10 21:08:51 2019 us=492329   remote_cert_ku[i] = 0
Sun Mar 10 21:08:51 2019 us=492331   remote_cert_ku[i] = 0
Sun Mar 10 21:08:51 2019 us=492334   remote_cert_ku[i] = 0
Sun Mar 10 21:08:51 2019 us=492336   remote_cert_ku[i] = 0
Sun Mar 10 21:08:51 2019 us=492339   remote_cert_ku[i] = 0
Sun Mar 10 21:08:51 2019 us=492342   remote_cert_ku[i] = 0
Sun Mar 10 21:08:51 2019 us=492344   remote_cert_ku[i] = 0
Sun Mar 10 21:08:51 2019 us=492347   remote_cert_ku[i] = 0
Sun Mar 10 21:08:51 2019 us=492349   remote_cert_ku[i] = 0
Sun Mar 10 21:08:51 2019 us=492352   remote_cert_ku[i] = 0
Sun Mar 10 21:08:51 2019 us=492355   remote_cert_ku[i] = 0
Sun Mar 10 21:08:51 2019 us=492357   remote_cert_ku[i] = 0
Sun Mar 10 21:08:51 2019 us=492360   remote_cert_ku[i] = 0
Sun Mar 10 21:08:51 2019 us=492362   remote_cert_ku[i] = 0
Sun Mar 10 21:08:51 2019 us=492365   remote_cert_eku = 'TLS Web Client Authentication'
Sun Mar 10 21:08:51 2019 us=492368   ssl_flags = 0
Sun Mar 10 21:08:51 2019 us=492371   tls_timeout = 2
Sun Mar 10 21:08:51 2019 us=492373   renegotiate_bytes = -1
Sun Mar 10 21:08:51 2019 us=492376   renegotiate_packets = 0
Sun Mar 10 21:08:51 2019 us=492379   renegotiate_seconds = 3600
Sun Mar 10 21:08:51 2019 us=492381   handshake_window = 60
Sun Mar 10 21:08:51 2019 us=492384   transition_window = 3600
Sun Mar 10 21:08:51 2019 us=492387   single_session = DISABLED
Sun Mar 10 21:08:51 2019 us=492389   push_peer_info = DISABLED
Sun Mar 10 21:08:51 2019 us=492392   tls_exit = DISABLED
Sun Mar 10 21:08:51 2019 us=492395   tls_auth_file = '/usr/local/etc/openvpn/keys/ta.key'
Sun Mar 10 21:08:51 2019 us=492398   tls_crypt_file = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492401   server_network = 10.8.0.0
Sun Mar 10 21:08:51 2019 us=492405   server_netmask = 255.255.255.0
Sun Mar 10 21:08:51 2019 us=492408   server_network_ipv6 = ::
Sun Mar 10 21:08:51 2019 us=492411   server_netbits_ipv6 = 0
Sun Mar 10 21:08:51 2019 us=492415   server_bridge_ip = 0.0.0.0
Sun Mar 10 21:08:51 2019 us=492418   server_bridge_netmask = 0.0.0.0
Sun Mar 10 21:08:51 2019 us=492421   server_bridge_pool_start = 0.0.0.0
Sun Mar 10 21:08:51 2019 us=492425   server_bridge_pool_end = 0.0.0.0
Sun Mar 10 21:08:51 2019 us=492428   push_entry = 'route 192.168.86.0 255.255.255.0'
Sun Mar 10 21:08:51 2019 us=492430   push_entry = 'compress lz4-v2'
Sun Mar 10 21:08:51 2019 us=492433   push_entry = 'route-gateway 10.8.0.1'
Sun Mar 10 21:08:51 2019 us=492436   push_entry = 'topology subnet'
Sun Mar 10 21:08:51 2019 us=492439   push_entry = 'ping 10'
Sun Mar 10 21:08:51 2019 us=492441   push_entry = 'ping-restart 120'
Sun Mar 10 21:08:51 2019 us=492444   ifconfig_pool_defined = ENABLED
Sun Mar 10 21:08:51 2019 us=492447   ifconfig_pool_start = 10.8.0.2
Sun Mar 10 21:08:51 2019 us=492451   ifconfig_pool_end = 10.8.0.253
Sun Mar 10 21:08:51 2019 us=492454   ifconfig_pool_netmask = 255.255.255.0
Sun Mar 10 21:08:51 2019 us=492457   ifconfig_pool_persist_filename = 'ipp.txt'
Sun Mar 10 21:08:51 2019 us=492460   ifconfig_pool_persist_refresh_freq = 600
Sun Mar 10 21:08:51 2019 us=492462   ifconfig_ipv6_pool_defined = DISABLED
Sun Mar 10 21:08:51 2019 us=492465   ifconfig_ipv6_pool_base = ::
Sun Mar 10 21:08:51 2019 us=492468   ifconfig_ipv6_pool_netbits = 0
Sun Mar 10 21:08:51 2019 us=492471   n_bcast_buf = 256
Sun Mar 10 21:08:51 2019 us=492474   tcp_queue_limit = 64
Sun Mar 10 21:08:51 2019 us=492476   real_hash_size = 256
Sun Mar 10 21:08:51 2019 us=492479   virtual_hash_size = 256
