Ssh
當 OpenVPN 客戶端打開時,遠端 ssh 訪問不起作用
我是一個新使用者論壇,我正在做我的第一個 VPN 設置。
我購買了帶有 PrivateInternetAccess 的 VPN 服務。我正在 VMware ESXi 遠端主機上設置 Linux VM(CentOS 6.5 伺服器)。它位於另一個 VM 後面,它為多個 VM 提供 NAT 功能。我擁有對 ESXi 主機和 NAT 伺服器的完全訪問權限,可以進行必要的更改。
我在伺服器上有一個 openvpn 客戶端,它工作正常。
我的問題是,當我啟動客戶端並且隧道工作時,我失去了通過 ssh 與伺服器的連接。
我想我必須添加一條規則來分隔配置文件或在 Iptables 中保持打開 ssh 埠。
如果您需要任何其他資訊,我會盡快添加。
=============
客戶端配置文件:
client dev tun proto udp remote xxx.privateinternetaccess.com 1194 resolv-retry infinite nobind persist-key persist-tun ca /etc/openvpn/ca.crt crl-verify /etc/openvpn/crl.pem tls-client remote-cert-tls server comp-lzo reneg-sec 0 verb 4 # verbose mode status /etc/openvpn/openvpn-status.log log /etc/openvpn/openvpn-log.log auth-user-pass /etc/openvpn/login.pia=============
連接到 VPN 的 IP 客戶端是(隧道 ips 每次會話都會更改):
eth1 Link encap:Ethernet HWaddr 00:0C:29:6F:FA:48 inet addr:192.168.100.13 Bcast:192.168.100.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 test 1: tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.113.1.6 P-t-P:10.113.1.5 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 test 2: tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.188.1.10 P-t-P:10.188.1.9 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 Tunnel vpn public IP: test 1: 93.115.83.16 test 2: 5.254.100.67 test 3: 93.115.85.39=============
/etc/sysconfig/iptables 文件:
# Generated by iptables-save v1.4.7 on Fri Oct 24 08:19:30 2014 *mangle :PREROUTING ACCEPT [3340:3277701] :INPUT ACCEPT [3114:3220261] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [2532:706816] :POSTROUTING ACCEPT [2532:706816] COMMIT # Completed on Fri Oct 24 08:19:30 2014 # Generated by iptables-save v1.4.7 on Fri Oct 24 08:19:30 2014 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT # Completed on Fri Oct 24 08:19:30 2014 # Generated by iptables-save v1.4.7 on Fri Oct 24 08:19:30 2014 *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT # Completed on Fri Oct 24 08:19:30 2014=============
iptables 允許所有流量,因為具有 vpn 客戶端的伺服器在另一個伺服器後面,這使得路由,沒有過濾。
連接到 VPN 後,“iptables -L -n -v”的輸出為:
Chain INPUT (policy ACCEPT 1185 packets, 1301K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 1490 packets, 568K bytes) pkts bytes target prot opt in out source destination對於“iptables -L -n -v -t nat”
Chain PREROUTING (policy ACCEPT 18 packets, 1475 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 4 packets, 236 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 4 packets, 236 bytes) pkts bytes target prot opt in out source destination=============
執行 vpn 客戶端之前的路由 (netstat -rn)
Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 192.168.100.10 0.0.0.0 UG 0 0 0 eth1執行 vpn 客戶端后的路由 (netstat -rn)
Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 10.110.1.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 93.115.85.39 192.168.100.10 255.255.255.255 UGH 0 0 0 eth1 10.110.1.1 10.110.1.5 255.255.255.255 UGH 0 0 0 tun0 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 10.110.1.5 128.0.0.0 UG 0 0 0 tun0 128.0.0.0 10.110.1.5 128.0.0.0 UG 0 0 0 tun0 0.0.0.0 192.168.100.10 0.0.0.0 UG 0 0 0 eth1=============
我已經解決了在伺服器和我用來登錄的公共 IP 之間使用靜態路由的問題。
ip route add my.local.pc.ip/32 via 192.168.100.10 dev eth1最好的祝福
我找到了這個之前的文章,我按照他的步驟更改了我的網路設置,但我還沒有讓它工作。
我想我遺漏了一些東西,或者私有網際網路訪問設置(通過推送接收)被阻止生效。
知道如何繼續測試嗎?
