Issue
ibVPN just not working
I have installed ibVPN created an account on the way. It appears this all works fine but when I add an LAN ip-address in the app (so it starts using the vpn) that ip-address in the LAN no longer has outside network access (LAN works just fine). Any connection to the outside world e.g. www.google.com just fails..
Some information:
And the ibvpn logging from /var/log/messages:
Some information:
[root@fileserver /]# rpm -q app-ibvpn
app-ibvpn-1.2.4-1.v7.noarch
[root@fileserver /]# ip rule ls
0: from all lookup local
20: from 192.168.3.130 lookup 20
32766: from all lookup main
32767: from all lookup default
[root@fileserver /]# ip route ls table 20
default via 10.10.10.1 dev ibvpn
10.8.0.0/24 via 10.8.0.2 dev tun1
10.8.0.2 dev tun1 proto kernel scope link src 10.8.0.1
10.8.10.0/24 via 10.8.10.2 dev tun0
10.8.10.2 dev tun0 proto kernel scope link src 10.8.10.1
10.10.10.0/24 dev ibvpn proto kernel scope link src 10.10.10.20
192.168.1.0/24 dev eno33554952 proto kernel scope link src 192.168.1.5
192.168.3.0/24 dev eno16777728 proto kernel scope link src 192.168.3.1
[root@fileserver /]# ifconfig
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.3.1 netmask 255.255.255.0 broadcast 192.168.3.255
inet6 fe80::250:56ff:fe3a:7826 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:3a:78:26 txqueuelen 1000 (Ethernet)
RX packets 1469522723 bytes 630402700909 (587.1 GiB)
RX errors 0 dropped 2 overruns 0 frame 0
TX packets 2082190388 bytes 3207331495706 (2.9 TiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno33554952: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.5 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::250:56ff:fe24:81e0 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:24:81:e0 txqueuelen 1000 (Ethernet)
RX packets 1590032332 bytes 1896834305082 (1.7 TiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1066102434 bytes 461938351208 (430.2 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ibvpn: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.10.10.20 netmask 255.255.255.0 broadcast 10.10.10.255
inet6 fe80::ec68:9bff:fe16:4fe7 prefixlen 64 scopeid 0x20<link>
ether ee:68:9b:16:4f:e7 txqueuelen 100 (Ethernet)
RX packets 69 bytes 30792 (30.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
imq0: flags=193<UP,RUNNING,NOARP> mtu 16000
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 11000 (UNSPEC)
RX packets 1598 bytes 336364 (328.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1598 bytes 336364 (328.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
imq1: flags=193<UP,RUNNING,NOARP> mtu 16000
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 11000 (UNSPEC)
RX packets 1763 bytes 780708 (762.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1763 bytes 780708 (762.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 176329687 bytes 4732251947299 (4.3 TiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 176329687 bytes 4732251947299 (4.3 TiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.10.1 netmask 255.255.255.255 destination 10.8.10.2
inet6 fe80::3f04:145:efd:5839 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 428461 bytes 165613380 (157.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.255 destination 10.8.0.2
inet6 fe80::b974:63c8:f8f5:e341 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 114803 bytes 6905322 (6.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 637428 bytes 439064696 (418.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
And the ibvpn logging from /var/log/messages:
May 10 14:08:12 fileserver webconfig: Redirecting to /bin/systemctl start ibvpn.service
May 10 14:08:13 fileserver ibvpn[81768]: DEPRECATED OPTION: --max-routes option ignored.The number of routes is unlimited as of OpenVPN 2.4. This option will be removed in a future version, please remove it from your configuration.
May 10 14:08:13 fileserver systemd: PID file /var/run/ibvpn/ibvpn.pid not readable (yet?) after start.
