You are not logged in.

Pages: 1 2

#26 2024-10-20 16:39:50

-thc
Member
Registered: 2017-03-15
Posts: 739

Re: VPN issue...[Closed] T_T ru guys, welcome.

tupadown228 wrote:

Yes, i run networkmanager-openvpn and then openvpn, but i posted logs from openvpn, bcz it should be under the hood of networkmanager-openvpn, so it has more credibility...

There's is a problem here. You don't need to start "networkmanager-openvpn and then openvpn".

You can import a OpenVPN config file into NetworkManager (NM). NM will start OpenVPN (with root privileges) via it's openvpn plugin (networkmanager-openvpn) and will write the log snippet I posted above.

So the error you posted could not have happened if you started the VPN via NM.

So how did you start OpenVPN?

Offline

#27 2024-10-20 16:49:45

tupadown228
Member
Registered: 2022-10-25
Posts: 45

Re: VPN issue...[Closed] T_T ru guys, welcome.

So how did you start OpenVPN?

I do not start them at the same time.

First I start NM-ovpn via gui( config is already added in nm-ovpn), make checks, then stop NM-ovpn via gui.
Then I start openvpn /path/user.ovpn, make checks(if i not forget about root *facepalm*), then stop it.

that's all.

Last edited by tupadown228 (2024-10-20 16:58:30)

Offline

#28 2024-10-20 19:09:12

tupadown228
Member
Registered: 2022-10-25
Posts: 45

Re: VPN issue...[Closed] T_T ru guys, welcome.

Could the problem be in my internet provider? Then I wouldn't even be able to connect, right?

Last edited by tupadown228 (2024-10-20 19:12:42)

Offline

#29 2024-10-20 20:12:33

-thc
Member
Registered: 2017-03-15
Posts: 739

Re: VPN issue...[Closed] T_T ru guys, welcome.

tupadown228 wrote:

First I start NM-ovpn via gui( config is already added in nm-ovpn), make checks, then stop NM-ovpn via gui.
Then I start openvpn /path/user.ovpn, make checks(if i not forget about root *facepalm*), then stop it.

You can do this - but your "checks" have limited value for your "/path/user.ovpn" - because NM does not use this file.
NM calls OpenVPN with quite a lot of additional and substituted options (including the infamous "verb 1" among others).

Which means you use two separate sets of configuration for OpenVPN.
Just to be clear - are you aware of this?

Offline

#30 2024-10-20 20:21:50

tupadown228
Member
Registered: 2022-10-25
Posts: 45

Re: VPN issue...[Closed] T_T ru guys, welcome.

Which means you use two separate sets of configuration for OpenVPN.
Just to be clear - are you aware of this?

I use last client and server confings, which you made. I start NM with your last client conf and after that I start the same conf via openvpn client... I made marks so as not to get confused too... How can i proof that?

Offline

#31 2024-10-20 20:32:47

-thc
Member
Registered: 2017-03-15
Posts: 739

Re: VPN issue...[Closed] T_T ru guys, welcome.

O.K. - I take this as a yes.

When you start OpenVPN with root privileges and the last config - can you ping 10.8.0.1?

Offline

#32 2024-10-20 21:00:10

tupadown228
Member
Registered: 2022-10-25
Posts: 45

Re: VPN issue...[Closed] T_T ru guys, welcome.

No, i can't xD  ( i can ping 10.8.0.1, but there is no response ). ping 10.8.0.2 works.

ovpn logs with root smile

2024-10-20 23:55:06 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-10-20 23:55:06 Note: Kernel support for ovpn-dco missing, disabling data channel offload.
2024-10-20 23:55:06 OpenVPN 2.6.12 [git:makepkg/038a94bae57a446c+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Jul 18 2024
2024-10-20 23:55:06 library versions: OpenSSL 3.2.0 23 Nov 2023, LZO 2.10
2024-10-20 23:55:06 DCO version: N/A
2024-10-20 23:55:06 TCP/UDP: Preserving recently used remote address: [AF_INET]REMOTE_MACHINE_IP:11994
2024-10-20 23:55:06 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-10-20 23:55:06 UDPv4 link local: (not bound)
2024-10-20 23:55:06 UDPv4 link remote: [AF_INET]REMOTE_MACHINE_IP:11994
2024-10-20 23:55:06 TLS: Initial packet from [AF_INET]REMOTE_MACHINE_IP:11994, sid=7bbcdd00 a82b79e7
2024-10-20 23:55:07 VERIFY OK: depth=1, CN=cn_qHIl2i2Rlyyfw4WD
2024-10-20 23:55:07 VERIFY KU OK
2024-10-20 23:55:07 Validating certificate extended key usage
2024-10-20 23:55:07 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-10-20 23:55:07 VERIFY EKU OK
2024-10-20 23:55:07 VERIFY OK: depth=0, CN=server_A7vEzNqMWKlJHLcR
2024-10-20 23:55:07 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bits ECprime256v1, signature: ecdsa-with-SHA256, peer temporary key: 256 bits ECprime256v1
2024-10-20 23:55:07 [server_A7vEzNqMWKlJHLcR] Peer Connection Initiated with [AF_INET]REMOTE_MACHINE_IP:11994
2024-10-20 23:55:07 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-10-20 23:55:07 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-10-20 23:55:07 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1 255.255.255.0,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,redirect-gateway def1 bypass-dhcp,tun-ipv6,route-ipv6 2000::/3,redirect-gateway ipv6,tun-ipv6,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 fd42:42:42:42::2/112 fd42:42:42:42::1,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2024-10-20 23:55:07 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
2024-10-20 23:55:07 OPTIONS IMPORT: --ifconfig/up options modified
2024-10-20 23:55:07 OPTIONS IMPORT: route options modified
2024-10-20 23:55:07 OPTIONS IMPORT: route-related options modified
2024-10-20 23:55:07 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-10-20 23:55:07 net_route_v4_best_gw query: dst 0.0.0.0
2024-10-20 23:55:07 net_route_v4_best_gw result: via 192.168.0.2 dev wlan0
2024-10-20 23:55:07 ROUTE_GATEWAY 192.168.0.2/255.255.255.0 IFACE=wlan0 HWADDR=84:7b:57:67:69:0c
2024-10-20 23:55:07 GDG6: remote_host_ipv6=n/a
2024-10-20 23:55:07 net_route_v6_best_gw query: dst ::
2024-10-20 23:55:07 sitnl_send: rtnl: generic error (-101): Network is unreachable
2024-10-20 23:55:07 ROUTE6: default_gateway=UNDEF
2024-10-20 23:55:07 TUN/TAP device tun0 opened
2024-10-20 23:55:07 net_iface_mtu_set: mtu 1500 for tun0
2024-10-20 23:55:07 net_iface_up: set tun0 up
2024-10-20 23:55:07 net_addr_v4_add: 10.8.0.2/24 dev tun0
2024-10-20 23:55:07 net_iface_mtu_set: mtu 1500 for tun0
2024-10-20 23:55:07 net_iface_up: set tun0 up
2024-10-20 23:55:07 net_addr_v6_add: fd42:42:42:42::2/112 dev tun0
2024-10-20 23:55:07 net_route_v4_add: REMOTE_MACHINE_IP/32 via 192.168.0.2 dev [NULL] table 0 metric -1
2024-10-20 23:55:07 net_route_v4_add: 0.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
2024-10-20 23:55:07 net_route_v4_add: 128.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
2024-10-20 23:55:07 net_route_v4_add: 10.8.0.1/24 via 10.8.0.1 dev [NULL] table 0 metric -1
2024-10-20 23:55:07 sitnl_send: rtnl: generic error (-22): Invalid argument
2024-10-20 23:55:07 ERROR: Linux route add command failed
2024-10-20 23:55:07 add_route_ipv6(2000::/3 -> fd42:42:42:42::1 metric -1) dev tun0
2024-10-20 23:55:07 net_route_v6_add: 2000::/3 via :: dev tun0 table 0 metric -1
2024-10-20 23:55:07 add_route_ipv6(::/3 -> fd42:42:42:42::1 metric -1) dev tun0
2024-10-20 23:55:07 net_route_v6_add: ::/3 via :: dev tun0 table 0 metric -1
2024-10-20 23:55:07 add_route_ipv6(2000::/4 -> fd42:42:42:42::1 metric -1) dev tun0
2024-10-20 23:55:07 net_route_v6_add: 2000::/4 via :: dev tun0 table 0 metric -1
2024-10-20 23:55:07 add_route_ipv6(3000::/4 -> fd42:42:42:42::1 metric -1) dev tun0
2024-10-20 23:55:07 net_route_v6_add: 3000::/4 via :: dev tun0 table 0 metric -1
2024-10-20 23:55:07 add_route_ipv6(fc00::/7 -> fd42:42:42:42::1 metric -1) dev tun0
2024-10-20 23:55:07 net_route_v6_add: fc00::/7 via :: dev tun0 table 0 metric -1
2024-10-20 23:55:07 Initialization Sequence Completed
2024-10-20 23:55:07 Data Channel: cipher 'AES-256-GCM', peer-id: 0
2024-10-20 23:55:07 Timers: ping 10, ping-restart 120
^C2024-10-20 23:55:33 event_wait : Interrupted system call (fd=-1,code=4)
2024-10-20 23:55:33 net_route_v4_del: REMOTE_MACHINE_IP/32 via 192.168.0.2 dev [NULL] table 0 metric -1
2024-10-20 23:55:33 net_route_v4_del: 0.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
2024-10-20 23:55:33 net_route_v4_del: 128.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
2024-10-20 23:55:33 delete_route_ipv6(2000::/3)
2024-10-20 23:55:33 net_route_v6_del: 2000::/3 via :: dev tun0 table 0 metric -1
2024-10-20 23:55:33 delete_route_ipv6(::/3)
2024-10-20 23:55:33 net_route_v6_del: ::/3 via :: dev tun0 table 0 metric -1
2024-10-20 23:55:33 delete_route_ipv6(2000::/4)
2024-10-20 23:55:33 net_route_v6_del: 2000::/4 via :: dev tun0 table 0 metric -1
2024-10-20 23:55:33 delete_route_ipv6(3000::/4)
2024-10-20 23:55:33 net_route_v6_del: 3000::/4 via :: dev tun0 table 0 metric -1
2024-10-20 23:55:33 delete_route_ipv6(fc00::/7)
2024-10-20 23:55:33 net_route_v6_del: fc00::/7 via :: dev tun0 table 0 metric -1
2024-10-20 23:55:33 Closing TUN/TAP interface
2024-10-20 23:55:33 net_addr_v4_del: 10.8.0.2 dev tun0
2024-10-20 23:55:33 net_addr_v6_del: fd42:42:42:42::2/112 dev tun0
2024-10-20 23:55:33 SIGINT[hard,] received, process exiting