Sun Mar 10 21:08:51 2019 us=492482   client_connect_script = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492484   learn_address_script = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492487   client_disconnect_script = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492490   client_config_dir = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492493   ccd_exclusive = DISABLED
Sun Mar 10 21:08:51 2019 us=492496   tmp_dir = '/tmp'
Sun Mar 10 21:08:51 2019 us=492498   push_ifconfig_defined = DISABLED
Sun Mar 10 21:08:51 2019 us=492502   push_ifconfig_local = 0.0.0.0
Sun Mar 10 21:08:51 2019 us=492505   push_ifconfig_remote_netmask = 0.0.0.0
Sun Mar 10 21:08:51 2019 us=492508   push_ifconfig_ipv6_defined = DISABLED
Sun Mar 10 21:08:51 2019 us=492511   push_ifconfig_ipv6_local = ::/0
Sun Mar 10 21:08:51 2019 us=492514   push_ifconfig_ipv6_remote = ::
Sun Mar 10 21:08:51 2019 us=492516   enable_c2c = DISABLED
Sun Mar 10 21:08:51 2019 us=492519   duplicate_cn = DISABLED
Sun Mar 10 21:08:51 2019 us=492522   cf_max = 0
Sun Mar 10 21:08:51 2019 us=492525   cf_per = 0
Sun Mar 10 21:08:51 2019 us=492527   max_clients = 1024
Sun Mar 10 21:08:51 2019 us=492530   max_routes_per_client = 256
Sun Mar 10 21:08:51 2019 us=492533   auth_user_pass_verify_script = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492536   auth_user_pass_verify_script_via_file = DISABLED
Sun Mar 10 21:08:51 2019 us=492538   auth_token_generate = DISABLED
Sun Mar 10 21:08:51 2019 us=492541   auth_token_lifetime = 0
Sun Mar 10 21:08:51 2019 us=492544   port_share_host = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492546   port_share_port = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492549   client = DISABLED
Sun Mar 10 21:08:51 2019 us=492552   pull = DISABLED
Sun Mar 10 21:08:51 2019 us=492554   auth_user_pass_file = '[UNDEF]'
Sun Mar 10 21:08:51 2019 us=492558 OpenVPN 2.4.6 amd64-portbld-freebsd11.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Nov 29 2018
Sun Mar 10 21:08:51 2019 us=492563 library versions: OpenSSL 1.0.2o-freebsd  27 Mar 2018, LZO 2.10
Sun Mar 10 21:08:51 2019 us=492909 Diffie-Hellman initialized with 2048 bit key
Sun Mar 10 21:08:51 2019 us=493252 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 10 21:08:51 2019 us=493259 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Mar 10 21:08:51 2019 us=493267 TLS-Auth MTU parms [ L:1622 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Sun Mar 10 21:08:51 2019 us=493303 TUN/TAP device /dev/tun0 opened
Sun Mar 10 21:08:51 2019 us=493308 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Mar 10 21:08:51 2019 us=493335 /sbin/ifconfig tun0 10.8.0.1 10.8.0.2 mtu 1500 netmask 255.255.255.0 up
Sun Mar 10 21:08:51 2019 us=494542 /sbin/route add -net 10.8.0.0 10.8.0.2 255.255.255.0
add net 10.8.0.0: gateway 10.8.0.2
Sun Mar 10 21:08:51 2019 us=495201 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Sun Mar 10 21:08:51 2019 us=495437 Could not determine IPv4/IPv6 protocol. Using AF_INET
Sun Mar 10 21:08:51 2019 us=495452 Socket Buffers: R=[42080->42080] S=[9216->9216]
Sun Mar 10 21:08:51 2019 us=495465 UDPv4 link local (bound): [AF_INET]192.168.86.20:1194
Sun Mar 10 21:08:51 2019 us=495468 UDPv4 link remote: [AF_UNSPEC]
Sun Mar 10 21:08:51 2019 us=495474 GID set to nobody
Sun Mar 10 21:08:51 2019 us=495481 UID set to nobody
Sun Mar 10 21:08:51 2019 us=495488 MULTI: multi_init called, r=256 v=256
Sun Mar 10 21:08:51 2019 us=495501 IFCONFIG POOL: base=10.8.0.2 size=252, ipv6=0
Sun Mar 10 21:08:51 2019 us=495507 IFCONFIG POOL LIST
Sun Mar 10 21:08:51 2019 us=495527 Initialization Sequence Completed