May 10 14:08:13 fileserver ibvpn[81768]: OpenVPN 2.4.4 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 26 2017
May 10 14:08:13 fileserver ibvpn[81768]: library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
May 10 14:08:13 fileserver ibvpn[81770]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
May 10 14:08:13 fileserver ibvpn[81770]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 10 14:08:13 fileserver ibvpn[81770]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1420)
May 10 14:08:13 fileserver ibvpn[81770]: RESOLVE: Cannot resolve host address: -:1194 (Name or service not known)
May 10 14:08:13 fileserver ibvpn[81770]: RESOLVE: Cannot resolve host address: -:1194 (Name or service not known)
May 10 14:08:13 fileserver ibvpn[81770]: Could not determine IPv4/IPv6 protocol
May 10 14:08:13 fileserver ibvpn[81770]: SIGUSR1[soft,init_instance] received, process restarting
May 10 14:08:13 fileserver ibvpn[81770]: Restart pause, 10 second(s)
May 10 14:08:23 fileserver ibvpn[81770]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
May 10 14:08:23 fileserver ibvpn[81770]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 10 14:08:23 fileserver ibvpn[81770]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1420)
May 10 14:08:23 fileserver ibvpn[81770]: RESOLVE: Cannot resolve host address: -:80 (Name or service not known)
May 10 14:08:23 fileserver ibvpn[81770]: RESOLVE: Cannot resolve host address: -:80 (Name or service not known)
May 10 14:08:23 fileserver ibvpn[81770]: Could not determine IPv4/IPv6 protocol
May 10 14:08:23 fileserver ibvpn[81770]: SIGUSR1[soft,init_instance] received, process restarting
May 10 14:08:23 fileserver ibvpn[81770]: Restart pause, 10 second(s)
May 10 14:08:33 fileserver ibvpn[81770]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
May 10 14:08:33 fileserver ibvpn[81770]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 10 14:08:33 fileserver ibvpn[81770]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1420)
May 10 14:08:33 fileserver ibvpn[81770]: RESOLVE: Cannot resolve host address: -:53 (Name or service not known)
May 10 14:08:33 fileserver ibvpn[81770]: RESOLVE: Cannot resolve host address: -:53 (Name or service not known)
May 10 14:08:33 fileserver ibvpn[81770]: Could not determine IPv4/IPv6 protocol
May 10 14:08:33 fileserver ibvpn[81770]: SIGUSR1[soft,init_instance] received, process restarting
May 10 14:08:33 fileserver ibvpn[81770]: Restart pause, 10 second(s)
May 10 14:08:43 fileserver ibvpn[81770]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
May 10 14:08:43 fileserver ibvpn[81770]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 10 14:08:43 fileserver ibvpn[81770]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1420)
May 10 14:08:43 fileserver ibvpn[81770]: RESOLVE: Cannot resolve host address: -:443 (Name or service not known)
May 10 14:08:43 fileserver ibvpn[81770]: RESOLVE: Cannot resolve host address: -:443 (Name or service not known)
May 10 14:08:43 fileserver ibvpn[81770]: Could not determine IPv4/IPv6 protocol
May 10 14:08:43 fileserver ibvpn[81770]: SIGUSR1[soft,init_instance] received, process restarting
May 10 14:08:43 fileserver ibvpn[81770]: Restart pause, 10 second(s)
May 10 14:08:53 fileserver ibvpn[81770]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
May 10 14:08:53 fileserver ibvpn[81770]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 10 14:08:53 fileserver ibvpn[81770]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1420)
May 10 14:08:53 fileserver ibvpn[81770]: TCP/UDP: Preserving recently used remote address: [AF_INET]85.17.136.249:1194
May 10 14:08:53 fileserver ibvpn[81770]: Socket Buffers: R=[229376->229376] S=[229376->229376]
May 10 14:08:53 fileserver ibvpn[81770]: UDP link local (bound): [AF_INET]192.168.1.5:1190
May 10 14:08:53 fileserver ibvpn[81770]: UDP link remote: [AF_INET]85.17.136.249:1194
May 10 14:08:53 fileserver ibvpn[81770]: TLS: Initial packet from [AF_INET]85.17.136.249:1194, sid=913bd702 fee5b684
