Eu resolvi usar o roteamento estático entre o servidor e o ip público que utilizei para efetuar login.
ip route add my.local.pc.ip/32 via 192.168.100.10 dev eth1
Atenciosamente
Sou um novo fórum de usuários e estou fazendo minha primeira configuração de VPN.
Eu comprei um serviço de VPN com o PrivateInternetAccess. Estou configurando uma VM Linux (servidor CentOS 6.5) em um host remoto VMware ESXi. Está por trás de outra VM, que faz funções NAT para várias VMs. Eu tenho acesso total ao host ESXi e ao servidor NAT, para fazer as alterações necessárias.
Eu tenho um cliente openvpn no servidor e ele funciona corretamente.
Meu problema é que quando eu ativo o cliente e o túnel, perco a conexão com o servidor via ssh.
Eu acho que tenho que adicionar uma regra para separar o arquivo de configuração ou no Iptables para manter a porta ssh aberta.
Se você precisar de informações adicionais, eu as adicionarei assim que possível.
=============
Arquivo de configuração do cliente:
client
dev tun
proto udp
remote xxx.privateinternetaccess.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/ca.crt
crl-verify /etc/openvpn/crl.pem
tls-client
remote-cert-tls server
comp-lzo
reneg-sec 0
verb 4 # verbose mode
status /etc/openvpn/openvpn-status.log
log /etc/openvpn/openvpn-log.log
auth-user-pass /etc/openvpn/login.pia
=============
o cliente de IPs, uma vez conectado à VPN, é (os ips de túnel mudam a cada sessão):
eth1 Link encap:Ethernet HWaddr 00:0C:29:6F:FA:48
inet addr:192.168.100.13 Bcast:192.168.100.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
test 1:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.113.1.6 P-t-P:10.113.1.5 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
test 2:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.188.1.10 P-t-P:10.188.1.9 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
Tunnel vpn public IP: test 1: 93.115.83.16
test 2: 5.254.100.67
test 3: 93.115.85.39
=============
arquivo / etc / sysconfig / iptables:
# Generated by iptables-save v1.4.7 on Fri Oct 24 08:19:30 2014
*mangle
:PREROUTING ACCEPT [3340:3277701]
:INPUT ACCEPT [3114:3220261]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2532:706816]
:POSTROUTING ACCEPT [2532:706816]
COMMIT
# Completed on Fri Oct 24 08:19:30 2014
# Generated by iptables-save v1.4.7 on Fri Oct 24 08:19:30 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Fri Oct 24 08:19:30 2014
# Generated by iptables-save v1.4.7 on Fri Oct 24 08:19:30 2014
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Fri Oct 24 08:19:30 2014
=============
Os Iptables permitem todo o tráfego, pois o servidor com o cliente vpn está atrás de outro, o que torna o roteamento sem filtragem.
a saída para "iptables -L -n -v" uma vez conectada à VPN é:
Chain INPUT (policy ACCEPT 1185 packets, 1301K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1490 packets, 568K bytes)
pkts bytes target prot opt in out source destination
para "iptables -L -n -v -t nat"
Chain PREROUTING (policy ACCEPT 18 packets, 1475 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 4 packets, 236 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 4 packets, 236 bytes)
pkts bytes target prot opt in out source destination
=============
Roteamento antes de executar o cliente vpn (netstat -rn)
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 192.168.100.10 0.0.0.0 UG 0 0 0 eth1
Roteamento após a execução do cliente vpn (netstat -rn)
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.110.1.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
93.115.85.39 192.168.100.10 255.255.255.255 UGH 0 0 0 eth1
10.110.1.1 10.110.1.5 255.255.255.255 UGH 0 0 0 tun0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 10.110.1.5 128.0.0.0 UG 0 0 0 tun0
128.0.0.0 10.110.1.5 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.100.10 0.0.0.0 UG 0 0 0 eth1
=============
Eu encontrei este post anterior, segui seus passos, alterando minhas configurações de rede, mas não consegui que funcionasse.
