#ipv6-test.com shows my public IPv4, same thing as in the Turris Web interface. That seems to be OK. It’s seems to be a real static public IPv4 address. There are no ports I have to open. In this straight test setup TO is the first line of defense behind the modem of the ISP, because TO has a firewall built in. Then there is the PC behind the TO. I can put the PC behind a second Firewall. But I thought TO is a good solution as being the first (FW)-device against threats of the internet, true? And by being the first device I can have the VPN connection without messing with opening ports etc. on a second router/FW.
Below as you asked for this is the log of the Android VPN client trying to connect to the TO VPN-Server. There is no VPN-related action in the TO System Log during that connection attempt. I could post the TO System Log of today but it has 250 pages… maybe a bit too much here!
2019-03-16 21:44:08 offizielle Version 0.7.8 läuft auf samsung SM-G950F (universal8895), Android 9 API 28, ABI arm64-v8a, (samsung/dreamltexx/dreamlte:9/:user/release-keys)
2019-03-16 21:44:08 Generiere OpenVPN-Konfiguration…
2019-03-16 21:44:09 started Socket Thread
2019-03-16 21:44:09 Netzwerkstatus: CONNECTED EDGE to MOBILE web.vodafone.de
2019-03-16 21:44:09 Debug state info: CONNECTED EDGE to MOBILE web.vodafone.de, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2019-03-16 21:44:09 Debug state info: CONNECTED EDGE to MOBILE web.vodafone.de, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2019-03-16 21:44:09 WARNING: Compression enabled, Compression has been used in the past to break encryption. Enabling decompression of received packet only. Sent packets are not compressed.
2019-03-16 21:44:09 WARNING: Compression enabled, Compression has been used in the past to break encryption. Enabling decompression of received packet only. Sent packets are not compressed.
2019-03-16 21:44:09 Current Parameter Settings:
2019-03-16 21:44:09 config = '/data/user/0/de.blinkt.openvpn/cache/android.conf'
2019-03-16 21:44:09 mode = 0
2019-03-16 21:44:09 show_ciphers = DISABLED
2019-03-16 21:44:09 show_digests = DISABLED
2019-03-16 21:44:09 show_engines = DISABLED
2019-03-16 21:44:09 genkey = DISABLED
2019-03-16 21:44:09 key_pass_file = '[UNDEF]'
2019-03-16 21:44:09 show_tls_ciphers = DISABLED
2019-03-16 21:44:09 connect_retry_max = 0
2019-03-16 21:44:09 Connection profiles [0]:
2019-03-16 21:44:09 proto = udp
2019-03-16 21:44:09 local = '[UNDEF]'
2019-03-16 21:44:09 local_port = '[UNDEF]'
2019-03-16 21:44:09 Warte 0s Sekunden zwischen zwei Verbindungsversuchen
2019-03-16 21:44:09 Could not protect VPN socket
2019-03-16 21:44:09 remote = 'XXX.XX.XXX.XX'
2019-03-16 21:44:09 remote_port = '1194'
2019-03-16 21:44:09 remote_float = DISABLED
2019-03-16 21:44:09 bind_defined = DISABLED
2019-03-16 21:44:09 bind_local = DISABLED
2019-03-16 21:44:09 bind_ipv6_only = DISABLED
2019-03-16 21:44:09 connect_retry_seconds = 2
2019-03-16 21:44:09 connect_timeout = 120
2019-03-16 21:44:09 socks_proxy_server = '[UNDEF]'
