Foris not generating valid OpenVPN configurations in 3.11.1?

ekim · January 19, 2019, 8:40pm

Opened just like the picture above. Doesn’t solve the issue. Cant connect.

This is the first time Ive opened a port for OpenVPN. Doesn’t the easy setup function do that automatically?

protree · January 19, 2019, 8:44pm

Normally yes. I don‘t know why it didn‘t do that. Do the client logs say something else now?

ekim · January 19, 2019, 8:50pm

Nope still says that the network is unreachable.

I really think there’s something wrong with the OpenVPN version Omnia is using. Im not a dev, but Im not a computer illiterate either.

Im thinking about using my old Asus router tomorrow. Its has its own version of OpenWRT and an OpenVPN server. If I can set it up and connect, then there’s something wrong with my Omnia.

Only thing I can come up with is that OpenVPN is already in use and doesn’t accept my connection.

protree · January 19, 2019, 9:28pm

Your logs say that when you are outside of your LAN you can‘t connect to your OpenVPN Server at all and when you are inside your LAN something intereupts the connection.

This seems to me like some kind of network issue. Nevertheless I don‘t know what exactly is wrong. Sorry that I can‘t help you any further. Changing Server and/or client is a good idea for debugging… Maybe you get a hint. I activated OpenVPN Server in Foris for testing today using latest TOS and it worked for me. So it doesn‘t seem to be broken in general

protree · January 19, 2019, 9:30pm

This even sounds like your iOS device has no network connection at all (at least the OpenVPN Client)

tonyquan · January 19, 2019, 9:31pm

On the Turris, did you configure OpenVPN with Foris, or how did you set it up? When OpenVPN is configured with Foris, it will normally add a rule automatically to the firewall that looks like this:

@protree this is the rule that normally opens port 1194.

If Foris didn’t add that rule, it may not have added any of the required other configuration for OpenVPN, or failed before finishing all of it…

protree · January 19, 2019, 9:34pm

@tonyquan „openvpn(server_turris)“ indicates it was set up by Foris. But you are right, something is wrong here…

ekim · January 19, 2019, 9:35pm

Thnx for your time and help.

I configured it in Foris. Hence my question for a way to reset everything OpenVPN related.

There’s something really annoying going on here.

tonyquan · January 19, 2019, 9:48pm

something is funny right here:

2019-01-19 20:17:00 err openvpn(server_turris)[19369]: 192.168.1.101 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

When Foris configures OpenVPN, connections from LAN are disallowed. This line of the log shows you’re trying to connect from LAN (192.168.1.101) rather than an external network. I get this same error if I try to connect to OpenVPN from LAN instead of external network.

your client is OpenVPN on iOS? If so, before you test again make sure wifi is turned off on the iPhone. iOS will prefer to use wifi over cellular data, if available. If you are on wifi you’ll then be connecting from the LAN and OpenVPN will reject the connection from LAN.

ekim · January 19, 2019, 9:56pm

Yeah I know this, I accidentally had wifi on.

Im changing settings in the vpn interface now, the interface receives packets now, and it seems like im connected on my phone (vpn icon is on now). Cannot visit websites etc, not even 192.168.1.1)

So 1 step further… Hers the log from my phone:

2019-01-19 22:54:19 NIP: network not reachable

2019-01-19 22:54:19 EVENT: NETWORK_UNREACHABLE [ERR]

2019-01-19 22:54:19 Raw stats on disconnect:

2019-01-19 22:54:19 Performance stats on disconnect:
  CPU usage (microseconds): 8158
  Network bytes per CPU second: 0
  Tunnel bytes per CPU second: 0

2019-01-19 22:54:19 EVENT: DISCONNECT_PENDING

2019-01-19 22:54:19 Raw stats on disconnect:

2019-01-19 22:54:19 Performance stats on disconnect:
  CPU usage (microseconds): 8524
  Network bytes per CPU second: 0
  Tunnel bytes per CPU second: 0

Weird thing now is, I have the vpn icon in my phone, but the log still says that the network is unreachable.

protree · January 19, 2019, 10:04pm

https://forums.openvpn.net/viewtopic.php?t=22457

Can you try to connect from another wifi access point? Did you triple check mobile data is allowed for OpenVPN app and „Connect via Any Network“ is set inside OpenVPN app? I am pretty sure the log entry I quoted saying „Network unreachable“ means your OpenVPN app on your iDevice has no network connectivity on celluar…

tonyquan · January 19, 2019, 10:15pm

also would be good to see the server side log again. it would be good to get at least the minute before the error occurred

ekim · January 19, 2019, 10:28pm

I can’t unfortunately

Checked this and everything how it should be.