Anonimizar o OpenVPN Permitir acesso SSH ao servidor interno
Acho que estou faltando alguma coisa ou as configurações do privateinternetaccess (recebidas via push) estão bloqueando a entrada em vigor.
alguma ideia de como continuar o teste?
log do cliente openvpn, verbo 4:
Mon Oct 27 17:54:14 2014 us=164352 Current Parameter Settings:
Mon Oct 27 17:54:14 2014 us=164412 config = '/etc/openvpn/client.conf'
Mon Oct 27 17:54:14 2014 us=164422 mode = 0
Mon Oct 27 17:54:14 2014 us=164429 persist_config = DISABLED
Mon Oct 27 17:54:14 2014 us=164436 persist_mode = 1
Mon Oct 27 17:54:14 2014 us=164443 show_ciphers = DISABLED
Mon Oct 27 17:54:14 2014 us=164449 show_digests = DISABLED
Mon Oct 27 17:54:14 2014 us=164455 show_engines = DISABLED
Mon Oct 27 17:54:14 2014 us=164461 genkey = DISABLED
Mon Oct 27 17:54:14 2014 us=164467 key_pass_file = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164473 show_tls_ciphers = DISABLED
Mon Oct 27 17:54:14 2014 us=164479 Connection profiles [default]:
Mon Oct 27 17:54:14 2014 us=164485 proto = udp
Mon Oct 27 17:54:14 2014 us=164491 local = '192.168.100.13'
Mon Oct 27 17:54:14 2014 us=164497 local_port = 1194
Mon Oct 27 17:54:14 2014 us=164503 remote = 'ro.privateinternetaccess.com'
Mon Oct 27 17:54:14 2014 us=164509 remote_port = 1194
Mon Oct 27 17:54:14 2014 us=164515 remote_float = DISABLED
Mon Oct 27 17:54:14 2014 us=164521 bind_defined = DISABLED
Mon Oct 27 17:54:14 2014 us=164527 bind_local = ENABLED
Mon Oct 27 17:54:14 2014 us=164533 connect_retry_seconds = 5
Mon Oct 27 17:54:14 2014 us=164539 connect_timeout = 10
Mon Oct 27 17:54:14 2014 us=164545 connect_retry_max = 0
Mon Oct 27 17:54:14 2014 us=164551 socks_proxy_server = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164557 socks_proxy_port = 0
Mon Oct 27 17:54:14 2014 us=164563 socks_proxy_retry = DISABLED
Mon Oct 27 17:54:14 2014 us=164568 tun_mtu = 1500
Mon Oct 27 17:54:14 2014 us=164574 tun_mtu_defined = ENABLED
Mon Oct 27 17:54:14 2014 us=164580 link_mtu = 1500
Mon Oct 27 17:54:14 2014 us=164586 link_mtu_defined = DISABLED
Mon Oct 27 17:54:14 2014 us=164592 tun_mtu_extra = 0
Mon Oct 27 17:54:14 2014 us=164598 tun_mtu_extra_defined = DISABLED
Mon Oct 27 17:54:14 2014 us=164603 mtu_discover_type = -1
Mon Oct 27 17:54:14 2014 us=164609 fragment = 0
Mon Oct 27 17:54:14 2014 us=164615 mssfix = 1450
Mon Oct 27 17:54:14 2014 us=164621 explicit_exit_notification = 0
Mon Oct 27 17:54:14 2014 us=164628 Connection profiles END
Mon Oct 27 17:54:14 2014 us=164634 remote_random = DISABLED
Mon Oct 27 17:54:14 2014 us=164640 ipchange = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164646 dev = 'tun'
Mon Oct 27 17:54:14 2014 us=164651 dev_type = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164657 dev_node = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164663 lladdr = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164669 topology = 1
Mon Oct 27 17:54:14 2014 us=164675 tun_ipv6 = DISABLED
Mon Oct 27 17:54:14 2014 us=164681 ifconfig_local = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164686 ifconfig_remote_netmask = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164692 ifconfig_noexec = DISABLED
Mon Oct 27 17:54:14 2014 us=164698 ifconfig_nowarn = DISABLED
Mon Oct 27 17:54:14 2014 us=164704 ifconfig_ipv6_local = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164710 ifconfig_ipv6_netbits = 0
Mon Oct 27 17:54:14 2014 us=164715 ifconfig_ipv6_remote = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164721 shaper = 0
Mon Oct 27 17:54:14 2014 us=164727 mtu_test = 0
Mon Oct 27 17:54:14 2014 us=164733 mlock = DISABLED
Mon Oct 27 17:54:14 2014 us=164739 keepalive_ping = 0
Mon Oct 27 17:54:14 2014 us=164745 keepalive_timeout = 0
Mon Oct 27 17:54:14 2014 us=164750 inactivity_timeout = 0
Mon Oct 27 17:54:14 2014 us=164756 ping_send_timeout = 0
Mon Oct 27 17:54:14 2014 us=164762 ping_rec_timeout = 0
Mon Oct 27 17:54:14 2014 us=164769 ping_rec_timeout_action = 0
Mon Oct 27 17:54:14 2014 us=164775 ping_timer_remote = DISABLED
Mon Oct 27 17:54:14 2014 us=164781 remap_sigusr1 = 0
Mon Oct 27 17:54:14 2014 us=164787 persist_tun = ENABLED
Mon Oct 27 17:54:14 2014 us=164793 persist_local_ip = DISABLED
Mon Oct 27 17:54:14 2014 us=164798 persist_remote_ip = DISABLED
Mon Oct 27 17:54:14 2014 us=164804 persist_key = ENABLED
Mon Oct 27 17:54:14 2014 us=164810 passtos = DISABLED
Mon Oct 27 17:54:14 2014 us=164816 resolve_retry_seconds = 1000000000