^CSun Mar 10 20:54:53 2019 us=157850 event_wait : Interrupted system call (code=4)

Sun Mar 10 20:54:55 2019 us=283978 TCP/UDP: Closing socket
Sun Mar 10 20:54:55 2019 us=284005 Closing TUN/TAP interface
Sun Mar 10 20:54:55 2019 us=284040 /sbin/ifconfig tun0 destroy
ifconfig: SIOCIFDESTROY: Operation not permitted
Sun Mar 10 20:54:55 2019 us=285258 FreeBSD 'destroy tun interface' failed (non-critical): external program exited with error status: 1
Sun Mar 10 20:54:55 2019 us=285301 SIGINT[hard,] received, process exiting

root@openVPN:~ # service openvpn status
openvpn is not running.

.
.
.

Please note that, for the openVPN log, at the end:

Code:
Sun Mar 10 21:08:51 2019 us=495527 Initialization Sequence Completed

^CSun Mar 10 20:54:53 2019 us=157850 event_wait : Interrupted system call (code=4)

Sun Mar 10 20:54:55 2019 us=283978 TCP/UDP: Closing socket
Sun Mar 10 20:54:55 2019 us=284005 Closing TUN/TAP interface
Sun Mar 10 20:54:55 2019 us=284040 /sbin/ifconfig tun0 destroy
ifconfig: SIOCIFDESTROY: Operation not permitted
Sun Mar 10 20:54:55 2019 us=285258 FreeBSD 'destroy tun interface' failed (non-critical): external program exited with error status: 1
Sun Mar 10 20:54:55 2019 us=285301 SIGINT[hard,] received, process exiting

After the Sun Mar 10 21:08:51 2019 us=495527 Initialization Sequence Completed,
the process never terminates without a manual termination using Ctrl+C.

Note also that by manually terminating the process, the openvpn service never starts.
Is this intended?

What is the correct method of running this command so it terminates?
 
Last edited:

itskando

Contributor
Joined
Apr 30, 2018
Messages
172
Grabbed these files too:

/etc/rc.conf:
Code:
host_hostname="openVPN"
cron_flags="$cron_flags -J 15"

# Disable Sendmail by default
sendmail_enable="NONE"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

# Run secure syslog
syslogd_flags="-c -ss"

# Enable IPv6
ipv6_activate_all_interfaces="YES"


# Modified:
openvpn_enable="YES"
openvpn_if="tun"
openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"
openvpn_dir="/usr/local/etc/openvpn/"
cloned_interfaces="tun"
gateway_enable="YES"
firewall_enable="YES"
firewall_script="/usr/local/etc/ipfw.rules"
# End Modified.

/etc/syslog.conf:
Code:
# $FreeBSD: releng/11.2/etc/syslog.conf 308721 2016-11-16 07:04:49Z bapt $
#
#    Spaces ARE valid field separators in this file. However,
#    other *nix-like systems still insist on using tabs as field
#    separators. If you are sharing this file between systems, you
#    may want to use only tabs as field separators here.
#    Consult the syslog.conf(5) manpage.
*.err;kern.warning;auth.notice;mail.crit        /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err    /var/log/messages
security.*                    /var/log/security
auth.info;authpriv.info                /var/log/auth.log
mail.info                    /var/log/maillog
lpr.info                    /var/log/lpd-errs
ftp.info                    /var/log/xferlog
cron.*                        /var/log/cron
!-devd
*.=debug                    /var/log/debug.log
*.emerg                        *
# uncomment this to log all writes to /dev/console to /var/log/console.log
# touch /var/log/console.log and chmod it to mode 600 before it will work
#console.info                    /var/log/console.log
# uncomment this to enable logging of all log messages to /var/log/all.log
# touch /var/log/all.log and chmod it to mode 600 before it will work
#*.*                        /var/log/all.log
# uncomment this to enable logging to a remote loghost named loghost
#*.*                        @loghost
# uncomment these if you're running inn
# news.crit                    /var/log/news/news.crit
# news.err                    /var/log/news/news.err
# news.notice                    /var/log/news/news.notice
# Uncomment this if you wish to see messages produced by devd
# !devd
# *.>=notice                    /var/log/devd.log
!ppp
*.*                        /var/log/ppp.log
# Modified:
!openvpn
*.*                                            /var/log/openvpn.log
# End Modified.
!*
include                        /etc/syslog.d
include                        /usr/local/etc/syslog.d

/etc/newsyslog.conf:
Code:
# configuration file for newsyslog
# $FreeBSD: releng/11.2/etc/newsyslog.conf 266463 2014-05-20 03:00:20Z bdrewery $
#
# Entries which do not specify the '/pid_file' field will cause the
# syslogd process to be signalled when that log file is rotated.  This
# action is only appropriate for log files which are written to by the
# syslogd process (ie, files listed in /etc/syslog.conf).  If there
# is no process which needs to be signalled when a given log file is
# rotated, then the entry for that file should include the 'N' flag.
#
# The 'flags' field is one or more of the letters: BCDGJNUXZ or a '-'.
#
# Note: some sites will want to select more restrictive protections than the
# defaults.  In particular, it may be desirable to switch many of the 644
# entries to 640 or 600.  For example, some sites will consider the
# contents of maillog, messages, and lpd-errs to be confidential.  In the
# future, these defaults may change to more conservative ones.
#
# logfilename          [owner:group]    mode count size when  flags [/pid_file] [sig_num]
/var/log/all.log            600  7       *    @T00  J
/var/log/amd.log            644  7       100    *     J
/var/log/auth.log            600  7     100  @0101T JC
/var/log/console.log            600  5       100    *     J
/var/log/cron                600  3       100    *     JC
/var/log/daily.log            640  7       *    @T00  JN
/var/log/debug.log            600  7     100  *     JC
/var/log/init.log            644  3       100    *     J
/var/log/kerberos.log            600  7       100    *     J
/var/log/lpd-errs            644  7       100    *     JC
/var/log/maillog            640  7       *    @T00  JC
/var/log/messages            644  5       100    @0101T JC
/var/log/monthly.log            640  12       *    $M1D0 JN
/var/log/pflog                600  3       100    *     JB    /var/run/pflogd.pid
/var/log/ppp.log    root:network    640  3       100    *     JC
/var/log/devd.log            644  3       100    *     JC
/var/log/security            600  10       100    *     JC
/var/log/sendmail.st            640  10       *    168   BN
/var/log/utx.log            644  3       *    @01T05 B
/var/log/weekly.log            640  5       *    $W6D0 JN
/var/log/xferlog            600  7       100    *     JC
# Modified:
/var/log/openvpn.log            600  30    *    @T00  ZC
# End Modified.