Here it is:

2019-01-19 23:19:28 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-19 23:20:01 info /usr/sbin/cron[1851]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-19 23:20:01 info /usr/sbin/cron[1852]: (root) CMD (   /usr/bin/notifier)
2019-01-19 23:20:01 info /usr/sbin/cron[1854]: (root) CMD (nethist_stats.lua)
2019-01-19 23:20:21 notice openvpn(server_turris)[31494]: 188.XXX.XXX.XXX TLS: Initial packet from [AF_INET6]::ffff:188.207.117.109:41031, sid=8f2e5535 61ff8aef
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: 188.XXX.XXX.XX VERIFY OK: depth=1, CN=openvpn
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: 188.XXX.XXX.XX VERIFY OK: depth=0, CN=Martijn
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: 188.XXX.XXX.XX peer info: IV_VER=3.2
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: 188.XXX.XXX.XX peer info: IV_PLAT=ios
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: 188.XXX.XXX.XX peer info: IV_NCP=2
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: 188.XXX.XXX.XX peer info: IV_TCPNL=1
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: 188.XXX.XXX.XX peer info: IV_PROTO=2
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: 188.XXX.XXX.XX peer info: IV_LZO_STUB=1
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: 188.XXX.XXX.XX peer info: IV_COMP_STUB=1
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: 188.XXX.XXX.XX peer info: IV_COMP_STUBv2=1
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: 188.XXX.XXX.XX peer info: IV_AUTO_SESS=1
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: 188.XXX.XXX.XX peer info: IV_BS64DL=1
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: 188.XXX.XXX.XX Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: 188.XXX.XXX.XX [Martijn] Peer Connection Initiated with [AF_INET6]::ffff:188.207.117.109:41031
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: Martijn/188.XXX.XXX.XX MULTI_sva: pool returned IPv4=10.111.111.6, IPv6=(Not enabled)
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: Martijn/188.XXX.XXX.XX MULTI: Learn: 10.111.111.6 -> Martijn/188.207.117.109
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: Martijn/188.XXX.XXX.XX MULTI: primary virtual IP for Martijn/188.XXX.XXX.XX: 10.111.111.6
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: Martijn/188.XXX.XXX.XX PUSH: Received control message: 'PUSH_REQUEST'
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: Martijn/188.XXX.XXX.XX SENT CONTROL [Martijn]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,redirect-gateway def1,dhcp-option DNS 10.111.111.1,route 10.111.111.1,topology net30,ping 10,ping-restart 120,ifconfig 10.111.111.6 10.111.111.5,peer-id 0,cipher AES-256-GCM' (status=1)
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: Martijn/188.XXX.XXX.XX Data Channel: using negotiated cipher 'AES-256-GCM'
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: Martijn/188.XXX.XXX.XX Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2019-01-19 23:20:22 notice openvpn(server_turris)[31494]: Martijn/188.XXX.XXX.XX Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2019-01-19 23:21:01 info /usr/sbin/cron[1918]: (root) CMD (/usr/bin/rainbow_button_sync.sh)

tonyquan · January 19, 2019, 10:36pm

the connection looks good this time. one thing that I hit before with the iOS OpenVPN client, it defaulted to no compression, and the server Foris configures uses compression. Unfortunately OpenVPN doesn’t handle this very well and doesn’t give any clear errors about it client side or server side, the packets just get dropped.

in the iOS OpenVPN client, could you try changing the setting for “Allow compression” to “Full” first if its set to anything else?

protree · January 19, 2019, 10:38pm

Yes this looks promising!

ekim · January 19, 2019, 11:03pm

Ive tried all Three options.

None l, full and downlink only. This sadly doest work.

tonyquan · January 19, 2019, 11:19pm

One other difference in the logs, It looks like the connection is being made over IPv6?

2019-01-19 23:20:21 notice openvpn(server_turris)[31494]: 188.XXX.XXX.XXX TLS: Initial packet from [AF_INET6]::ffff:188.207.117.109:41031, sid=8f2e5535 61ff8aef

for me the similar line is

2019-01-19 15:05:51 notice openvpn(server_turris)[4646]: 174.xx.xx.xx TLS: Initial packet from [AF_INET]174.xx.xx.xx, sid=3360510a ad45b607

note AF_INET6 versus AF_INET

It might be simpler to get this working in IPv4 first. in Foris, is “Listen on IPv6” selected in OpenVPN? (I have this unchecked). I’m not sure, but if you uncheck this you may need to generate a new client configuration for the iOS device. I’d leave compression set to Full in the IOS client as that’s working for me with the default Foris setup.