May 10 14:08:53 fileserver ibvpn[81770]: VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, [email protected]
May 10 14:08:53 fileserver ibvpn[81770]: VERIFY OK: nsCertType=SERVER
May 10 14:08:53 fileserver ibvpn[81770]: VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=server, [email protected]
May 10 14:08:53 fileserver ibvpn[81770]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1452', remote='tun-mtu 1532'
May 10 14:08:53 fileserver ibvpn[81770]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
May 10 14:08:53 fileserver ibvpn[81770]: [server] Peer Connection Initiated with [AF_INET]85.17.136.249:1194
May 10 14:08:54 fileserver ibvpn[81770]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
May 10 14:08:54 fileserver ibvpn[81770]: PUSH: Received control message: 'PUSH_REPLY,show-net-up,route-gateway 10.10.10.1,ping 10,ping-restart 60,redirect-gateway def1,dhcp-option DNS 1.2.3.4,ifconfig 10.10.10.20 255.255.255.0'
May 10 14:08:54 fileserver ibvpn[81770]: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:1: show-net-up (2.4.4)
May 10 14:08:54 fileserver ibvpn[81770]: OPTIONS IMPORT: timers and/or timeouts modified
May 10 14:08:54 fileserver ibvpn[81770]: OPTIONS IMPORT: --ifconfig/up options modified
May 10 14:08:54 fileserver ibvpn[81770]: OPTIONS IMPORT: route options modified
May 10 14:08:54 fileserver ibvpn[81770]: OPTIONS IMPORT: route-related options modified
May 10 14:08:54 fileserver ibvpn[81770]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
May 10 14:08:54 fileserver ibvpn[81770]: Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
May 10 14:08:54 fileserver ibvpn[81770]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
May 10 14:08:54 fileserver ibvpn[81770]: Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
May 10 14:08:54 fileserver ibvpn[81770]: Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
May 10 14:08:54 fileserver ibvpn[81770]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
May 10 14:08:54 fileserver ibvpn[81770]: Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
May 10 14:08:54 fileserver ibvpn[81770]: WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
May 10 14:08:54 fileserver ibvpn[81770]: ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eno33554952 HWADDR=00:50:56:24:81:e0
May 10 14:08:54 fileserver ibvpn[81770]: TUN/TAP device ibvpn opened
May 10 14:08:54 fileserver ibvpn[81770]: TUN/TAP TX queue length set to 100
May 10 14:08:54 fileserver ibvpn[81770]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
May 10 14:08:54 fileserver ibvpn[81770]: /sbin/ip link set dev ibvpn up mtu 1500
May 10 14:08:54 fileserver ibvpn[81770]: /sbin/ip addr add dev ibvpn 10.10.10.20/24 broadcast 10.10.10.255
May 10 14:08:55 fileserver ntpd[61465]: Listen normally on 18 ibvpn 10.10.10.20 UDP 123
May 10 14:08:56 fileserver ibvpn[81770]: Initialization Sequence Completed
May 10 14:08:57 fileserver ntpd[61465]: Listen normally on 19 ibvpn fe80::d0d7:29ff:fe4d:6c3 UDP 123
May 10 14:25:14 fileserver ibvpn[81770]: event_wait : Interrupted system call (code=4)
May 10 14:25:14 fileserver ibvpn[81770]: SIGTERM received, sending exit notification to peer
May 10 14:25:17 fileserver ibvpn[81770]: Closing TUN/TAP interface
May 10 14:25:17 fileserver ibvpn[81770]: /sbin/ip addr del dev ibvpn 10.10.10.20/24
May 10 14:25:17 fileserver ibvpn[81770]: /etc/clearos/ibvpn.d/route-down.sh ibvpn 1500 1578 10.10.10.20 255.255.255.0 init
May 10 14:25:17 fileserver ibvpn[81770]: SIGTERM[soft,exit-with-notification] received, process exiting
May 10 14:25:18 fileserver ntpd[61465]: Deleting interface #19 ibvpn, fe80::d0d7:29ff:fe4d:6c3#123, interface stats: received=0, sent=0, dropped=0, active_time=981 secs
May 10 14:25:18 fileserver ntpd[61465]: Deleting interface #18 ibvpn, 10.10.10.20#123, interface stats: received=0, sent=0, dropped=0, active_time=983 secs
May 10 14:25:23 fileserver ibvpn[86231]: DEPRECATED OPTION: --max-routes option ignored.The number of routes is unlimited as of OpenVPN 2.4. This option will be removed in a future version, please remove it from your configuration.