NM-ovpn logs

Oct 20 23:45:35 kompik123 nm-openvpn[3476297]: SIGTERM[soft,exit-with-notification] received, process exiting
Oct 20 23:45:35 kompik123 NetworkManager[3288873]: <info>  [1729457135.2404] device (tun0): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed')
Oct 20 23:45:34 kompik123 nm-openvpn[3476297]: SIGTERM received, sending exit notification to peer
Oct 20 23:45:34 kompik123 NetworkManager[3288873]: <info>  [1729457134.3764] policy: set 'secret-land-wifi-name' (wlan0) as default for IPv4 routing and DNS
Oct 20 23:45:34 kompik123 NetworkManager[3288873]: <info>  [1729457134.3213] audit: op="connection-deactivate" uuid="tupadown228-hand-made-uuid1111" name="user-bbs.archlinux-help-conf1" pid=2930341 uid=1000 result="success"
Oct 20 23:45:23 kompik123 NetworkManager[3288873]: <info>  [1729457123.6988] device (tun0): Activation: successful, device activated.
Oct 20 23:45:23 kompik123 NetworkManager[3288873]: <info>  [1729457123.6986] device (tun0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
Oct 20 23:45:23 kompik123 NetworkManager[3288873]: <info>  [1729457123.6985] device (tun0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
Oct 20 23:45:23 kompik123 NetworkManager[3288873]: <info>  [1729457123.6809] policy: set 'user-bbs.archlinux-help-conf1' (tun0) as default for IPv6 routing and DNS
Oct 20 23:45:23 kompik123 NetworkManager[3288873]: <info>  [1729457123.6808] policy: set 'user-bbs.archlinux-help-conf1' (tun0) as default for IPv4 routing and DNS
Oct 20 23:45:23 kompik123 NetworkManager[3288873]: <info>  [1729457123.6416] device (tun0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
Oct 20 23:45:23 kompik123 NetworkManager[3288873]: <info>  [1729457123.6414] device (tun0): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
Oct 20 23:45:23 kompik123 NetworkManager[3288873]: <info>  [1729457123.6413] device (tun0): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
Oct 20 23:45:23 kompik123 NetworkManager[3288873]: <info>  [1729457123.6411] device (tun0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
Oct 20 23:45:23 kompik123 NetworkManager[3288873]: <info>  [1729457123.6407] device (tun0): Activation: starting connection 'tun0' (tupadown228-hand-made-uuid2222)
Oct 20 23:45:23 kompik123 NetworkManager[3288873]: <info>  [1729457123.6402] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
Oct 20 23:45:23 kompik123 NetworkManager[3288873]: <info>  [1729457123.6399] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Oct 20 23:45:23 kompik123 nm-openvpn[3476297]: Initialization Sequence Completed
Oct 20 23:45:23 kompik123 nm-openvpn[3476297]: Capabilities retained: CAP_NET_ADMIN
Oct 20 23:45:23 kompik123 nm-openvpn[3476297]: GID set to nm-openvpn
Oct 20 23:45:23 kompik123 nm-openvpn[3476297]: UID set to nm-openvpn
Oct 20 23:45:23 kompik123 NetworkManager[3288873]: <info>  [1729457123.6328] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/22)
Oct 20 23:45:23 kompik123 nm-openvpn[3476297]: /usr/lib/nm-openvpn-service-openvpn-helper --debug 0 3476292 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_33 --tun -- tun0 1500 0 10.8.0.2 255.255.255.0 init
Oct 20 23:45:23 kompik123 nm-openvpn[3476297]: TUN/TAP device tun0 opened
Oct 20 23:45:23 kompik123 nm-openvpn[3476297]: sitnl_send: rtnl: generic error (-101): Network is unreachable
Oct 20 23:45:23 kompik123 nm-openvpn[3476297]: WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
Oct 20 23:45:23 kompik123 nm-openvpn[3476297]: [server_A7vEzNqMWKlJHLcR] Peer Connection Initiated with [AF_INET]REMOTE_MACHINE_IP:11994
Oct 20 23:45:23 kompik123 nm-openvpn[3476297]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Oct 20 23:45:23 kompik123 nm-openvpn[3476297]: UDPv4 link remote: [AF_INET]REMOTE_MACHINE_IP:11994
Oct 20 23:45:23 kompik123 nm-openvpn[3476297]: UDPv4 link local: (not bound)
Oct 20 23:45:23 kompik123 nm-openvpn[3476297]: TCP/UDP: Preserving recently used remote address: [AF_INET]REMOTE_MACHINE_IP:11994
Oct 20 23:45:23 kompik123 nm-openvpn[3476297]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 20 23:45:23 kompik123 nm-openvpn[3476297]: DCO version: N/A
Oct 20 23:45:23 kompik123 nm-openvpn[3476297]: library versions: OpenSSL 3.2.0 23 Nov 2023, LZO 2.10
Oct 20 23:45:23 kompik123 nm-openvpn[3476297]: OpenVPN 2.6.12 [git:makepkg/038a94bae57a446c+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Jul 18 2024
Oct 20 23:45:23 kompik123 nm-openvpn[3476297]: Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback >
Oct 20 23:45:23 kompik123 NetworkManager[3288873]: <info>  [1729457123.2042] audit: op="connection-activate" uuid="tupadown228-hand-made-uuid1111" name="user-bbs.archlinux-help-conf1" pid=2930341 uid=1000 result="success"
Oct 20 23:45:23 kompik123 NetworkManager[3288873]: <info>  [1729457123.2036] vpn[0x59f2aa1bf100,tupadown228-hand-made-uuid1111,"user-bbs.archlinux-help-conf1"]: starting openvpn
Oct 20 23:44:40 kompik123 nm-openvpn[3476022]: SIGTERM[soft,exit-with-notification] received, process exiting
Oct 20 23:44:40 kompik123 NetworkManager[3288873]: <info>  [1729457080.6873] device (tun0): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed')
Oct 20 23:44:39 kompik123 nm-openvpn[3476022]: SIGTERM received, sending exit notification to peer
Oct 20 23:44:39 kompik123 nm-openvpn[3476022]: event_wait : Interrupted system call (fd=-1,code=4)
Oct 20 23:44:39 kompik123 NetworkManager[3288873]: <info>  [1729457079.6647] policy: set 'secret-land-wifi-name' (wlan0) as default for IPv4 routing and DNS
Oct 20 23:44:39 kompik123 NetworkManager[3288873]: <info>  [1729457079.6125] audit: op="connection-deactivate" uuid="tupadown228-hand-made-uuid1111" name="user-bbs.archlinux-help-conf1" pid=2930341 uid=1000 result="success"
Oct 20 23:43:55 kompik123 NetworkManager[3288873]: <info>  [1729457035.6139] device (tun0): Activation: successful, device activated.
Oct 20 23:43:55 kompik123 NetworkManager[3288873]: <info>  [1729457035.6136] device (tun0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
Oct 20 23:43:55 kompik123 NetworkManager[3288873]: <info>  [1729457035.6134] device (tun0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
Oct 20 23:43:55 kompik123 NetworkManager[3288873]: <info>  [1729457035.6015] policy: set 'user-bbs.archlinux-help-conf1' (tun0) as default for IPv6 routing and DNS