Edit: actually I notice you have no IPv6 wan setup for the Omnia (IPv6 WAN Status is “Not connected”). In this case “Listen on IPv6” should definitely not be selected…

ekim · January 20, 2019, 8:16am

Listen on ipv6 unchecked
Generated new client config (somehow autodetect wasn’t working, I got “serveradress” in config file. So I entered my ISP IP in the box under “use auto detection”)
Compression is set on full on phone

It seems to run a little smoother, but when Open VPN connects, I still can’t visit websites or my lan.

2019-01-20 08:38:31 err openvpn(server_turris)[31494]: event_wait : Interrupted system call (code=4)
2019-01-20 08:38:31 notice openvpn(server_turris)[31494]: /sbin/route del -net 10.111.111.0 netmask 255.255.255.0
2019-01-20 08:38:31 warning openvpn(server_turris)[31494]: ERROR: Linux route delete command failed: external program exited with error status: 1
2019-01-20 08:38:31 notice openvpn(server_turris)[31494]: Closing TUN/TAP interface
2019-01-20 08:38:31 notice openvpn(server_turris)[31494]: /sbin/ifconfig tun_turris 0.0.0.0
2019-01-20 08:38:31 notice openvpn(server_turris)[31494]: SIGTERM[hard,] received, process exiting
2019-01-20 08:38:31 notice openvpn(server_turris)[20164]: OpenVPN 2.4.6 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2019-01-20 08:38:31 notice openvpn(server_turris)[20164]: library versions: OpenSSL 1.0.2q  20 Nov 2018, LZO 2.08
2019-01-20 08:38:31 notice openvpn(server_turris)[20164]: Diffie-Hellman initialized with 2048 bit key
2019-01-20 08:38:31 notice openvpn(server_turris)[20164]: TUN/TAP device tun_turris opened
2019-01-20 08:38:31 notice openvpn(server_turris)[20164]: TUN/TAP TX queue length set to 100
2019-01-20 08:38:31 notice openvpn(server_turris)[20164]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
2019-01-20 08:38:31 notice openvpn(server_turris)[20164]: /sbin/ifconfig tun_turris 10.111.111.1 pointopoint 10.111.111.2 mtu 1500
2019-01-20 08:38:31 notice netifd[]: Network device 'tun_turris' link is up
2019-01-20 08:38:31 notice openvpn(server_turris)[20164]: /sbin/route add -net 10.111.111.0 netmask 255.255.255.0 gw 10.111.111.2
2019-01-20 08:38:31 warning openvpn(server_turris)[20164]: Could not determine IPv4/IPv6 protocol. Using AF_INET6
2019-01-20 08:38:31 notice openvpn(server_turris)[20164]: Socket Buffers: R=[163840->163840] S=[163840->163840]
2019-01-20 08:38:31 notice openvpn(server_turris)[20164]: setsockopt(IPV6_V6ONLY=0)
2019-01-20 08:38:31 notice openvpn(server_turris)[20164]: UDPv6 link local (bound): [AF_INET6][undef]:1194
2019-01-20 08:38:31 notice openvpn(server_turris)[20164]: UDPv6 link remote: [AF_UNSPEC]
2019-01-20 08:38:31 notice openvpn(server_turris)[20164]: MULTI: multi_init called, r=256 v=256
2019-01-20 08:38:31 notice openvpn(server_turris)[20164]: IFCONFIG POOL: base=10.111.111.4 size=62, ipv6=0
2019-01-20 08:38:31 notice openvpn(server_turris)[20164]: ifconfig_pool_read(), in='Martijn,10.111.111.4', TODO: IPv6
2019-01-20 08:38:31 notice openvpn(server_turris)[20164]: succeeded -> ifconfig_pool_set()
2019-01-20 08:38:31 notice openvpn(server_turris)[20164]: IFCONFIG POOL LIST
2019-01-20 08:38:31 notice openvpn(server_turris)[20164]: Martijn,10.111.111.4
2019-01-20 08:38:31 notice openvpn(server_turris)[20164]: Initialization Sequence Completed
2019-01-20 08:38:32 notice Added[]: device handler type: tunnel
2019-01-20 08:38:32 notice Added[]: device handler type: Network device
2019-01-20 08:38:32 notice Added[]: device handler type: bridge
2019-01-20 08:38:32 notice Added[]: device handler type: macvlan
2019-01-20 08:38:32 notice Added[]: device handler type: 8021ad
2019-01-20 08:38:32 notice Added[]: device handler type: 8021q
2019-01-20 08:38:32 emerg kresd[32166]: 'radio1' is disabled
2019-01-20 08:38:33 emerg kresd[2846]: Last message ''radio1' is disabled' repeated 1 times, suppressed by syslog-ng on turris
2019-01-20 08:38:33 notice netifd[]: Interface 'lan' is enabled
2019-01-20 08:38:33 notice netifd[]: Interface 'lan' is setting up now
2019-01-20 08:38:33 info kernel[]: [43005.163162] device eth0 entered promiscuous mode
