DD-WRT - OpevNPN - log?

mcquigarmcquigar
in Other Devices VPN Setup
Hi all,

I have PIA set up and (seemingly) working on my Netgear R6250 running DD-WRT, however I have a lot of continuous entries in the OpenVpn log which I don't really understand, and was hoping someone could explain it to me.

I want as strong an encryption as possible, plus I only have a 20mb/sec 4G connection, so even if speed suffers slightly the connection itself will probably be the limiting factor. 

So my settings are:

Port: 1197
Encryption: AES-256 CBC
Hash Algorithm: SHA256
Tunnel MTU: 1500

Additional config:
comp-lzo yes
auth-user-pass /tmp/password.txt  (PIA username and password are contained in the password.txt file)
persist-key
persist-tun
tls-client
remote-cert-tls server

The clientlog is showing the following, just from the last hour:

20170524 08:12:55 W WARNING: file '/tmp/password.txt' is group or others accessible
20170524 08:12:55 I OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 21 2017
20170524 08:12:55 I library versions: OpenSSL 1.0.2k 26 Jan 2017 LZO 2.09
20170524 08:12:55 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20170524 08:12:55 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20170524 08:12:55 I TCP/UDP: Preserving recently used remote address: [AF_INET]104.238.169.58:1197
20170524 08:12:55 Socket Buffers: R=[180224->180224] S=[180224->180224]
20170524 08:12:55 I UDPv4 link local: (not bound)
20170524 08:12:55 I UDPv4 link remote: [AF_INET]104.238.169.58:1197
20170524 08:12:55 TLS: Initial packet from [AF_INET]104.238.169.58:1197 sid=93cc8088 328873ad
20170524 08:12:55 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20170524 08:12:55 VERIFY OK: depth=1 C=US ST=CA L=LosAngeles O=Private Internet Access OU=Private Internet Access CN=Private Internet Access name=Private Internet Access [email protected]
20170524 08:12:55 Validating certificate key usage
20170524 08:12:55 ++ Certificate has key usage 00a0 expects 00a0
20170524 08:12:55 NOTE: --mute triggered...
20170524 08:12:57 5 variation(s) on previous 3 message(s) suppressed by --mute
20170524 08:12:57 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1570' remote='link-mtu 1542'
20170524 08:12:57 W WARNING: 'cipher' is used inconsistently local='cipher AES-256-CBC' remote='cipher BF-CBC'
20170524 08:12:57 W WARNING: 'auth' is used inconsistently local='auth SHA256' remote='auth SHA1'
20170524 08:12:57 W WARNING: 'keysize' is used inconsistently local='keysize 256' remote='keysize 128'
20170524 08:12:57 Control Channel: TLSv1.2 cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384 4096 bit RSA
20170524 08:12:57 I [5bc088f4659c42693c6d0f2e325306e9] Peer Connection Initiated with [AF_INET]104.238.169.58:1197
20170524 08:12:59 SENT CONTROL [5bc088f4659c42693c6d0f2e325306e9]: 'PUSH_REQUEST' (status=1)
20170524 08:13:04 SENT CONTROL [5bc088f4659c42693c6d0f2e325306e9]: 'PUSH_REQUEST' (status=1)
20170524 08:13:04 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 209.222.18.222 dhcp-option DNS 209.222.18.218 ping 10 comp-lzo no route 10.67.10.1 topology net30 ifconfig 10.67.10.6 10.67.10.5 peer-id 0 auth-token'
20170524 08:13:04 NOTE: --mute triggered...
20170524 08:13:04 7 variation(s) on previous 3 message(s) suppressed by --mute
20170524 08:13:04 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
20170524 08:13:04 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
20170524 08:13:04 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
20170524 08:13:04 NOTE: --mute triggered...
20170524 08:13:04 1 variation(s) on previous 3 message(s) suppressed by --mute
20170524 08:13:04 I TUN/TAP device tun1 opened
20170524 08:13:04 TUN/TAP TX queue length set to 100
20170524 08:13:04 D do_ifconfig tt->did_ifconfig_ipv6_setup=0
20170524 08:13:04 I /sbin/ifconfig tun1 10.67.10.6 pointopoint 10.67.10.5 mtu 1500
20170524 08:13:04 /sbin/route add -net 104.238.169.58 netmask 255.255.255.255 gw 99.99.99.1
20170524 08:13:04 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.67.10.5
20170524 08:13:04 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.67.10.5
20170524 08:13:04 /sbin/route add -net 10.67.10.1 netmask 255.255.255.255 gw 10.67.10.5
20170524 08:13:04 I Initialization Sequence Completed
20170524 08:40:21 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170524 08:40:21 D MANAGEMENT: CMD 'state'
20170524 08:40:21 MANAGEMENT: Client disconnected
20170524 08:40:21 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170524 08:40:22 D MANAGEMENT: CMD 'state'
20170524 08:40:22 MANAGEMENT: Client disconnected
20170524 08:40:22 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170524 08:40:22 D MANAGEMENT: CMD 'state'
20170524 08:40:22 MANAGEMENT: Client disconnected
20170524 08:40:22 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170524 08:40:22 D MANAGEMENT: CMD 'status 2'
20170524 08:40:22 MANAGEMENT: Client disconnected
20170524 08:40:22 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170524 08:40:22 D MANAGEMENT: CMD 'log 500'
20170524 08:40:22 MANAGEMENT: Client disconnected
20170524 09:06:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170524 09:06:36 D MANAGEMENT: CMD 'state'
20170524 09:06:36 MANAGEMENT: Client disconnected
20170524 09:06:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170524 09:06:36 D MANAGEMENT: CMD 'state'
20170524 09:06:36 MANAGEMENT: Client disconnected
20170524 09:06:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170524 09:06:36 D MANAGEMENT: CMD 'state'
20170524 09:06:36 MANAGEMENT: Client disconnected
20170524 09:06:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170524 09:06:36 D MANAGEMENT: CMD 'status 2'
20170524 09:06:36 MANAGEMENT: Client disconnected
20170524 09:06:36 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170524 09:06:36 D MANAGEMENT: CMD 'log 500'
20170524 09:06:36 MANAGEMENT: Client disconnected
20170524 09:12:57 TLS: soft reset sec=0 bytes=886553620/-1 pkts=970431/0
20170524 09:12:57 VERIFY OK: depth=1 C=US ST=CA L=LosAngeles O=Private Internet Access OU=Private Internet Access CN=Private Internet Access name=Private Internet Access [email protected]
20170524 09:12:57 Validating certificate key usage
20170524 09:12:57 NOTE: --mute triggered...
20170524 09:12:59 6 variation(s) on previous 3 message(s) suppressed by --mute
20170524 09:12:59 W WARNING: 'link-mtu' is used inconsistently local='link-mtu 1570' remote='link-mtu 1542'
20170524 09:12:59 W WARNING: 'cipher' is used inconsistently local='cipher AES-256-CBC' remote='cipher BF-CBC'
20170524 09:12:59 W WARNING: 'auth' is used inconsistently local='auth SHA256' remote='auth SHA1'
20170524 09:12:59 W WARNING: 'keysize' is used inconsistently local='keysize 256' remote='keysize 128'
20170524 09:12:59 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
20170524 09:12:59 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
20170524 09:12:59 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
20170524 09:12:59 NOTE: --mute triggered...
20170524 09:13:03 2 variation(s) on previous 3 message(s) suppressed by --mute
20170524 09:13:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170524 09:13:03 D MANAGEMENT: CMD 'state'
20170524 09:13:03 MANAGEMENT: Client disconnected
20170524 09:13:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170524 09:13:03 D MANAGEMENT: CMD 'state'
20170524 09:13:03 MANAGEMENT: Client disconnected
20170524 09:13:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170524 09:13:03 D MANAGEMENT: CMD 'state'
20170524 09:13:03 MANAGEMENT: Client disconnected
20170524 09:13:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170524 09:13:03 D MANAGEMENT: CMD 'status 2'
20170524 09:13:03 MANAGEMENT: Client disconnected
20170524 09:13:03 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170524 09:13:03 D MANAGEMENT: CMD 'log 500'
19700101 00:00:00



From my limited understanding, there seems to be a lot of disconnects happening, plus there seems to be some disagreement between the client and the server about encryption and hash algorithms.  But I could be 100% wrong!

Any assistance appreciated!

Thanks,

Gareth

Comments

  • PiaVipperPiaVipper
    If your VPN is working, I think you can safely ignore the log errors, albeit annoying not to understand why they occur.
Sign In or Register to comment.