Mon Oct 27 17:54:14 2014 us=164825 username = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164831 groupname = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164837 chroot_dir = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164843 cd_dir = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164849 writepid = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164854 up_script = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164860 down_script = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164866 down_pre = DISABLED
Mon Oct 27 17:54:14 2014 us=164872 up_restart = DISABLED
Mon Oct 27 17:54:14 2014 us=164878 up_delay = DISABLED
Mon Oct 27 17:54:14 2014 us=164883 daemon = DISABLED
Mon Oct 27 17:54:14 2014 us=164889 inetd = 0
Mon Oct 27 17:54:14 2014 us=164895 log = ENABLED
Mon Oct 27 17:54:14 2014 us=164901 suppress_timestamps = DISABLED
Mon Oct 27 17:54:14 2014 us=164907 nice = 0
Mon Oct 27 17:54:14 2014 us=164913 verbosity = 4
Mon Oct 27 17:54:14 2014 us=164918 mute = 0
Mon Oct 27 17:54:14 2014 us=164924 gremlin = 0
Mon Oct 27 17:54:14 2014 us=164930 status_file = '/etc/openvpn/openvpn-status.log'
Mon Oct 27 17:54:14 2014 us=164936 status_file_version = 1
Mon Oct 27 17:54:14 2014 us=164942 status_file_update_freq = 60
Mon Oct 27 17:54:14 2014 us=164948 occ = ENABLED
Mon Oct 27 17:54:14 2014 us=164954 rcvbuf = 65536
Mon Oct 27 17:54:14 2014 us=164960 sndbuf = 65536
Mon Oct 27 17:54:14 2014 us=164965 mark = 0
Mon Oct 27 17:54:14 2014 us=164971 sockflags = 0
Mon Oct 27 17:54:14 2014 us=164977 fast_io = DISABLED
Mon Oct 27 17:54:14 2014 us=164983 lzo = 7
Mon Oct 27 17:54:14 2014 us=164988 route_script = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=164994 route_default_gateway = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165000 route_default_metric = 0
Mon Oct 27 17:54:14 2014 us=165006 route_noexec = DISABLED
Mon Oct 27 17:54:14 2014 us=165012 route_delay = 0
Mon Oct 27 17:54:14 2014 us=165018 route_delay_window = 30
Mon Oct 27 17:54:14 2014 us=165024 route_delay_defined = DISABLED
Mon Oct 27 17:54:14 2014 us=165030 route_nopull = DISABLED
Mon Oct 27 17:54:14 2014 us=165036 route_gateway_via_dhcp = DISABLED
Mon Oct 27 17:54:14 2014 us=165042 max_routes = 100
Mon Oct 27 17:54:14 2014 us=165048 allow_pull_fqdn = DISABLED
Mon Oct 27 17:54:14 2014 us=165054 management_addr = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165059 management_port = 0
Mon Oct 27 17:54:14 2014 us=165065 management_user_pass = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165071 management_log_history_cache = 250
Mon Oct 27 17:54:14 2014 us=165077 management_echo_buffer_size = 100
Mon Oct 27 17:54:14 2014 us=165083 management_write_peer_info_file = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165089 management_client_user = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165095 management_client_group = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165101 management_flags = 0
Mon Oct 27 17:54:14 2014 us=165107 shared_secret_file = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165113 key_direction = 0
Mon Oct 27 17:54:14 2014 us=165119 ciphername_defined = ENABLED
Mon Oct 27 17:54:14 2014 us=165125 ciphername = 'BF-CBC'
Mon Oct 27 17:54:14 2014 us=165131 authname_defined = ENABLED
Mon Oct 27 17:54:14 2014 us=165136 authname = 'SHA1'
Mon Oct 27 17:54:14 2014 us=165142 prng_hash = 'SHA1'
Mon Oct 27 17:54:14 2014 us=165148 prng_nonce_secret_len = 16
Mon Oct 27 17:54:14 2014 us=165154 keysize = 0
Mon Oct 27 17:54:14 2014 us=165160 engine = DISABLED
Mon Oct 27 17:54:14 2014 us=165166 replay = ENABLED
Mon Oct 27 17:54:14 2014 us=165172 mute_replay_warnings = DISABLED
Mon Oct 27 17:54:14 2014 us=165178 replay_window = 64
Mon Oct 27 17:54:14 2014 us=165184 replay_time = 15
Mon Oct 27 17:54:14 2014 us=165204 packet_id_file = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165211 use_iv = ENABLED
Mon Oct 27 17:54:14 2014 us=165217 test_crypto = DISABLED
Mon Oct 27 17:54:14 2014 us=165223 tls_server = DISABLED
Mon Oct 27 17:54:14 2014 us=165229 tls_client = ENABLED
Mon Oct 27 17:54:14 2014 us=165235 key_method = 2
Mon Oct 27 17:54:14 2014 us=165241 ca_file = '/etc/openvpn/ca.crt'
