[FS#738] openvpn and DNS with LEDE Reboot 17.01.1

LEDE Bugs lede-bugs at lists.infradead.org
Wed Apr 26 14:39:30 PDT 2017 

The following task has a new comment added:

FS#738 - openvpn and DNS with LEDE Reboot 17.01.1
User who did this - Kevin Klement (gufus)

----------
Ah sure, now it works!


Argg..

aka:	gufus

---
Wed Apr 26 15:27:28 2017 OpenVPN 2.4.0 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Apr 26 15:27:28 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Wed Apr 26 15:27:28 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Apr 26 15:27:28 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 26 15:27:28 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 26 15:27:28 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]46.246.63.2:4333
Wed Apr 26 15:27:28 2017 Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Apr 26 15:27:28 2017 UDP link local: (not bound)
Wed Apr 26 15:27:28 2017 UDP link remote: [AF_INET]46.246.63.2:4333
Wed Apr 26 15:27:28 2017 TLS: Initial packet from [AF_INET]46.246.63.2:4333, sid=b2788751 bddeecda
Wed Apr 26 15:27:28 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Apr 26 15:27:29 2017 VERIFY OK: depth=1, C=SE, ST=Bryggland, L=Oeldal, O=Royal Swedish Beer Squadron, OU=Internetz, CN=Royal Swedish Beer Squadron CA, emailAddress=hostmaster at ipredator.se
Wed Apr 26 15:27:29 2017 VERIFY OK: nsCertType=SERVER
Wed Apr 26 15:27:29 2017 VERIFY OK: depth=0, C=SE, ST=Bryggland, L=Oeldal, O=Royal Swedish Beer Squadron, CN=ahcaeteiroud.openvpn.ipredator.se, emailAddress=hostmaster at ipredator.se
Wed Apr 26 15:27:29 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-SHA, 2999 bit RSA
Wed Apr 26 15:27:29 2017 [ahcaeteiroud.openvpn.ipredator.se] Peer Connection Initiated with [AF_INET]46.246.63.2:4333
Wed Apr 26 15:27:30 2017 SENT CONTROL [ahcaeteiroud.openvpn.ipredator.se]: 'PUSH_REQUEST' (status=1)
Wed Apr 26 15:27:30 2017 PUSH: Received control message: 'PUSH_REPLY,route 46.246.63.2 255.255.255.255 net_gateway,route-gateway 46.246.63.1,redirect-gateway def1,topology subnet,dhcp-option DOMAIN ipredator.se,dhcp-option DNS 46.246.46.46,dhcp-option DNS 194.132.32.23,ip-win32 dynamic,ping 10,ping-restart 60,explicit-exit-notify 3,sndbuf 0,rcvbuf 0,peer-id 5,cipher AES-256-CBC,ifconfig 46.246.63.89 255.255.255.0'
Wed Apr 26 15:27:30 2017 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:8: ip-win32 (2.4.0)
Wed Apr 26 15:27:30 2017 OPTIONS IMPORT: timers and/or timeouts modified
Wed Apr 26 15:27:30 2017 OPTIONS IMPORT: explicit notify parm(s) modified
Wed Apr 26 15:27:30 2017 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Wed Apr 26 15:27:30 2017 Socket Buffers: R=[163840->163840] S=[163840->163840]
Wed Apr 26 15:27:30 2017 OPTIONS IMPORT: --ifconfig/up options modified
Wed Apr 26 15:27:30 2017 OPTIONS IMPORT: route options modified
Wed Apr 26 15:27:30 2017 OPTIONS IMPORT: route-related options modified
Wed Apr 26 15:27:30 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Apr 26 15:27:30 2017 OPTIONS IMPORT: peer-id set
Wed Apr 26 15:27:30 2017 OPTIONS IMPORT: adjusting link_mtu to 1625
Wed Apr 26 15:27:30 2017 OPTIONS IMPORT: data channel crypto options modified