May 10 14:25:23 fileserver ibvpn[86231]: OpenVPN 2.4.4 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 26 2017
May 10 14:25:23 fileserver ibvpn[86231]: library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
May 10 14:25:23 fileserver systemd: PID file /var/run/ibvpn/ibvpn.pid not readable (yet?) after start.
May 10 14:25:23 fileserver ibvpn[86234]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
May 10 14:25:23 fileserver ibvpn[86234]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 10 14:25:23 fileserver ibvpn[86234]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1420)
May 10 14:25:23 fileserver ibvpn[86234]: RESOLVE: Cannot resolve host address: -:1194 (Name or service not known)
May 10 14:25:23 fileserver ibvpn[86234]: RESOLVE: Cannot resolve host address: -:1194 (Name or service not known)
May 10 14:25:23 fileserver ibvpn[86234]: Could not determine IPv4/IPv6 protocol
May 10 14:25:23 fileserver ibvpn[86234]: SIGUSR1[soft,init_instance] received, process restarting
May 10 14:25:23 fileserver ibvpn[86234]: Restart pause, 10 second(s)
May 10 14:25:33 fileserver ibvpn[86234]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
May 10 14:25:33 fileserver ibvpn[86234]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 10 14:25:33 fileserver ibvpn[86234]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1420)
May 10 14:25:33 fileserver ibvpn[86234]: RESOLVE: Cannot resolve host address: -:80 (Name or service not known)
May 10 14:25:33 fileserver ibvpn[86234]: RESOLVE: Cannot resolve host address: -:80 (Name or service not known)
May 10 14:25:33 fileserver ibvpn[86234]: Could not determine IPv4/IPv6 protocol
May 10 14:25:33 fileserver ibvpn[86234]: SIGUSR1[soft,init_instance] received, process restarting
May 10 14:25:33 fileserver ibvpn[86234]: Restart pause, 10 second(s)
May 10 14:25:43 fileserver ibvpn[86234]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
May 10 14:25:43 fileserver ibvpn[86234]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 10 14:25:43 fileserver ibvpn[86234]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1420)
May 10 14:25:43 fileserver ibvpn[86234]: RESOLVE: Cannot resolve host address: -:53 (Name or service not known)
May 10 14:25:43 fileserver ibvpn[86234]: RESOLVE: Cannot resolve host address: -:53 (Name or service not known)
May 10 14:25:43 fileserver ibvpn[86234]: Could not determine IPv4/IPv6 protocol
May 10 14:25:43 fileserver ibvpn[86234]: SIGUSR1[soft,init_instance] received, process restarting
May 10 14:25:43 fileserver ibvpn[86234]: Restart pause, 10 second(s)
May 10 14:25:53 fileserver ibvpn[86234]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
May 10 14:25:53 fileserver ibvpn[86234]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 10 14:25:53 fileserver ibvpn[86234]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1420)
May 10 14:25:53 fileserver ibvpn[86234]: RESOLVE: Cannot resolve host address: -:443 (Name or service not known)
May 10 14:25:53 fileserver ibvpn[86234]: RESOLVE: Cannot resolve host address: -:443 (Name or service not known)
May 10 14:25:53 fileserver ibvpn[86234]: Could not determine IPv4/IPv6 protocol
May 10 14:25:53 fileserver ibvpn[86234]: SIGUSR1[soft,init_instance] received, process restarting
May 10 14:25:53 fileserver ibvpn[86234]: Restart pause, 10 second(s)
May 10 14:26:03 fileserver ibvpn[86234]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
May 10 14:26:03 fileserver ibvpn[86234]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 10 14:26:03 fileserver ibvpn[86234]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1420)