Mon Oct 27 17:54:14 2014 us=165253 ca_path = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165260 dh_file = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165266 cert_file = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165272 priv_key_file = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165278 pkcs12_file = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165284 cipher_list = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165290 tls_verify = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165296 tls_export_cert = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165302 verify_x509_type = 0
Mon Oct 27 17:54:14 2014 us=165308 verify_x509_name = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165313 crl_file = '/etc/openvpn/crl.pem'
Mon Oct 27 17:54:14 2014 us=165319 ns_cert_type = 0
Mon Oct 27 17:54:14 2014 us=165325 remote_cert_ku[i] = 160
Mon Oct 27 17:54:14 2014 us=165331 remote_cert_ku[i] = 136
Mon Oct 27 17:54:14 2014 us=165337 remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165343 remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165348 remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165354 remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165360 remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165366 remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165371 remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165377 remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165383 remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165389 remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165394 remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165400 remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165406 remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165412 remote_cert_ku[i] = 0
Mon Oct 27 17:54:14 2014 us=165418 remote_cert_eku = 'TLS Web Server Authentication'
Mon Oct 27 17:54:14 2014 us=165424 ssl_flags = 0
Mon Oct 27 17:54:14 2014 us=165430 tls_timeout = 2
Mon Oct 27 17:54:14 2014 us=165436 renegotiate_bytes = 0
Mon Oct 27 17:54:14 2014 us=165442 renegotiate_packets = 0
Mon Oct 27 17:54:14 2014 us=165447 renegotiate_seconds = 0
Mon Oct 27 17:54:14 2014 us=165453 handshake_window = 60
Mon Oct 27 17:54:14 2014 us=165459 transition_window = 3600
Mon Oct 27 17:54:14 2014 us=165465 single_session = DISABLED
Mon Oct 27 17:54:14 2014 us=165471 push_peer_info = DISABLED
Mon Oct 27 17:54:14 2014 us=165476 tls_exit = DISABLED
Mon Oct 27 17:54:14 2014 us=165482 tls_auth_file = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165488 pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165494 pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165500 pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165506 pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165512 pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165518 pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165524 pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165529 pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165535 pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165541 pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165547 pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165553 pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165559 pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165564 pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165570 pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165576 pkcs11_protected_authentication = DISABLED
Mon Oct 27 17:54:14 2014 us=165582 pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165588 pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165594 pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165600 pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165606 pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165617 pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165624 pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165630 pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165636 pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165642 pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165648 pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165654 pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165660 pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165666 pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165672 pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165678 pkcs11_private_mode = 00000000