openvpn 客戶端日誌,動詞 4:
Mon Oct 27 17:54:14 2014 us=164352 Current Parameter Settings: Mon Oct 27 17:54:14 2014 us=164412 config = '/etc/openvpn/client.conf' Mon Oct 27 17:54:14 2014 us=164422 mode = 0 Mon Oct 27 17:54:14 2014 us=164429 persist_config = DISABLED Mon Oct 27 17:54:14 2014 us=164436 persist_mode = 1 Mon Oct 27 17:54:14 2014 us=164443 show_ciphers = DISABLED Mon Oct 27 17:54:14 2014 us=164449 show_digests = DISABLED Mon Oct 27 17:54:14 2014 us=164455 show_engines = DISABLED Mon Oct 27 17:54:14 2014 us=164461 genkey = DISABLED Mon Oct 27 17:54:14 2014 us=164467 key_pass_file = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164473 show_tls_ciphers = DISABLED Mon Oct 27 17:54:14 2014 us=164479 Connection profiles [default]: Mon Oct 27 17:54:14 2014 us=164485 proto = udp Mon Oct 27 17:54:14 2014 us=164491 local = '192.168.100.13' Mon Oct 27 17:54:14 2014 us=164497 local_port = 1194 Mon Oct 27 17:54:14 2014 us=164503 remote = 'ro.privateinternetaccess.com' Mon Oct 27 17:54:14 2014 us=164509 remote_port = 1194 Mon Oct 27 17:54:14 2014 us=164515 remote_float = DISABLED Mon Oct 27 17:54:14 2014 us=164521 bind_defined = DISABLED Mon Oct 27 17:54:14 2014 us=164527 bind_local = ENABLED Mon Oct 27 17:54:14 2014 us=164533 connect_retry_seconds = 5 Mon Oct 27 17:54:14 2014 us=164539 connect_timeout = 10 Mon Oct 27 17:54:14 2014 us=164545 connect_retry_max = 0 Mon Oct 27 17:54:14 2014 us=164551 socks_proxy_server = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164557 socks_proxy_port = 0 Mon Oct 27 17:54:14 2014 us=164563 socks_proxy_retry = DISABLED Mon Oct 27 17:54:14 2014 us=164568 tun_mtu = 1500 Mon Oct 27 17:54:14 2014 us=164574 tun_mtu_defined = ENABLED Mon Oct 27 17:54:14 2014 us=164580 link_mtu = 1500 Mon Oct 27 17:54:14 2014 us=164586 link_mtu_defined = DISABLED Mon Oct 27 17:54:14 2014 us=164592 tun_mtu_extra = 0 Mon Oct 27 17:54:14 2014 us=164598 tun_mtu_extra_defined = DISABLED Mon Oct 27 17:54:14 2014 us=164603 mtu_discover_type = -1 Mon Oct 27 17:54:14 2014 us=164609 fragment = 0 Mon Oct 27 17:54:14 2014 us=164615 mssfix = 1450 Mon Oct 27 17:54:14 2014 us=164621 explicit_exit_notification = 0 Mon Oct 27 17:54:14 2014 us=164628 Connection profiles END Mon Oct 27 17:54:14 2014 us=164634 remote_random = DISABLED Mon Oct 27 17:54:14 2014 us=164640 ipchange = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164646 dev = 'tun' Mon Oct 27 17:54:14 2014 us=164651 dev_type = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164657 dev_node = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164663 lladdr = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164669 topology = 1 Mon Oct 27 17:54:14 2014 us=164675 tun_ipv6 = DISABLED Mon Oct 27 17:54:14 2014 us=164681 ifconfig_local = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164686 ifconfig_remote_netmask = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164692 ifconfig_noexec = DISABLED Mon Oct 27 17:54:14 2014 us=164698 ifconfig_nowarn = DISABLED Mon Oct 27 17:54:14 2014 us=164704 ifconfig_ipv6_local = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164710 ifconfig_ipv6_netbits = 0 Mon Oct 27 17:54:14 2014 us=164715 ifconfig_ipv6_remote = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164721 shaper = 0 Mon Oct 27 17:54:14 2014 us=164727 mtu_test = 0 Mon Oct 27 17:54:14 2014 us=164733 mlock = DISABLED Mon Oct 27 17:54:14 2014 us=164739 keepalive_ping = 0 Mon Oct 27 17:54:14 2014 us=164745 keepalive_timeout = 0 Mon Oct 27 17:54:14 2014 us=164750 inactivity_timeout = 0 Mon Oct 27 17:54:14 2014 us=164756 ping_send_timeout = 0 Mon Oct 27 17:54:14 2014 us=164762 ping_rec_timeout = 0 Mon Oct 27 17:54:14 2014 us=164769 ping_rec_timeout_action = 0 Mon Oct 27 17:54:14 2014 us=164775 ping_timer_remote = DISABLED Mon Oct 27 17:54:14 2014 us=164781 remap_sigusr1 = 0 Mon Oct 27 17:54:14 2014 us=164787 persist_tun = ENABLED Mon Oct 27 17:54:14 2014 us=164793 persist_local_ip = DISABLED Mon Oct 27 17:54:14 2014 us=164798 persist_remote_ip = DISABLED Mon Oct 27 17:54:14 2014 us=164804 persist_key = ENABLED Mon Oct 27 17:54:14 2014 us=164810 passtos = DISABLED Mon Oct 27 17:54:14 2014 us=164816 resolve_retry_seconds = 1000000000 Mon Oct 27 17:54:14 2014 us=164825 username = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164831 groupname = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164837 chroot_dir = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164843 cd_dir = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164849 writepid = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164854 up_script = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164860 down_script = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164866 down_pre = DISABLED Mon Oct 27 17:54:14 2014 us=164872 up_restart = DISABLED Mon Oct 27 17:54:14 2014 us=164878 up_delay = DISABLED Mon Oct 27 17:54:14 2014 us=164883 daemon = DISABLED Mon Oct 27 17:54:14 2014 us=164889 inetd = 0 Mon Oct 27 17:54:14 2014 us=164895 log = ENABLED Mon Oct 27 17:54:14 2014 us=164901 suppress_timestamps = DISABLED Mon Oct 27 17:54:14 2014 us=164907 nice = 0 Mon Oct 27 17:54:14 2014 us=164913 verbosity = 4 Mon Oct 27 17:54:14 2014 us=164918 mute = 0 Mon Oct 27 17:54:14 2014 us=164924 gremlin = 0 Mon Oct 27 17:54:14 2014 us=164930 status_file = '/etc/openvpn/openvpn-status.log' Mon Oct 27 17:54:14 2014 us=164936 status_file_version = 1 Mon Oct 27 17:54:14 2014 us=164942 status_file_update_freq = 60 Mon Oct 27 17:54:14 2014 us=164948 occ = ENABLED Mon Oct 27 17:54:14 2014 us=164954 rcvbuf = 65536 Mon Oct 27 17:54:14 2014 us=164960 sndbuf = 65536 Mon Oct 27 17:54:14 2014 us=164965 mark = 0 Mon Oct 27 17:54:14 2014 us=164971 sockflags = 0 Mon Oct 27 17:54:14 2014 us=164977 fast_io = DISABLED Mon Oct 27 17:54:14 2014 us=164983 lzo = 7 Mon Oct 27 17:54:14 2014 us=164988 route_script = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=164994 route_default_gateway = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165000 route_default_metric = 0 Mon Oct 27 17:54:14 2014 us=165006 route_noexec = DISABLED Mon Oct 27 17:54:14 2014 us=165012 route_delay = 0 Mon Oct 27 17:54:14 2014 us=165018 route_delay_window = 30 Mon Oct 27 17:54:14 2014 us=165024 route_delay_defined = DISABLED Mon Oct 27 17:54:14 2014 us=165030 route_nopull = DISABLED Mon Oct 27 17:54:14 2014 us=165036 route_gateway_via_dhcp = DISABLED Mon Oct 27 17:54:14 2014 us=165042 max_routes = 100 Mon Oct 27 17:54:14 2014 us=165048 allow_pull_fqdn = DISABLED Mon Oct 27 17:54:14 2014 us=165054 management_addr = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165059 management_port = 0 Mon Oct 27 17:54:14 2014 us=165065 management_user_pass = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165071 management_log_history_cache = 250 Mon Oct 27 17:54:14 2014 us=165077 management_echo_buffer_size = 100 Mon Oct 27 17:54:14 2014 us=165083 management_write_peer_info_file = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165089 management_client_user = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165095 management_client_group = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165101 management_flags = 0 Mon Oct 27 17:54:14 2014 us=165107 shared_secret_file = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165113 key_direction = 0 Mon Oct 27 17:54:14 2014 us=165119 ciphername_defined = ENABLED Mon Oct 27 17:54:14 2014 us=165125 ciphername = 'BF-CBC' Mon Oct 27 17:54:14 2014 us=165131 authname_defined = ENABLED Mon Oct 27 17:54:14 2014 us=165136 authname = 'SHA1' Mon Oct 27 17:54:14 2014 us=165142 prng_hash = 'SHA1' Mon Oct 27 17:54:14 2014 us=165148 prng_nonce_secret_len = 16 Mon Oct 27 17:54:14 2014 us=165154 keysize = 0 Mon Oct 27 17:54:14 2014 us=165160 engine = DISABLED Mon Oct 27 17:54:14 2014 us=165166 replay = ENABLED Mon Oct 27 17:54:14 2014 us=165172 mute_replay_warnings = DISABLED Mon Oct 27 17:54:14 2014 us=165178 replay_window = 64 Mon Oct 27 17:54:14 2014 us=165184 replay_time = 15 Mon Oct 27 17:54:14 2014 us=165204 packet_id_file = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165211 use_iv = ENABLED Mon Oct 27 17:54:14 2014 us=165217 test_crypto = DISABLED Mon Oct 27 17:54:14 2014 us=165223 tls_server = DISABLED Mon Oct 27 17:54:14 2014 us=165229 tls_client = ENABLED Mon Oct 27 17:54:14 2014 us=165235 key_method = 2 Mon Oct 27 17:54:14 2014 us=165241 ca_file = '/etc/openvpn/ca.crt' Mon Oct 27 17:54:14 2014 us=165253 ca_path = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165260 dh_file = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165266 cert_file = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165272 priv_key_file = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165278 pkcs12_file = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165284 