<include> /etc/newsyslog.conf.d/*
<include> /usr/local/etc/newsyslog.conf.d/*


Noted that in some areas, tabs are used instead of spaces,
but in these forums, tabs are converted to spaces.

(The original guide did not mention the tabs,
although they are mentioned in one of the files.)

Fixed as needed to match similar inputs.
 

gsrcrxsi

Explorer
Joined
Apr 15, 2018
Messages
86
can you be more direct about what problem you're now having exactly? does openvpn ever start?
have you tried manually starting it with
Code:
openvpn /usr/local/etc/openvpn/openvpn.conf
inside the jail?

have you tried the ipfw.rules modification that i've mentioned to try several times yet?
 

gsrcrxsi

Explorer
Joined
Apr 15, 2018
Messages
86
OpenVPN log:

After the Sun Mar 10 21:08:51 2019 us=495527 Initialization Sequence Completed,
the process never terminates without a manual termination using Ctrl+C.

Note also that by manually terminating the process, the openvpn service never starts.
Is this intended?

What is the correct method of running this command so it terminates?

i'm not sure what you're asking. why would the service start after you terminated it? do you mean you are unable to MANUALLY restart it?

what is ideal is for the openvpn service to start after the when the jail starts. and then dont touch it.
 

itskando

Contributor
Joined
Apr 30, 2018
Messages
172
i'm not sure what you're asking. why would the service start after you terminated it? do you mean you are unable to MANUALLY restart it?

what is ideal is for the openvpn service to start after the when the jail starts. and then don't touch it.

I mean that when the shell is ready to accept a new command, it reads root@openvpn:~ # ,
but when running root@openVPN:~ # openvpn --config /usr/local/etc/openvpn/openvpn.conf,
root@openvpn:~ # never reappears.
The process just hangs after the final line Sun Mar 10 21:08:51 2019 us=495527 Initialization Sequence Completed.

And the only way to end the process,
to regain control of the command line,
is to press Ctrl+C on the keyboard.

This causes the root@openVPN:~ # openvpn --config /usr/local/etc/openvpn/openvpn.conf process to emit:

Code:
^CSun Mar 10 20:54:53 2019 us=157850 event_wait : Interrupted system call (code=4)

Sun Mar 10 20:54:55 2019 us=283978 TCP/UDP: Closing socket
Sun Mar 10 20:54:55 2019 us=284005 Closing TUN/TAP interface
Sun Mar 10 20:54:55 2019 us=284040 /sbin/ifconfig tun0 destroy
ifconfig: SIOCIFDESTROY: Operation not permitted
Sun Mar 10 20:54:55 2019 us=285258 FreeBSD 'destroy tun interface' failed (non-critical): external program exited with error status: 1
Sun Mar 10 20:54:55 2019 us=285301 SIGINT[hard,] received, process exiting


Obviously, I can just start the service with service openvpn start,
but it leaves me wondering if that service is also simply hanging at the
Sun Mar 10 21:08:51 2019 us=495527 Initialization Sequence Completed line rather than finishing after it.

It's probably nothing, but I wanted to make a note of it.
 

itskando

Contributor
Joined
Apr 30, 2018
Messages
172
can you be more direct about what problem you're now having exactly? does openvpn ever start?
have you tried manually starting it with
Code:
openvpn /usr/local/etc/openvpn/openvpn.conf
inside the jail?

have you tried the ipfw.rules modification that i've mentioned to try several times yet?

I'm going to do this, I just wanted to finish logging everything else I'd missed, and
I got sidetracked because I realized that I could no longer reach the Management links
for my Plex and Transmission plugins.

The former has been setup and proven to work in the past.
The latter has never been setup.

According to the Plex jail, there is no service listed associated with Plex.
So it might be unrelated.
But with Transmission having also dropped out, I'm not so sure.

I ultimately figured I'd just get this working with your method, and
then reinstall them if I have to.

Is openVPN known to mess with Plex's automated networking?
Is openVPN known to mess with jail Management links overall?
 

itskando

Contributor
Joined
Apr 30, 2018
Messages
172
have you tried the ipfw.rules modification that i've mentioned

Didn't work with your ipfw.rules.
Tried on home network and remote network from macOS laptop.

ipfw.rules:
Code:
# Bibi40k method:

##!/bin/sh
#EPAIR=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep epair) 
#ipfw -q -f flush 
#ipfw -q nat 1 config if ${EPAIR} 
#ipfw -q add nat 1 all from 10.8.0.0/24 to any out via ${EPAIR} 
#ipfw -q add nat 1 all from any to any in via ${EPAIR}

#TUN=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep tun)
#ifconfig ${TUN} name tun0