2019-01-20 08:38:33 info kernel[]: [43005.164222] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready
2019-01-20 08:38:33 notice netifd[]: Interface 'lan' is now up
2019-01-20 08:38:33 info kernel[]: [43005.178558] device eth2 entered promiscuous mode
2019-01-20 08:38:33 info kernel[]: [43005.193405] IPv6: ADDRCONF(NETDEV_UP): tun_turris: link is not ready
2019-01-20 08:38:33 notice netifd[]: Interface 'loopback' is enabled
2019-01-20 08:38:33 notice netifd[]: Interface 'loopback' is setting up now
2019-01-20 08:38:33 notice netifd[]: Interface 'loopback' is now up
2019-01-20 08:38:33 notice netifd[]: Interface 'wan' is enabled
2019-01-20 08:38:33 notice netifd[]: Network device 'lo' link is up
2019-01-20 08:38:33 notice netifd[]: Interface 'loopback' has link connectivity 
2019-01-20 08:38:33 notice firewall[]: Reloading firewall due to ifup of lan (br-lan)
2019-01-20 08:38:33 info kernel[]: [43005.359837] IPv6: ADDRCONF(NETDEV_UP): tun_turris: link is not ready
2019-01-20 08:38:33 info dnsmasq[32097]: exiting on receipt of SIGTERM
2019-01-20 08:38:33 info dnsmasq[20449]: started, version 2.78 DNS disabled
2019-01-20 08:38:33 info dnsmasq[20449]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify
2019-01-20 08:38:33 info dnsmasq-dhcp[20449]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
2019-01-20 08:38:33 info dnsmasq-dhcp[20449]: read /etc/ethers - 0 addresses
2019-01-20 08:38:33 notice netifd[]: radio0 (20345): Configuration file: /var/run/hostapd-phy0.conf
2019-01-20 08:38:35 info kernel[]: [43007.067700] mvneta f1030000.ethernet eth0: Link is Up - 1Gbps/Full - flow control off
2019-01-20 08:38:35 info kernel[]: [43007.087421] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
2019-01-20 08:38:35 notice netifd[]: Network device 'eth0' link is up
2019-01-20 08:38:35 notice netifd[]: bridge 'br-lan' link is up
2019-01-20 08:38:35 notice netifd[]: Interface 'lan' has link connectivity 
2019-01-20 08:38:35 notice netifd[]: radio0 (20345): wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
2019-01-20 08:38:35 notice netifd[]: radio0 (20345): wlan0: interface state COUNTRY_UPDATE->HT_SCAN
2019-01-20 08:38:35 info kernel[]: [43007.087905] br-lan: port 1(eth0) entered forwarding state
2019-01-20 08:38:35 info kernel[]: [43007.087930] br-lan: port 1(eth0) entered forwarding state
2019-01-20 08:38:35 info kernel[]: [43007.088634] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
2019-01-20 08:38:35 info kernel[]: [43007.089643] device wlan0 entered promiscuous mode
2019-01-20 08:38:35 notice netifd[]: Network device 'eth2' link is up
2019-01-20 08:38:35 info kernel[]: [43007.167698] mvneta f1070000.ethernet eth2: Link is Up - 1Gbps/Full - flow control off
2019-01-20 08:38:35 info kernel[]: [43007.167748] br-lan: port 2(eth2) entered forwarding state
2019-01-20 08:38:35 info kernel[]: [43007.167780] br-lan: port 2(eth2) entered forwarding state
2019-01-20 08:38:35 notice netifd[]: radio0 (20345): Using interface wlan0 with hwaddr 04:f0:21:32:41:08 and ssid "AIVD Surveillance"
2019-01-20 08:38:35 notice netifd[]: radio0 (20345): wlan0: interface state HT_SCAN->ENABLED
2019-01-20 08:38:35 notice netifd[]: radio0 (20345): wlan0: AP-ENABLED 
2019-01-20 08:38:35 info kernel[]: [43007.445759] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
2019-01-20 08:38:35 info kernel[]: [43007.445840] br-lan: port 3(wlan0) entered forwarding state
2019-01-20 08:38:35 info kernel[]: [43007.445863] br-lan: port 3(wlan0) entered forwarding state
2019-01-20 08:38:35 notice netifd[]: Network device 'wlan0' link is up
2019-01-20 08:38:35 info dnsmasq-dhcp[20449]: DHCPREQUEST(br-lan) 192.168.1.193 64:a5:c3:5e:4d:3a 
2019-01-20 08:38:35 info dnsmasq-dhcp[20449]: DHCPACK(br-lan) 192.168.1.193 64:a5:c3:5e:4d:3a emp
2019-01-20 08:38:37 info dnsmasq-dhcp[20449]: DHCPDISCOVER(br-lan) ec:b5:fa:00:60:c9 
2019-01-20 08:38:37 info dnsmasq-dhcp[20449]: DHCPOFFER(br-lan) 192.168.1.232 ec:b5:fa:00:60:c9 
2019-01-20 08:38:37 info dnsmasq-dhcp[20449]: DHCPREQUEST(br-lan) 192.168.1.232 ec:b5:fa:00:60:c9 