Last edited by tupadown228 (2024-10-20 21:31:51)

Offline

#33 2024-10-21 06:38:59

tupadown228
Member
Registered: 2022-10-25
Posts: 45

Re: VPN issue...[Closed] T_T ru guys, welcome.

So... What do you think the problem is?

The most likely culprit now is a mismatched OpenVPN option.

Do you still have the same assumption?

Be honest, please. I know is that I know nothing, I accepted that quite easy smile

Offline

#34 2024-10-21 07:07:56

-thc
Member
Registered: 2017-03-15
Posts: 739

Re: VPN issue...[Closed] T_T ru guys, welcome.

This is the culprit:

tupadown228 wrote:
[...]
2024-10-20 23:55:07 sitnl_send: rtnl: generic error (-22): Invalid argument
2024-10-20 23:55:07 ERROR: Linux route add command failed
[...]

The routes are not applied to the tunnel interface.

This is what a successful OpenVPN client log (verb 3) looks like:

2024-10-21 08:08:34 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-10-21 08:08:34 Note: Kernel support for ovpn-dco missing, disabling data channel offload.
2024-10-21 08:08:34 OpenVPN 2.6.12 [git:makepkg/038a94bae57a446c+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Jul 18 2024
2024-10-21 08:08:34 library versions: OpenSSL 3.3.2 3 Sep 2024, LZO 2.10
2024-10-21 08:08:34 DCO version: N/A
2024-10-21 08:08:39 TCP/UDP: Preserving recently used remote address: [AF_INET]XX.XX.35.45:1194
2024-10-21 08:08:39 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-10-21 08:08:39 UDPv4 link local: (not bound)
2024-10-21 08:08:39 UDPv4 link remote: [AF_INET]XX.XX.35.45:1194
2024-10-21 08:08:39 TLS: Initial packet from [AF_INET]XX.XX.35.45:1194, sid=177496eb d410fabf
2024-10-21 08:08:39 VERIFY OK: depth=1, CN=XXXX OpenVPN CA
2024-10-21 08:08:39 VERIFY KU OK
2024-10-21 08:08:39 Validating certificate extended key usage
2024-10-21 08:08:39 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-10-21 08:08:39 VERIFY EKU OK
2024-10-21 08:08:39 VERIFY OK: depth=0, CN=XXXX
2024-10-21 08:08:39 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bits RSA, signature: RSA-SHA512, peer temporary key: 253 bits X25519
2024-10-21 08:08:39 [XXXX] Peer Connection Initiated with [AF_INET]XX.XX.35.45:1194
2024-10-21 08:08:39 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-10-21 08:08:39 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-10-21 08:08:39 PUSH: Received control message: 'PUSH_REPLY,route 192.168.XX.0 255.255.255.0,route 192.168.XY.0 255.255.255.0,dhcp-option DNS 192.168.XY.13,dhcp-option DOMAIN-SEARCH XXXX.local,explicit-exit-notify 2,route-gateway 10.8.12.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.12.8 255.255.255.0,peer-id 0,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
2024-10-21 08:08:39 OPTIONS IMPORT: --ifconfig/up options modified
2024-10-21 08:08:39 OPTIONS IMPORT: route options modified
2024-10-21 08:08:39 OPTIONS IMPORT: route-related options modified
2024-10-21 08:08:39 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-10-21 08:08:39 OPTIONS IMPORT: tun-mtu set to 1500
2024-10-21 08:08:39 net_route_v4_best_gw query: dst 0.0.0.0
2024-10-21 08:08:39 net_route_v4_best_gw result: via 192.168.ZZZ.1 dev enp100s0
2024-10-21 08:08:39 ROUTE_GATEWAY 192.168.ZZZ.1/255.255.255.0 IFACE=enp100s0 HWADDR=XX:XX:XX:XX:XX:XX
2024-10-21 08:08:39 TUN/TAP device tun0 opened
2024-10-21 08:08:39 net_iface_mtu_set: mtu 1500 for tun0
2024-10-21 08:08:39 net_iface_up: set tun0 up
2024-10-21 08:08:39 net_addr_v4_add: 10.8.12.8/24 dev tun0
2024-10-21 08:08:39 net_route_v4_add: 192.168.XX.0/24 via 10.8.12.1 dev [NULL] table 0 metric -1
2024-10-21 08:08:39 net_route_v4_add: 192.168.XY.0/24 via 10.8.12.1 dev [NULL] table 0 metric -1
2024-10-21 08:08:39 Initialization Sequence Completed
2024-10-21 08:08:39 Data Channel: cipher 'AES-256-GCM', peer-id: 0
2024-10-21 08:08:39 Timers: ping 10, ping-restart 120
2024-10-21 08:08:39 Protocol options: explicit-exit-notify 2, protocol-flags cc-exit tls-ekm dyn-tls-crypt

As you can see "Initialization Sequence Completed" immediately follows the route commands.

Do you need IPv6? Your client at least on the normal network level doesn't support it (Without IPv6 the server config file is even less complex).

Last edited by -thc (2024-10-21 15:03:48)

Offline

#35 2024-10-22 03:47:15

tupadown228
Member
Registered: 2022-10-25
Posts: 45

Re: VPN issue...[Closed] T_T ru guys, welcome.

Do you need IPv6? Your client at least on the normal network level doesn't support it.

No, I don't need it.