# gsrcrxsi method:

#!/bin/sh                                                                      
EPAIR=$(/sbin/ifconfig -l | cut -d' ' -f2)                                    
ipfw -q -f flush                                                               
ipfw -q nat 1 config if ${EPAIR}                                               
ipfw -q add nat 1 all from 10.8.0.0/24 to any out via ${EPAIR}                
ipfw -q add nat 1 all from any to any in via ${EPAIR}                          
                                                                              
TUN=$(/sbin/ifconfig -l | cut -d' ' -f3)                                       
ifconfig ${TUN} name tun0

openVPN client output:
Code:
2019-03-17 16:38:17 *Tunnelblick: openvpnstart starting OpenVPN
*Tunnelblick: macOS 10.13.6; Tunnelblick 3.7.8 (build 5180)
2019-03-17 16:38:17 *Tunnelblick: Attempting connection with Bibi40k using shadow copy; Set nameserver = 769; monitoring connection
2019-03-17 16:38:17 *Tunnelblick: openvpnstart start Bibi40k.tblk 52417 769 0 1 0 1065264 -ptADGNWradsgnw 2.4.6-openssl-1.0.2q
2019-03-17 16:38:18 *Tunnelblick: openvpnstart log:
     OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):

          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.6-openssl-1.0.2q/openvpn
          --daemon
          --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Skando-SLibrary-SApplication Support-STunnelblick-SConfigurations-SBibi40k.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065264.52417.openvpn.log
          --cd /Library/Application Support/Tunnelblick/Users/kando/Bibi40k.tblk/Contents/Resources
          --setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5180 3.7.8 (build 5180)"
          --verb 3
          --config /Library/Application Support/Tunnelblick/Users/kando/Bibi40k.tblk/Contents/Resources/config.ovpn
          --setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Users/kando/Bibi40k.tblk/Contents/Resources
          --verb 3
          --cd /Library/Application Support/Tunnelblick/Users/kando/Bibi40k.tblk/Contents/Resources
          --management 127.0.0.1 52417 /Library/Application Support/Tunnelblick/pimdakjjaheliaoknhlfekjoagdfmogakfaoolfg.mip
          --management-query-passwords
          --management-hold
          --script-security 2
          --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
          --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2019-03-17 16:38:17 OpenVPN 2.4.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Nov 29 2018
2019-03-17 16:38:17 library versions: OpenSSL 1.0.2q  20 Nov 2018, LZO 2.10
2019-03-17 16:38:17 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:52417
2019-03-17 16:38:17 Need hold release from management interface, waiting...
2019-03-17 16:38:18 *Tunnelblick: Established communication with OpenVPN
2019-03-17 16:38:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:52417
2019-03-17 16:38:18 MANAGEMENT: CMD 'pid'
2019-03-17 16:38:18 MANAGEMENT: CMD 'auth-retry interact'
2019-03-17 16:38:18 >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2019-03-17 16:38:18 *Tunnelblick: Obtained passphrase from the Keychain
2019-03-17 16:38:18 MANAGEMENT: CMD 'state on'
2019-03-17 16:38:18 MANAGEMENT: CMD 'state'
2019-03-17 16:38:18 MANAGEMENT: CMD 'bytecount 1'
2019-03-17 16:38:18 MANAGEMENT: CMD 'hold release'
2019-03-17 16:38:18 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2019-03-17 16:38:18 MANAGEMENT: CMD 'password [...]'
2019-03-17 16:38:18 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2019-03-17 16:38:18 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2019-03-17 16:38:18 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2019-03-17 16:38:18 MANAGEMENT: >STATE:1552855098,RESOLVE,,,,,,
2019-03-17 16:38:18 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:443
2019-03-17 16:38:18 Socket Buffers: R=[196724->196724] S=[9216->9216]
2019-03-17 16:38:18 UDP link local: (not bound)
2019-03-17 16:38:18 UDP link remote: [AF_INET]x.x.x.x:443
2019-03-17 16:38:18 MANAGEMENT: >STATE:1552855098,WAIT,,,,,,
2019-03-17 16:39:18 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2019-03-17 16:39:18 TLS Error: TLS handshake failed
2019-03-17 16:39:18 SIGUSR1[soft,tls-error] received, process restarting
2019-03-17 16:39:18 MANAGEMENT: >STATE:1552855158,RECONNECTING,tls-error,,,,,
2019-03-17 16:39:18 MANAGEMENT: CMD 'hold release'
2019-03-17 16:39:18 MANAGEMENT: CMD 'hold release'
2019-03-17 16:39:18 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2019-03-17 16:39:18 MANAGEMENT: >STATE:1552855158,RESOLVE,,,,,,
2019-03-17 16:39:18 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:443
2019-03-17 16:39:18 Socket Buffers: R=[196724->196724] S=[9216->9216]
2019-03-17 16:39:18 UDP link local: (not bound)
2019-03-17 16:39:18 UDP link remote: [AF_INET]x.x.x.x:443
2019-03-17 16:39:18 MANAGEMENT: >STATE:1552855158,WAIT,,,,,,
 
Last edited:

itskando

Contributor
Joined
Apr 30, 2018
Messages
172
When I made your changes and restarted, I was still not able to connect.
When I pinged within the jail and left it pinging, I was able to connect:

macOS: LAN [Tunnelblick warned: IP address hasn't changed.]
macOS: remote (using 1st floor neighbor wifi) [Tunnelblick warned: IP address hasn't changed.]
android: LAN

I thought I had tried android remote, but I realized after that the wifi was still on.