2019-01-20 08:38:37 info dnsmasq-dhcp[20449]: DHCPACK(br-lan) 192.168.1.232 ec:b5:fa:00:60:c9 Martijn-
2019-01-20 08:38:37 info hostapd[]: wlan0: STA 70:f0:87:e4:42:bc IEEE 802.11: authenticated
2019-01-20 08:38:37 info hostapd[]: wlan0: STA 20:df:b9:c9:ef:46 IEEE 802.11: authenticated
2019-01-20 08:38:37 info hostapd[]: wlan0: STA 70:f0:87:e4:42:bc IEEE 802.11: associated (aid 1)
2019-01-20 08:38:37 info hostapd[]: wlan0: STA 20:df:b9:c9:ef:46 IEEE 802.11: associated (aid 2)
2019-01-20 08:38:37 info hostapd[]: wlan0: STA 70:f0:87:e4:42:bc RADIUS: starting accounting session E5C0BB4D5F2EA417
2019-01-20 08:38:37 info hostapd[]: wlan0: STA 70:f0:87:e4:42:bc WPA: pairwise key handshake completed (RSN)
2019-01-20 08:38:37 info kernel[]: [43009.087527] br-lan: port 1(eth0) entered forwarding state
2019-01-20 08:38:37 info hostapd[]: wlan0: STA 20:df:b9:c9:ef:46 RADIUS: starting accounting session 7C3375F506A2DF68
2019-01-20 08:38:37 info hostapd[]: wlan0: STA 20:df:b9:c9:ef:46 WPA: pairwise key handshake completed (RSN)
2019-01-20 08:38:37 info dnsmasq-dhcp[20449]: DHCPREQUEST(br-lan) 192.168.1.101 70:f0:87:e4:42:bc 
2019-01-20 08:38:37 info dnsmasq-dhcp[20449]: DHCPACK(br-lan) 192.168.1.101 70:f0:87:e4:42:bc epedmfon
2019-01-20 08:38:37 info kernel[]: [43009.167526] br-lan: port 2(eth2) entered forwarding state
2019-01-20 08:38:37 info dnsmasq-dhcp[20449]: DHCPREQUEST(br-lan) 192.168.1.220 20:df:b9:c9:ef:46 
2019-01-20 08:38:37 info dnsmasq-dhcp[20449]: DHCPACK(br-lan) 192.168.1.220 20:df:b9:c9:ef:46 Google-Home
2019-01-20 08:38:37 notice netifd[]: Network device 'eth1' link is up
2019-01-20 08:38:37 notice netifd[]: Interface 'wan' has link connectivity 
2019-01-20 08:38:37 notice netifd[]: Interface 'wan' is setting up now
2019-01-20 08:38:37 info kernel[]: [43009.337942] mvneta f1034000.ethernet eth1: Link is Up - 1Gbps/Full - flow control rx/tx
2019-01-20 08:38:37 notice netifd[]: wan (20662): udhcpc: started, v1.29.3
2019-01-20 08:38:37 notice netifd[]: wan (20662): udhcpc: sending discover
2019-01-20 08:38:37 info kernel[]: [43009.437501] br-lan: port 3(wlan0) entered forwarding state
2019-01-20 08:38:37 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 000100012091f41e70f087e442bc on br-lan: ok fd6a:12ae:2b4b::71b/128 
2019-01-20 08:38:38 warning odhcpd[2459]: DHCPV6 REQUEST IA_NA from 000100012091f41e70f087e442bc on br-lan: ok fd6a:12ae:2b4b::71b/128 
2019-01-20 08:38:39 warning odhcpd[2459]: DHCPV6 RELEASE IA_NA from 0001000123b330a964a5c35e4d3a on br-lan: no binding 
2019-01-20 08:38:39 info hostapd[]: wlan0: STA d4:0b:1a:ba:74:8b IEEE 802.11: authenticated
2019-01-20 08:38:39 info hostapd[]: wlan0: STA d4:0b:1a:ba:74:8b IEEE 802.11: associated (aid 3)
2019-01-20 08:38:39 info hostapd[]: wlan0: STA d4:0b:1a:ba:74:8b RADIUS: starting accounting session D9BDFB8C5C4A1576
2019-01-20 08:38:39 info hostapd[]: wlan0: STA d4:0b:1a:ba:74:8b WPA: pairwise key handshake completed (RSN)
2019-01-20 08:38:39 info dnsmasq-dhcp[20449]: DHCPDISCOVER(br-lan) d4:0b:1a:ba:74:8b 
2019-01-20 08:38:39 info dnsmasq-dhcp[20449]: DHCPOFFER(br-lan) 192.168.1.233 d4:0b:1a:ba:74:8b 
2019-01-20 08:38:39 info dnsmasq-dhcp[20449]: DHCPREQUEST(br-lan) 192.168.1.233 d4:0b:1a:ba:74:8b 
2019-01-20 08:38:39 info dnsmasq-dhcp[20449]: DHCPACK(br-lan) 192.168.1.233 d4:0b:1a:ba:74:8b android-ec79289f7159cdba
2019-01-20 08:38:40 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:38:40 notice netifd[]: wan (20662): udhcpc: sending discover
2019-01-20 08:38:41 notice netifd[]: wan (20662): udhcpc: sending select for 84.107.178.15
2019-01-20 08:38:41 notice netifd[]: wan (20662): udhcpc: lease of 84.107.178.15 obtained, lease time 391394
2019-01-20 08:38:41 notice netifd[]: Interface 'wan6' is enabled
2019-01-20 08:38:41 notice netifd[]: Network alias 'eth1' link is up
2019-01-20 08:38:41 notice netifd[]: Interface 'wan6' has link connectivity 
2019-01-20 08:38:41 notice netifd[]: Interface 'wan6' is setting up now
2019-01-20 08:38:41 notice netifd[]: Interface 'wan6' is now up
2019-01-20 08:38:41 notice netifd[]: Interface 'wan' is now up