So, i reinstalled ovpn with disabling ipv4 flag, copypasted client ovpn conf, start nm-ovpn and nothing changes again. T_T

new user conf

client
proto udp
explicit-exit-notify
remote _VDS_IP_ 11994
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_369AxeFRWDl65d6c name
auth SHA256
auth-nocache
cipher AES-128-GCM
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3
...cers

new server conf

port 11994
proto udp
dev tun
user nobody
group nobody
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
crl-verify crl.pem
ca ca.crt
cert server_369AxeFRWDl65d6c.crt
key server_369AxeFRWDl65d6c.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3

nm-ovpn logs

Oct 22 05:51:55 kompik123 nm-openvpn[3654669]: SIGTERM[soft,exit-with-notification] received, process exiting
Oct 22 05:51:55 kompik123 NetworkManager[3288873]: <info>  [1729565515.8746] device (tun0): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed')
Oct 22 05:51:54 kompik123 nm-openvpn[3654669]: SIGTERM received, sending exit notification to peer
Oct 22 05:51:54 kompik123 nm-openvpn[3654669]: event_wait : Interrupted system call (fd=-1,code=4)
Oct 22 05:51:54 kompik123 NetworkManager[3288873]: <info>  [1729565514.5965] policy: set 'WIFI_NAME' (wlan0) as default for IPv4 routing and DNS
Oct 22 05:51:54 kompik123 NetworkManager[3288873]: <info>  [1729565514.5438] audit: op="connection-deactivate" uuid="uuid1111" name="user2" pid=2930341 uid=1000 result="success"
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.7968] device (tun0): Activation: successful, device activated.
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.7954] device (tun0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.7949] device (tun0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.7665] policy: set 'user2' (tun0) as default for IPv4 routing and DNS
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.7018] device (tun0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.7015] device (tun0): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.7013] device (tun0): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.7008] device (tun0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.6989] device (tun0): Activation: starting connection 'tun0' (uuid2222)
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.6949] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.6936] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: Initialization Sequence Completed
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: Capabilities retained: CAP_NET_ADMIN
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: GID set to nm-openvpn
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: UID set to nm-openvpn
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.6733] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/27)
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: /usr/lib/nm-openvpn-service-openvpn-helper --debug 0 3654664 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_42 --tun -- tun0 1500 0 10.8.0.2 255.255.255.0 init
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: TUN/TAP device tun0 opened
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: [server_369AxeFRWDl65d6c] Peer Connection Initiated with [AF_INET]_VDS_IP_:11994
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: UDPv4 link remote: [AF_INET]_VDS_IP_:11994
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: UDPv4 link local: (not bound)
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: TCP/UDP: Preserving recently used remote address: [AF_INET]_VDS_IP_:11994
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 22 05:51:55 kompik123 nm-openvpn[3654669]: SIGTERM[soft,exit-with-notification] received, process exiting
Oct 22 05:51:55 kompik123 NetworkManager[3288873]: <info>  [1729565515.8746] device (tun0): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed')
Oct 22 05:51:54 kompik123 nm-openvpn[3654669]: SIGTERM received, sending exit notification to peer
Oct 22 05:51:54 kompik123 nm-openvpn[3654669]: event_wait : Interrupted system call (fd=-1,code=4)
Oct 22 05:51:54 kompik123 NetworkManager[3288873]: <info>  [1729565514.5965] policy: set 'WIFI_NAME' (wlan0) as default for IPv4 routing and DNS
Oct 22 05:51:54 kompik123 NetworkManager[3288873]: <info>  [1729565514.5438] audit: op="connection-deactivate" uuid="uuid1111" name="user2" pid=2930341 uid=1000 result="success"
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.7968] device (tun0): Activation: successful, device activated.
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.7954] device (tun0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.7949] device (tun0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.7665] policy: set 'user2' (tun0) as default for IPv4 routing and DNS
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.7018] device (tun0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.7015] device (tun0): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.7013] device (tun0): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.7008] device (tun0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.6989] device (tun0): Activation: starting connection 'tun0' (uuid2222)
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.6949] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.6936] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: Initialization Sequence Completed
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: Capabilities retained: CAP_NET_ADMIN
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: GID set to nm-openvpn
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: UID set to nm-openvpn
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.6733] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/27)
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: /usr/lib/nm-openvpn-service-openvpn-helper --debug 0 3654664 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_42 --tun -- tun0 1500 0 10.8.0.2 255.255.255.0 init
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: TUN/TAP device tun0 opened
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: [server_369AxeFRWDl65d6c] Peer Connection Initiated with [AF_INET]_VDS_IP_:11994
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: UDPv4 link remote: [AF_INET]_VDS_IP_:11994
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: UDPv4 link local: (not bound)
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: TCP/UDP: Preserving recently used remote address: [AF_INET]_VDS_IP_:11994
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: DCO version: N/A
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: library versions: OpenSSL 3.2.0 23 Nov 2023, LZO 2.10
Oct 22 05:51:28 kompik123 nm-openvpn[3654669]: OpenVPN 2.6.12 [git:makepkg/038a94bae57a446c+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Jul 18 2024
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.2461] audit: op="connection-activate" uuid="uuid1111" name="user2" pid=2930341 uid=1000 result="success"
Oct 22 05:51:28 kompik123 NetworkManager[3288873]: <info>  [1729565488.2458] vpn[0x59f2aa1d7cb0,uuid1111,"user2"]: starting openvpn

openvpn client with root

2024-10-22 05:53:41 Unrecognized option or missing or extra parameter(s) in /CONFIG_PATH/user2.ovpn:19: block-outside-dns (2.6.12)
2024-10-22 05:53:41 Note: Kernel support for ovpn-dco missing, disabling data channel offload.
2024-10-22 05:53:41 OpenVPN 2.6.12 [git:makepkg/038a94bae57a446c+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Jul 18 2024
2024-10-22 05:53:41 library versions: OpenSSL 3.2.0 23 Nov 2023, LZO 2.10
2024-10-22 05:53:41 DCO version: N/A
2024-10-22 05:53:41 TCP/UDP: Preserving recently used remote address: [AF_INET]_VDS_IP_:11994
2024-10-22 05:53:41 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-10-22 05:53:41 UDPv4 link local: (not bound)
2024-10-22 05:53:41 UDPv4 link remote: [AF_INET]_VDS_IP_:11994
2024-10-22 05:53:41 TLS: Initial packet from [AF_INET]_VDS_IP_:11994, sid=ceeb3cdb 43fe8a7e
2024-10-22 05:53:41 VERIFY OK: depth=1, CN=cn_FfIh7oGkjWbZbODV
2024-10-22 05:53:41 VERIFY KU OK
2024-10-22 05:53:41 Validating certificate extended key usage
2024-10-22 05:53:41 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-10-22 05:53:41 VERIFY EKU OK
2024-10-22 05:53:41 VERIFY X509NAME OK: CN=server_369AxeFRWDl65d6c
2024-10-22 05:53:41 VERIFY OK: depth=0, CN=server_369AxeFRWDl65d6c
2024-10-22 05:53:42 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bits ECprime256v1, signature: ecdsa-with-SHA256, peer temporary key: 256 bits ECprime256v1
2024-10-22 05:53:42 [server_369AxeFRWDl65d6c] Peer Connection Initiated with [AF_INET]_VDS_IP_:11994
2024-10-22 05:53:42 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-10-22 05:53:42 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-10-22 05:53:42 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 1,cipher AES-128-GCM'
2024-10-22 05:53:42 OPTIONS IMPORT: --ifconfig/up options modified
2024-10-22 05:53:42 OPTIONS IMPORT: route options modified
2024-10-22 05:53:42 OPTIONS IMPORT: route-related options modified
2024-10-22 05:53:42 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-10-22 05:53:42 net_route_v4_best_gw query: dst 0.0.0.0
2024-10-22 05:53:42 net_route_v4_best_gw result: via 192.168.0.2 dev wlan0
2024-10-22 05:53:42 ROUTE_GATEWAY 192.168.0.2/255.255.255.0 IFACE=wlan0 HWADDR=LOL
2024-10-22 05:53:42 TUN/TAP device tun0 opened
2024-10-22 05:53:42 net_iface_mtu_set: mtu 1500 for tun0
2024-10-22 05:53:42 net_iface_up: set tun0 up
2024-10-22 05:53:42 net_addr_v4_add: 10.8.0.2/24 dev tun0
2024-10-22 05:53:42 net_route_v4_add: _VDS_IP_/32 via 192.168.0.2 dev [NULL] table 0 metric -1
2024-10-22 05:53:42 net_route_v4_add: 0.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
2024-10-22 05:53:42 net_route_v4_add: 128.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
2024-10-22 05:53:42 Initialization Sequence Completed
2024-10-22 05:53:42 Data Channel: cipher 'AES-128-GCM', peer-id: 1
2024-10-22 05:53:42 Timers: ping 10, ping-restart 120
2024-10-22 05:53:42 Protocol options: explicit-exit-notify 1
^C2024-10-22 05:53:52 event_wait : Interrupted system call (fd=-1,code=4)
2024-10-22 05:53:52 SIGTERM received, sending exit notification to peer
2024-10-22 05:53:53 net_route_v4_del: _VDS_IP_/32 via 192.168.0.2 dev [NULL] table 0 metric -1
2024-10-22 05:53:53 net_route_v4_del: 0.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
2024-10-22 05:53:53 net_route_v4_del: 128.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
2024-10-22 05:53:53 Closing TUN/TAP interface
2024-10-22 05:53:53 net_addr_v4_del: 10.8.0.2 dev tun0
2024-10-22 05:53:53 SIGTERM[soft,exit-with-notification] received, process exiting