cipher_list = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165290 tls_verify = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165296 tls_export_cert = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165302 verify_x509_type = 0 Mon Oct 27 17:54:14 2014 us=165308 verify_x509_name = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165313 crl_file = '/etc/openvpn/crl.pem' Mon Oct 27 17:54:14 2014 us=165319 ns_cert_type = 0 Mon Oct 27 17:54:14 2014 us=165325 remote_cert_ku[i] = 160 Mon Oct 27 17:54:14 2014 us=165331 remote_cert_ku[i] = 136 Mon Oct 27 17:54:14 2014 us=165337 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165343 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165348 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165354 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165360 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165366 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165371 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165377 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165383 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165389 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165394 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165400 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165406 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165412 remote_cert_ku[i] = 0 Mon Oct 27 17:54:14 2014 us=165418 remote_cert_eku = 'TLS Web Server Authentication' Mon Oct 27 17:54:14 2014 us=165424 ssl_flags = 0 Mon Oct 27 17:54:14 2014 us=165430 tls_timeout = 2 Mon Oct 27 17:54:14 2014 us=165436 renegotiate_bytes = 0 Mon Oct 27 17:54:14 2014 us=165442 renegotiate_packets = 0 Mon Oct 27 17:54:14 2014 us=165447 renegotiate_seconds = 0 Mon Oct 27 17:54:14 2014 us=165453 handshake_window = 60 Mon Oct 27 17:54:14 2014 us=165459 transition_window = 3600 Mon Oct 27 17:54:14 2014 us=165465 single_session = DISABLED Mon Oct 27 17:54:14 2014 us=165471 push_peer_info = DISABLED Mon Oct 27 17:54:14 2014 us=165476 tls_exit = DISABLED Mon Oct 27 17:54:14 2014 us=165482 tls_auth_file = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165488 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165494 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165500 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165506 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165512 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165518 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165524 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165529 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165535 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165541 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165547 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165553 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165559 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165564 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165570 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165576 pkcs11_protected_authentication = DISABLED Mon Oct 27 17:54:14 2014 us=165582 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165588 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165594 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165600 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165606 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165617 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165624 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165630 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165636 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165642 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165648 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165654 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165660 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165666 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165672 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165678 pkcs11_private_mode = 00000000 Mon Oct 27 17:54:14 2014 us=165683 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165689 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165695 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165701 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165707 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165712 