Hi Guys,
I have been experimenting with OpenVPN cloud with my RUT240 and I had it working perfectly fine until last week and then everything stopped working all of a sudden since Monday.
My current setup is:
Client site WAN Home
|RUT240 router (vpn connector)|<----------> |OpenVPN Cloud|<---------->|User Laptop (vpn connect)|
LAN 192.168.1.0/24
Device 1: 192.168.1.1
Device 2: 192.168.1.2
and the server has been configured to make 192.168.1.0/24 accessible by all clients.
I had a quick look at the system log and it was throwing out a few error messages which may be the cause of the issue although I am unable to confirm as I haven't seen these messages before:
daemon.err openvpn(vpntest)[10821]: event_wait : Interrupted system call (code=4)
daemon.notice openvpn(vpntest)[10821]: SIGTERM received, sending exit notification to peer
daemon.notice openvpn(vpntest)[10821]: net_route_v4_del: 100.96.0.0/11 via 100.96.1.17 dev [NULL] table 0 metric -1
daemon.notice openvpn(vpntest)[10821]: net_route_v4_del: 100.80.0.0/12 via 100.96.1.17 dev [NULL] table 0 metric -1
daemon.notice openvpn(vpntest)[10821]: delete_route_ipv6(fd:0:0:8000::/49)
daemon.notice openvpn(vpntest)[10821]: net_route_v6_del: fd:0:0:8000::/49 via :: dev tun_c_vpntest table 0 metric -1
daemon.notice openvpn(vpntest)[10821]: delete_route_ipv6(fd:0:0:4000::/50)
daemon.notice openvpn(vpntest)[10821]: net_route_v6_del: fd:0:0:4000::/50 via :: dev tun_c_vpntest table 0 metric -1
daemon.notice openvpn(vpntest)[10821]: Closing TUN/TAP interface
daemon.notice openvpn(vpntest)[10821]: net_addr_v4_del: 100.96.1.18 dev tun_c_vpntest
daemon.notice openvpn(vpntest)[10821]: net_addr_v6_del: fd:0:0:8101::2/64 dev tun_c_vpntest
daemon.notice openvpn(vpntest)[10821]: SIGTERM[soft,exit-with-notification] received, process exiting
daemon.warn openvpn(vpntest)[24532]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
daemon.notice openvpn(vpntest)[24532]: OpenVPN 2.5.3 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
daemon.notice openvpn(vpntest)[24532]: library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
daemon.notice openvpn(vpntest)[24532]: Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
daemon.notice openvpn(vpntest)[24532]: Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
daemon.notice openvpn(vpntest)[24532]: TCP/UDP: Preserving recently used remote address: [AF_INET]66.203.112.173:1194
daemon.notice openvpn(vpntest)[24532]: Socket Buffers: R=[180224->180224] S=[180224->180224]
daemon.warn openvpn(vpntest)[24532]: NOTE: setsockopt TCP_NODELAY=1 failed
daemon.notice openvpn(vpntest)[24532]: UDP link local: (not bound)
daemon.notice openvpn(vpntest)[24532]: UDP link remote: [AF_INET]66.203.112.173:1194
daemon.notice openvpn(vpntest)[24532]: TLS: Initial packet from [AF_INET]66.203.112.173:1194, sid=16c9ae4d 6b5b0b01
daemon.notice openvpn(vpntest)[24532]: VERIFY OK: depth=1, CN=CloudVPN Prod CA
daemon.notice openvpn(vpntest)[24532]: VERIFY KU OK
daemon.notice openvpn(vpntest)[24532]: Validating certificate extended key usage
daemon.notice openvpn(vpntest)[24532]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
daemon.notice openvpn(vpntest)[24532]: VERIFY EKU OK
daemon.notice openvpn(vpntest)[24532]: VERIFY OK: depth=0, CN=au-syd-dc1-b1.cloud.openvpn.net
daemon.notice openvpn(vpntest)[24532]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 2048 bit RSA, signature: RSA-SHA256
daemon.notice openvpn(vpntest)[24532]: [au-syd-dc1-b1.cloud.openvpn.net] Peer Connection Initiated with [AF_INET]66.203.112.173:1194
daemon.notice openvpn(vpntest)[24532]: SENT CONTROL [au-syd-dc1-b1.cloud.openvpn.net]: 'PUSH_REQUEST' (status=1)
daemon.notice openvpn(vpntest)[24532]: PUSH: Received control message: 'PUSH_REPLY,route-gateway 100.96.1.17,ifconfig 100.96.1.18 255.255.255.240,ifconfig-ipv6 fd:0:0:8101::2/64 fd:0:0:8101::1,client-ip 219.88.67.71,ping 8,ping-restart 40,reneg-sec 3600,cipher AES-256-GCM,compress stub-v2,peer-id 8862,topology subnet,explicit-exit-notify,remote-cache-lifetime 86400,block-outside-dns,route 100.96.0.0 255.224.0.0,route-ipv6 fd:0:0:8000::/49,route 100.80.0.0 255.240.0.0,route-ipv6 fd:0:0:4000::/50,dhcp-option DNS 100.96.1.17,auth-tokenSESS_ID,auth-token-user cnBtdnBuL2Nvbm5lY3Rvci82ZTE2NDZjYy0wMjgxLTQ4ODYtYTk1OS02OGI5NDE3OWRmZDZfNzA1MzYwODQtY2UxZS00ZTU1LTliY2QtNGMwMTM2MzljNDI5'
daemon.err openvpn(vpntest)[24532]: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: client-ip (2.5.3)
daemon.err openvpn(vpntest)[24532]: Options error: option 'reneg-sec' cannot be used in this context ([PUSH-OPTIONS])
daemon.err openvpn(vpntest)[24532]: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:13: remote-cache-lifetime (2.5.3)
daemon.err openvpn(vpntest)[24532]: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:14: block-outside-dns (2.5.3)
daemon.warn openvpn(vpntest)[24532]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
daemon.notice openvpn(vpntest)[24532]: OPTIONS IMPORT: timers and/or timeouts modified
daemon.notice openvpn(vpntest)[24532]: OPTIONS IMPORT: explicit notify parm(s) modified
daemon.notice openvpn(vpntest)[24532]: OPTIONS IMPORT: compression parms modified
daemon.notice openvpn(vpntest)[24532]: OPTIONS IMPORT: --ifconfig/up options modified
daemon.notice openvpn(vpntest)[24532]: OPTIONS IMPORT: route options modified
daemon.notice openvpn(vpntest)[24532]: OPTIONS IMPORT: route-related options modified
daemon.notice openvpn(vpntest)[24532]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
daemon.notice openvpn(vpntest)[24532]: OPTIONS IMPORT: peer-id set
daemon.notice openvpn(vpntest)[24532]: OPTIONS IMPORT: adjusting link_mtu to 1624
daemon.notice openvpn(vpntest)[24532]: OPTIONS IMPORT: data channel crypto options modified
daemon.notice openvpn(vpntest)[24532]: Data Channel: using negotiated cipher 'AES-256-GCM'
daemon.notice openvpn(vpntest)[24532]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
daemon.notice openvpn(vpntest)[24532]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
daemon.notice openvpn(vpntest)[24532]: net_route_v4_best_gw query: dst 0.0.0.0
daemon.notice openvpn(vpntest)[24532]: net_route_v4_best_gw result: via 10.0.0.1 dev eth1
daemon.notice openvpn(vpntest)[24532]: GDG6: remote_host_ipv6=n/a
daemon.notice openvpn(vpntest)[24532]: net_route_v6_best_gw query: dst ::
daemon.warn openvpn(vpntest)[24532]: sitnl_send: rtnl: generic error (-13): Permission denied
daemon.notice openvpn(vpntest)[24532]: TUN/TAP device tun_c_vpntest opened
daemon.notice openvpn(vpntest)[24532]: net_iface_mtu_set: mtu 1500 for tun_c_vpntest
daemon.notice openvpn(vpntest)[24532]: net_iface_up: set tun_c_vpntest up
daemon.notice openvpn(vpntest)[24532]: net_addr_v4_add: 100.96.1.18/28 dev tun_c_vpntest
daemon.notice openvpn(vpntest)[24532]: net_iface_mtu_set: mtu 1500 for tun_c_vpntest
daemon.notice openvpn(vpntest)[24532]: net_iface_up: set tun_c_vpntest up
daemon.notice openvpn(vpntest)[24532]: net_addr_v6_add: fd:0:0:8101::2/64 dev tun_c_vpntest
daemon.notice openvpn(vpntest)[24532]: net_route_v4_add: 100.96.0.0/11 via 100.96.1.17 dev [NULL] table 0 metric -1
daemon.notice openvpn(vpntest)[24532]: net_route_v4_add: 100.80.0.0/12 via 100.96.1.17 dev [NULL] table 0 metric -1
daemon.notice openvpn(vpntest)[24532]: add_route_ipv6(fd:0:0:8000::/49 -> fd:0:0:8101::1 metric -1) dev tun_c_vpntest
daemon.notice openvpn(vpntest)[24532]: net_route_v6_add: fd:0:0:8000::/49 via :: dev tun_c_vpntest table 0 metric -1
daemon.notice openvpn(vpntest)[24532]: add_route_ipv6(fd:0:0:4000::/50 -> fd:0:0:8101::1 metric -1) dev tun_c_vpntest
daemon.notice openvpn(vpntest)[24532]: net_route_v6_add: fd:0:0:4000::/50 via :: dev tun_c_vpntest table 0 metric -1
daemon.notice openvpn(vpntest)[24532]: Initialization Sequence Completed
daemon.info hostapd: wlan0: STA a4:c4:94:3f:28:07 WPA: group key handshake completed (RSN)
Has anyone run into this type of problem before? I am a bit puzzled by the sudden change over the weekend.. perhaps there has been some changes on the server side regarding formats on pushing options to the clients and RUT240 is unable to cope with this change? Seeking for an advice/explanation..