ovpn server logs with connection attemps

░░ A stop job for unit openvpn-server@server.service has begun execution.
░░ es 38-94
░░ The job identifier is 14948.
Oct 21 23:05:27 vds123 openvpn[64634]: Linux can't del IP from iface tun0
Oct 21 23:05:27 vds123 openvpn[64634]: sitnl_send: rtnl: generic error (-1): Operation not permitted
Oct 21 23:05:27 vds123 openvpn[64634]: net_addr_v4_del: 10.8.0.1 dev tun0
Oct 21 23:05:27 vds123 openvpn[64634]: Closing TUN/TAP interface
Oct 21 23:05:27 vds123 openvpn[64634]: event_wait : Interrupted system call (code=4)
Oct 21 22:57:42 vds123 openvpn[64634]: user2/MY_IP:39470 SIGUSR1[soft,ping-restart] received, client-instance restarting
Oct 21 22:57:42 vds123 openvpn[64634]: user2/MY_IP:39470 [user2] Inactivity timeout (--ping-restart), restarting
Oct 21 22:53:42 vds123 openvpn[64634]: SENT CONTROL [user2]: 'PUSH_REPLY,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-res>
Oct 21 22:53:42 vds123 openvpn[64634]: Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Oct 21 22:53:42 vds123 openvpn[64634]: Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Oct 21 22:53:42 vds123 openvpn[64634]: MULTI: primary virtual IP for user2/MY_IP:39470: 10.8.0.2
Oct 21 22:53:42 vds123 openvpn[64634]: MULTI: Learn: 10.8.0.2 -> user2/MY_IP:39470
Oct 21 22:53:42 vds123 openvpn[64634]: MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Oct 21 22:53:42 vds123 openvpn[64634]: MULTI: new connection by client 'user2' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using t>
Oct 21 22:53:42 vds123 openvpn[64634]: MY_IP:39470 [user2] Peer Connection Initiated with [AF_INET]MY_IP:39470
Oct 21 22:53:42 vds123 openvpn[64634]: MY_IP:39470 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bit EC, curve prime256v1, signature: ecdsa-with-SHA256
Oct 21 22:53:41 vds123 openvpn[64634]: MY_IP:39470 peer info: IV_COMP_STUBv2=1
Oct 21 22:53:41 vds123 openvpn[64634]: MY_IP:39470 peer info: IV_COMP_STUB=1
Oct 21 22:53:41 vds123 openvpn[64634]: MY_IP:39470 peer info: IV_LZO_STUB=1
Oct 21 22:53:41 vds123 openvpn[64634]: MY_IP:39470 peer info: IV_PROTO=990
Oct 21 22:53:41 vds123 openvpn[64634]: MY_IP:39470 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
Oct 21 22:53:41 vds123 openvpn[64634]: MY_IP:39470 peer info: IV_NCP=2
Oct 21 22:53:41 vds123 openvpn[64634]: MY_IP:39470 peer info: IV_MTU=1600
Oct 21 22:53:41 vds123 openvpn[64634]: MY_IP:39470 peer info: IV_TCPNL=1
Oct 21 22:53:41 vds123 openvpn[64634]: MY_IP:39470 peer info: IV_PLAT=linux
Oct 21 22:53:41 vds123 openvpn[64634]: MY_IP:39470 peer info: IV_VER=2.6.12
Oct 21 22:53:41 vds123 openvpn[64634]: MY_IP:39470 VERIFY OK: depth=0, CN=user2
Oct 21 22:53:41 vds123 openvpn[64634]: MY_IP:39470 VERIFY OK: depth=1, CN=cn_FfIh7oGkjWbZbODV
Oct 21 22:53:41 vds123 openvpn[64634]: MY_IP:39470 TLS: Initial packet from [AF_INET]MY_IP:39470, sid=2a225cc2 647cf846
Oct 21 22:53:41 vds123 openvpn[64634]: MY_IP:39470 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 21 22:53:41 vds123 openvpn[64634]: MY_IP:39470 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Oct 21 22:53:41 vds123 openvpn[64634]: MY_IP:39470 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 21 22:53:41 vds123 openvpn[64634]: MY_IP:39470 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Oct 21 22:51:28 vds123 openvpn[64634]: user2/MY_IP:60522 SENT CONTROL [user2]: 'PUSH_REPLY,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topolo>
Oct 21 22:51:28 vds123 openvpn[64634]: user2/MY_IP:60522 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Oct 21 22:51:28 vds123 openvpn[64634]: user2/MY_IP:60522 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Oct 21 22:51:28 vds123 openvpn[64634]: user2/MY_IP:60522 MULTI: primary virtual IP for user2/MY_IP:60522: 10.8.0.2
Oct 21 22:51:28 vds123 openvpn[64634]: user2/MY_IP:60522 MULTI: Learn: 10.8.0.2 -> user2/MY_IP:60522
Oct 21 22:51:28 vds123 openvpn[64634]: user2/MY_IP:60522 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Oct 21 22:51:28 vds123 openvpn[64634]: MY_IP:60522 [user2] Peer Connection Initiated with [AF_INET]MY_IP:60522
Oct 21 22:51:28 vds123 openvpn[64634]: MY_IP:60522 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bit EC, curve prime256v1, signature: ecdsa-with-SHA256
Oct 21 22:51:28 vds123 openvpn[64634]: MY_IP:60522 peer info: IV_COMP_STUBv2=1
Oct 21 22:51:28 vds123 openvpn[64634]: MY_IP:60522 peer info: IV_COMP_STUB=1
Oct 21 22:51:28 vds123 openvpn[64634]: MY_IP:60522 peer info: IV_LZO_STUB=1
Oct 21 22:51:28 vds123 openvpn[64634]: MY_IP:60522 peer info: IV_PROTO=990
Oct 21 22:51:28 vds123 openvpn[64634]: MY_IP:60522 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
Oct 21 22:51:28 vds123 openvpn[64634]: MY_IP:60522 peer info: IV_NCP=2
Oct 21 22:51:28 vds123 openvpn[64634]: MY_IP:60522 peer info: IV_MTU=1600
Oct 21 22:51:28 vds123 openvpn[64634]: MY_IP:60522 peer info: IV_TCPNL=1
Oct 21 22:51:28 vds123 openvpn[64634]: MY_IP:60522 peer info: IV_PLAT=linux
Oct 21 22:51:28 vds123 openvpn[64634]: MY_IP:60522 peer info: IV_VER=2.6.12
Oct 21 22:51:28 vds123 openvpn[64634]: MY_IP:60522 VERIFY OK: depth=0, CN=user2