2019-03-16 21:44:09 socks_proxy_port = '[UNDEF]'
2019-03-16 21:44:09 tun_mtu = 1500
2019-03-16 21:44:09 tun_mtu_defined = ENABLED
2019-03-16 21:44:09 link_mtu = 1500
2019-03-16 21:44:09 link_mtu_defined = DISABLED
2019-03-16 21:44:09 tun_mtu_extra = 0
2019-03-16 21:44:09 tun_mtu_extra_defined = DISABLED
2019-03-16 21:44:09 mtu_discover_type = -1
2019-03-16 21:44:09 fragment = 0
2019-03-16 21:44:09 mssfix = 1450
2019-03-16 21:44:09 explicit_exit_notification = 0
2019-03-16 21:44:09 tls_auth_file = '[UNDEF]'
2019-03-16 21:44:09 key_direction = not set
2019-03-16 21:44:09 tls_crypt_file = '[UNDEF]'
2019-03-16 21:44:09 tls_crypt_v2_file = '[UNDEF]'
2019-03-16 21:44:09 Connection profiles END
2019-03-16 21:44:09 remote_random = DISABLED
2019-03-16 21:44:09 ipchange = '[UNDEF]'
2019-03-16 21:44:09 dev = 'tun'
2019-03-16 21:44:09 dev_type = '[UNDEF]'
2019-03-16 21:44:09 dev_node = '[UNDEF]'
2019-03-16 21:44:09 lladdr = '[UNDEF]'
2019-03-16 21:44:09 topology = 1
2019-03-16 21:44:09 ifconfig_local = '[UNDEF]'
2019-03-16 21:44:09 ifconfig_remote_netmask = '[UNDEF]'
2019-03-16 21:44:09 ifconfig_noexec = DISABLED
2019-03-16 21:44:09 ifconfig_nowarn = ENABLED
2019-03-16 21:44:09 ifconfig_ipv6_local = '[UNDEF]'
2019-03-16 21:44:09 ifconfig_ipv6_netbits = 0
2019-03-16 21:44:09 ifconfig_ipv6_remote = '[UNDEF]'
2019-03-16 21:44:09 shaper = 0
2019-03-16 21:44:09 mtu_test = 0
2019-03-16 21:44:09 mlock = DISABLED
2019-03-16 21:44:09 keepalive_ping = 0
2019-03-16 21:44:09 keepalive_timeout = 0
2019-03-16 21:44:09 inactivity_timeout = 0
2019-03-16 21:44:09 ping_send_timeout = 0
2019-03-16 21:44:09 ping_rec_timeout = 0
2019-03-16 21:44:09 ping_rec_timeout_action = 0
2019-03-16 21:44:09 ping_timer_remote = DISABLED
2019-03-16 21:44:09 remap_sigusr1 = 0
2019-03-16 21:44:09 persist_tun = ENABLED
2019-03-16 21:44:09 persist_local_ip = DISABLED
2019-03-16 21:44:09 persist_remote_ip = DISABLED
2019-03-16 21:44:09 persist_key = DISABLED
2019-03-16 21:44:09 passtos = DISABLED
2019-03-16 21:44:09 resolve_retry_seconds = 1000000000
2019-03-16 21:44:09 resolve_in_advance = ENABLED
2019-03-16 21:44:09 username = '[UNDEF]'
2019-03-16 21:44:09 groupname = '[UNDEF]'
2019-03-16 21:44:09 chroot_dir = '[UNDEF]'
2019-03-16 21:44:09 cd_dir = '[UNDEF]'
2019-03-16 21:44:09 writepid = '[UNDEF]'
2019-03-16 21:44:09 up_script = '[UNDEF]'
2019-03-16 21:44:09 down_script = '[UNDEF]'
2019-03-16 21:44:09 down_pre = DISABLED
2019-03-16 21:44:09 up_restart = DISABLED
2019-03-16 21:44:09 up_delay = DISABLED
2019-03-16 21:44:09 daemon = DISABLED
2019-03-16 21:44:09 inetd = 0
2019-03-16 21:44:09 log = DISABLED
2019-03-16 21:44:09 suppress_timestamps = DISABLED
2019-03-16 21:44:09 machine_readable_output = ENABLED
2019-03-16 21:44:09 nice = 0
2019-03-16 21:44:09 verbosity = 4
2019-03-16 21:44:09 mute = 0
2019-03-16 21:44:09 gremlin = 0
2019-03-16 21:44:09 status_file = '[UNDEF]'
2019-03-16 21:44:09 status_file_version = 1
2019-03-16 21:44:09 status_file_update_freq = 60
2019-03-16 21:44:09 occ = ENABLED
2019-03-16 21:44:09 rcvbuf = 0
2019-03-16 21:44:09 sndbuf = 0