This was the same problem with Google Wifi when I was trying to open a port to the jail.
The router GUI only allows interfacing with currently active devices.
I wonder if the router only recognizes the jail when it is actively sending.

I also wonder if this is only the case because the server is connected to
a puck in wifi bridge (slave) mode, rather than
a puck in WAP/router (master) mode.

When I get more time this week, I'll:

• post logs.
• see if I can do remote connection using my android phone's data plan with pinging, and if so:
• check for android remote connection after 1 hour without pinging,
(to see if I only have to connect once with the pinging.)
 
Last edited:

itskando

Contributor
Joined
Apr 30, 2018
Messages
172
I was able to get the same results with the @Bibi40k and @gsrcrxsi ipfw.rules methods.
Thought I posted it but I only copied; never pasted. Will remedy later.

I have posted about this issue on the Google Wifi forums,
in case this is related to my specific router.

One suggestion involved setting a static MAC address.
Can anyone comment on whether this seems like a direction worth pursuing?
 

itskando

Contributor
Joined
Apr 30, 2018
Messages
172
The client connection is successful when I am connected to
my home wifi OR the (independent) wifi of my downstairs neighbor.

The client connection is NOT successful when I am connected to
my cell phone data plan OR the internet of people outside of my house.

openVPN client output:
Code:
*Tunnelblick: macOS 10.13.6; Tunnelblick 3.7.8 (build 5180)
2019-03-25 19:02:45 *Tunnelblick: Attempting connection with Bibi40k using shadow copy; Set nameserver = 769; monitoring connection
2019-03-25 19:02:45 *Tunnelblick: openvpnstart start Bibi40k.tblk 55866 769 0 1 0 1065264 -ptADGNWradsgnw 2.4.6-openssl-1.0.2q
2019-03-25 19:02:45 OpenVPN 2.4.6 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Nov 29 2018
2019-03-25 19:02:45 library versions: OpenSSL 1.0.2q  20 Nov 2018, LZO 2.10
2019-03-25 19:02:45 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:55866
2019-03-25 19:02:45 Need hold release from management interface, waiting...
2019-03-25 19:02:45 *Tunnelblick: openvpnstart starting OpenVPN
2019-03-25 19:02:46 *Tunnelblick: openvpnstart log:
     OpenVPN started successfully. Command used to start OpenVPN (one argument per displayed line):
  
          /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.6-openssl-1.0.2q/openvpn
          --daemon
          --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Skando-SLibrary-SApplication Support-STunnelblick-SConfigurations-SBibi40k.tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1065264.55866.openvpn.log
          --cd /Library/Application Support/Tunnelblick/Users/kando/Bibi40k.tblk/Contents/Resources
          --setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5180 3.7.8 (build 5180)"
          --verb 3
          --config /Library/Application Support/Tunnelblick/Users/kando/Bibi40k.tblk/Contents/Resources/config.ovpn
          --setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Users/kando/Bibi40k.tblk/Contents/Resources
          --verb 3
          --cd /Library/Application Support/Tunnelblick/Users/kando/Bibi40k.tblk/Contents/Resources
          --management 127.0.0.1 55866 /Library/Application Support/Tunnelblick/pimdakjjaheliaoknhlfekjoagdfmogakfaoolfg.mip
          --management-query-passwords
          --management-hold
          --script-security 2
          --up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
          --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw

2019-03-25 19:02:46 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:55866
2019-03-25 19:02:46 MANAGEMENT: CMD 'pid'
2019-03-25 19:02:46 MANAGEMENT: CMD 'auth-retry interact'
2019-03-25 19:02:46 MANAGEMENT: CMD 'state on'
2019-03-25 19:02:46 MANAGEMENT: CMD 'state'
2019-03-25 19:02:46 *Tunnelblick: Established communication with OpenVPN
2019-03-25 19:02:46 >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
2019-03-25 19:02:46 MANAGEMENT: CMD 'bytecount 1'
2019-03-25 19:02:46 MANAGEMENT: CMD 'hold release'
2019-03-25 19:02:46 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2019-03-25 19:02:46 *Tunnelblick: Obtained passphrase from the Keychain
2019-03-25 19:02:46 MANAGEMENT: CMD 'password [...]'
2019-03-25 19:02:46 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2019-03-25 19:02:46 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2019-03-25 19:02:46 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2019-03-25 19:02:46 MANAGEMENT: >STATE:1553554966,RESOLVE,,,,,,
2019-03-25 19:02:46 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:443
2019-03-25 19:02:46 Socket Buffers: R=[196724->196724] S=[9216->9216]
2019-03-25 19:02:46 UDP link local: (not bound)
2019-03-25 19:02:46 UDP link remote: [AF_INET]x.x.x.x:443
2019-03-25 19:02:46 MANAGEMENT: >STATE:1553554966,WAIT,,,,,,
2019-03-25 19:02:46 MANAGEMENT: >STATE:1553554966,AUTH,,,,,,
2019-03-25 19:02:46 TLS: Initial packet from [AF_INET]x.x.x.x:443, sid=fe81d1b1 78d713e8
2019-03-25 19:02:46 VERIFY OK: depth=1, CN=Deetz OpenVPN FreeNAS CA
2019-03-25 19:02:46 VERIFY KU OK
2019-03-25 19:02:46 Validating certificate extended key usage
2019-03-25 19:02:46 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2019-03-25 19:02:46 VERIFY EKU OK
2019-03-25 19:02:46 VERIFY OK: depth=0, CN=openvpn-server
2019-03-25 19:02:46 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
2019-03-25 19:02:46 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2019-03-25 19:02:46 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2019-03-25 19:02:46 [openvpn-server] Peer Connection Initiated with [AF_INET]x.x.x.x:443
2019-03-25 19:02:47 MANAGEMENT: >STATE:1553554967,GET_CONFIG,,,,,,
2019-03-25 19:02:47 SENT CONTROL [openvpn-server]: 'PUSH_REQUEST' (status=1)
2019-03-25 19:02:47 PUSH: Received control message: 'PUSH_REPLY,route 192.168.86.0 255.255.255.0,compress lz4-v2,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2019-03-25 19:02:47 OPTIONS IMPORT: timers and/or timeouts modified
2019-03-25 19:02:47 OPTIONS IMPORT: compression parms modified
2019-03-25 19:02:47 OPTIONS IMPORT: --ifconfig/up options modified
2019-03-25 19:02:47 OPTIONS IMPORT: route options modified
2019-03-25 19:02:47 OPTIONS IMPORT: route-related options modified
2019-03-25 19:02:47 OPTIONS IMPORT: peer-id set
2019-03-25 19:02:47 OPTIONS IMPORT: adjusting link_mtu to 1624
2019-03-25 19:02:47 OPTIONS IMPORT: data channel crypto options modified
2019-03-25 19:02:47 Data Channel: using negotiated cipher 'AES-256-GCM'
2019-03-25 19:02:47 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2019-03-25 19:02:47 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2019-03-25 19:02:47 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2019-03-25 19:02:47 Opening utun (connect(AF_SYS_CONTROL)): Resource busy (errno=16)
2019-03-25 19:02:47 Opened utun device utun2
2019-03-25 19:02:47 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2019-03-25 19:02:47 MANAGEMENT: >STATE:1553554967,ASSIGN_IP,,10.8.0.2,,,,
2019-03-25 19:02:47 /sbin/ifconfig utun2 delete
                                        ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
2019-03-25 19:02:47 NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2019-03-25 19:02:47 /sbin/ifconfig utun2 10.8.0.2 10.8.0.2 netmask 255.255.255.0 mtu 1500 up
2019-03-25 19:02:47 /sbin/route add -net 10.8.0.0 10.8.0.2 255.255.255.0
                                        add net 10.8.0.0: gateway 10.8.0.2
2019-03-25 19:02:47 /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw utun2 1500 1552 10.8.0.2 255.255.255.0 init
                                        **********************************************
                                        Start of output from client.up.tunnelblick.sh
                                        NOTE: No network configuration changes need to be made.
                                        WARNING: Will NOT monitor for other network configuration changes.
                                        WARNING: Will NOT disable IPv6 settings.
                                        DNS servers '192.168.86.1' will be used for DNS queries when the VPN is active
                                        NOTE: The DNS servers do not include any free public DNS servers known to Tunnelblick. This may cause DNS queries to fail or be intercepted or falsified even if they are directed through the VPN. Specify only known public DNS servers or DNS servers located on the VPN network to avoid such problems.
                                        Flushed the DNS cache via dscacheutil
                                        /usr/sbin/discoveryutil not present. Not flushing the DNS cache via discoveryutil
                                        Notified mDNSResponder that the DNS cache was flushed
                                        Not notifying mDNSResponderHelper that the DNS cache was flushed because it is not running
                                        End of output from client.up.tunnelblick.sh
                                        **********************************************
2019-03-25 19:02:50 *Tunnelblick: No 'connected.sh' script to execute
2019-03-25 19:02:50 MANAGEMENT: >STATE:1553554970,ADD_ROUTES,,,,,,
2019-03-25 19:02:50 /sbin/route add -net 192.168.86.0 10.8.0.1 255.255.255.0
                                        add net 192.168.86.0: gateway 10.8.0.1
2019-03-25 19:02:50 Initialization Sequence Completed
2019-03-25 19:02:50 MANAGEMENT: >STATE:1553554970,CONNECTED,SUCCESS,10.8.0.2,x.x.x.x,443,,
2019-03-25 19:02:55 *Tunnelblick: This computer's apparent public IP address (x.x.x.x) was unchanged after the connection was made
 
Last edited:

itskando

Contributor
Joined
Apr 30, 2018
Messages
172
While android phone attempts to connect via phone data plan:

tcpdump:
Code:
root@Deetz:~ # tcpdump arp and host 192.168.86.3
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on igb0, link-type EN10MB (Ethernet), capture size 262144 bytes
08:57:03.300246 ARP, Request who-has 192.168.86.3 tell wemo.lan, length 46
08:57:03.300291 ARP, Reply 192.168.86.3 is-at 0c:c4:7a:90:df:c2 (oui Unknown), length 28
08:57:03.398918 ARP, Request who-has 192.168.86.3 tell hpa68c20.lan, length 46
08:57:03.398956 ARP, Reply 192.168.86.3 is-at 0c:c4:7a:90:df:c2 (oui Unknown), length 28
08:57:08.297845 ARP, Request who-has 192.168.86.3 tell 192.168.86.200, length 46
08:57:08.297856 ARP, Reply 192.168.86.3 is-at 0c:c4:7a:90:df:c2 (oui Unknown), length 28
08:57:40.801771 ARP, Request who-has 192.168.86.3 (0c:c4:7a:90:df:c2 (oui Unknown)) tell testwifi.here, length 46
08:57:40.801798 ARP, Reply 192.168.86.3 is-at 0c:c4:7a:90:df:c2 (oui Unknown), length 28
08:58:40.808589 ARP, Request who-has 192.168.86.3 (0c:c4:7a:90:df:c2 (oui Unknown)) tell testwifi.here, length 46
08:58:40.808599 ARP, Reply 192.168.86.3 is-at 0c:c4:7a:90:df:c2 (oui Unknown), length 28
^C
10 packets captured
535 packets received by filter
0 packets dropped by kernel

root@Deetz:~ # tcpdump arp and host 192.168.86.8
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on igb0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:01:40.809872 ARP, Request who-has 192.168.86.8 (02:ff:60:c1:31:6f (oui Unknown)) tell testwifi.here, length 46
09:01:40.809917 ARP, Reply 192.168.86.8 is-at 02:ff:60:c1:31:6f (oui Unknown), length 28
09:02:40.816954 ARP, Request who-has 192.168.86.8 (02:ff:60:c1:31:6f (oui Unknown)) tell testwifi.here, length 46
09:02:40.817046 ARP, Reply 192.168.86.8 is-at 02:ff:60:c1:31:6f (oui Unknown), length 28
^C
4 packets captured
455 packets received by filter
0 packets dropped by kernel

This didn't work, so I tried:

Code:
root@Deetz:~ # tcpdump -lvv arp
tcpdump: listening on igb0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:04:33.242664 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.86.3 tell boston.lan, length 46
09:04:33.242676 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.86.3 is-at 0c:c4:7a:90:df:c2 (oui Unknown), length 28
09:04:38.252302 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.86.3 tell testwifi.here, length 46
09:04:38.252310 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.86.3 is-at 0c:c4:7a:90:df:c2 (oui Unknown), length 28
09:04:40.836742 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.86.8 (02:ff:60:c1:31:6f (oui Unknown)) tell testwifi.here, length 46
09:04:40.836749 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.86.3 (0c:c4:7a:90:df:c2 (oui Unknown)) tell testwifi.here, length 46
09:04:40.836770 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.86.3 is-at 0c:c4:7a:90:df:c2 (oui Unknown), length 28
09:04:40.836771 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.86.2 is-at 0c:c4:7a:90:db:f4 (oui Unknown), length 46
09:04:40.836810 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.86.8 is-at 02:ff:60:c1:31:6f (oui Unknown), length 28
09:04:49.332339 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has android-8dca57f397cae728.lan tell testwifi.here, length 46
09:04:50.325922 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has android-8dca57f397cae728.lan tell testwifi.here, length 46
09:04:51.317212 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has android-8dca57f397cae728.lan tell testwifi.here, length 46
09:05:40.817621 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has android-8dca57f397cae728.lan (f8:a9:d0:54:6f:e0 (oui Unknown)) tell testwifi.here, length 46
09:05:40.837676 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.86.8 (02:ff:60:c1:31:6f (oui Unknown)) tell testwifi.here, length 46
09:05:40.837699 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.86.3 (0c:c4:7a:90:df:c2 (oui Unknown)) tell testwifi.here, length 46
09:05:40.837706 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.86.3 is-at 0c:c4:7a:90:df:c2 (oui Unknown), length 28
09:05:40.837707 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.86.2 is-at 0c:c4:7a:90:db:f4 (oui Unknown), length 46
09:05:40.837746 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.86.8 is-at 02:ff:60:c1:31:6f (oui Unknown), length 28
09:06:40.820166 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has android-8dca57f397cae728.lan (f8:a9:d0:54:6f:e0 (oui Unknown)) tell testwifi.here, length 46
09:06:40.828254 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.86.8 (02:ff:60:c1:31:6f (oui Unknown)) tell testwifi.here, length 46
09:06:40.828314 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.86.8 is-at 02:ff:60:c1:31:6f (oui Unknown), length 28
09:06:40.829362 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.86.2 is-at 0c:c4:7a:90:db:f4 (oui Unknown), length 46
09:06:40.836700 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.86.3 (0c:c4:7a:90:df:c2 (oui Unknown)) tell testwifi.here, length 46
09:06:40.836713 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.86.3 is-at 0c:c4:7a:90:df:c2 (oui Unknown), length 28
^C
24 packets captured
532 packets received by filter
0 packets dropped by kernel


It seems that my phone is seen by the server,
(unless the mentioned android is a different android phone on the LAN),
but on the phone/(client) side, it never connects:

Code:
[...]
Server poll timeout, trying next remote entry...
EVENT: RECONNECTING
EVENT: RESOLVE
Contacting x.x.x.x via UDP
EVENT: WAIT
Connecting to [mydomain.com]:443 (x.x.x.x) via UDPv4
Server poll timeout, trying next remote entry...
[...]
 
Last edited:

itskando

Contributor
Joined
Apr 30, 2018
Messages
172
I just needed to connect to the primary router, rather than the wifi bridge. :/
 
Top