Oct 21 22:51:28 vds123 openvpn[64634]: MY_IP:60522 VERIFY OK: depth=1, CN=cn_FfIh7oGkjWbZbODV
Oct 21 22:51:28 vds123 openvpn[64634]: MY_IP:60522 TLS: Initial packet from [AF_INET]MY_IP:60522, sid=82bb2cad f1b7892f
Oct 21 22:51:28 vds123 openvpn[64634]: MY_IP:60522 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 21 22:51:28 vds123 openvpn[64634]: MY_IP:60522 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Oct 21 22:51:28 vds123 openvpn[64634]: MY_IP:60522 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 21 22:51:28 vds123 openvpn[64634]: MY_IP:60522 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Oct 21 22:48:54 vds123 openvpn[64634]: user2/MY_IP:50455 SIGUSR1[soft,ping-restart] received, client-instance restarting
Oct 21 22:48:54 vds123 openvpn[64634]: user2/MY_IP:50455 [user2] Inactivity timeout (--ping-restart), restarting
Oct 21 22:44:54 vds123 openvpn[64634]: user2/MY_IP:50455 SENT CONTROL [user2]: 'PUSH_REPLY,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topolo>
Oct 21 22:44:54 vds123 openvpn[64634]: user2/MY_IP:50455 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Oct 21 22:44:54 vds123 openvpn[64634]: user2/MY_IP:50455 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Oct 21 22:44:54 vds123 openvpn[64634]: user2/MY_IP:50455 MULTI: primary virtual IP for user2/MY_IP:50455: 10.8.0.2
Oct 21 22:44:54 vds123 openvpn[64634]: user2/MY_IP:50455 MULTI: Learn: 10.8.0.2 -> user2/MY_IP:50455
Oct 21 22:44:54 vds123 openvpn[64634]: user2/MY_IP:50455 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Oct 21 22:44:54 vds123 openvpn[64634]: MY_IP:50455 [user2] Peer Connection Initiated with [AF_INET]MY_IP:50455
Oct 21 22:44:54 vds123 openvpn[64634]: MY_IP:50455 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bit EC, curve prime256v1, signature: ecdsa-with-SHA256
Oct 21 22:44:54 vds123 openvpn[64634]: MY_IP:50455 peer info: IV_COMP_STUBv2=1
Oct 21 22:44:54 vds123 openvpn[64634]: MY_IP:50455 peer info: IV_COMP_STUB=1
Oct 21 22:44:54 vds123 openvpn[64634]: MY_IP:50455 peer info: IV_LZO_STUB=1
Oct 21 22:44:54 vds123 openvpn[64634]: MY_IP:50455 peer info: IV_PROTO=990
Oct 21 22:44:54 vds123 openvpn[64634]: MY_IP:50455 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
Oct 21 22:44:54 vds123 openvpn[64634]: MY_IP:50455 peer info: IV_NCP=2
Oct 21 22:44:54 vds123 openvpn[64634]: MY_IP:50455 peer info: IV_MTU=1600
Oct 21 22:44:54 vds123 openvpn[64634]: MY_IP:50455 peer info: IV_TCPNL=1
Oct 21 22:44:54 vds123 openvpn[64634]: MY_IP:50455 peer info: IV_PLAT=linux
Oct 21 22:44:54 vds123 openvpn[64634]: MY_IP:50455 peer info: IV_VER=2.6.12
Oct 21 22:44:54 vds123 openvpn[64634]: MY_IP:50455 VERIFY OK: depth=0, CN=user2
Oct 21 22:44:54 vds123 openvpn[64634]: MY_IP:50455 VERIFY OK: depth=1, CN=cn_FfIh7oGkjWbZbODV
Oct 21 22:44:54 vds123 openvpn[64634]: MY_IP:50455 TLS: Initial packet from [AF_INET]MY_IP:50455, sid=20c176de 394fb44e
Oct 21 22:44:54 vds123 openvpn[64634]: MY_IP:50455 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 21 22:44:54 vds123 openvpn[64634]: MY_IP:50455 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Oct 21 22:44:54 vds123 openvpn[64634]: MY_IP:50455 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 21 22:44:54 vds123 openvpn[64634]: MY_IP:50455 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Oct 21 22:44:08 vds123 openvpn[64634]: TLS Error: tls-crypt unwrapping failed from [AF_INET]MY_IP:38393
Oct 21 22:44:08 vds123 openvpn[64634]: tls-crypt unwrap error: packet authentication failed
Oct 21 22:43:56 vds123 openvpn[64634]: Initialization Sequence Completed
Oct 21 22:43:56 vds123 openvpn[64634]: IFCONFIG POOL LIST
Oct 21 22:43:56 vds123 openvpn[64634]: IFCONFIG POOL IPv4: base=10.8.0.2 size=253
Oct 21 22:43:56 vds123 openvpn[64634]: MULTI: multi_init called, r=256 v=256
Oct 21 22:43:56 vds123 openvpn[64634]: UID set to nobody
Oct 21 22:43:56 vds123 openvpn[64634]: GID set to nobody
Oct 21 22:43:56 vds123 openvpn[64634]: UDPv4 link remote: [AF_UNSPEC]
Oct 21 22:43:56 vds123 openvpn[64634]: UDPv4 link local (bound): [AF_INET][undef]:11994
Oct 21 22:43:56 vds123 openvpn[64634]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Oct 21 22:43:56 vds123 openvpn[64634]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Oct 21 22:43:56 vds123 openvpn[64634]: net_addr_v4_add: 10.8.0.1/24 dev tun0
Oct 21 22:43:56 vds123 openvpn[64634]: net_iface_up: set tun0 up
Oct 21 22:43:56 vds123 openvpn[64634]: net_iface_mtu_set: mtu 1500 for tun0
Oct 21 22:43:56 vds123 openvpn[64634]: TUN/TAP device tun0 opened
Oct 21 22:43:56 vds123 openvpn[64634]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 21 22:43:56 vds123 openvpn[64634]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Oct 21 22:43:56 vds123 openvpn[64634]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 21 22:43:56 vds123 openvpn[64634]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Oct 21 22:43:56 vds123 openvpn[64634]: ECDH curve prime256v1 added
Oct 21 22:43:56 vds123 openvpn[64634]: CRL: loaded 1 CRLs from file crl.pem
Oct 21 22:43:56 vds123 systemd[1]: Started OpenVPN service for server.