2019-03-16 21:44:09 sockflags = 0
2019-03-16 21:44:09 fast_io = DISABLED
2019-03-16 21:44:09 comp.alg = 2
2019-03-16 21:44:09 comp.flags = 0
2019-03-16 21:44:09 route_script = '[UNDEF]'
2019-03-16 21:44:09 route_default_gateway = '[UNDEF]'
2019-03-16 21:44:09 route_default_metric = 0
2019-03-16 21:44:09 route_noexec = DISABLED
2019-03-16 21:44:09 route_delay = 0
2019-03-16 21:44:09 route_delay_window = 30
2019-03-16 21:44:09 route_delay_defined = DISABLED
2019-03-16 21:44:09 route_nopull = DISABLED
2019-03-16 21:44:09 route_gateway_via_dhcp = DISABLED
2019-03-16 21:44:09 allow_pull_fqdn = DISABLED
2019-03-16 21:44:09 management_addr = '/data/user/0/de.blinkt.openvpn/cache/mgmtsocket'
2019-03-16 21:44:09 management_port = 'unix'
2019-03-16 21:44:09 management_user_pass = '[UNDEF]'
2019-03-16 21:44:09 management_log_history_cache = 250
2019-03-16 21:44:09 management_echo_buffer_size = 100
2019-03-16 21:44:09 management_write_peer_info_file = '[UNDEF]'
2019-03-16 21:44:09 management_client_user = '[UNDEF]'
2019-03-16 21:44:09 management_client_group = '[UNDEF]'
2019-03-16 21:44:09 management_flags = 294
2019-03-16 21:44:09 shared_secret_file = '[UNDEF]'
2019-03-16 21:44:09 key_direction = not set
2019-03-16 21:44:09 ciphername = 'BF-CBC'
2019-03-16 21:44:09 ncp_enabled = ENABLED
2019-03-16 21:44:09 ncp_ciphers = 'AES-256-GCM:AES-128-GCM'
2019-03-16 21:44:09 authname = 'SHA1'
2019-03-16 21:44:09 prng_hash = 'SHA1'
2019-03-16 21:44:09 prng_nonce_secret_len = 16
2019-03-16 21:44:09 keysize = 0
2019-03-16 21:44:09 engine = DISABLED
2019-03-16 21:44:09 replay = ENABLED
2019-03-16 21:44:09 mute_replay_warnings = ENABLED
2019-03-16 21:44:09 replay_window = 64
2019-03-16 21:44:09 replay_time = 15
2019-03-16 21:44:09 packet_id_file = '[UNDEF]'
2019-03-16 21:44:09 test_crypto = DISABLED
2019-03-16 21:44:09 tls_server = DISABLED
2019-03-16 21:44:09 tls_client = ENABLED
2019-03-16 21:44:09 key_method = 2
2019-03-16 21:44:09 ca_file = '[[INLINE]]'
2019-03-16 21:44:09 ca_path = '[UNDEF]'
2019-03-16 21:44:09 dh_file = '[UNDEF]'
2019-03-16 21:44:09 cert_file = '[[INLINE]]'
2019-03-16 21:44:09 extra_certs_file = '[UNDEF]'
2019-03-16 21:44:09 priv_key_file = '[[INLINE]]'
2019-03-16 21:44:09 pkcs12_file = '[UNDEF]'
2019-03-16 21:44:09 cipher_list = '[UNDEF]'
2019-03-16 21:44:09 cipher_list_tls13 = '[UNDEF]'
2019-03-16 21:44:09 tls_cert_profile = '[UNDEF]'
2019-03-16 21:44:09 tls_verify = '[UNDEF]'
2019-03-16 21:44:09 tls_export_cert = '[UNDEF]'
2019-03-16 21:44:09 verify_x509_type = 0
2019-03-16 21:44:09 verify_x509_name = '[UNDEF]'
2019-03-16 21:44:09 crl_file = '[UNDEF]'
2019-03-16 21:44:09 ns_cert_type = 0
2019-03-16 21:44:09 remote_cert_ku[i] = 65535
2019-03-16 21:44:09 remote_cert_ku[i] = 0
2019-03-16 21:44:09 remote_cert_ku[i] = 0
2019-03-16 21:44:09 remote_cert_ku[i] = 0
2019-03-16 21:44:09 remote_cert_ku[i] = 0
2019-03-16 21:44:09 remote_cert_ku[i] = 0
2019-03-16 21:44:09 remote_cert_ku[i] = 0
2019-03-16 21:44:09 remote_cert_ku[i] = 0
2019-03-16 21:44:09 remote_cert_ku[i] = 0