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165718 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165724 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165730 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165736 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165741 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165747 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165753 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165759 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165764 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165770 pkcs11_cert_private = DISABLED Mon Oct 27 17:54:14 2014 us=165776 pkcs11_pin_cache_period = -1 Mon Oct 27 17:54:14 2014 us=165782 pkcs11_id = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=165788 pkcs11_id_management = DISABLED Mon Oct 27 17:54:14 2014 us=166003 server_network = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166025 server_netmask = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166034 server_network_ipv6 = :: Mon Oct 27 17:54:14 2014 us=166040 server_netbits_ipv6 = 0 Mon Oct 27 17:54:14 2014 us=166047 server_bridge_ip = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166053 server_bridge_netmask = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166060 server_bridge_pool_start = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166067 server_bridge_pool_end = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166073 ifconfig_pool_defined = DISABLED Mon Oct 27 17:54:14 2014 us=166079 ifconfig_pool_start = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166086 ifconfig_pool_end = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166092 ifconfig_pool_netmask = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166098 ifconfig_pool_persist_filename = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=166105 ifconfig_pool_persist_refresh_freq = 600 Mon Oct 27 17:54:14 2014 us=166111 ifconfig_ipv6_pool_defined = DISABLED Mon Oct 27 17:54:14 2014 us=166117 ifconfig_ipv6_pool_base = :: Mon Oct 27 17:54:14 2014 us=166123 ifconfig_ipv6_pool_netbits = 0 Mon Oct 27 17:54:14 2014 us=166129 n_bcast_buf = 256 Mon Oct 27 17:54:14 2014 us=166135 tcp_queue_limit = 64 Mon Oct 27 17:54:14 2014 us=166141 real_hash_size = 256 Mon Oct 27 17:54:14 2014 us=166147 virtual_hash_size = 256 Mon Oct 27 17:54:14 2014 us=166153 client_connect_script = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=166159 learn_address_script = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=166165 client_disconnect_script = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=166172 client_config_dir = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=166178 ccd_exclusive = DISABLED Mon Oct 27 17:54:14 2014 us=166184 tmp_dir = '/tmp' Mon Oct 27 17:54:14 2014 us=166203 push_ifconfig_defined = DISABLED Mon Oct 27 17:54:14 2014 us=166210 push_ifconfig_local = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166217 push_ifconfig_remote_netmask = 0.0.0.0 Mon Oct 27 17:54:14 2014 us=166223 push_ifconfig_ipv6_defined = DISABLED Mon Oct 27 17:54:14 2014 us=166240 push_ifconfig_ipv6_local = ::/0 Mon Oct 27 17:54:14 2014 us=166248 push_ifconfig_ipv6_remote = :: Mon Oct 27 17:54:14 2014 us=166254 enable_c2c = DISABLED Mon Oct 27 17:54:14 2014 us=166260 duplicate_cn = DISABLED Mon Oct 27 17:54:14 2014 us=166266 cf_max = 0 Mon Oct 27 17:54:14 2014 us=166272 cf_per = 0 Mon Oct 27 17:54:14 2014 us=166278 max_clients = 1024 Mon Oct 27 17:54:14 2014 us=166284 max_routes_per_client = 256 Mon Oct 27 17:54:14 2014 us=166290 auth_user_pass_verify_script = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=166296 auth_user_pass_verify_script_via_file = DISABLED Mon Oct 27 17:54:14 2014 us=166302 port_share_host = '[UNDEF]' Mon Oct 27 17:54:14 2014 us=166308 port_share_port = 0 Mon Oct 27 17:54:14 2014 us=166314 client = ENABLED Mon Oct 27 17:54:14 2014 us=166320 pull = ENABLED Mon Oct 27 17:54:14 2014 us=166326 auth_user_pass_file = '/etc/openvpn/login.pia' Mon Oct 27 17:54:14 2014 us=166334 OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 2013 Mon Oct 27 17:54:14 2014 us=199516 LZO compression initialized Mon Oct 27 17:54:14 2014 us=199583 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Mon Oct 27 17:54:14 2014 us=199625 Socket Buffers: R=[124928->131072] S=[124928->131072] Mon Oct 27 