2019-01-20 08:38:41 notice firewall[]: Reloading firewall due to ifup of wan (eth1)
2019-01-20 08:38:41 info kresd[20131]: [ ta ] key: 19036 state: Missing
2019-01-20 08:38:41 info kresd[20131]: [ ta ] key: 20326 state: Valid
2019-01-20 08:38:41 info kresd[20131]: [ ta ] next refresh for . in 1 hours
2019-01-20 08:38:41 info dnsmasq[20449]: exiting on receipt of SIGTERM
2019-01-20 08:38:41 info dnsmasq[20776]: started, version 2.78 DNS disabled
2019-01-20 08:38:41 info dnsmasq[20776]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify
2019-01-20 08:38:41 info dnsmasq-dhcp[20776]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
2019-01-20 08:38:41 info dnsmasq-dhcp[20776]: read /etc/ethers - 0 addresses
2019-01-20 08:38:41 warning odhcpd[2459]: DHCPV6 REQUEST IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:38:43 notice firewall[]: Reloading firewall due to ifup of wan6 (eth1)
2019-01-20 08:38:51 info kresd[20849]: [ ta ] key: 19036 state: Missing
2019-01-20 08:38:51 info kresd[20849]: [ ta ] key: 20326 state: Valid
2019-01-20 08:38:51 info kresd[20849]: [ ta ] next refresh for . in 1 hours
2019-01-20 08:39:01 info /usr/sbin/cron[21032]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:39:36 info kresd[20849]: net.ipv6 = false
2019-01-20 08:39:36 info kresd[20849]: 
2019-01-20 08:39:44 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:39:46 info kresd[20849]: > net.ipv6 = false
2019-01-20 08:39:46 info kresd[20849]: 
2019-01-20 08:40:01 info /usr/sbin/cron[21080]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:40:01 info /usr/sbin/cron[21081]: (root) CMD (   /usr/bin/notifier)
2019-01-20 08:40:01 info /usr/sbin/cron[21085]: (root) CMD (nethist_stats.lua)
2019-01-20 08:40:12 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:40:49 notice openvpn(server_turris)[20164]: 192.168.1.101 TLS: Initial packet from [AF_INET6]::ffff:192.168.1.101:58147, sid=582218e5 37d57a3c
2019-01-20 08:41:00 notice openvpn(server_turris)[20164]: 192.168.1.101 TLS: Initial packet from [AF_INET6]::ffff:192.168.1.101:57231, sid=4d987de3 6b71340f
2019-01-20 08:41:01 info /usr/sbin/cron[21153]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:41:10 notice openvpn(server_turris)[20164]: 192.168.1.101 TLS: Initial packet from [AF_INET6]::ffff:192.168.1.101:49426, sid=f93f75a6 01844832
2019-01-20 08:41:34 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:41:49 err openvpn(server_turris)[20164]: 192.168.1.101 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2019-01-20 08:41:49 err openvpn(server_turris)[20164]: 192.168.1.101 TLS Error: TLS handshake failed
2019-01-20 08:41:49 notice openvpn(server_turris)[20164]: 192.168.1.101 SIGUSR1[soft,tls-error] received, client-instance restarting
2019-01-20 08:42:00 err openvpn(server_turris)[20164]: 192.168.1.101 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2019-01-20 08:42:00 err openvpn(server_turris)[20164]: 192.168.1.101 TLS Error: TLS handshake failed
2019-01-20 08:42:00 notice openvpn(server_turris)[20164]: 192.168.1.101 SIGUSR1[soft,tls-error] received, client-instance restarting
2019-01-20 08:42:01 info /usr/sbin/cron[21189]: (root) CMD (nethist_stats.lua)
2019-01-20 08:42:01 info /usr/sbin/cron[21188]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:42:07 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:42:10 err openvpn(server_turris)[20164]: 192.168.1.101 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2019-01-20 08:42:10 err openvpn(server_turris)[20164]: 192.168.1.101 TLS Error: TLS handshake failed
2019-01-20 08:42:10 notice openvpn(server_turris)[20164]: 192.168.1.101 SIGUSR1[soft,tls-error] received, client-instance restarting
2019-01-20 08:43:01 info /usr/sbin/cron[21217]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:43:30 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:44:01 info /usr/sbin/cron[21250]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:44:01 info /usr/sbin/cron[21251]: (root) CMD (nethist_stats.lua)
2019-01-20 08:44:19 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:45:01 info /usr/sbin/cron[21284]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:45:01 info /usr/sbin/cron[21285]: (root) CMD (   /usr/bin/notifier)