Then I remade client, server confs to look as your posted confs. I restarted ovpn server. Nothing changes again.

client conf

client
dev tun
proto udp
remote _VDS_IP_ 11994
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
ignore-unknown-option block-outside-dns
verb 3

server conf

port 11994
proto udp
dev tun
user nobody
group nobody
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
push "redirect-gateway def1 bypass-dhcp"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key
ca ca.crt
cert server_369AxeFRWDl65d6c.crt
key server_369AxeFRWDl65d6c.key
tls-server
tls-version-min 1.2
status /var/log/openvpn/status.log
verb 3

nm-ovpn client logs

Oct 22 06:05:42 kompik123 nm-openvpn[3661618]: SIGTERM[soft,exit-with-notification] received, process exiting
Oct 22 06:05:42 kompik123 NetworkManager[3288873]: <info>  [1729566342.2637] device (tun0): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed')
Oct 22 06:05:41 kompik123 nm-openvpn[3661618]: SIGTERM received, sending exit notification to peer
Oct 22 06:05:41 kompik123 nm-openvpn[3661618]: event_wait : Interrupted system call (fd=-1,code=4)
Oct 22 06:05:41 kompik123 NetworkManager[3288873]: <info>  [1729566341.6952] policy: set 'WIFI_NAME' (wlan0) as default for IPv4 routing and DNS
Oct 22 06:05:41 kompik123 NetworkManager[3288873]: <info>  [1729566341.6389] audit: op="connection-deactivate" uuid="uuid3333" name="user2-bbs-arch-help1" pid=2930341 uid=1000 result="success"
Oct 22 06:05:31 kompik123 NetworkManager[3288873]: <info>  [1729566331.2286] device (tun0): Activation: successful, device activated.
Oct 22 06:05:31 kompik123 NetworkManager[3288873]: <info>  [1729566331.2283] device (tun0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
Oct 22 06:05:31 kompik123 NetworkManager[3288873]: <info>  [1729566331.2282] device (tun0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
Oct 22 06:05:31 kompik123 NetworkManager[3288873]: <info>  [1729566331.2042] policy: set 'user2-bbs-arch-help1' (tun0) as default for IPv4 routing and DNS
Oct 22 06:05:31 kompik123 NetworkManager[3288873]: <info>  [1729566331.1531] device (tun0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
Oct 22 06:05:31 kompik123 NetworkManager[3288873]: <info>  [1729566331.1521] device (tun0): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
Oct 22 06:05:31 kompik123 NetworkManager[3288873]: <info>  [1729566331.1513] device (tun0): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
Oct 22 06:05:31 kompik123 NetworkManager[3288873]: <info>  [1729566331.1503] device (tun0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
Oct 22 06:05:31 kompik123 NetworkManager[3288873]: <info>  [1729566331.1476] device (tun0): Activation: starting connection 'tun0' (uuid4444)
Oct 22 06:05:31 kompik123 NetworkManager[3288873]: <info>  [1729566331.1441] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
Oct 22 06:05:31 kompik123 NetworkManager[3288873]: <info>  [1729566331.1434] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Oct 22 06:05:31 kompik123 nm-openvpn[3661618]: Initialization Sequence Completed
Oct 22 06:05:31 kompik123 nm-openvpn[3661618]: Capabilities retained: CAP_NET_ADMIN
Oct 22 06:05:31 kompik123 nm-openvpn[3661618]: GID set to nm-openvpn
Oct 22 06:05:31 kompik123 nm-openvpn[3661618]: UID set to nm-openvpn
Oct 22 06:05:31 kompik123 NetworkManager[3288873]: <info>  [1729566331.1262] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/29)
Oct 22 06:05:31 kompik123 nm-openvpn[3661618]: /usr/lib/nm-openvpn-service-openvpn-helper --debug 0 3661613 --bus-name org.freedesktop.NetworkManager.openvpn.Connection_45 --tun -- tun0 1500 0 10.8.0.2 255.255.255.0 init
Oct 22 06:05:31 kompik123 nm-openvpn[3661618]: TUN/TAP device tun0 opened
Oct 22 06:05:31 kompik123 nm-openvpn[3661618]: [server_369AxeFRWDl65d6c] Peer Connection Initiated with [AF_INET]_VDS_IP_:11994
Oct 22 06:05:30 kompik123 nm-openvpn[3661618]: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Oct 22 06:05:30 kompik123 nm-openvpn[3661618]: UDPv4 link remote: [AF_INET]_VDS_IP_:11994
Oct 22 06:05:30 kompik123 nm-openvpn[3661618]: UDPv4 link local: (not bound)
Oct 22 06:05:30 kompik123 nm-openvpn[3661618]: TCP/UDP: Preserving recently used remote address: [AF_INET]_VDS_IP_:11994
Oct 22 06:05:30 kompik123 nm-openvpn[3661618]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 22 06:05:30 kompik123 nm-openvpn[3661618]: DCO version: N/A
Oct 22 06:05:30 kompik123 nm-openvpn[3661618]: library versions: OpenSSL 3.2.0 23 Nov 2023, LZO 2.10
Oct 22 06:05:30 kompik123 nm-openvpn[3661618]: OpenVPN 2.6.12 [git:makepkg/038a94bae57a446c+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Jul 18 2024
Oct 22 06:05:30 kompik123 nm-openvpn[3661618]: Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback >
Oct 22 06:05:30 kompik123 NetworkManager[3288873]: <info>  [1729566330.7000] audit: op="connection-activate" uuid="uuid3333" name="user2-bbs-arch-help1" pid=2930341 uid=1000 result="success"
Oct 22 06:05:30 kompik123 NetworkManager[3288873]: <info>  [1729566330.6999] vpn[0x59f2aa1d7cb0,uuid3333,"user2-bbs-arch-help1"]: starting openvpn
Oct 22 06:02:49 kompik123 NetworkManager[3288873]: <info>  [1729566169.7990] audit: op="connection-add" uuid="uuid3333" name="user2-bbs-arch-help1" pid=2930341 uid=1000 result="success"

openvpn client log

2024-10-22 09:10:37 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-10-22 09:10:37 Note: Kernel support for ovpn-dco missing, disabling data channel offload.
2024-10-22 09:10:37 OpenVPN 2.6.12 [git:makepkg/038a94bae57a446c+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] built on Jul 18 2024
2024-10-22 09:10:37 library versions: OpenSSL 3.2.0 23 Nov 2023, LZO 2.10
2024-10-22 09:10:37 DCO version: N/A
2024-10-22 09:10:37 TCP/UDP: Preserving recently used remote address: [AF_INET]_VDS_IP_:11994
2024-10-22 09:10:37 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-10-22 09:10:37 UDPv4 link local: (not bound)
2024-10-22 09:10:37 UDPv4 link remote: [AF_INET]_VDS_IP_:11994
2024-10-22 09:10:37 TLS: Initial packet from [AF_INET]_VDS_IP_:11994, sid= 35f62b4d
2024-10-22 09:10:37 VERIFY OK: depth=1, CN=cn_FfIh7oGkjWbZbODV
2024-10-22 09:10:37 VERIFY KU OK
2024-10-22 09:10:37 Validating certificate extended key usage
2024-10-22 09:10:37 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-10-22 09:10:37 VERIFY EKU OK
2024-10-22 09:10:37 VERIFY OK: depth=0, CN=server_369AxeFRWDl65d6c
2024-10-22 09:10:37 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bits ECprime256v1, signature: ecdsa-with-SHA256, peer temporary key: 256 bits ECprime256v1
2024-10-22 09:10:37 [server_369AxeFRWDl65d6c] Peer Connection Initiated with [AF_INET]_VDS_IP_:11994
2024-10-22 09:10:37 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-10-22 09:10:37 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-10-22 09:10:37 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2024-10-22 09:10:37 OPTIONS IMPORT: --ifconfig/up options modified
2024-10-22 09:10:37 OPTIONS IMPORT: route options modified
2024-10-22 09:10:37 OPTIONS IMPORT: route-related options modified
2024-10-22 09:10:37 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-10-22 09:10:37 net_route_v4_best_gw query: dst 0.0.0.0
2024-10-22 09:10:37 net_route_v4_best_gw result: via 192.168.0.2 dev wlan0
2024-10-22 09:10:37 ROUTE_GATEWAY 192.168.0.2/255.255.255.0 IFACE=wlan0 HWADDR=LOL
2024-10-22 09:10:37 TUN/TAP device tun0 opened
2024-10-22 09:10:37 net_iface_mtu_set: mtu 1500 for tun0
2024-10-22 09:10:37 net_iface_up: set tun0 up
2024-10-22 09:10:37 net_addr_v4_add: 10.8.0.2/24 dev tun0
2024-10-22 09:10:37 net_route_v4_add: _VDS_IP_/32 via 192.168.0.2 dev [NULL] table 0 metric -1
2024-10-22 09:10:37 net_route_v4_add: 0.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
2024-10-22 09:10:37 net_route_v4_add: 128.0.0.0/1 via 10.8.0.1 dev [NULL] table 0 metric -1
2024-10-22 09:10:37 Initialization Sequence Completed
2024-10-22 09:10:37 Data Channel: cipher 'AES-256-GCM', peer-id: 0
2024-10-22 09:10:37 Timers: ping 10, ping-restart 120
^C2024-10-22 09:10:52 event_wait : Interrupted system call (fd=-1,code=4)
2024-10-22 09:10:52 net_route_v4_del: _VDS_IP_/32 via 192.168.0.2 dev [NULL] table 0 metric -1