2019-03-16 21:44:09 remote_cert_ku[i] = 0
2019-03-16 21:44:09 remote_cert_ku[i] = 0
2019-03-16 21:44:09 remote_cert_ku[i] = 0
2019-03-16 21:44:09 remote_cert_ku[i] = 0
2019-03-16 21:44:09 remote_cert_ku[i] = 0
2019-03-16 21:44:09 remote_cert_ku[i] = 0
2019-03-16 21:44:09 remote_cert_ku[i] = 0
2019-03-16 21:44:09 remote_cert_eku = 'TLS Web Server Authentication'
2019-03-16 21:44:09 ssl_flags = 0
2019-03-16 21:44:09 tls_timeout = 2
2019-03-16 21:44:09 renegotiate_bytes = -1
2019-03-16 21:44:09 renegotiate_packets = 0
2019-03-16 21:44:09 renegotiate_seconds = 3600
2019-03-16 21:44:09 handshake_window = 60
2019-03-16 21:44:09 transition_window = 3600
2019-03-16 21:44:09 single_session = DISABLED
2019-03-16 21:44:09 push_peer_info = DISABLED
2019-03-16 21:44:09 tls_exit = DISABLED
2019-03-16 21:44:09 tls_crypt_v2_genkey_type = '[UNDEF]'
2019-03-16 21:44:09 tls_crypt_v2_genkey_file = '[UNDEF]'
2019-03-16 21:44:09 tls_crypt_v2_metadata = '[UNDEF]'
2019-03-16 21:44:09 client = ENABLED
2019-03-16 21:44:09 pull = ENABLED
2019-03-16 21:44:09 auth_user_pass_file = '[UNDEF]'
2019-03-16 21:44:09 OpenVPN 2.5-icsopenvpn [git:icsopenvpn/v0.7.8-0-g168367a5] arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb 22 2019
2019-03-16 21:44:09 library versions: OpenSSL 1.1.1a 20 Nov 2018, LZO 2.10
2019-03-16 21:44:09 MANAGEMENT: Connected to management server at /data/user/0/de.blinkt.openvpn/cache/mgmtsocket
2019-03-16 21:44:09 MANAGEMENT: CMD 'version 3'
2019-03-16 21:44:09 MANAGEMENT: CMD 'hold release'
2019-03-16 21:44:09 LZO compression initializing
2019-03-16 21:44:09 Control Channel MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
2019-03-16 21:44:09 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
2019-03-16 21:44:09 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
2019-03-16 21:44:09 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
2019-03-16 21:44:09 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XX.XXX.XX:1194
2019-03-16 21:44:09 Socket Buffers: R=[229376->229376] S=[229376->229376]
2019-03-16 21:44:09 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
2019-03-16 21:44:09 UDP link local: (not bound)
2019-03-16 21:44:09 UDP link remote: [AF_INET]XXX.XX.XXX.XX:1194
2019-03-16 21:44:09 MANAGEMENT: CMD 'bytecount 2'
2019-03-16 21:44:09 MANAGEMENT: CMD 'state on'
2019-03-16 21:44:10 read UDP [ECONNREFUSED]: Connection refused (code=111)
2019-03-16 21:44:11 read UDP [ECONNREFUSED]: Connection refused (code=111)
2019-03-16 21:44:14 Debug state info: CONNECTED EDGE to MOBILE web.vodafone.de, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2019-03-16 21:44:15 read UDP [ECONNREFUSED]: Connection refused (code=111)
2019-03-16 21:44:25 read UDP [ECONNREFUSED]: Connection refused (code=111)
2019-03-16 21:44:42 read UDP [ECONNREFUSED]: Connection refused (code=111)
2019-03-16 21:44:57 MANAGEMENT: CMD 'signal SIGINT'
2019-03-16 21:44:57 TCP/UDP: Closing socket
2019-03-16 21:44:57 SIGINT[hard,] received, process exiting
2019-03-16 21:44:57 MANAGEMENT: >STATE:1552769097,EXITING,SIGINT,,,,,