2019-01-20 08:45:41 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:46:01 info /usr/sbin/cron[21361]: (root) CMD (nethist_stats.lua)
2019-01-20 08:46:01 info /usr/sbin/cron[21360]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:46:16 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:46:18 warning odhcpd[2459]: DHCPV6 REBIND IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:47:01 info /usr/sbin/cron[21394]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:47:35 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:48:01 info /usr/sbin/cron[21425]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:48:01 info /usr/sbin/cron[21427]: (root) CMD (nethist_stats.lua)
2019-01-20 08:48:06 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:49:01 info /usr/sbin/cron[21456]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:49:37 notice openvpn(server_turris)[20164]: 188.XXX.XXX.XXX TLS: Initial packet from [AF_INET6]::ffff:188.207.117.109:41181, sid=7c82a43a 4f36ba7c
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: 188.XXX.XXX.XXX VERIFY OK: depth=1, CN=openvpn
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: 188.XXX.XXX.XXX VERIFY OK: depth=0, CN=Martijn
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: 188.XXX.XXX.XXX peer info: IV_GUI_VER=net.openvpn.connect.ios_3.0.2-894
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: 188.XXX.XXX.XXX peer info: IV_VER=3.2
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: 188.XXX.XXX.XXX peer info: IV_PLAT=ios
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: 188.XXX.XXX.XXX peer info: IV_NCP=2
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: 188.XXX.XXX.XXX peer info: IV_TCPNL=1
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: 188.XXX.XXX.XXX peer info: IV_PROTO=2
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: 188.XXX.XXX.XXX peer info: IV_LZO=1
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: 188.XXX.XXX.XXX peer info: IV_IPv6=0
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: 188.XXX.XXX.XXX peer info: IV_AUTO_SESS=1
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: 188.XXX.XXX.XXX peer info: IV_BS64DL=1
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: 188.XXX.XXX.XXX Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: 188.XXX.XXX.XXX [Martijn] Peer Connection Initiated with [AF_INET6]::ffff:188.XXX.XXX.XXX:41181
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: Martijn/188.XXX.XXX.XXX MULTI_sva: pool returned IPv4=10.111.111.6, IPv6=(Not enabled)
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: Martijn/188.XXX.XXX.XXX MULTI: Learn: 10.111.111.6 -> Martijn/188.XXX.XXX.XXX
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: Martijn/188.XXX.XXX.XXX MULTI: primary virtual IP for Martijn/188.XXX.XXX.XXX: 10.111.111.6
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: Martijn/188.XXX.XXX.XXX PUSH: Received control message: 'PUSH_REQUEST'
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: Martijn/188.XXX.XXX.XXX SENT CONTROL [Martijn]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,redirect-gateway def1,dhcp-option DNS 10.111.111.1,route 10.111.111.1,topology net30,ping 10,ping-restart 120,ifconfig 10.111.111.6 10.111.111.5,peer-id 0,cipher AES-256-GCM' (status=1)
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: Martijn/188.XXX.XXX.XXX Data Channel: using negotiated cipher 'AES-256-GCM'
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: Martijn/188.XXX.XXX.XXX Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2019-01-20 08:49:38 notice openvpn(server_turris)[20164]: Martijn/188.XXX.XXX.XXX Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2019-01-20 08:49:39 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:49:57 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:50:01 info /usr/sbin/cron[21493]: (root) CMD (nethist_stats.lua)
2019-01-20 08:50:01 info /usr/sbin/cron[21491]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:50:01 info /usr/sbin/cron[21492]: (root) CMD (   /usr/bin/notifier)