Mon Oct 27 17:54:14 2014 us=165683 pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165689 pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165695 pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165701 pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165707 pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165712 pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165718 pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165724 pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165730 pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165736 pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165741 pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165747 pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165753 pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165759 pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165764 pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165770 pkcs11_cert_private = DISABLED
Mon Oct 27 17:54:14 2014 us=165776 pkcs11_pin_cache_period = -1
Mon Oct 27 17:54:14 2014 us=165782 pkcs11_id = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=165788 pkcs11_id_management = DISABLED
Mon Oct 27 17:54:14 2014 us=166003 server_network = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166025 server_netmask = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166034 server_network_ipv6 = ::
Mon Oct 27 17:54:14 2014 us=166040 server_netbits_ipv6 = 0
Mon Oct 27 17:54:14 2014 us=166047 server_bridge_ip = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166053 server_bridge_netmask = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166060 server_bridge_pool_start = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166067 server_bridge_pool_end = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166073 ifconfig_pool_defined = DISABLED
Mon Oct 27 17:54:14 2014 us=166079 ifconfig_pool_start = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166086 ifconfig_pool_end = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166092 ifconfig_pool_netmask = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166098 ifconfig_pool_persist_filename = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=166105 ifconfig_pool_persist_refresh_freq = 600
Mon Oct 27 17:54:14 2014 us=166111 ifconfig_ipv6_pool_defined = DISABLED
Mon Oct 27 17:54:14 2014 us=166117 ifconfig_ipv6_pool_base = ::
Mon Oct 27 17:54:14 2014 us=166123 ifconfig_ipv6_pool_netbits = 0
Mon Oct 27 17:54:14 2014 us=166129 n_bcast_buf = 256
Mon Oct 27 17:54:14 2014 us=166135 tcp_queue_limit = 64
Mon Oct 27 17:54:14 2014 us=166141 real_hash_size = 256
Mon Oct 27 17:54:14 2014 us=166147 virtual_hash_size = 256
Mon Oct 27 17:54:14 2014 us=166153 client_connect_script = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=166159 learn_address_script = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=166165 client_disconnect_script = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=166172 client_config_dir = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=166178 ccd_exclusive = DISABLED
Mon Oct 27 17:54:14 2014 us=166184 tmp_dir = '/tmp'
Mon Oct 27 17:54:14 2014 us=166203 push_ifconfig_defined = DISABLED
Mon Oct 27 17:54:14 2014 us=166210 push_ifconfig_local = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166217 push_ifconfig_remote_netmask = 0.0.0.0
Mon Oct 27 17:54:14 2014 us=166223 push_ifconfig_ipv6_defined = DISABLED
Mon Oct 27 17:54:14 2014 us=166240 push_ifconfig_ipv6_local = ::/0
Mon Oct 27 17:54:14 2014 us=166248 push_ifconfig_ipv6_remote = ::
Mon Oct 27 17:54:14 2014 us=166254 enable_c2c = DISABLED
Mon Oct 27 17:54:14 2014 us=166260 duplicate_cn = DISABLED
Mon Oct 27 17:54:14 2014 us=166266 cf_max = 0
Mon Oct 27 17:54:14 2014 us=166272 cf_per = 0
Mon Oct 27 17:54:14 2014 us=166278 max_clients = 1024
Mon Oct 27 17:54:14 2014 us=166284 max_routes_per_client = 256
Mon Oct 27 17:54:14 2014 us=166290 auth_user_pass_verify_script = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=166296 auth_user_pass_verify_script_via_file = DISABLED
Mon Oct 27 17:54:14 2014 us=166302 port_share_host = '[UNDEF]'
Mon Oct 27 17:54:14 2014 us=166308 port_share_port = 0
Mon Oct 27 17:54:14 2014 us=166314 client = ENABLED
Mon Oct 27 17:54:14 2014 us=166320 pull = ENABLED
Mon Oct 27 17:54:14 2014 us=166326 auth_user_pass_file = '/etc/openvpn/login.pia'
Mon Oct 27 17:54:14 2014 us=166334 OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 2013
Mon Oct 27 17:54:14 2014 us=199516 LZO compression initialized