Wed Apr 26 15:27:30 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Apr 26 15:27:30 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 26 15:27:30 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Wed Apr 26 15:27:30 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Apr 26 15:27:30 2017 TUN/TAP device tun1337 opened
Wed Apr 26 15:27:30 2017 TUN/TAP TX queue length set to 100
Wed Apr 26 15:27:30 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Apr 26 15:27:30 2017 /sbin/ifconfig tun1337 46.246.63.89 netmask 255.255.255.0 mtu 1500 broadcast 46.246.63.255
Wed Apr 26 15:27:31 2017 /etc/openvpn/set-client_iptables tun1337 1500 1561 46.246.63.89 255.255.255.0 init
Warning: Unable to locate ipset utility, disabling ipset support
Warning: Section @redirect[1] (WRT5800acm Slsve) has no target specified, defaulting to DNAT
Warning: Section @redirect[2] (WRT1900ac Slave) has no target specified, defaulting to DNAT
Warning: Section @redirect[3] (WRT1900ac Web server) has no target specified, defaulting to DNAT
Warning: Section @redirect[4] (WRT54GL Switch) has no target specified, defaulting to DNAT
 * Flushing IPv4 filter table
 * Flushing IPv4 nat table
 * Flushing IPv4 mangle table
 * Flushing IPv6 filter table
 * Flushing IPv6 mangle table
 * Flushing conntrack table ...
 * Populating IPv4 filter table
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
   * Zone 'hma'
   * Rule 'Allow-OpenSSH'
   * Rule 'Allow-DHCP-Renew'
   * Rule 'Allow-Ping'
   * Rule 'Allow-IGMP'
   * Rule 'Allow-ESP-Forward'
   * Rule 'Allow-L2TP/IPSec-Forward'
   * Redirect 'BINKp'
   * Redirect 'WRT5800acm Slsve'
   * Redirect 'WRT1900ac Slave'
   * Redirect 'WRT1900ac Web server'
   * Redirect 'WRT54GL Switch'
   * Forward 'lan' -> 'hma'
   * Forward 'lan' -> 'ipr'
   * Forward 'lan' -> 'wan'
 * Populating IPv4 nat table
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
   * Zone 'hma'
   * Redirect 'BINKp'
   * Redirect 'WRT5800acm Slsve'
   * Redirect 'WRT1900ac Slave'
   * Redirect 'WRT1900ac Web server'
   * Redirect 'WRT54GL Switch'
 * Populating IPv4 mangle table
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
   * Zone 'hma'
 * Populating IPv6 filter table
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
   * Zone 'hma'
   * Rule 'Allow-DHCPv6'
   * Rule 'Allow-MLD'
   * Rule 'Allow-ICMPv6-Input'
   * Rule 'Allow-ICMPv6-Forward'
   * Rule 'Allow-ESP-Forward'
   * Rule 'Allow-L2TP/IPSec-Forward'
   * Forward 'lan' -> 'hma'
   * Forward 'lan' -> 'ipr'
   * Forward 'lan' -> 'wan'
 * Populating IPv6 mangle table
   * Zone 'lan'
   * Zone 'wan'
   * Zone 'ipr'
   * Zone 'hma'
 * Set tcp_ecn to off
 * Set tcp_syncookies to on
 * Set tcp_window_scaling to on
 * Running script '/etc/firewall.user'
Wed Apr 26 15:27:43 2017 /sbin/route add -net 46.246.63.2 netmask 255.255.255.255 gw 96.51.188.1
Wed Apr 26 15:27:43 2017 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 46.246.63.1
Wed Apr 26 15:27:43 2017 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 46.246.63.1
Wed Apr 26 15:27:43 2017 /sbin/route add -net 46.246.63.2 netmask 255.255.255.255 gw 96.51.188.1
route: SIOCADDRT: File exists
Wed Apr 26 15:27:43 2017 ERROR: Linux route add command failed: external program exited with error status: 1
Wed Apr 26 15:27:43 2017 Initialization Sequence Completed

----------

More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=738#comment2511

More information about the lede-bugs mailing list