17:54:14 2014 us=202292 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Oct 27 17:54:14 2014 us=202322 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client' Mon Oct 27 17:54:14 2014 us=202330 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server' Mon Oct 27 17:54:14 2014 us=202348 Local Options hash (VER=V4): '41690919' Mon Oct 27 17:54:14 2014 us=202359 Expected Remote Options hash (VER=V4): '530fdded' Mon Oct 27 17:54:14 2014 us=202372 UDPv4 link local (bound): [AF_INET]192.168.100.13:1194 Mon Oct 27 17:54:14 2014 us=202379 UDPv4 link remote: [AF_INET]93.115.83.244:1194 Mon Oct 27 17:54:14 2014 us=239323 TLS: Initial packet from [AF_INET]93.115.83.244:1194, sid=bb2e3c12 9e137b77 Mon Oct 27 17:54:14 2014 us=239417 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Mon Oct 27 17:54:14 2014 us=472807 CRL CHECK OK: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, emailAddress=secure@privateinternetaccess.com Mon Oct 27 17:54:14 2014 us=472851 VERIFY OK: depth=1, C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, emailAddress=secure@privateinternetaccess.com Mon Oct 27 17:54:14 2014 us=472999 Validating certificate key usage Mon Oct 27 17:54:14 2014 us=473009 ++ Certificate has key usage 00a0, expects 00a0 Mon Oct 27 17:54:14 2014 us=473016 VERIFY KU OK Mon Oct 27 17:54:14 2014 us=473025 Validating certificate extended key usage Mon Oct 27 17:54:14 2014 us=473033 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Mon Oct 27 17:54:14 2014 us=473040 VERIFY EKU OK Mon Oct 27 17:54:14 2014 us=473087 CRL CHECK OK: C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com Mon Oct 27 17:54:14 2014 us=473106 VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com Mon Oct 27 17:54:14 2014 us=639441 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Oct 27 17:54:14 2014 us=639472 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Oct 27 17:54:14 2014 us=639518 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Oct 27 17:54:14 2014 us=639526 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Oct 27 17:54:14 2014 us=639577 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Mon Oct 27 17:54:14 2014 us=639597 [Private Internet Access] Peer Connection Initiated with [AF_INET]93.115.83.244:1194 Mon Oct 27 17:54:16 2014 us=697840 SENT CONTROL [Private Internet Access]: 'PUSH_REQUEST' (status=1) Mon Oct 27 17:54:16 2014 us=734290 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,route 10.126.1.1,topology net30,ifconfig 10.126.1.6 10.126.1.5' Mon Oct 27 17:54:16 2014 us=734376 OPTIONS IMPORT: timers and/or timeouts modified Mon Oct 27 17:54:16 2014 us=734386 OPTIONS IMPORT: --ifconfig/up options modified Mon Oct 27 17:54:16 2014 us=734393 OPTIONS IMPORT: route options modified Mon Oct 27 17:54:16 2014 us=734398 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Mon Oct 27 17:54:16 2014 us=734549 ROUTE_GATEWAY 192.168.100.10/255.255.255.0 IFACE=eth1 HWADDR=00:0c:29:6f:fa:48 Mon Oct 27 17:54:16 2014 us=746608 TUN/TAP device tun0 opened Mon Oct 27 17:54:16 2014 us=746628 TUN/TAP TX queue length set to 100 Mon Oct 27 17:54:16 2014 us=746641 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Mon Oct 27 17:54:16 2014 us=746659 /sbin/ip link set dev tun0 up mtu 1500 Mon Oct 27 17:54:16 2014 us=748139 /sbin/ip addr add dev tun0 local 10.126.1.6 peer 10.126.1.5 Mon Oct 27 17:54:16 2014 us=748976 /sbin/ip route add 93.115.83.244/32 via 192.168.100.10 Mon Oct 27 17:54:16 2014 us=749737 /sbin/ip route add 0.0.0.0/1 via 10.126.1.5 Mon Oct 27 17:54:16 2014 us=750310 /sbin/ip route add 128.0.0.0/1 via 10.126.1.5 Mon Oct 27 17:54:16 2014 us=750803 /sbin/ip route add 10.126.1.1/32 via 10.126.1.5 Mon Oct 27 17:54:16 2014 us=751309 Initialization Sequence Completed Mon Oct 27 17:56:45 2014 us=819279 event_wait : Interrupted system call (code=4) Mon Oct 27 17:56:45 2014 us=819485 TCP/UDP: Closing socket Mon Oct 27 17:56:45 2014 us=819530 /sbin/ip route del 10.126.1.1/32 Mon Oct 27 17:56:45 2014 us=820269 /sbin/ip route del 93.115.83.244/32 Mon Oct 27 17:56:45 2014 us=820850 /sbin/ip route del 0.0.0.0/1 Mon Oct 27 17:56:45 2014 us=821401 /sbin/ip route del 128.0.0.0/1 Mon Oct 27 17:56:45 2014 us=821927 Closing TUN/TAP interface Mon Oct 27 17:56:45 2014 us=821953 /sbin/ip addr del dev tun0 local 10.126.1.6 peer 10.126.1.5 Mon Oct 27 17:56:45 2014 us=834264 SIGINT[hard,] received, process exiting