ovpn server logs

Oct 21 23:05:31 vds123 openvpn[64925]: user2/MY_IP:47373 SENT CONTROL [user2]: 'PUSH_REPLY,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,redirect-gateway def1 bypass-dhcp,route-gateway 10.8.0.1,topolo>
Oct 21 23:05:31 vds123 openvpn[64925]: user2/MY_IP:47373 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Oct 21 23:05:31 vds123 openvpn[64925]: user2/MY_IP:47373 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Oct 21 23:05:31 vds123 openvpn[64925]: user2/MY_IP:47373 MULTI: primary virtual IP for user2/MY_IP:47373: 10.8.0.2
Oct 21 23:05:31 vds123 openvpn[64925]: user2/MY_IP:47373 MULTI: Learn: 10.8.0.2 -> user2/MY_IP:47373
Oct 21 23:05:31 vds123 openvpn[64925]: user2/MY_IP:47373 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Oct 21 23:05:31 vds123 openvpn[64925]: MY_IP:47373 [user2] Peer Connection Initiated with [AF_INET]MY_IP:47373
Oct 21 23:05:31 vds123 openvpn[64925]: MY_IP:47373 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 256 bit EC, curve prime256v1, signature: ecdsa-with-SHA256
Oct 21 23:05:31 vds123 openvpn[64925]: MY_IP:47373 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
Oct 21 23:05:31 vds123 openvpn[64925]: MY_IP:47373 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA1'
Oct 21 23:05:31 vds123 openvpn[64925]: MY_IP:47373 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1549', remote='link-mtu 1541'
Oct 21 23:05:31 vds123 openvpn[64925]: MY_IP:47373 peer info: IV_COMP_STUBv2=1
Oct 21 23:05:31 vds123 openvpn[64925]: MY_IP:47373 peer info: IV_COMP_STUB=1
Oct 21 23:05:31 vds123 openvpn[64925]: MY_IP:47373 peer info: IV_LZO_STUB=1
Oct 21 23:05:31 vds123 openvpn[64925]: MY_IP:47373 peer info: IV_PROTO=990
Oct 21 23:05:31 vds123 openvpn[64925]: MY_IP:47373 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
Oct 21 23:05:31 vds123 openvpn[64925]: MY_IP:47373 peer info: IV_NCP=2
Oct 21 23:05:31 vds123 openvpn[64925]: MY_IP:47373 peer info: IV_MTU=1600
Oct 21 23:05:31 vds123 openvpn[64925]: MY_IP:47373 peer info: IV_TCPNL=1
Oct 21 23:05:31 vds123 openvpn[64925]: MY_IP:47373 peer info: IV_PLAT=linux
Oct 21 23:05:31 vds123 openvpn[64925]: MY_IP:47373 peer info: IV_VER=2.6.12
Oct 21 23:05:30 vds123 openvpn[64925]: MY_IP:47373 VERIFY OK: depth=0, CN=user2
Oct 21 23:05:30 vds123 openvpn[64925]: MY_IP:47373 VERIFY OK: depth=1, CN=cn_FfIh7oGkjWbZbODV
Oct 21 23:05:30 vds123 openvpn[64925]: MY_IP:47373 TLS: Initial packet from [AF_INET]MY_IP:47373, sid=6cc2fc1b 3d28be02
Oct 21 23:05:30 vds123 openvpn[64925]: MY_IP:47373 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 21 23:05:30 vds123 openvpn[64925]: MY_IP:47373 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Oct 21 23:05:30 vds123 openvpn[64925]: MY_IP:47373 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 21 23:05:30 vds123 openvpn[64925]: MY_IP:47373 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Oct 21 23:05:27 vds123 openvpn[64925]: Initialization Sequence Completed
Oct 21 23:05:27 vds123 openvpn[64925]: user2,10.8.0.2,
Oct 21 23:05:27 vds123 openvpn[64925]: IFCONFIG POOL LIST
Oct 21 23:05:27 vds123 openvpn[64925]: succeeded -> ifconfig_pool_set(hand=0)
Oct 21 23:05:27 vds123 openvpn[64925]: ifconfig_pool_read(), in='user2,10.8.0.2,'
Oct 21 23:05:27 vds123 openvpn[64925]: IFCONFIG POOL IPv4: base=10.8.0.2 size=253
Oct 21 23:05:27 vds123 openvpn[64925]: MULTI: multi_init called, r=256 v=256
Oct 21 23:05:27 vds123 openvpn[64925]: UID set to nobody
Oct 21 23:05:27 vds123 openvpn[64925]: GID set to nobody
Oct 21 23:05:27 vds123 openvpn[64925]: UDPv4 link remote: [AF_UNSPEC]
Oct 21 23:05:27 vds123 openvpn[64925]: UDPv4 link local (bound): [AF_INET][undef]:11994
Oct 21 23:05:27 vds123 openvpn[64925]: Socket Buffers: R=[212992->212992] S=[212992->212992]
Oct 21 23:05:27 vds123 openvpn[64925]: Could not determine IPv4/IPv6 protocol. Using AF_INET
Oct 21 23:05:27 vds123 openvpn[64925]: net_addr_v4_add: 10.8.0.1/24 dev tun0
Oct 21 23:05:27 vds123 openvpn[64925]: net_iface_up: set tun0 up
Oct 21 23:05:27 vds123 openvpn[64925]: net_iface_mtu_set: mtu 1500 for tun0
Oct 21 23:05:27 vds123 openvpn[64925]: TUN/TAP device tun0 opened
Oct 21 23:05:27 vds123 openvpn[64925]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 21 23:05:27 vds123 openvpn[64925]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Oct 21 23:05:27 vds123 openvpn[64925]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Oct 21 23:05:27 vds123 openvpn[64925]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Oct 21 23:05:27 vds123 openvpn[64925]: ECDH curve prime256v1 added
Oct 21 23:05:27 vds123 openvpn[64925]: net_route_v4_best_gw result: via VDS_RELATED_IP dev ens192
Oct 21 23:05:27 vds123 openvpn[64925]: net_route_v4_best_gw query: dst 0.0.0.0
Oct 21 23:05:27 vds123 systemd[1]: Started OpenVPN service for server.

wojak

Last edited by tupadown228 (2024-10-22 06:17:20)

Offline

#36 2024-10-22 07:24:58

-thc
Member
Registered: 2017-03-15
Posts: 739

Re: VPN issue...[Closed] T_T ru guys, welcome.

Sorry - I can't identify any more issues with the configurations or inside the logs.

The error while applying the routes is gone. If you still can't ping 10.8.0.1 - that's it, I'm afraid.

Offline

#37 2024-10-22 08:32:42

tupadown228
Member
Registered: 2022-10-25
Posts: 45

Re: VPN issue...[Closed] T_T ru guys, welcome.

This is so sad... T_T

Thank you for your time.
Send here( bcz i don't have access to mail ) your xmr address i will pay for your next beer.

Last edited by tupadown228 (2024-10-22 08:53:32)

Offline

#38 2024-10-23 08:53:43

tupadown228
Member
Registered: 2022-10-25
Posts: 45

Re: VPN issue...[Closed] T_T ru guys, welcome.

so, guys, xray+vless works without any problem, lol.

Offline

Pages: 1 2

Board footer

Powered by FluxBB