2019-01-20 08:50:07 info hostapd[]: wlan0: STA 70:f0:87:e4:42:bc IEEE 802.11: disconnected due to excessive missing ACKs
2019-01-20 08:50:37 info hostapd[]: wlan0: STA 70:f0:87:e4:42:bc IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
2019-01-20 08:51:01 info /usr/sbin/cron[21556]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:51:29 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:51:57 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:52:01 info /usr/sbin/cron[21591]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:52:01 info /usr/sbin/cron[21592]: (root) CMD (nethist_stats.lua)
2019-01-20 08:53:01 info /usr/sbin/cron[21650]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:53:26 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:54:01 info /usr/sbin/cron[21841]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:54:01 info /usr/sbin/cron[21842]: (root) CMD (nethist_stats.lua)
2019-01-20 08:54:05 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:55:01 info /usr/sbin/cron[21900]: (root) CMD (   /usr/bin/notifier)
2019-01-20 08:55:01 info /usr/sbin/cron[21899]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:55:32 warning openvpn(server_turris)[20164]: Martijn/188.207.117.109 IP packet with unknown IP version=2 seen
2019-01-20 08:55:35 notice openvpn(server_turris)[20164]: 188.XXX.XXX.XXX TLS: Initial packet from [AF_INET6]::ffff:188.207.117.109:41187, sid=636f6dea 828786ac
2019-01-20 08:55:37 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:56:01 info /usr/sbin/cron[21965]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:56:01 info /usr/sbin/cron[21966]: (root) CMD (nethist_stats.lua)
2019-01-20 08:56:07 notice openvpn(server_turris)[20164]: 188.XXX.XXX.XXX TLS: Initial packet from [AF_INET6]::ffff:188.XXX.XXX.XXX:41188, sid=d6af4822 7105930c
2019-01-20 08:56:12 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:56:35 err openvpn(server_turris)[20164]: 188.XXX.XXX.XXX TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2019-01-20 08:56:35 err openvpn(server_turris)[20164]: 188.XXX.XXX.XXX TLS Error: TLS handshake failed
2019-01-20 08:56:35 notice openvpn(server_turris)[20164]: 188.XXX.XXX.XXX SIGUSR1[soft,tls-error] received, client-instance restarting
2019-01-20 08:57:01 info /usr/sbin/cron[21997]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:57:05 warning odhcpd[2459]: DHCPV6 REBIND IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:57:07 err openvpn(server_turris)[20164]: 188.XXX.XXX.XXX TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2019-01-20 08:57:07 err openvpn(server_turris)[20164]: 188.XXX.XXX.XXX TLS Error: TLS handshake failed
2019-01-20 08:57:07 notice openvpn(server_turris)[20164]: 188.XXX.XXX.XXX SIGUSR1[soft,tls-error] received, client-instance restarting
2019-01-20 08:57:26 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:58:01 info /usr/sbin/cron[22032]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:58:01 info /usr/sbin/cron[22033]: (root) CMD (nethist_stats.lua)
2019-01-20 08:58:18 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:59:01 info /usr/sbin/cron[22073]: (root) CMD (/usr/bin/rainbow_button_sync.sh)
2019-01-20 08:59:15 warning odhcpd[2459]: DHCPV6 SOLICIT IA_NA from 0003000164a5c35e4d3a on br-lan: ok fd6a:12ae:2b4b::1d8/128 
2019-01-20 08:59:32 notice openvpn(server_turris)[20164]: Martijn/188.XXX.XXX.XXX [Martijn] Inactivity timeout (--ping-restart), restarting
2019-01-20 08:59:32 notice openvpn(server_turris)[20164]: Martijn/188.XXX.XXX.XXX SIGUSR1[soft,ping-restart] received, client-instance restarting

protree · January 20, 2019, 8:53am

It still says AF_INET6… Is it possible to change protocol from UDP to TCP in Foris? If so do it and generate new client certificate. TCP Connections are more robust in some situations…

ekim · January 20, 2019, 11:17am

Protocol changed from udp to tcp. Checked rule in firewall tcp and udp are allowed on port 1194. Altered protocol settings on phone in openvpn client from ump to tcp.

Now on phone it doesn’t connect and I don’t get the vpn icon.