Mon Oct 27 17:54:14 2014 us=199583 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Oct 27 17:54:14 2014 us=199625 Socket Buffers: R=[124928->131072] S=[124928->131072]
Mon Oct 27 17:54:14 2014 us=202292 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Oct 27 17:54:14 2014 us=202322 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Oct 27 17:54:14 2014 us=202330 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Oct 27 17:54:14 2014 us=202348 Local Options hash (VER=V4): '41690919'
Mon Oct 27 17:54:14 2014 us=202359 Expected Remote Options hash (VER=V4): '530fdded'
Mon Oct 27 17:54:14 2014 us=202372 UDPv4 link local (bound): [AF_INET]192.168.100.13:1194
Mon Oct 27 17:54:14 2014 us=202379 UDPv4 link remote: [AF_INET]93.115.83.244:1194
Mon Oct 27 17:54:14 2014 us=239323 TLS: Initial packet from [AF_INET]93.115.83.244:1194, sid=bb2e3c12 9e137b77
Mon Oct 27 17:54:14 2014 us=239417 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Oct 27 17:54:14 2014 us=472807 CRL CHECK OK: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected]
Mon Oct 27 17:54:14 2014 us=472851 VERIFY OK: depth=1, C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected]
Mon Oct 27 17:54:14 2014 us=472999 Validating certificate key usage
Mon Oct 27 17:54:14 2014 us=473009 ++ Certificate has key usage 00a0, expects 00a0
Mon Oct 27 17:54:14 2014 us=473016 VERIFY KU OK
Mon Oct 27 17:54:14 2014 us=473025 Validating certificate extended key usage
Mon Oct 27 17:54:14 2014 us=473033 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Oct 27 17:54:14 2014 us=473040 VERIFY EKU OK
Mon Oct 27 17:54:14 2014 us=473087 CRL CHECK OK: C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, [email protected]
Mon Oct 27 17:54:14 2014 us=473106 VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, [email protected]
Mon Oct 27 17:54:14 2014 us=639441 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 27 17:54:14 2014 us=639472 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 27 17:54:14 2014 us=639518 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Oct 27 17:54:14 2014 us=639526 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 27 17:54:14 2014 us=639577 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Oct 27 17:54:14 2014 us=639597 [Private Internet Access] Peer Connection Initiated with [AF_INET]93.115.83.244:1194
Mon Oct 27 17:54:16 2014 us=697840 SENT CONTROL [Private Internet Access]: 'PUSH_REQUEST' (status=1)
Mon Oct 27 17:54:16 2014 us=734290 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,route 10.126.1.1,topology net30,ifconfig 10.126.1.6 10.126.1.5'
Mon Oct 27 17:54:16 2014 us=734376 OPTIONS IMPORT: timers and/or timeouts modified
Mon Oct 27 17:54:16 2014 us=734386 OPTIONS IMPORT: --ifconfig/up options modified
Mon Oct 27 17:54:16 2014 us=734393 OPTIONS IMPORT: route options modified
Mon Oct 27 17:54:16 2014 us=734398 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Oct 27 17:54:16 2014 us=734549 ROUTE_GATEWAY 192.168.100.10/255.255.255.0 IFACE=eth1 HWADDR=00:0c:29:6f:fa:48
Mon Oct 27 17:54:16 2014 us=746608 TUN/TAP device tun0 opened
Mon Oct 27 17:54:16 2014 us=746628 TUN/TAP TX queue length set to 100
Mon Oct 27 17:54:16 2014 us=746641 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Oct 27 17:54:16 2014 us=746659 /sbin/ip link set dev tun0 up mtu 1500
Mon Oct 27 17:54:16 2014 us=748139 /sbin/ip addr add dev tun0 local 10.126.1.6 peer 10.126.1.5
Mon Oct 27 17:54:16 2014 us=748976 /sbin/ip route add 93.115.83.244/32 via 192.168.100.10
Mon Oct 27 17:54:16 2014 us=749737 /sbin/ip route add 0.0.0.0/1 via 10.126.1.5
Mon Oct 27 17:54:16 2014 us=750310 /sbin/ip route add 128.0.0.0/1 via 10.126.1.5
Mon Oct 27 17:54:16 2014 us=750803 /sbin/ip route add 10.126.1.1/32 via 10.126.1.5
Mon Oct 27 17:54:16 2014 us=751309 Initialization Sequence Completed
Mon Oct 27 17:56:45 2014 us=819279 event_wait : Interrupted system call (code=4)
Mon Oct 27 17:56:45 2014 us=819485 TCP/UDP: Closing socket
Mon Oct 27 17:56:45 2014 us=819530 /sbin/ip route del 10.126.1.1/32
Mon Oct 27 17:56:45 2014 us=820269 /sbin/ip route del 93.115.83.244/32
Mon Oct 27 17:56:45 2014 us=820850 /sbin/ip route del 0.0.0.0/1
Mon Oct 27 17:56:45 2014 us=821401 /sbin/ip route del 128.0.0.0/1
Mon Oct 27 17:56:45 2014 us=821927 Closing TUN/TAP interface
Mon Oct 27 17:56:45 2014 us=821953 /sbin/ip addr del dev tun0 local 10.126.1.6 peer 10.126.1.5
Mon Oct 27 17:56:45 2014 us=834264 SIGINT[hard,] received, process exiting