May 10 14:26:03 fileserver ibvpn[86234]: TCP/UDP: Preserving recently used remote address: [AF_INET]85.17.136.249:1194
May 10 14:26:03 fileserver ibvpn[86234]: Socket Buffers: R=[229376->229376] S=[229376->229376]
May 10 14:26:03 fileserver ibvpn[86234]: UDP link local (bound): [AF_INET]192.168.1.5:1190
May 10 14:26:03 fileserver ibvpn[86234]: UDP link remote: [AF_INET]85.17.136.249:1194
May 10 14:26:03 fileserver ibvpn[86234]: TLS: Initial packet from [AF_INET]85.17.136.249:1194, sid=4ca95392 42b31cad
May 10 14:26:03 fileserver ibvpn[86234]: VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=Fort-Funston CA, [email protected]
May 10 14:26:03 fileserver ibvpn[86234]: VERIFY OK: nsCertType=SERVER
May 10 14:26:03 fileserver ibvpn[86234]: VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, CN=server, [email protected]
May 10 14:26:03 fileserver ibvpn[86234]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1452', remote='tun-mtu 1532'
May 10 14:26:03 fileserver ibvpn[86234]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
May 10 14:26:03 fileserver ibvpn[86234]: [server] Peer Connection Initiated with [AF_INET]85.17.136.249:1194
May 10 14:26:04 fileserver ibvpn[86234]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
May 10 14:26:04 fileserver ibvpn[86234]: PUSH: Received control message: 'PUSH_REPLY,show-net-up,route-gateway 10.10.10.1,ping 10,ping-restart 60,redirect-gateway def1,dhcp-option DNS 1.2.3.4,ifconfig 10.10.10.20 255.255.255.0'
May 10 14:26:04 fileserver ibvpn[86234]: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:1: show-net-up (2.4.4)
May 10 14:26:04 fileserver ibvpn[86234]: OPTIONS IMPORT: timers and/or timeouts modified
May 10 14:26:04 fileserver ibvpn[86234]: OPTIONS IMPORT: --ifconfig/up options modified
May 10 14:26:04 fileserver ibvpn[86234]: OPTIONS IMPORT: route options modified
May 10 14:26:04 fileserver ibvpn[86234]: OPTIONS IMPORT: route-related options modified
May 10 14:26:04 fileserver ibvpn[86234]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
May 10 14:26:04 fileserver ibvpn[86234]: Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
May 10 14:26:04 fileserver ibvpn[86234]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
May 10 14:26:04 fileserver ibvpn[86234]: Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
May 10 14:26:04 fileserver ibvpn[86234]: Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
May 10 14:26:04 fileserver ibvpn[86234]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
May 10 14:26:04 fileserver ibvpn[86234]: Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
May 10 14:26:04 fileserver ibvpn[86234]: WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
May 10 14:26:04 fileserver ibvpn[86234]: ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eno33554952 HWADDR=00:50:56:24:81:e0
May 10 14:26:04 fileserver ibvpn[86234]: TUN/TAP device ibvpn opened
May 10 14:26:04 fileserver ibvpn[86234]: TUN/TAP TX queue length set to 100
May 10 14:26:04 fileserver ibvpn[86234]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
May 10 14:26:04 fileserver ibvpn[86234]: /sbin/ip link set dev ibvpn up mtu 1500
May 10 14:26:04 fileserver ibvpn[86234]: /sbin/ip addr add dev ibvpn 10.10.10.20/24 broadcast 10.10.10.255
May 10 14:26:05 fileserver ntpd[61465]: Listen normally on 20 ibvpn 10.10.10.20 UDP 123
May 10 14:26:06 fileserver ibvpn[86234]: Initialization Sequence Completed
May 10 14:26:07 fileserver ntpd[61465]: Listen normally on 21 ibvpn fe80::60b9:5eff:fee2:f0ec UDP 123
In ibVPN
Share this post:
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »