Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Public IP address needed in override hostname?

Hello Sophos community,

I bought a Sophos XG 106 for home use and to learn more about internet security. 

But now, I have a question about the VPN access from : https://community.sophos.com/kb/en-us/122769

I followed all steps but I was wondering what I have to type in the "override hostname" field?

Do i need to add here my public IP from my internet isp?

Cause when i try to connect with the vpn client I see this in the logs : 

Wed Dec 18 12:07:12 2019 Attempting to establish TCP connection with [AF_INET]84.197.138.2:8443 [nonblock]
Wed Dec 18 12:07:12 2019 MANAGEMENT: >STATE:1576667232,TCP_CONNECT,,,,,,
Wed Dec 18 12:07:22 2019 TCP: connect to [AF_INET]84.197.138.2:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
Wed Dec 18 12:07:27 2019 MANAGEMENT: >STATE:1576667247,TCP_CONNECT,,,,,,
Wed Dec 18 12:07:37 2019 TCP: connect to [AF_INET]84.197.138.2:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
Wed Dec 18 12:07:42 2019 MANAGEMENT: >STATE:1576667262,TCP_CONNECT,,,,,,
Wed Dec 18 12:07:52 2019 TCP: connect to [AF_INET]84.197.138.2:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
Wed Dec 18 12:07:57 2019 MANAGEMENT: >STATE:1576667277,TCP_CONNECT,,,,,,

So I can't seem to connect to my firewall through vpn, but i have no clue what's wrong with my current config.

Thanks a lot

regards

Frederiek



This thread was automatically locked due to age.
Parents
  • Hi  

    Yes you need to put the public IP of ISP in the override hostname. The NAT device ( ISP router or modem) has to be configured to forward the SSL VPN connection to the XG Firewall.

    Override Hostname : This sets the SSL VPN client configuration file to use this public IP when establishing the connection.

    Please re download the config file after setting up public IP of ISP and check the SSL VPN status, this will fix the issue.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

  • Hello,

    Thanks for your reply.

    I changed the hostname override to my public ip 

    I re-downloaded the config file and when i try to connect, I still get this error : 

     

    Wed Dec 18 13:20:55 2019 Attempting to establish TCP connection with [AF_INET]84.197.138.2:8443 [nonblock]
    Wed Dec 18 13:20:55 2019 MANAGEMENT: >STATE:1576671655,TCP_CONNECT,,,,,,
    Wed Dec 18 13:21:05 2019 TCP: connect to [AF_INET]84.197.138.2:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
    Wed Dec 18 13:21:10 2019 MANAGEMENT: >STATE:1576671670,TCP_CONNECT,,,,,,

  • This already done

    84.197.138.2:8443 port is open

    still not working.... 

  • I did all what you asked and still it's not working, i got this error : 

     

    Sun Dec 22 13:24:27 2019 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
    Sun Dec 22 13:24:27 2019 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
    Enter Management Password:
    Sun Dec 22 13:24:27 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
    Sun Dec 22 13:24:27 2019 Need hold release from management interface, waiting...
    Sun Dec 22 13:24:27 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
    Sun Dec 22 13:24:27 2019 MANAGEMENT: CMD 'state on'
    Sun Dec 22 13:24:27 2019 MANAGEMENT: CMD 'log all on'
    Sun Dec 22 13:24:27 2019 MANAGEMENT: CMD 'hold off'
    Sun Dec 22 13:24:27 2019 MANAGEMENT: CMD 'hold release'
    Sun Dec 22 13:24:43 2019 MANAGEMENT: CMD 'username "Auth" "frederiekpascal"'
    Sun Dec 22 13:24:43 2019 MANAGEMENT: CMD 'password [...]'
    Sun Dec 22 13:24:43 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Sun Dec 22 13:24:43 2019 MANAGEMENT: >STATE:1577017483,RESOLVE,,,,,,
    Sun Dec 22 13:24:43 2019 Attempting to establish TCP connection with [AF_INET]84.197.138.2:8443 [nonblock]
    Sun Dec 22 13:24:43 2019 MANAGEMENT: >STATE:1577017483,TCP_CONNECT,,,,,,
    Sun Dec 22 13:24:53 2019 TCP: connect to [AF_INET]84.197.138.2:8443 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
    Sun Dec 22 13:24:58 2019 MANAGEMENT: >STATE:1577017498,RESOLVE,,,,,,
    Sun Dec 22 13:24:58 2019 MANAGEMENT: >STATE:1577017498,TCP_CONNECT,,,,,,

     

    I do have a question about something which is not clear for me.

     

    In the KB they mention this : 

     

    Defining local subnet and remote SSL VPN range

    Go to Hosts and Services > IP Host and define the local subnet behind Sophos Firewall.

     

    My question, the subnet you have to define, is that the current subnet you are using on your network? 

    I mean my ip is 192.168.0.66 at this moment, so the subnet is have to add in this section is 192.168.0.0? 

  • If you search on this forum, you will see 5 posts with the same problem as you, " failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive. ".

    Most of them fixed by changing the SSL VPN port to something else.

    Frederiek Pascal said:
    Sun Dec 22 13:24:53 2019 TCP: connect to [AF_INET]84.197.138.2:8443

    On your connection still 8443, change it to something else.

    From the posts here in the forum, 4 of them fixed this by changing the SSL VPN port.

    You will also found some people with the same error on the OpenVPN forums, most of them had this error because there has another service running on the same port, I don't know why this would happen on XG.

     

    Frederiek Pascal said:
    My question, the subnet you have to define, is that the current subnet you are using on your network? 

     

    Yes, It's correct, you need to define the subnet your current using on your LAN, and another one for SSLVPN.


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

    Sophos ZTNA (KVM) @ Home

  • hi there,

    thnx for your answer

    I tried another port once cause you recommended that indeed, but it wasn't working either...

    So I switched it back to 8443 afterwards.

    I did it again now, here's the log :

    Sun Dec 22 14:06:36 2019 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jul 3 2017
    Sun Dec 22 14:06:36 2019 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.09
    Enter Management Password:
    Sun Dec 22 14:06:36 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
    Sun Dec 22 14:06:36 2019 Need hold release from management interface, waiting...
    Sun Dec 22 14:06:36 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
    Sun Dec 22 14:06:36 2019 MANAGEMENT: CMD 'state on'
    Sun Dec 22 14:06:36 2019 MANAGEMENT: CMD 'log all on'
    Sun Dec 22 14:06:36 2019 MANAGEMENT: CMD 'hold off'
    Sun Dec 22 14:06:36 2019 MANAGEMENT: CMD 'hold release'
    Sun Dec 22 14:06:54 2019 MANAGEMENT: CMD 'username "Auth" "frederiekpascal"'
    Sun Dec 22 14:06:54 2019 MANAGEMENT: CMD 'password [...]'
    Sun Dec 22 14:06:54 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
    Sun Dec 22 14:06:54 2019 MANAGEMENT: >STATE:1577020014,RESOLVE,,,,,,
    Sun Dec 22 14:06:54 2019 Attempting to establish TCP connection with [AF_INET]84.197.138.2:8449 [nonblock]
    Sun Dec 22 14:06:54 2019 MANAGEMENT: >STATE:1577020014,TCP_CONNECT,,,,,,
    Sun Dec 22 14:07:04 2019 TCP: connect to [AF_INET]84.197.138.2:8449 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
    Sun Dec 22 14:07:09 2019 MANAGEMENT: >STATE:1577020029,RESOLVE,,,,,,
    Sun Dec 22 14:07:09 2019 MANAGEMENT: >STATE:1577020029,TCP_CONNECT,,,,,,
    Sun Dec 22 14:07:19 2019 TCP: connect to [AF_INET]84.197.138.2:8449 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
    Sun Dec 22 14:07:24 2019 MANAGEMENT: >STATE:1577020044,RESOLVE,,,,,,
    Sun Dec 22 14:07:24 2019 MANAGEMENT: >STATE:1577020044,TCP_CONNECT,,,,,,

  • Well, that's strange, I can't reproduce this error on my XG. This error doesn't looks likes It's XG fault, It can be the client your using that's causing this.

    Well,

    One question, what client your using for the connection ? Your using the bundled client + config from the user portal, or you downloaded another client and just added the config?

    By the built date on the logs, looks like the client from the user portal.

    If It is, have you tried another client ?


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

    Sophos ZTNA (KVM) @ Home

  • Hi there,

    I did the trial and error on a windows 10 laptop with the config & client from the user portal indeed.

    I'll try Tunnelblick on my Macbook and report to you :-) 

    thnx!

  • This is the log from my Macbook with Tunnelblick 

     

    *Tunnelblick: macOS 10.15.2 (19C57); Tunnelblick 3.8.1 (build 5400); Admin user
    git commit 202d7d855181acbb15662bb08484f6229a113517


    Configuration frederiekpascal__ssl_vpn_config (1)

    "Sanitized" condensed configuration file for /Users/frederiek/Library/Application Support/Tunnelblick/Configurations/frederiekpascal__ssl_vpn_config (1).tblk:

    client
    dev tun
    proto tcp
    verify-x509-name "C=BE, ST=NA, L=Bonheiden, O=Manon, OU=OU, CN=SophosApplianceCertificate_C1C0B92HV4X99C7, emailAddress=frederiekpascal@gmail.com"
    route remote_host 255.255.255.255 net_gateway
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    <ca>
    [Security-related line(s) omitted]
    </ca>
    <cert>
    [Security-related line(s) omitted]
    </cert>
    <key>
    [Security-related line(s) omitted]
    </key>
    auth-user-pass
    cipher AES-128-CBC
    auth SHA256
    comp-lzo no
    route-delay 4
    verb 3
    reneg-sec 0
    remote frederiekpascal.myfirewall.co 8443


    ================================================================================

    Files in frederiekpascal__ssl_vpn_config (1).tblk:
    Contents/Resources/config.ovpn

    ================================================================================

    Configuration preferences:

    -keychainHasUsernameAndPassword = 1
    -notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0
    -alwaysShowLoginWindow = 0
    -lastConnectionSucceeded = 0

    ================================================================================

    Wildcard preferences:

    -notOKToCheckThatIPAddressDidNotChangeAfterConnection = 0

    ================================================================================

    Program preferences:

    launchAtNextLogin = 1
    tunnelblickVersionHistory = (
    "3.8.1 (build 5400)"
    )
    lastLaunchTime = 598725117.896216
    lastLanguageAtLaunchWasRTL = 0
    connectionWindowDisplayCriteria = showWhenConnecting
    maxLogDisplaySize = 102400
    keyboardShortcutIndex = 1
    updateCheckAutomatically = 1
    NSWindow Frame ConnectingWindow = 444 416 500 322 0 0 1440 877
    detailsWindowViewIndex = 0
    leftNavSelectedDisplayName = frederiekpascal__ssl_vpn_config (1)
    haveDealtWithOldTunTapPreferences = 1
    haveDealtWithOldLoginItem = 1
    haveDealtWithAfterDisconnect = 1
    SUEnableAutomaticChecks = 1
    SUScheduledCheckInterval = 86400
    SULastCheckTime = 2019-12-22 16:31:58 +0000
    SUHasLaunchedBefore = 1
    WebKitDefaultFontSize = 16
    WebKitStandardFont = Times

    ================================================================================

    Tunnelblick Log:

    2019-12-22 17:32:40.974748 *Tunnelblick: macOS 10.15.2 (19C57); Tunnelblick 3.8.1 (build 5400)
    2019-12-22 17:32:41.472703 *Tunnelblick: Attempting connection with frederiekpascal__ssl_vpn_config (1) using shadow copy; Set nameserver = 769; monitoring connection
    2019-12-22 17:32:41.472932 *Tunnelblick: openvpnstart start frederiekpascal__ssl_vpn_config\ (1).tblk 50826 769 0 1 0 1098032 -ptADGNWradsgnw 2.4.7-openssl-1.0.2t
    2019-12-22 17:32:41.491867 *Tunnelblick: openvpnstart starting OpenVPN
    2019-12-22 17:32:41.666976 OpenVPN 2.4.7 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Sep 11 2019
    2019-12-22 17:32:41.667033 library versions: OpenSSL 1.0.2t 10 Sep 2019, LZO 2.10
    2019-12-22 17:32:41.667941 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:50826
    2019-12-22 17:32:41.667978 Need hold release from management interface, waiting...
    2019-12-22 17:32:42.095345 *Tunnelblick: openvpnstart log:
    OpenVPN started successfully.
    Command used to start OpenVPN (one argument per displayed line):
    /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.4.7-openssl-1.0.2t/openvpn
    --daemon
    --log /Library/Application Support/Tunnelblick/Logs/-SUsers-Sfrederiek-SLibrary-SApplication Support-STunnelblick-SConfigurations-Sfrederiekpascal__ssl_vpn_config (1).tblk-SContents-SResources-Sconfig.ovpn.769_0_1_0_1098032.50826.openvpn.log
    --cd /Library/Application Support/Tunnelblick/Users/frederiek/frederiekpascal__ssl_vpn_config (1).tblk/Contents/Resources
    --machine-readable-output
    --setenv IV_GUI_VER "net.tunnelblick.tunnelblick 5400 3.8.1 (build 5400)"
    --verb 3
    --config /Library/Application Support/Tunnelblick/Users/frederiek/frederiekpascal__ssl_vpn_config (1).tblk/Contents/Resources/config.ovpn
    --setenv TUNNELBLICK_CONFIG_FOLDER /Library/Application Support/Tunnelblick/Users/frederiek/frederiekpascal__ssl_vpn_config (1).tblk/Contents/Resources
    --verb 3
    --cd /Library/Application Support/Tunnelblick/Users/frederiek/frederiekpascal__ssl_vpn_config (1).tblk/Contents/Resources
    --management 127.0.0.1 50826 /Library/Application Support/Tunnelblick/jllpbogglpefipnfofldnbnlkpohigglnjhhloal.mip
    --management-query-passwords
    --management-hold
    --script-security 2
    --route-up /Applications/Tunnelblick.app/Contents/Resources/client.up.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
    --down /Applications/Tunnelblick.app/Contents/Resources/client.down.tunnelblick.sh -9 -d -f -m -w -ptADGNWradsgnw
    2019-12-22 17:32:42.098954 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:50826
    2019-12-22 17:32:42.117863 MANAGEMENT: CMD 'pid'
    2019-12-22 17:32:42.117913 MANAGEMENT: CMD 'auth-retry interact'
    2019-12-22 17:32:42.117936 MANAGEMENT: CMD 'state on'
    2019-12-22 17:32:42.117969 MANAGEMENT: CMD 'state'
    2019-12-22 17:32:42.118076 MANAGEMENT: CMD 'bytecount 1'
    2019-12-22 17:32:42.118772 *Tunnelblick: Established communication with OpenVPN
    2019-12-22 17:32:42.120950 *Tunnelblick: >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
    2019-12-22 17:32:42.121718 MANAGEMENT: CMD 'hold release'
    2019-12-22 17:32:58.369107 MANAGEMENT: CMD 'username "Auth" "frederiekpascal"'
    2019-12-22 17:32:58.369155 MANAGEMENT: CMD 'password [...]'
    2019-12-22 17:32:58.369458 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    2019-12-22 17:32:58.371782 MANAGEMENT: >STATE:1577032378,RESOLVE,,,,,,
    2019-12-22 17:32:58.440987 TCP/UDP: Preserving recently used remote address: [AF_INET]84.197.138.2:8443
    2019-12-22 17:32:58.441083 Socket Buffers: R=[131072->131072] S=[131072->131072]
    2019-12-22 17:32:58.441106 Attempting to establish TCP connection with [AF_INET]84.197.138.2:8443 [nonblock]
    2019-12-22 17:32:58.441161 MANAGEMENT: >STATE:1577032378,TCP_CONNECT,,,,,,

    ================================================================================

    Down log:

    (Not found)
    ================================================================================

    Previous down log:

    (Not found)
    ================================================================================

    Network services:

    An asterisk (*) denotes that a network service is disabled.
    USB Controls
    USB Controls 2
    USB 10/100/1000 LAN
    Display Ethernet
    Belkin USB-C LAN
    USB 10/100/1000 LAN 2
    iPad USB
    Display FireWire
    Wi-Fi
    iPhone USB
    Bluetooth PAN
    Thunderbolt Bridge

    Wi-Fi Power (en0): On

    ================================================================================

    ifconfig output:

    lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
    options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
    inet 127.0.0.1 netmask 0xff000000
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
    nd6 options=201<PERFORMNUD,DAD>
    gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
    stf0: flags=0<> mtu 1280
    en5: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether ac:de:48:00:11:22
    inet6 fe80::aede:48ff:fe00:1122%en5 prefixlen 64 scopeid 0x4
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect (100baseTX <full-duplex>)
    status: active
    ap1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
    options=400<CHANNEL_IO>
    ether f2:18:98:38:1e:33
    media: autoselect
    status: inactive
    en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=400<CHANNEL_IO>
    ether f0:18:98:38:1e:33
    inet6 fe80::cea:10d7:4907:824%en0 prefixlen 64 secured scopeid 0x6
    inet 192.168.0.133 netmask 0xffffff00 broadcast 192.168.0.255
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect
    status: active
    en4: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=460<TSO4,TSO6,CHANNEL_IO>
    ether 82:9f:a3:48:a8:04
    media: autoselect <full-duplex>
    status: inactive
    en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=460<TSO4,TSO6,CHANNEL_IO>
    ether 82:9f:a3:48:a8:01
    media: autoselect <full-duplex>
    status: inactive
    en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=460<TSO4,TSO6,CHANNEL_IO>
    ether 82:9f:a3:48:a8:00
    media: autoselect <full-duplex>
    status: inactive
    en3: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=460<TSO4,TSO6,CHANNEL_IO>
    ether 82:9f:a3:48:a8:05
    media: autoselect <full-duplex>
    status: inactive
    bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=63<RXCSUM,TXCSUM,TSO4,TSO6>
    ether 82:9f:a3:48:a8:01
    Configuration:
    id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
    maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
    root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
    ipfilter disabled flags 0x2
    member: en1 flags=3<LEARNING,DISCOVER>
    ifmaxaddr 0 port 9 priority 0 path cost 0
    member: en2 flags=3<LEARNING,DISCOVER>
    ifmaxaddr 0 port 10 priority 0 path cost 0
    member: en3 flags=3<LEARNING,DISCOVER>
    ifmaxaddr 0 port 11 priority 0 path cost 0
    member: en4 flags=3<LEARNING,DISCOVER>
    ifmaxaddr 0 port 8 priority 0 path cost 0
    nd6 options=201<PERFORMNUD,DAD>
    media: <unknown type>
    status: inactive
    p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
    options=400<CHANNEL_IO>
    ether 02:18:98:38:1e:33
    media: autoselect
    status: inactive
    awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
    options=400<CHANNEL_IO>
    ether fe:c6:ed:49:e4:cc
    inet6 fe80::fcc6:edff:fe49:e4cc%awdl0 prefixlen 64 scopeid 0xe
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect
    status: active
    llw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=400<CHANNEL_IO>
    ether fe:c6:ed:49:e4:cc
    inet6 fe80::fcc6:edff:fe49:e4cc%llw0 prefixlen 64 scopeid 0xf
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect
    status: active
    utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
    inet6 fe80::e4c0:5a96:9902:fe10%utun0 prefixlen 64 scopeid 0x10
    nd6 options=201<PERFORMNUD,DAD>
    utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
    inet6 fe80::883a:250:7b2f:6fbe%utun1 prefixlen 64 scopeid 0x11
    nd6 options=201<PERFORMNUD,DAD>
    utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
    inet6 fe80::bd4f:5d8:4d38:d9f7%utun2 prefixlen 64 scopeid 0x12
    nd6 options=201<PERFORMNUD,DAD>
    utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
    inet6 fe80::e149:2eba:1d6a:5aa5%utun3 prefixlen 64 scopeid 0x13
    nd6 options=201<PERFORMNUD,DAD>
    utun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
    inet6 fe80::32b4:8314:a526:e098%utun4 prefixlen 64 scopeid 0x14
    nd6 options=201<PERFORMNUD,DAD>
    utun5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
    inet6 fe80::a9c0:abe0:16f4:ab7%utun5 prefixlen 64 scopeid 0x15
    nd6 options=201<PERFORMNUD,DAD>
    utun6: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
    inet6 fe80::913:bb37:f66b:5451%utun6 prefixlen 64 scopeid 0x16
    nd6 options=201<PERFORMNUD,DAD>

    ================================================================================

    Non-Apple kexts that are loaded:

    Index Refs Address Size Wired Name (Version) UUID <Linked Against>
    186 0 0xffffff7f8470a000 0x6000 0x6000 com.getdropbox.dropbox.kext (1.10.3) F29DD0CB-48D6-311A-9B69-E39CF775493C <8 6 5 2 1>

    ================================================================================

    Quit Log:

    2019-12-22 17:31:45.120489 applicationShouldTerminate: termination because of Quit; delayed until 'shutdownTunnelblick' finishes)
    2019-12-22 17:31:45.146011 shutDownTunnelblick: started.
    2019-12-22 17:31:45.146448 shutDownTunnelblick: Starting cleanup.
    2019-12-22 17:31:45.146779 cleanup: Entering cleanup
    2019-12-22 17:31:45.147070 cleanup aborted because Tunnelblick did not finish launching
    2019-12-22 17:31:45.147249 shutDownTunnelblick: Cleanup finished.
    2019-12-22 17:31:45.147444 Finished shutting down Tunnelblick; allowing termination

    ================================================================================

    Console Log:

    2019-12-22 17:31:37.924559 Tunnelblick[15265] Tunnelblick: macOS 10.15.2; Tunnelblick 3.8.1 (build 5400)
    2019-12-22 17:31:37.928506 Tunnelblick[15265] Propagating '-resetPrimaryInterfaceAfterDisconnect' preferences that are TRUE to '-resetPrimaryInterfaceAfterUnexpectedDisconnect'
    2019-12-22 17:31:38.251916 Tunnelblick[15265] Tunnelblick cannot run when it is on /Volumes because the volume has the MNT_NOSUID statfs flag set.
    2019-12-22 17:31:44.137158 Tunnelblick[15265] Tunnelblick needs to:
    • Be installed in /Applications as Tunnelblick
    • Change ownership and permissions of the program to secure it
    • Secure configurations
    2019-12-22 17:31:44.137217 Tunnelblick[15265] Beginning installation or repair
    2019-12-22 17:31:45.014909 Tunnelblick[15265] Installation or repair succeeded; Log:
    Tunnelblick installer started 2019-12-22 17:31:44.179060. 1 arguments: 0x0017
    getuid() = 504; getgid() = 20; geteuid() = 0; getegid() = 20
    Created directory /Library/Application Support/Tunnelblick with owner 0:80 and permissions 755
    Changed ownership of /Library/Application Support/Tunnelblick from 0:80 to 0:0
    Created directory /Library/Application Support/Tunnelblick/Logs with owner 0:0 and permissions 755
    Created directory /var/log/Tunnelblick with owner 0:0 and permissions 755
    Created directory /Library/Application Support/Tunnelblick/Shared with owner 0:0 and permissions 755
    Created directory /Library/Application Support/Tunnelblick/Tblks with owner 0:0 and permissions 755
    Created directory /Library/Application Support/Tunnelblick/expect-disconnect with owner 0:0 and permissions 755
    Created directory /Library/Application Support/Tunnelblick/Users with owner 0:0 and permissions 755
    Created directory /Library/Application Support/Tunnelblick/Users/frederiek with owner 0:0 and permissions 755
    Created .mip
    Changed ownership of /Users/frederiek/Library/Application Support/Tunnelblick from 504:20 to 504:80
    Changed ownership of /Users/frederiek/Library/Application Support/Tunnelblick/Configurations from 504:20 to 504:80
    Copied /Volumes/Tunnelblick/Tunnelblick.app to /Applications/Tunnelblick.app
    Removed any 'com.apple.quarantine' extended attributes
    Changed ownership of /Applications/Tunnelblick.app and its contents from 501:80 to 0:0
    Need to replace and/or reload 'tunnelblickd':
    tunnelblickdHashOK = NO
    launchctlPlistHashOK = NO
    tunnelblickdPlistOK = NO
    socketOK = NO
    Installed /Library/LaunchDaemons/net.tunnelblick.tunnelblick.tunnelblickd.plist
    Used launchctl to load tunnelblickd
    Tunnelblick installer finished without error
    2019-12-22 17:31:45.135375 Tunnelblick[15280] Tunnelblick: macOS 10.15.2; Tunnelblick 3.8.1 (build 5400)
    2019-12-22 17:31:45.146737 Tunnelblick[15265] cleanup: Entering cleanup
    2019-12-22 17:31:45.147033 Tunnelblick[15265] cleanup aborted because Tunnelblick did not finish launching
    2019-12-22 17:31:45.147411 Tunnelblick[15265] Finished shutting down Tunnelblick; allowing termination
    2019-12-22 17:31:45.637333 Tunnelblick[15280] Launching a thread to remove the old login item (if any) so we can use the new mechanism that controls Tunnelblick's launch on login
    2019-12-22 17:31:45.638004 Tunnelblick[15280] Changed permissions from 755 to 700 on /Users/frederiek/Library/LaunchAgents
    2019-12-22 17:31:45.638357 Tunnelblick[15280] Copied our 'net.tunnelblick.tunnelblick.LaunchAtLogin.plist' into ~/Library/LaunchAgents
    2019-12-22 17:31:45.653261 Tunnelblick[15280] No old login item to remove
    2019-12-22 17:31:57.841870 Tunnelblick[15280] Copied easy-rsa
    2019-12-22 17:31:57.842184 Tunnelblick[15280] Changed permissions from 755 to 700 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa
    2019-12-22 17:31:57.842724 Tunnelblick[15280] Changed permissions from 755 to 500 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/build-ca
    2019-12-22 17:31:57.842941 Tunnelblick[15280] Changed permissions from 755 to 600 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/vars
    2019-12-22 17:31:57.843159 Tunnelblick[15280] Changed permissions from 755 to 500 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/build-key-server
    2019-12-22 17:31:57.843355 Tunnelblick[15280] Changed permissions from 755 to 500 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/build-key-pass
    2019-12-22 17:31:57.843547 Tunnelblick[15280] Changed permissions from 755 to 500 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/build-req
    2019-12-22 17:31:57.843737 Tunnelblick[15280] Changed permissions from 755 to 500 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/build-req-pass
    2019-12-22 17:31:57.843940 Tunnelblick[15280] Changed permissions from 644 to 500 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/libressl.cnf.template
    2019-12-22 17:31:57.844328 Tunnelblick[15280] Changed permissions from 755 to 700 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3
    2019-12-22 17:31:57.844557 Tunnelblick[15280] Changed permissions from 644 to 400 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/ChangeLog
    2019-12-22 17:31:57.844782 Tunnelblick[15280] Changed permissions from 644 to 400 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/README
    2019-12-22 17:31:57.845153 Tunnelblick[15280] Changed permissions from 755 to 700 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/easyrsa3
    2019-12-22 17:31:57.845593 Tunnelblick[15280] Changed permissions from 755 to 700 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/easyrsa3/x509-types
    2019-12-22 17:31:57.845828 Tunnelblick[15280] Changed permissions from 644 to 400 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/easyrsa3/x509-types/ca
    2019-12-22 17:31:57.846053 Tunnelblick[15280] Changed permissions from 644 to 400 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/easyrsa3/x509-types/server
    2019-12-22 17:31:57.846268 Tunnelblick[15280] Changed permissions from 644 to 400 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/easyrsa3/x509-types/COMMON
    2019-12-22 17:31:57.846500 Tunnelblick[15280] Changed permissions from 644 to 400 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/easyrsa3/x509-types/client
    2019-12-22 17:31:57.846747 Tunnelblick[15280] Changed permissions from 644 to 600 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/easyrsa3/openssl-1.0.cnf
    2019-12-22 17:31:57.846949 Tunnelblick[15280] Changed permissions from 755 to 500 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/easyrsa3/easyrsa
    2019-12-22 17:31:57.847153 Tunnelblick[15280] Changed permissions from 644 to 400 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/easyrsa3/vars.example
    2019-12-22 17:31:57.847364 Tunnelblick[15280] Changed permissions from 644 to 400 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/COPYING
    2019-12-22 17:31:57.847725 Tunnelblick[15280] Changed permissions from 755 to 700 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/doc
    2019-12-22 17:31:57.847943 Tunnelblick[15280] Changed permissions from 644 to 400 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/doc/Intro-To-PKI.md
    2019-12-22 17:31:57.848142 Tunnelblick[15280] Changed permissions from 644 to 400 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/doc/EasyRSA-Readme.md
    2019-12-22 17:31:57.848337 Tunnelblick[15280] Changed permissions from 644 to 400 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/doc/Hacking.md
    2019-12-22 17:31:57.848560 Tunnelblick[15280] Changed permissions from 644 to 400 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/doc/EasyRSA-Advanced.md
    2019-12-22 17:31:57.848756 Tunnelblick[15280] Changed permissions from 644 to 400 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/doc/TODO
    2019-12-22 17:31:57.848968 Tunnelblick[15280] Changed permissions from 644 to 400 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/doc/EasyRSA-Upgrade-Notes.md
    2019-12-22 17:31:57.849313 Tunnelblick[15280] Changed permissions from 755 to 700 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/Licensing
    2019-12-22 17:31:57.849528 Tunnelblick[15280] Changed permissions from 644 to 400 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/Licensing/gpl-2.0.txt
    2019-12-22 17:31:57.849735 Tunnelblick[15280] Changed permissions from 644 to 400 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/KNOWN_ISSUES
    2019-12-22 17:31:57.850028 Tunnelblick[15280] Changed permissions from 644 to 400 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/EasyRSA-3/README.quickstart.md
    2019-12-22 17:31:57.850263 Tunnelblick[15280] Changed permissions from 755 to 500 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/clean-all
    2019-12-22 17:31:57.850475 Tunnelblick[15280] Changed permissions from 755 to 500 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/build-dh
    2019-12-22 17:31:57.850760 Tunnelblick[15280] Changed permissions from 644 to 600 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/openssl-0.9.6.cnf
    2019-12-22 17:31:57.850974 Tunnelblick[15280] Changed permissions from 755 to 500 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/pkitool
    2019-12-22 17:31:57.851190 Tunnelblick[15280] Changed permissions from 755 to 500 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/sign-req
    2019-12-22 17:31:57.851408 Tunnelblick[15280] Changed permissions from 755 to 500 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/build-key-pkcs12
    2019-12-22 17:31:57.851607 Tunnelblick[15280] Changed permissions from 644 to 500 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/whichopensslcnf
    2019-12-22 17:31:57.851809 Tunnelblick[15280] Changed permissions from 755 to 500 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/build-inter
    2019-12-22 17:31:57.851996 Tunnelblick[15280] Changed permissions from 644 to 400 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/README
    2019-12-22 17:31:57.852204 Tunnelblick[15280] Changed permissions from 755 to 500 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/revoke-full
    2019-12-22 17:31:57.852412 Tunnelblick[15280] Changed permissions from 644 to 600 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/openssl-0.9.8.cnf
    2019-12-22 17:31:57.852621 Tunnelblick[15280] Changed permissions from 644 to 500 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/readme-libressl.txt
    2019-12-22 17:31:57.852826 Tunnelblick[15280] Changed permissions from 644 to 400 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/TB-version.txt
    2019-12-22 17:31:57.853059 Tunnelblick[15280] Changed permissions from 755 to 500 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/list-crl
    2019-12-22 17:31:57.853289 Tunnelblick[15280] Changed permissions from 755 to 500 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/build-key
    2019-12-22 17:31:57.853581 Tunnelblick[15280] Changed permissions from 755 to 500 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/inherit-inter
    2019-12-22 17:31:57.853831 Tunnelblick[15280] Changed permissions from 644 to 600 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/openssl-1.0.0.cnf
    2019-12-22 17:31:57.854045 Tunnelblick[15280] Changed permissions from 644 to 400 on /Users/frederiek/Library/Application Support/Tunnelblick/easy-rsa/v3version.txt
    2019-12-22 17:31:58.033699 Tunnelblick[15280] Sparkle: ===== Tunnelblick.app =====
    2019-12-22 17:31:58.034246 Tunnelblick[15280] Sparkle: Verified appcast signature
    2019-12-22 17:32:08.895117 Tunnelblick[15280] Converting/Installing /Users/frederiek/Dropbox/frederiekpascal__ssl_vpn_config (1).ovpn: Converted OpenVPN configuration
    2019-12-22 17:32:14.500731 Tunnelblick[15280] Tunnelblick needs to perform an action that requires a computer administrator's authorization.
    2019-12-22 17:32:14.500825 Tunnelblick[15280] Beginning installation or repair
    2019-12-22 17:32:14.593700 Tunnelblick[15280] Installation or repair succeeded; Log:
    Tunnelblick installer started 2019-12-22 17:32:14.548272. 3 arguments: 0x0001
    /Users/frederiek/Library/Application Support/Tunnelblick/Configurations/frederiekpascal__ssl_vpn_config (1).tblk
    /private/var/folders/sj/yy52lxv500j_zw1gy9ww_2d00000gr/T/Tunnelblick-ii1MMt/frederiekpascal__ssl_vpn_config (1).tblk
    getuid() = 504; getgid() = 20; geteuid() = 0; getegid() = 20
    Copied /private/var/folders/sj/yy52lxv500j_zw1gy9ww_2d00000gr/T/Tunnelblick-ii1MMt/frederiekpascal__ssl_vpn_config (1).tblk
    to /Users/frederiek/Library/Application Support/Tunnelblick/Configurations/frederiekpascal__ssl_vpn_config (1).tblk.temp
    Renamed /Users/frederiek/Library/Application Support/Tunnelblick/Configurations/frederiekpascal__ssl_vpn_config (1).tblk.temp
    to /Users/frederiek/Library/Application Support/Tunnelblick/Configurations/frederiekpascal__ssl_vpn_config (1).tblk
    Changed ownership of /Users/frederiek/Library/Application Support/Tunnelblick/Configurations/frederiekpascal__ssl_vpn_config (1).tblk and its contents from 504:20 to 504:80
    Copied /Users/frederiek/Library/Application Support/Tunnelblick/Configurations/frederiekpascal__ssl_vpn_config (1).tblk
    to /Library/Application Support/Tunnelblick/Users/frederiek/frederiekpascal__ssl_vpn_config (1).tblk.temp
    Renamed /Library/Application Support/Tunnelblick/Users/frederiek/frederiekpascal__ssl_vpn_config (1).tblk.temp
    to /Library/Application Support/Tunnelblick/Users/frederiek/frederiekpascal__ssl_vpn_config (1).tblk
    Changed ownership of /Library/Application Support/Tunnelblick/Users/frederiek/frederiekpascal__ssl_vpn_config (1).tblk and its contents from 504:80 to 0:0
    Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/frederiek/frederiekpascal__ssl_vpn_config (1).tblk
    Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/frederiek/frederiekpascal__ssl_vpn_config (1).tblk/Contents
    Changed permissions from 750 to 755 on /Library/Application Support/Tunnelblick/Users/frederiek/frederiekpascal__ssl_vpn_config (1).tblk/Contents/Resources
    Changed permissions from 740 to 700 on /Library/Application Support/Tunnelblick/Users/frederiek/frederiekpascal__ssl_vpn_config (1).tblk/Contents/Resources/config.ovpn
    Created secure (shadow) copy of frederiekpascal__ssl_vpn_config (1).tblk
    Tunnelblick installer finished without error
    2019-12-22 17:32:58.309741 Tunnelblick[15280] Can't find Keychain item to delete: service = 'Tunnelblick-Auth-frederiekpascal__ssl_vpn_config (1)'; account = 'username'; status was -25300: 'The specified item could not be found in the keychain.'
    2019-12-22 17:32:58.348847 Tunnelblick[15280] Can't find Keychain item to delete: service = 'Tunnelblick-Auth-frederiekpascal__ssl_vpn_config (1)'; account = 'password'; status was -25300: 'The specified item could not be found in the keychain.'

  • These are the settings of my ISP modem (sorry in dutch)

    and on my Sophos

  • Frederiek Pascal said:
    2019-12-22 17:32:58.441161 MANAGEMENT: >STATE:1577032378,TCP_CONNECT,,,,,,

    After this, is it at least giving you: "failed, will try again in 5 seconds: Operation timed out" ?


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

    Sophos ZTNA (KVM) @ Home

  • If it is, can you SSH in to XG, go to advanced shell and give the output of "cat /log/sslvpn.log", if there's any errors in it then post it here, of course if there is it's better to wait for a sophos dev to answer, if there isn't It seems a problem when establishing the connection with XG.

    A good thing you can do, If your ISP router supports, and you don't have a special use for it, it's putting in bridge and authenticating with XG.


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

    Sophos ZTNA (KVM) @ Home

Reply
  • If it is, can you SSH in to XG, go to advanced shell and give the output of "cat /log/sslvpn.log", if there's any errors in it then post it here, of course if there is it's better to wait for a sophos dev to answer, if there isn't It seems a problem when establishing the connection with XG.

    A good thing you can do, If your ISP router supports, and you don't have a special use for it, it's putting in bridge and authenticating with XG.


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

    Sophos ZTNA (KVM) @ Home

Children
  • hello,

    here ya go :-)

     

     

    XG106_XN01_SFOS 17.5.9 MR-9# cat /log/sslvpn.log

    Wed Dec 18 11:32:55 2019 [5140] OpenVPN 2.3.6 i486-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov  1 2019

    Wed Dec 18 11:32:55 2019 [5140] library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.09

    Wed Dec 18 11:32:55 2019 [5140] MANAGEMENT: client_uid=0

    Wed Dec 18 11:32:55 2019 [5140] MANAGEMENT: unix domain socket listening on /tmp/openvpn_mgmt

    /scripts/vpn/sslvpn/user-cleanup.sh: line 4: DELETE: not found

    Wed Dec 18 11:32:55 2019 [5140] cleanup success

    Wed Dec 18 11:32:55 2019 [5140] WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want

    Wed Dec 18 11:32:55 2019 [5140] WARNING: --ifconfig-pool-persist will not work with --duplicate-cn

    Wed Dec 18 11:32:55 2019 [5140] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

    grhandle=0x8322270

    Authentication server 127.0.0.1 gave login response code 2

    Wed Dec 18 11:32:55 2019 [5140] PLUGIN_INIT: POST /lib/openvpn-plugin-utm.so '[/lib/openvpn-plugin-utm.so]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT

    Wed Dec 18 11:32:55 2019 [5140] Diffie-Hellman initialized with 2048 bit key

    Wed Dec 18 11:32:55 2019 [5140] WARNING: file '/conf/certificate/private/ApplianceCertificate.key' is group or others accessible

    Wed Dec 18 11:32:55 2019 [5140] WARNING: experimental option --capath /conf/certificate/openvpn

    Wed Dec 18 11:32:55 2019 [5140] Socket Buffers: R=[87380->131072] S=[16384->131072]

    Wed Dec 18 11:32:55 2019 [5140] TUN/TAP device tun0 opened

    Wed Dec 18 11:32:55 2019 [5140] TUN/TAP TX queue length set to 100

    Wed Dec 18 11:32:55 2019 [5140] do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1

    Wed Dec 18 11:32:55 2019 [5140] /bin/ip link set dev tun0 up mtu 1500

    Wed Dec 18 11:32:55 2019 [5140] /bin/ip addr add dev tun0 10.81.234.5/24 broadcast 10.81.234.255

    Wed Dec 18 11:32:55 2019 [5140] /bin/ip -6 addr add 2001:db8::1:0/64 dev tun0

    Wed Dec 18 11:32:55 2019 [5140] CSC service status updated to RUNNING

    Wed Dec 18 11:32:55 2019 [5140] Listening for incoming TCP connection on [undef]

    Wed Dec 18 11:32:55 2019 [5140] TCPv6_SERVER link local (bound): [undef]

    Wed Dec 18 11:32:55 2019 [5140] TCPv6_SERVER link remote: [undef]

    Wed Dec 18 11:32:55 2019 [5140] MULTI: multi_init called, r=256 v=256

    Wed Dec 18 11:32:55 2019 [5140] IFCONFIG POOL IPv6: (IPv4) size=50, size_ipv6=65536, netbits=64, base_ipv6=2001:db8::1:1

    Wed Dec 18 11:32:55 2019 [5140] IFCONFIG POOL: base=10.81.234.6 size=50, ipv6=1

    Wed Dec 18 11:32:55 2019 [5140] IFCONFIG POOL LIST

    Wed Dec 18 11:32:55 2019 [5140] MULTI: TCP INIT maxclients=5000 maxevents=5004

    Wed Dec 18 11:32:55 2019 [5140] Initialization Sequence Completed

    Wed Dec 18 11:36:28 2019 [5140] Closing TUN/TAP interface

    Wed Dec 18 11:36:28 2019 [5140] /bin/ip addr del dev tun0 10.81.234.5/24

    Wed Dec 18 11:36:28 2019 [5140] /bin/ip -6 addr del 2001:db8::1:0/64 dev tun0

    Wed Dec 18 11:36:28 2019 [5140] PLUGIN_CLOSE: /lib/openvpn-plugin-utm.so

    Wed Dec 18 11:36:28 2019 [5140] SIGTERM[hard,] received, process exiting

    Wed Dec 18 11:36:32 2019 [5708] OpenVPN 2.3.6 i486-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov  1 2019

    Wed Dec 18 11:36:32 2019 [5708] library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.09

    Wed Dec 18 11:36:32 2019 [5708] MANAGEMENT: client_uid=0

    Wed Dec 18 11:36:32 2019 [5708] MANAGEMENT: unix domain socket listening on /tmp/openvpn_mgmt

    /scripts/vpn/sslvpn/user-cleanup.sh: line 4: DELETE: not found

    Wed Dec 18 11:36:32 2019 [5708] cleanup success

    Wed Dec 18 11:36:32 2019 [5708] WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want

    Wed Dec 18 11:36:32 2019 [5708] WARNING: --ifconfig-pool-persist will not work with --duplicate-cn

    Wed Dec 18 11:36:32 2019 [5708] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

    grhandle=0x9658270

    Authentication server 127.0.0.1 gave login response code 2

    Wed Dec 18 11:36:32 2019 [5708] PLUGIN_INIT: POST /lib/openvpn-plugin-utm.so '[/lib/openvpn-plugin-utm.so]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT

    Wed Dec 18 11:36:32 2019 [5708] Diffie-Hellman initialized with 2048 bit key

    Wed Dec 18 11:36:32 2019 [5708] WARNING: file '/conf/certificate/private/ApplianceCertificate.key' is group or others accessible

    Wed Dec 18 11:36:32 2019 [5708] WARNING: experimental option --capath /conf/certificate/openvpn

    Wed Dec 18 11:36:32 2019 [5708] Socket Buffers: R=[87380->131072] S=[16384->131072]

    Wed Dec 18 11:36:32 2019 [5708] TUN/TAP device tun0 opened

    Wed Dec 18 11:36:32 2019 [5708] TUN/TAP TX queue length set to 100

    Wed Dec 18 11:36:32 2019 [5708] do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1

    Wed Dec 18 11:36:32 2019 [5708] /bin/ip link set dev tun0 up mtu 1500

    Wed Dec 18 11:36:32 2019 [5708] /bin/ip addr add dev tun0 10.81.234.5/24 broadcast 10.81.234.255

    Wed Dec 18 11:36:32 2019 [5708] /bin/ip -6 addr add 2001:db8::1:0/64 dev tun0

    Wed Dec 18 11:36:32 2019 [5708] CSC service status updated to RUNNING

    Wed Dec 18 11:36:32 2019 [5708] Listening for incoming TCP connection on [undef]

    Wed Dec 18 11:36:32 2019 [5708] TCPv6_SERVER link local (bound): [undef]

    Wed Dec 18 11:36:32 2019 [5708] TCPv6_SERVER link remote: [undef]

    Wed Dec 18 11:36:32 2019 [5708] MULTI: multi_init called, r=256 v=256

    Wed Dec 18 11:36:32 2019 [5708] IFCONFIG POOL IPv6: (IPv4) size=50, size_ipv6=65536, netbits=64, base_ipv6=2001:db8::1:1

    Wed Dec 18 11:36:32 2019 [5708] IFCONFIG POOL: base=10.81.234.6 size=50, ipv6=1

    Wed Dec 18 11:36:32 2019 [5708] IFCONFIG POOL LIST

    Wed Dec 18 11:36:32 2019 [5708] MULTI: TCP INIT maxclients=5000 maxevents=5004

    Wed Dec 18 11:36:32 2019 [5708] Initialization Sequence Completed

    Wed Dec 18 11:59:34 2019 [5708] Closing TUN/TAP interface

    Wed Dec 18 11:59:34 2019 [5708] /bin/ip addr del dev tun0 10.81.234.5/24

    Wed Dec 18 11:59:34 2019 [5708] /bin/ip -6 addr del 2001:db8::1:0/64 dev tun0

    Wed Dec 18 11:59:34 2019 [5708] PLUGIN_CLOSE: /lib/openvpn-plugin-utm.so

    Wed Dec 18 11:59:34 2019 [5708] SIGTERM[hard,] received, process exiting

    Wed Dec 18 11:59:38 2019 [9123] OpenVPN 2.3.6 i486-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov  1 2019

    Wed Dec 18 11:59:38 2019 [9123] library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.09

    Wed Dec 18 11:59:38 2019 [9123] MANAGEMENT: client_uid=0

    Wed Dec 18 11:59:38 2019 [9123] MANAGEMENT: unix domain socket listening on /tmp/openvpn_mgmt

    /scripts/vpn/sslvpn/user-cleanup.sh: line 4: DELETE: not found

    Wed Dec 18 11:59:38 2019 [9123] cleanup success

    Wed Dec 18 11:59:38 2019 [9123] WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want

    Wed Dec 18 11:59:38 2019 [9123] WARNING: --ifconfig-pool-persist will not work with --duplicate-cn

    Wed Dec 18 11:59:38 2019 [9123] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

    grhandle=0x823f270

    Authentication server 127.0.0.1 gave login response code 2

    Wed Dec 18 11:59:38 2019 [9123] PLUGIN_INIT: POST /lib/openvpn-plugin-utm.so '[/lib/openvpn-plugin-utm.so]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT

    Wed Dec 18 11:59:38 2019 [9123] Diffie-Hellman initialized with 2048 bit key

    Wed Dec 18 11:59:38 2019 [9123] WARNING: file '/conf/certificate/private/ApplianceCertificate.key' is group or others accessible

    Wed Dec 18 11:59:38 2019 [9123] WARNING: experimental option --capath /conf/certificate/openvpn

    Wed Dec 18 11:59:38 2019 [9123] Socket Buffers: R=[87380->131072] S=[16384->131072]

    Wed Dec 18 11:59:38 2019 [9123] TUN/TAP device tun0 opened

    Wed Dec 18 11:59:38 2019 [9123] TUN/TAP TX queue length set to 100

    Wed Dec 18 11:59:38 2019 [9123] do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1

    Wed Dec 18 11:59:38 2019 [9123] /bin/ip link set dev tun0 up mtu 1500

    Wed Dec 18 11:59:38 2019 [9123] /bin/ip addr add dev tun0 10.81.234.5/24 broadcast 10.81.234.255

    Wed Dec 18 11:59:38 2019 [9123] /bin/ip -6 addr add 2001:db8::1:0/64 dev tun0

    Wed Dec 18 11:59:38 2019 [9123] CSC service status updated to RUNNING

    Wed Dec 18 11:59:38 2019 [9123] Listening for incoming TCP connection on [undef]

    Wed Dec 18 11:59:38 2019 [9123] TCPv6_SERVER link local (bound): [undef]

    Wed Dec 18 11:59:38 2019 [9123] TCPv6_SERVER link remote: [undef]

    Wed Dec 18 11:59:38 2019 [9123] MULTI: multi_init called, r=256 v=256

    Wed Dec 18 11:59:38 2019 [9123] IFCONFIG POOL IPv6: (IPv4) size=50, size_ipv6=65536, netbits=64, base_ipv6=2001:db8::1:1

    Wed Dec 18 11:59:38 2019 [9123] IFCONFIG POOL: base=10.81.234.6 size=50, ipv6=1

    Wed Dec 18 11:59:38 2019 [9123] IFCONFIG POOL LIST

    Wed Dec 18 11:59:38 2019 [9123] MULTI: TCP INIT maxclients=5000 maxevents=5004

    Wed Dec 18 11:59:38 2019 [9123] Initialization Sequence Completed

    Wed Dec 18 12:05:22 2019 [9123] Closing TUN/TAP interface

    Wed Dec 18 12:05:22 2019 [9123] /bin/ip addr del dev tun0 10.81.234.5/24

    Wed Dec 18 12:05:22 2019 [9123] /bin/ip -6 addr del 2001:db8::1:0/64 dev tun0

    Wed Dec 18 12:05:22 2019 [9123] PLUGIN_CLOSE: /lib/openvpn-plugin-utm.so

    Wed Dec 18 12:05:22 2019 [9123] SIGTERM[hard,] received, process exiting

    Wed Dec 18 12:05:26 2019 [9654] OpenVPN 2.3.6 i486-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov  1 2019

    Wed Dec 18 12:05:26 2019 [9654] library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.09

    Wed Dec 18 12:05:26 2019 [9654] MANAGEMENT: client_uid=0

    Wed Dec 18 12:05:26 2019 [9654] MANAGEMENT: unix domain socket listening on /tmp/openvpn_mgmt

    /scripts/vpn/sslvpn/user-cleanup.sh: line 4: DELETE: not found

    Wed Dec 18 12:05:26 2019 [9654] cleanup success

    Wed Dec 18 12:05:26 2019 [9654] WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want

    Wed Dec 18 12:05:26 2019 [9654] WARNING: --ifconfig-pool-persist will not work with --duplicate-cn

    Wed Dec 18 12:05:26 2019 [9654] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

    grhandle=0x9355270

    Authentication server 127.0.0.1 gave login response code 2

    Wed Dec 18 12:05:26 2019 [9654] PLUGIN_INIT: POST /lib/openvpn-plugin-utm.so '[/lib/openvpn-plugin-utm.so]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT

    Wed Dec 18 12:05:26 2019 [9654] Diffie-Hellman initialized with 2048 bit key

    Wed Dec 18 12:05:26 2019 [9654] WARNING: file '/conf/certificate/private/ApplianceCertificate.key' is group or others accessible

    Wed Dec 18 12:05:26 2019 [9654] WARNING: experimental option --capath /conf/certificate/openvpn

    Wed Dec 18 12:05:26 2019 [9654] Socket Buffers: R=[87380->131072] S=[16384->131072]

    Wed Dec 18 12:05:26 2019 [9654] TUN/TAP device tun0 opened

    Wed Dec 18 12:05:26 2019 [9654] TUN/TAP TX queue length set to 100

    Wed Dec 18 12:05:26 2019 [9654] do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1

    Wed Dec 18 12:05:26 2019 [9654] /bin/ip link set dev tun0 up mtu 1500

    Wed Dec 18 12:05:26 2019 [9654] /bin/ip addr add dev tun0 10.81.234.5/24 broadcast 10.81.234.255

    Wed Dec 18 12:05:26 2019 [9654] /bin/ip -6 addr add 2001:db8::1:0/64 dev tun0

    Wed Dec 18 12:05:26 2019 [9654] CSC service status updated to RUNNING

    Wed Dec 18 12:05:26 2019 [9654] Listening for incoming TCP connection on [undef]

    Wed Dec 18 12:05:26 2019 [9654] TCPv6_SERVER link local (bound): [undef]

    Wed Dec 18 12:05:26 2019 [9654] TCPv6_SERVER link remote: [undef]

    Wed Dec 18 12:05:26 2019 [9654] MULTI: multi_init called, r=256 v=256

    Wed Dec 18 12:05:26 2019 [9654] IFCONFIG POOL IPv6: (IPv4) size=50, size_ipv6=65536, netbits=64, base_ipv6=2001:db8::1:1

    Wed Dec 18 12:05:26 2019 [9654] IFCONFIG POOL: base=10.81.234.6 size=50, ipv6=1

    Wed Dec 18 12:05:26 2019 [9654] IFCONFIG POOL LIST

    Wed Dec 18 12:05:26 2019 [9654] MULTI: TCP INIT maxclients=5000 maxevents=5004

    Wed Dec 18 12:05:26 2019 [9654] Initialization Sequence Completed

    Wed Dec 18 12:08:06 2019 [9654] Closing TUN/TAP interface

    Wed Dec 18 12:08:06 2019 [9654] /bin/ip addr del dev tun0 10.81.234.5/24

    Wed Dec 18 12:08:06 2019 [9654] /bin/ip -6 addr del 2001:db8::1:0/64 dev tun0

    Wed Dec 18 12:08:06 2019 [9654] PLUGIN_CLOSE: /lib/openvpn-plugin-utm.so

    Wed Dec 18 12:08:06 2019 [9654] SIGTERM[hard,] received, process exiting

    Wed Dec 18 12:08:10 2019 [10009] OpenVPN 2.3.6 i486-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov  1 2019

    Wed Dec 18 12:08:10 2019 [10009] library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.09

    Wed Dec 18 12:08:10 2019 [10009] MANAGEMENT: client_uid=0

    Wed Dec 18 12:08:10 2019 [10009] MANAGEMENT: unix domain socket listening on /tmp/openvpn_mgmt

    /scripts/vpn/sslvpn/user-cleanup.sh: line 4: DELETE: not found

    Wed Dec 18 12:08:10 2019 [10009] cleanup success

    Wed Dec 18 12:08:10 2019 [10009] WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want

    Wed Dec 18 12:08:10 2019 [10009] WARNING: --ifconfig-pool-persist will not work with --duplicate-cn

    Wed Dec 18 12:08:10 2019 [10009] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

    grhandle=0x8128270

    Authentication server 127.0.0.1 gave login response code 2

    Wed Dec 18 12:08:10 2019 [10009] PLUGIN_INIT: POST /lib/openvpn-plugin-utm.so '[/lib/openvpn-plugin-utm.so]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT

    Wed Dec 18 12:08:10 2019 [10009] Diffie-Hellman initialized with 2048 bit key

    Wed Dec 18 12:08:10 2019 [10009] WARNING: file '/conf/certificate/private/ApplianceCertificate.key' is group or others accessible

    Wed Dec 18 12:08:10 2019 [10009] WARNING: experimental option --capath /conf/certificate/openvpn

    Wed Dec 18 12:08:10 2019 [10009] Socket Buffers: R=[87380->131072] S=[16384->131072]

    Wed Dec 18 12:08:10 2019 [10009] TUN/TAP device tun0 opened

    Wed Dec 18 12:08:10 2019 [10009] TUN/TAP TX queue length set to 100

    Wed Dec 18 12:08:10 2019 [10009] do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1

    Wed Dec 18 12:08:10 2019 [10009] /bin/ip link set dev tun0 up mtu 1500

    Wed Dec 18 12:08:10 2019 [10009] /bin/ip addr add dev tun0 10.81.234.5/24 broadcast 10.81.234.255

    Wed Dec 18 12:08:10 2019 [10009] /bin/ip -6 addr add 2001:db8::1:0/64 dev tun0

    Wed Dec 18 12:08:10 2019 [10009] CSC service status updated to RUNNING

    Wed Dec 18 12:08:10 2019 [10009] Listening for incoming TCP connection on [undef]

    Wed Dec 18 12:08:10 2019 [10009] TCPv6_SERVER link local (bound): [undef]

    Wed Dec 18 12:08:10 2019 [10009] TCPv6_SERVER link remote: [undef]

    Wed Dec 18 12:08:10 2019 [10009] MULTI: multi_init called, r=256 v=256

    Wed Dec 18 12:08:10 2019 [10009] IFCONFIG POOL IPv6: (IPv4) size=50, size_ipv6=65536, netbits=64, base_ipv6=2001:db8::1:1

    Wed Dec 18 12:08:10 2019 [10009] IFCONFIG POOL: base=10.81.234.6 size=50, ipv6=1

    Wed Dec 18 12:08:10 2019 [10009] IFCONFIG POOL LIST

    Wed Dec 18 12:08:10 2019 [10009] MULTI: TCP INIT maxclients=5000 maxevents=5004

    Wed Dec 18 12:08:10 2019 [10009] Initialization Sequence Completed

    Wed Dec 18 13:16:18 2019 [10009] Closing TUN/TAP interface

    Wed Dec 18 13:16:18 2019 [10009] /bin/ip addr del dev tun0 10.81.234.5/24

    Wed Dec 18 13:16:18 2019 [10009] /bin/ip -6 addr del 2001:db8::1:0/64 dev tun0

    Wed Dec 18 13:16:18 2019 [10009] PLUGIN_CLOSE: /lib/openvpn-plugin-utm.so

    Wed Dec 18 13:16:18 2019 [10009] SIGTERM[hard,] received, process exiting

    Wed Dec 18 13:16:22 2019 [15707] OpenVPN 2.3.6 i486-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov  1 2019

    Wed Dec 18 13:16:22 2019 [15707] library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.09

    Wed Dec 18 13:16:22 2019 [15707] MANAGEMENT: client_uid=0

    Wed Dec 18 13:16:22 2019 [15707] MANAGEMENT: unix domain socket listening on /tmp/openvpn_mgmt

    /scripts/vpn/sslvpn/user-cleanup.sh: line 4: DELETE: not found

    Wed Dec 18 13:16:22 2019 [15707] cleanup success

    Wed Dec 18 13:16:22 2019 [15707] WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want

    Wed Dec 18 13:16:22 2019 [15707] WARNING: --ifconfig-pool-persist will not work with --duplicate-cn

    Wed Dec 18 13:16:22 2019 [15707] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

    grhandle=0x8e45270

    Authentication server 127.0.0.1 gave login response code 2

    Wed Dec 18 13:16:22 2019 [15707] PLUGIN_INIT: POST /lib/openvpn-plugin-utm.so '[/lib/openvpn-plugin-utm.so]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT

    Wed Dec 18 13:16:22 2019 [15707] Diffie-Hellman initialized with 2048 bit key

    Wed Dec 18 13:16:22 2019 [15707] WARNING: file '/conf/certificate/private/ApplianceCertificate.key' is group or others accessible

    Wed Dec 18 13:16:22 2019 [15707] WARNING: experimental option --capath /conf/certificate/openvpn

    Wed Dec 18 13:16:22 2019 [15707] Socket Buffers: R=[87380->131072] S=[16384->131072]

    Wed Dec 18 13:16:22 2019 [15707] TUN/TAP device tun0 opened

    Wed Dec 18 13:16:22 2019 [15707] TUN/TAP TX queue length set to 100

    Wed Dec 18 13:16:22 2019 [15707] do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1

    Wed Dec 18 13:16:22 2019 [15707] /bin/ip link set dev tun0 up mtu 1500

    Wed Dec 18 13:16:22 2019 [15707] /bin/ip addr add dev tun0 10.81.234.5/24 broadcast 10.81.234.255

    Wed Dec 18 13:16:22 2019 [15707] /bin/ip -6 addr add 2001:db8::1:0/64 dev tun0

    Wed Dec 18 13:16:22 2019 [15707] CSC service status updated to RUNNING

    Wed Dec 18 13:16:22 2019 [15707] Listening for incoming TCP connection on [undef]

    Wed Dec 18 13:16:22 2019 [15707] TCPv6_SERVER link local (bound): [undef]

    Wed Dec 18 13:16:22 2019 [15707] TCPv6_SERVER link remote: [undef]

    Wed Dec 18 13:16:22 2019 [15707] MULTI: multi_init called, r=256 v=256

    Wed Dec 18 13:16:22 2019 [15707] IFCONFIG POOL IPv6: (IPv4) size=50, size_ipv6=65536, netbits=64, base_ipv6=2001:db8::1:1

    Wed Dec 18 13:16:22 2019 [15707] IFCONFIG POOL: base=10.81.234.6 size=50, ipv6=1

    Wed Dec 18 13:16:22 2019 [15707] IFCONFIG POOL LIST

    Wed Dec 18 13:16:22 2019 [15707] MULTI: TCP INIT maxclients=5000 maxevents=5004

    Wed Dec 18 13:16:22 2019 [15707] Initialization Sequence Completed

    Wed Dec 18 19:59:37 2019 [15707] MANAGEMENT: Client connected from /tmp/openvpn_mgmt

    Wed Dec 18 19:59:37 2019 [15707] MANAGEMENT: CMD 'status -1'

    Wed Dec 18 19:59:47 2019 [15707] MANAGEMENT: Client disconnected

    Thu Dec 19 10:41:18 2019 [15707] TCP connection established with [AF_INET6]::ffff:88.198.46.51:44680

    Thu Dec 19 10:41:19 2019 [15707] ::ffff:88.198.46.51 Connection reset, restarting [0]

    Thu Dec 19 10:41:19 2019 [15707] ::ffff:88.198.46.51 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Thu Dec 19 13:55:42 2019 [15707] TCP connection established with [AF_INET6]::ffff:184.105.247.195:53622

    Thu Dec 19 13:55:42 2019 [15707] ::ffff:184.105.247.195 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Thu Dec 19 13:55:42 2019 [15707] ::ffff:184.105.247.195 Connection reset, restarting [0]

    Thu Dec 19 13:55:42 2019 [15707] ::ffff:184.105.247.195 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Thu Dec 19 19:21:34 2019 [15707] TCP connection established with [AF_INET6]::ffff:51.91.212.81:49652

    Thu Dec 19 19:21:36 2019 [15707] CID is :2

    Thu Dec 19 19:21:38 2019 [15707] ::ffff:51.91.212.81 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Thu Dec 19 19:21:38 2019 [15707] ::ffff:51.91.212.81 Connection reset, restarting [0]

    Thu Dec 19 19:21:38 2019 [15707] ::ffff:51.91.212.81 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Thu Dec 19 19:41:31 2019 [15707] TCP connection established with [AF_INET6]::ffff:77.247.110.64:57566

    Thu Dec 19 19:41:31 2019 [15707] ::ffff:77.247.110.64 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Thu Dec 19 19:41:31 2019 [15707] ::ffff:77.247.110.64 Connection reset, restarting [0]

    Thu Dec 19 19:41:31 2019 [15707] ::ffff:77.247.110.64 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Thu Dec 19 19:41:32 2019 [15707] TCP connection established with [AF_INET6]::ffff:77.247.110.64:57601

    Thu Dec 19 19:41:32 2019 [15707] ::ffff:77.247.110.64 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Thu Dec 19 19:41:32 2019 [15707] ::ffff:77.247.110.64 Connection reset, restarting [0]

    Thu Dec 19 19:41:32 2019 [15707] ::ffff:77.247.110.64 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Thu Dec 19 20:43:18 2019 [15707] TCP connection established with [AF_INET6]::ffff:138.99.216.171:61000

    Thu Dec 19 20:43:20 2019 [15707] ::ffff:138.99.216.171 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Thu Dec 19 20:43:20 2019 [15707] ::ffff:138.99.216.171 Connection reset, restarting [0]

    Thu Dec 19 20:43:20 2019 [15707] ::ffff:138.99.216.171 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Thu Dec 19 21:53:19 2019 [15707] TCP connection established with [AF_INET6]::ffff:196.52.43.131:58614

    Thu Dec 19 21:53:21 2019 [15707] ::ffff:196.52.43.131 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Thu Dec 19 21:53:21 2019 [15707] ::ffff:196.52.43.131 Connection reset, restarting [0]

    Thu Dec 19 21:53:21 2019 [15707] ::ffff:196.52.43.131 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Thu Dec 19 22:30:18 2019 [15707] TCP connection established with [AF_INET6]::ffff:185.173.35.37:46702

    Thu Dec 19 22:30:18 2019 [15707] ::ffff:185.173.35.37 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Thu Dec 19 22:30:18 2019 [15707] ::ffff:185.173.35.37 Connection reset, restarting [0]

    Thu Dec 19 22:30:18 2019 [15707] ::ffff:185.173.35.37 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Fri Dec 20 17:51:03 2019 [15707] TCP connection established with [AF_INET6]::ffff:184.105.139.67:49104

    Fri Dec 20 17:51:03 2019 [15707] ::ffff:184.105.139.67 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Fri Dec 20 17:51:03 2019 [15707] ::ffff:184.105.139.67 Connection reset, restarting [0]

    Fri Dec 20 17:51:03 2019 [15707] ::ffff:184.105.139.67 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Fri Dec 20 19:06:19 2019 [15707] TCP connection established with [AF_INET6]::ffff:198.143.155.138:46560

    Fri Dec 20 19:06:19 2019 [15707] ::ffff:198.143.155.138 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Fri Dec 20 19:06:19 2019 [15707] ::ffff:198.143.155.138 Connection reset, restarting [0]

    Fri Dec 20 19:06:19 2019 [15707] ::ffff:198.143.155.138 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Fri Dec 20 19:06:22 2019 [15707] TCP connection established with [AF_INET6]::ffff:198.143.155.138:50320

    Fri Dec 20 19:06:22 2019 [15707] ::ffff:198.143.155.138 WARNING: Bad encapsulated packet length from peer (18245), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Fri Dec 20 19:06:22 2019 [15707] ::ffff:198.143.155.138 Connection reset, restarting [0]

    Fri Dec 20 19:06:22 2019 [15707] ::ffff:198.143.155.138 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Fri Dec 20 19:06:24 2019 [15707] TCP connection established with [AF_INET6]::ffff:198.143.155.138:53275

    Fri Dec 20 19:06:25 2019 [15707] ::ffff:198.143.155.138 CID is :11

    Fri Dec 20 19:06:29 2019 [15707] ::ffff:198.143.155.138 Connection reset, restarting [0]

    Fri Dec 20 19:06:29 2019 [15707] ::ffff:198.143.155.138 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Fri Dec 20 19:06:31 2019 [15707] TCP connection established with [AF_INET6]::ffff:198.143.155.138:35108

    Fri Dec 20 19:06:31 2019 [15707] ::ffff:198.143.155.138 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Fri Dec 20 19:06:31 2019 [15707] ::ffff:198.143.155.138 Connection reset, restarting [0]

    Fri Dec 20 19:06:31 2019 [15707] ::ffff:198.143.155.138 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Fri Dec 20 19:06:35 2019 [15707] TCP connection established with [AF_INET6]::ffff:198.143.155.138:38868

    Fri Dec 20 19:06:35 2019 [15707] ::ffff:198.143.155.138 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Fri Dec 20 19:06:35 2019 [15707] ::ffff:198.143.155.138 Connection reset, restarting [0]

    Fri Dec 20 19:06:35 2019 [15707] ::ffff:198.143.155.138 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Fri Dec 20 19:06:37 2019 [15707] TCP connection established with [AF_INET6]::ffff:198.143.155.138:43164

    Fri Dec 20 19:06:37 2019 [15707] ::ffff:198.143.155.138 WARNING: Bad encapsulated packet length from peer (32814), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Fri Dec 20 19:06:37 2019 [15707] ::ffff:198.143.155.138 Connection reset, restarting [0]

    Fri Dec 20 19:06:37 2019 [15707] ::ffff:198.143.155.138 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Fri Dec 20 19:06:39 2019 [15707] TCP connection established with [AF_INET6]::ffff:198.143.155.138:46056

    Fri Dec 20 19:06:40 2019 [15707] ::ffff:198.143.155.138 CID is :15

    Fri Dec 20 19:06:44 2019 [15707] ::ffff:198.143.155.138 Connection reset, restarting [0]

    Fri Dec 20 19:06:44 2019 [15707] ::ffff:198.143.155.138 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Fri Dec 20 19:06:46 2019 [15707] TCP connection established with [AF_INET6]::ffff:198.143.155.138:55389

    Fri Dec 20 19:06:51 2019 [15707] ::ffff:198.143.155.138 Connection reset, restarting [0]

    Fri Dec 20 19:06:51 2019 [15707] ::ffff:198.143.155.138 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Fri Dec 20 19:06:53 2019 [15707] TCP connection established with [AF_INET6]::ffff:198.143.155.138:36788

    Fri Dec 20 19:06:55 2019 [15707] ::ffff:198.143.155.138 CID is :17

    Fri Dec 20 19:06:58 2019 [15707] ::ffff:198.143.155.138 Connection reset, restarting [0]

    Fri Dec 20 19:06:58 2019 [15707] ::ffff:198.143.155.138 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Fri Dec 20 19:24:45 2019 [15707] TCP connection established with [AF_INET6]::ffff:138.99.216.147:61000

    Fri Dec 20 19:24:47 2019 [15707] ::ffff:138.99.216.147 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Fri Dec 20 19:24:47 2019 [15707] ::ffff:138.99.216.147 Connection reset, restarting [0]

    Fri Dec 20 19:24:47 2019 [15707] ::ffff:138.99.216.147 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sat Dec 21 01:44:45 2019 [15707] Closing TUN/TAP interface

    Sat Dec 21 01:44:45 2019 [15707] /bin/ip addr del dev tun0 10.81.234.5/24

    Sat Dec 21 01:44:45 2019 [15707] /bin/ip -6 addr del 2001:db8::1:0/64 dev tun0

    Sat Dec 21 01:44:45 2019 [15707] PLUGIN_CLOSE: /lib/openvpn-plugin-utm.so

    Sat Dec 21 01:44:45 2019 [15707] SIGTERM[hard,] received, process exiting

    Sat Dec 21 01:44:49 2019 [5028] OpenVPN 2.3.6 i486-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov  1 2019

    Sat Dec 21 01:44:49 2019 [5028] library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.09

    Sat Dec 21 01:44:49 2019 [5028] MANAGEMENT: client_uid=0

    Sat Dec 21 01:44:49 2019 [5028] MANAGEMENT: unix domain socket listening on /tmp/openvpn_mgmt

    /scripts/vpn/sslvpn/user-cleanup.sh: line 4: DELETE: not found

    Sat Dec 21 01:44:49 2019 [5028] cleanup success

    Sat Dec 21 01:44:49 2019 [5028] WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want

    Sat Dec 21 01:44:49 2019 [5028] WARNING: --ifconfig-pool-persist will not work with --duplicate-cn

    Sat Dec 21 01:44:49 2019 [5028] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

    grhandle=0x8566270

    Authentication server 127.0.0.1 gave login response code 2

    Sat Dec 21 01:44:49 2019 [5028] PLUGIN_INIT: POST /lib/openvpn-plugin-utm.so '[/lib/openvpn-plugin-utm.so]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT

    Sat Dec 21 01:44:49 2019 [5028] Diffie-Hellman initialized with 2048 bit key

    Sat Dec 21 01:44:49 2019 [5028] WARNING: file '/conf/certificate/private/ApplianceCertificate.key' is group or others accessible

    Sat Dec 21 01:44:49 2019 [5028] WARNING: experimental option --capath /conf/certificate/openvpn

    Sat Dec 21 01:44:49 2019 [5028] Socket Buffers: R=[87380->131072] S=[16384->131072]

    Sat Dec 21 01:44:49 2019 [5028] TUN/TAP device tun0 opened

    Sat Dec 21 01:44:49 2019 [5028] TUN/TAP TX queue length set to 100

    Sat Dec 21 01:44:49 2019 [5028] do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1

    Sat Dec 21 01:44:49 2019 [5028] /bin/ip link set dev tun0 up mtu 1500

    Sat Dec 21 01:44:49 2019 [5028] /bin/ip addr add dev tun0 10.81.234.5/24 broadcast 10.81.234.255

    Sat Dec 21 01:44:49 2019 [5028] /bin/ip -6 addr add 2001:db8::1:0/64 dev tun0

    Sat Dec 21 01:44:49 2019 [5028] CSC service status updated to RUNNING

    Sat Dec 21 01:44:49 2019 [5028] Listening for incoming TCP connection on [undef]

    Sat Dec 21 01:44:49 2019 [5028] TCPv6_SERVER link local (bound): [undef]

    Sat Dec 21 01:44:49 2019 [5028] TCPv6_SERVER link remote: [undef]

    Sat Dec 21 01:44:49 2019 [5028] MULTI: multi_init called, r=256 v=256

    Sat Dec 21 01:44:49 2019 [5028] IFCONFIG POOL IPv6: (IPv4) size=50, size_ipv6=65536, netbits=64, base_ipv6=2001:db8::1:1

    Sat Dec 21 01:44:49 2019 [5028] IFCONFIG POOL: base=10.81.234.6 size=50, ipv6=1

    Sat Dec 21 01:44:49 2019 [5028] IFCONFIG POOL LIST

    Sat Dec 21 01:44:49 2019 [5028] MULTI: TCP INIT maxclients=5000 maxevents=5004

    Sat Dec 21 01:44:49 2019 [5028] Initialization Sequence Completed

    Sat Dec 21 02:07:32 2019 [5028] Closing TUN/TAP interface

    Sat Dec 21 02:07:32 2019 [5028] /bin/ip addr del dev tun0 10.81.234.5/24

    Sat Dec 21 02:07:33 2019 [5028] /bin/ip -6 addr del 2001:db8::1:0/64 dev tun0

    Sat Dec 21 02:07:33 2019 [5028] PLUGIN_CLOSE: /lib/openvpn-plugin-utm.so

    Sat Dec 21 02:07:33 2019 [5028] SIGTERM[hard,] received, process exiting

    Sat Dec 21 02:07:37 2019 [10980] OpenVPN 2.3.6 i486-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov  1 2019

    Sat Dec 21 02:07:37 2019 [10980] library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.09

    Sat Dec 21 02:07:37 2019 [10980] MANAGEMENT: client_uid=0

    Sat Dec 21 02:07:37 2019 [10980] MANAGEMENT: unix domain socket listening on /tmp/openvpn_mgmt

    /scripts/vpn/sslvpn/user-cleanup.sh: line 4: DELETE: not found

    Sat Dec 21 02:07:37 2019 [10980] cleanup success

    Sat Dec 21 02:07:37 2019 [10980] WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want

    Sat Dec 21 02:07:37 2019 [10980] WARNING: --ifconfig-pool-persist will not work with --duplicate-cn

    Sat Dec 21 02:07:37 2019 [10980] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

    grhandle=0x96a9270

    Authentication server 127.0.0.1 gave login response code 2

    Sat Dec 21 02:07:37 2019 [10980] PLUGIN_INIT: POST /lib/openvpn-plugin-utm.so '[/lib/openvpn-plugin-utm.so]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT

    Sat Dec 21 02:07:37 2019 [10980] Diffie-Hellman initialized with 2048 bit key

    Sat Dec 21 02:07:37 2019 [10980] WARNING: file '/conf/certificate/private/ApplianceCertificate.key' is group or others accessible

    Sat Dec 21 02:07:37 2019 [10980] WARNING: experimental option --capath /conf/certificate/openvpn

    Sat Dec 21 02:07:37 2019 [10980] Socket Buffers: R=[87380->131072] S=[16384->131072]

    Sat Dec 21 02:07:37 2019 [10980] TUN/TAP device tun0 opened

    Sat Dec 21 02:07:37 2019 [10980] TUN/TAP TX queue length set to 100

    Sat Dec 21 02:07:37 2019 [10980] do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1

    Sat Dec 21 02:07:37 2019 [10980] /bin/ip link set dev tun0 up mtu 1500

    Sat Dec 21 02:07:37 2019 [10980] /bin/ip addr add dev tun0 10.81.234.5/24 broadcast 10.81.234.255

    Sat Dec 21 02:07:37 2019 [10980] /bin/ip -6 addr add 2001:db8::1:0/64 dev tun0

    Sat Dec 21 02:07:37 2019 [10980] CSC service status updated to RUNNING

    Sat Dec 21 02:07:37 2019 [10980] Listening for incoming TCP connection on [undef]

    Sat Dec 21 02:07:37 2019 [10980] TCPv6_SERVER link local (bound): [undef]

    Sat Dec 21 02:07:37 2019 [10980] TCPv6_SERVER link remote: [undef]

    Sat Dec 21 02:07:37 2019 [10980] MULTI: multi_init called, r=256 v=256

    Sat Dec 21 02:07:37 2019 [10980] IFCONFIG POOL IPv6: (IPv4) size=50, size_ipv6=65536, netbits=64, base_ipv6=2001:db8::1:1

    Sat Dec 21 02:07:37 2019 [10980] IFCONFIG POOL: base=10.81.234.6 size=50, ipv6=1

    Sat Dec 21 02:07:37 2019 [10980] IFCONFIG POOL LIST

    Sat Dec 21 02:07:37 2019 [10980] MULTI: TCP INIT maxclients=5000 maxevents=5004

    Sat Dec 21 02:07:37 2019 [10980] Initialization Sequence Completed

    Sat Dec 21 06:31:20 2019 [10980] TCP connection established with [AF_INET6]::ffff:45.136.108.22:2690

    Sat Dec 21 06:31:35 2019 [10980] CID is :0

    Sat Dec 21 06:31:51 2019 [10980] CID is :0

    Sat Dec 21 06:32:06 2019 [10980] CID is :0

    Sat Dec 21 06:32:21 2019 [10980] CID is :0

    Sat Dec 21 06:32:21 2019 [10980] ::ffff:45.136.108.22 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

    Sat Dec 21 06:32:21 2019 [10980] ::ffff:45.136.108.22 TLS Error: TLS handshake failed

    Sat Dec 21 06:32:21 2019 [10980] ::ffff:45.136.108.22 Fatal TLS error (check_tls_errors_co), restarting

    Sat Dec 21 06:32:21 2019 [10980] ::ffff:45.136.108.22 SIGUSR1[soft,tls-error] received, client-instance restarting

    Sat Dec 21 13:58:30 2019 [10980] TCP connection established with [AF_INET6]::ffff:184.105.139.69:62216

    Sat Dec 21 13:58:31 2019 [10980] ::ffff:184.105.139.69 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Sat Dec 21 13:58:31 2019 [10980] ::ffff:184.105.139.69 Connection reset, restarting [0]

    Sat Dec 21 13:58:31 2019 [10980] ::ffff:184.105.139.69 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sat Dec 21 15:43:51 2019 [10980] TCP connection established with [AF_INET6]::ffff:159.203.201.112:54536

    Sat Dec 21 15:44:01 2019 [10980] ::ffff:159.203.201.112 Connection reset, restarting [0]

    Sat Dec 21 15:44:01 2019 [10980] ::ffff:159.203.201.112 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sat Dec 21 18:50:58 2019 [10980] TCP connection established with [AF_INET6]::ffff:51.91.212.81:36482

    Sat Dec 21 18:50:58 2019 [10980] ::ffff:51.91.212.81 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Sat Dec 21 18:50:58 2019 [10980] ::ffff:51.91.212.81 Connection reset, restarting [0]

    Sat Dec 21 18:50:58 2019 [10980] ::ffff:51.91.212.81 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sat Dec 21 20:52:24 2019 [10980] TCP connection established with [AF_INET6]::ffff:1.192.193.15:59928

    Sat Dec 21 20:52:27 2019 [10980] TCP connection established with [AF_INET6]::ffff:1.192.193.15:62550

    Sat Dec 21 20:52:27 2019 [10980] ::ffff:1.192.193.15 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Sat Dec 21 20:52:27 2019 [10980] ::ffff:1.192.193.15 Connection reset, restarting [0]

    Sat Dec 21 20:52:27 2019 [10980] ::ffff:1.192.193.15 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sat Dec 21 20:52:28 2019 [10980] ::ffff:1.192.193.15 Connection reset, restarting [0]

    Sat Dec 21 20:52:28 2019 [10980] ::ffff:1.192.193.15 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sat Dec 21 22:57:40 2019 [10980] TCP connection established with [AF_INET6]::ffff:71.6.232.4:43234

    Sat Dec 21 22:57:40 2019 [10980] ::ffff:71.6.232.4 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Sat Dec 21 22:57:40 2019 [10980] ::ffff:71.6.232.4 Connection reset, restarting [0]

    Sat Dec 21 22:57:40 2019 [10980] ::ffff:71.6.232.4 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sun Dec 22 00:19:55 2019 [10980] MANAGEMENT: Client connected from /tmp/openvpn_mgmt

    Sun Dec 22 00:19:55 2019 [10980] MANAGEMENT: CMD 'status -1'

    Sun Dec 22 00:20:05 2019 [10980] MANAGEMENT: Client disconnected

    Sun Dec 22 00:37:07 2019 [10980] Closing TUN/TAP interface

    Sun Dec 22 00:37:07 2019 [10980] /bin/ip addr del dev tun0 10.81.234.5/24

    Sun Dec 22 00:37:07 2019 [10980] /bin/ip -6 addr del 2001:db8::1:0/64 dev tun0

    Sun Dec 22 00:37:08 2019 [10980] PLUGIN_CLOSE: /lib/openvpn-plugin-utm.so

    Sun Dec 22 00:37:08 2019 [10980] SIGTERM[hard,] received, process exiting

    Sun Dec 22 00:37:12 2019 [30145] OpenVPN 2.3.6 i486-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov  1 2019

    Sun Dec 22 00:37:12 2019 [30145] library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.09

    Sun Dec 22 00:37:12 2019 [30145] MANAGEMENT: client_uid=0

    Sun Dec 22 00:37:12 2019 [30145] MANAGEMENT: unix domain socket listening on /tmp/openvpn_mgmt

    /scripts/vpn/sslvpn/user-cleanup.sh: line 4: DELETE: not found

    Sun Dec 22 00:37:12 2019 [30145] cleanup success

    Sun Dec 22 00:37:12 2019 [30145] WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want

    Sun Dec 22 00:37:12 2019 [30145] WARNING: --ifconfig-pool-persist will not work with --duplicate-cn

    Sun Dec 22 00:37:12 2019 [30145] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

    grhandle=0x8c00270

    Authentication server 127.0.0.1 gave login response code 2

    Sun Dec 22 00:37:12 2019 [30145] PLUGIN_INIT: POST /lib/openvpn-plugin-utm.so '[/lib/openvpn-plugin-utm.so]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT

    Sun Dec 22 00:37:12 2019 [30145] Diffie-Hellman initialized with 2048 bit key

    Sun Dec 22 00:37:12 2019 [30145] WARNING: file '/conf/certificate/private/ApplianceCertificate.key' is group or others accessible

    Sun Dec 22 00:37:12 2019 [30145] WARNING: experimental option --capath /conf/certificate/openvpn

    Sun Dec 22 00:37:12 2019 [30145] Socket Buffers: R=[87380->131072] S=[16384->131072]

    Sun Dec 22 00:37:12 2019 [30145] TUN/TAP device tun0 opened

    Sun Dec 22 00:37:12 2019 [30145] TUN/TAP TX queue length set to 100

    Sun Dec 22 00:37:12 2019 [30145] do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1

    Sun Dec 22 00:37:12 2019 [30145] /bin/ip link set dev tun0 up mtu 1500

    Sun Dec 22 00:37:12 2019 [30145] /bin/ip addr add dev tun0 10.81.234.5/24 broadcast 10.81.234.255

    Sun Dec 22 00:37:12 2019 [30145] /bin/ip -6 addr add 2001:db8::1:0/64 dev tun0

    Sun Dec 22 00:37:12 2019 [30145] CSC service status updated to RUNNING

    Sun Dec 22 00:37:12 2019 [30145] Listening for incoming TCP connection on [undef]

    Sun Dec 22 00:37:12 2019 [30145] TCPv6_SERVER link local (bound): [undef]

    Sun Dec 22 00:37:12 2019 [30145] TCPv6_SERVER link remote: [undef]

    Sun Dec 22 00:37:12 2019 [30145] MULTI: multi_init called, r=256 v=256

    Sun Dec 22 00:37:12 2019 [30145] IFCONFIG POOL IPv6: (IPv4) size=50, size_ipv6=65536, netbits=64, base_ipv6=2001:db8::1:1

    Sun Dec 22 00:37:12 2019 [30145] IFCONFIG POOL: base=10.81.234.6 size=50, ipv6=1

    Sun Dec 22 00:37:12 2019 [30145] IFCONFIG POOL LIST

    Sun Dec 22 00:37:12 2019 [30145] MULTI: TCP INIT maxclients=5000 maxevents=5004

    Sun Dec 22 00:37:12 2019 [30145] Initialization Sequence Completed

    Sun Dec 22 00:41:24 2019 [30145] TCP connection established with [AF_INET6]::ffff:88.198.46.51:37598

    Sun Dec 22 00:41:24 2019 [30145] ::ffff:88.198.46.51 Connection reset, restarting [0]

    Sun Dec 22 00:41:24 2019 [30145] ::ffff:88.198.46.51 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sun Dec 22 00:42:44 2019 [30145] Closing TUN/TAP interface

    Sun Dec 22 00:42:44 2019 [30145] /bin/ip addr del dev tun0 10.81.234.5/24

    Sun Dec 22 00:42:44 2019 [30145] /bin/ip -6 addr del 2001:db8::1:0/64 dev tun0

    Sun Dec 22 00:42:45 2019 [30145] PLUGIN_CLOSE: /lib/openvpn-plugin-utm.so

    Sun Dec 22 00:42:45 2019 [30145] SIGTERM[hard,] received, process exiting

    Sun Dec 22 00:42:49 2019 [30733] OpenVPN 2.3.6 i486-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov  1 2019

    Sun Dec 22 00:42:49 2019 [30733] library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.09

    Sun Dec 22 00:42:49 2019 [30733] MANAGEMENT: client_uid=0

    Sun Dec 22 00:42:49 2019 [30733] MANAGEMENT: unix domain socket listening on /tmp/openvpn_mgmt

    /scripts/vpn/sslvpn/user-cleanup.sh: line 4: DELETE: not found

    Sun Dec 22 00:42:49 2019 [30733] cleanup success

    Sun Dec 22 00:42:49 2019 [30733] WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want

    Sun Dec 22 00:42:49 2019 [30733] WARNING: --ifconfig-pool-persist will not work with --duplicate-cn

    Sun Dec 22 00:42:49 2019 [30733] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

    grhandle=0x8f13270

    Authentication server 127.0.0.1 gave login response code 2

    Sun Dec 22 00:42:49 2019 [30733] PLUGIN_INIT: POST /lib/openvpn-plugin-utm.so '[/lib/openvpn-plugin-utm.so]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT

    Sun Dec 22 00:42:49 2019 [30733] Diffie-Hellman initialized with 2048 bit key

    Sun Dec 22 00:42:49 2019 [30733] WARNING: file '/conf/certificate/private/ApplianceCertificate.key' is group or others accessible

    Sun Dec 22 00:42:49 2019 [30733] WARNING: experimental option --capath /conf/certificate/openvpn

    Sun Dec 22 00:42:49 2019 [30733] Socket Buffers: R=[229376->131072] S=[229376->131072]

    Sun Dec 22 00:42:49 2019 [30733] TUN/TAP device tun0 opened

    Sun Dec 22 00:42:49 2019 [30733] TUN/TAP TX queue length set to 100

    Sun Dec 22 00:42:49 2019 [30733] do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1

    Sun Dec 22 00:42:49 2019 [30733] /bin/ip link set dev tun0 up mtu 1500

    Sun Dec 22 00:42:49 2019 [30733] /bin/ip addr add dev tun0 10.81.234.5/24 broadcast 10.81.234.255

    Sun Dec 22 00:42:49 2019 [30733] /bin/ip -6 addr add 2001:db8::1:0/64 dev tun0

    Sun Dec 22 00:42:49 2019 [30733] CSC service status updated to RUNNING

    Sun Dec 22 00:42:49 2019 [30733] UDPv6 link local (bound): [undef]

    Sun Dec 22 00:42:49 2019 [30733] UDPv6 link remote: [undef]

    Sun Dec 22 00:42:49 2019 [30733] MULTI: multi_init called, r=256 v=256

    Sun Dec 22 00:42:49 2019 [30733] IFCONFIG POOL IPv6: (IPv4) size=50, size_ipv6=65536, netbits=64, base_ipv6=2001:db8::1:1

    Sun Dec 22 00:42:49 2019 [30733] IFCONFIG POOL: base=10.81.234.6 size=50, ipv6=1

    Sun Dec 22 00:42:49 2019 [30733] IFCONFIG POOL LIST

    Sun Dec 22 00:42:49 2019 [30733] Initialization Sequence Completed

    Sun Dec 22 00:44:23 2019 [30733] event_wait : Interrupted system call (code=4)

    Sun Dec 22 00:44:23 2019 [30733] Closing TUN/TAP interface

    Sun Dec 22 00:44:23 2019 [30733] /bin/ip addr del dev tun0 10.81.234.5/24

    Sun Dec 22 00:44:23 2019 [30733] /bin/ip -6 addr del 2001:db8::1:0/64 dev tun0

    Sun Dec 22 00:44:23 2019 [30733] PLUGIN_CLOSE: /lib/openvpn-plugin-utm.so

    Sun Dec 22 00:44:23 2019 [30733] SIGTERM[hard,] received, process exiting

    Sun Dec 22 00:44:27 2019 [31021] OpenVPN 2.3.6 i486-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov  1 2019

    Sun Dec 22 00:44:27 2019 [31021] library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.09

    Sun Dec 22 00:44:27 2019 [31021] MANAGEMENT: client_uid=0

    Sun Dec 22 00:44:27 2019 [31021] MANAGEMENT: unix domain socket listening on /tmp/openvpn_mgmt

    /scripts/vpn/sslvpn/user-cleanup.sh: line 4: DELETE: not found

    Sun Dec 22 00:44:27 2019 [31021] cleanup success

    Sun Dec 22 00:44:27 2019 [31021] WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want

    Sun Dec 22 00:44:27 2019 [31021] WARNING: --ifconfig-pool-persist will not work with --duplicate-cn

    Sun Dec 22 00:44:27 2019 [31021] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

    grhandle=0x8a3a270

    Authentication server 127.0.0.1 gave login response code 2

    Sun Dec 22 00:44:27 2019 [31021] PLUGIN_INIT: POST /lib/openvpn-plugin-utm.so '[/lib/openvpn-plugin-utm.so]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT

    Sun Dec 22 00:44:27 2019 [31021] Diffie-Hellman initialized with 2048 bit key

    Sun Dec 22 00:44:27 2019 [31021] WARNING: file '/conf/certificate/private/ApplianceCertificate.key' is group or others accessible

    Sun Dec 22 00:44:27 2019 [31021] WARNING: experimental option --capath /conf/certificate/openvpn

    Sun Dec 22 00:44:27 2019 [31021] Socket Buffers: R=[87380->131072] S=[16384->131072]

    Sun Dec 22 00:44:27 2019 [31021] TUN/TAP device tun0 opened

    Sun Dec 22 00:44:27 2019 [31021] TUN/TAP TX queue length set to 100

    Sun Dec 22 00:44:27 2019 [31021] do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1

    Sun Dec 22 00:44:27 2019 [31021] /bin/ip link set dev tun0 up mtu 1500

    Sun Dec 22 00:44:27 2019 [31021] /bin/ip addr add dev tun0 10.81.234.5/24 broadcast 10.81.234.255

    Sun Dec 22 00:44:27 2019 [31021] /bin/ip -6 addr add 2001:db8::1:0/64 dev tun0

    Sun Dec 22 00:44:27 2019 [31021] CSC service status updated to RUNNING

    Sun Dec 22 00:44:27 2019 [31021] Listening for incoming TCP connection on [undef]

    Sun Dec 22 00:44:27 2019 [31021] TCPv6_SERVER link local (bound): [undef]

    Sun Dec 22 00:44:27 2019 [31021] TCPv6_SERVER link remote: [undef]

    Sun Dec 22 00:44:27 2019 [31021] MULTI: multi_init called, r=256 v=256

    Sun Dec 22 00:44:27 2019 [31021] IFCONFIG POOL IPv6: (IPv4) size=50, size_ipv6=65536, netbits=64, base_ipv6=2001:db8::1:1

    Sun Dec 22 00:44:27 2019 [31021] IFCONFIG POOL: base=10.81.234.6 size=50, ipv6=1

    Sun Dec 22 00:44:27 2019 [31021] IFCONFIG POOL LIST

    Sun Dec 22 00:44:27 2019 [31021] MULTI: TCP INIT maxclients=5000 maxevents=5004

    Sun Dec 22 00:44:27 2019 [31021] Initialization Sequence Completed

    Sun Dec 22 01:18:07 2019 [31021] Closing TUN/TAP interface

    Sun Dec 22 01:18:07 2019 [31021] /bin/ip addr del dev tun0 10.81.234.5/24

    Sun Dec 22 01:18:07 2019 [31021] /bin/ip -6 addr del 2001:db8::1:0/64 dev tun0

    Sun Dec 22 01:18:07 2019 [31021] PLUGIN_CLOSE: /lib/openvpn-plugin-utm.so

    Sun Dec 22 01:18:07 2019 [31021] SIGTERM[hard,] received, process exiting

    Sun Dec 22 01:18:11 2019 [1488] OpenVPN 2.3.6 i486-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov  1 2019

    Sun Dec 22 01:18:11 2019 [1488] library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.09

    Sun Dec 22 01:18:11 2019 [1488] MANAGEMENT: client_uid=0

    Sun Dec 22 01:18:11 2019 [1488] MANAGEMENT: unix domain socket listening on /tmp/openvpn_mgmt

    /scripts/vpn/sslvpn/user-cleanup.sh: line 4: DELETE: not found

    Sun Dec 22 01:18:11 2019 [1488] cleanup success

    Sun Dec 22 01:18:11 2019 [1488] WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want

    Sun Dec 22 01:18:11 2019 [1488] WARNING: --ifconfig-pool-persist will not work with --duplicate-cn

    Sun Dec 22 01:18:11 2019 [1488] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

    grhandle=0x8dd2270

    Authentication server 127.0.0.1 gave login response code 2

    Sun Dec 22 01:18:11 2019 [1488] PLUGIN_INIT: POST /lib/openvpn-plugin-utm.so '[/lib/openvpn-plugin-utm.so]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT

    Sun Dec 22 01:18:11 2019 [1488] Diffie-Hellman initialized with 2048 bit key

    Sun Dec 22 01:18:11 2019 [1488] WARNING: file '/conf/certificate/private/ApplianceCertificate.key' is group or others accessible

    Sun Dec 22 01:18:11 2019 [1488] WARNING: experimental option --capath /conf/certificate/openvpn

    Sun Dec 22 01:18:11 2019 [1488] Socket Buffers: R=[87380->131072] S=[16384->131072]

    Sun Dec 22 01:18:11 2019 [1488] TUN/TAP device tun0 opened

    Sun Dec 22 01:18:11 2019 [1488] TUN/TAP TX queue length set to 100

    Sun Dec 22 01:18:11 2019 [1488] do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1

    Sun Dec 22 01:18:11 2019 [1488] /bin/ip link set dev tun0 up mtu 1500

    Sun Dec 22 01:18:11 2019 [1488] /bin/ip addr add dev tun0 10.81.234.5/24 broadcast 10.81.234.255

    Sun Dec 22 01:18:11 2019 [1488] /bin/ip -6 addr add 2001:db8::1:0/64 dev tun0

    Sun Dec 22 01:18:11 2019 [1488] CSC service status updated to RUNNING

    Sun Dec 22 01:18:11 2019 [1488] Listening for incoming TCP connection on [undef]

    Sun Dec 22 01:18:11 2019 [1488] TCPv6_SERVER link local (bound): [undef]

    Sun Dec 22 01:18:11 2019 [1488] TCPv6_SERVER link remote: [undef]

    Sun Dec 22 01:18:11 2019 [1488] MULTI: multi_init called, r=256 v=256

    Sun Dec 22 01:18:11 2019 [1488] IFCONFIG POOL IPv6: (IPv4) size=50, size_ipv6=65536, netbits=64, base_ipv6=2001:db8::1:1

    Sun Dec 22 01:18:11 2019 [1488] IFCONFIG POOL: base=10.81.234.6 size=50, ipv6=1

    Sun Dec 22 01:18:11 2019 [1488] IFCONFIG POOL LIST

    Sun Dec 22 01:18:11 2019 [1488] MULTI: TCP INIT maxclients=5000 maxevents=5004

    Sun Dec 22 01:18:11 2019 [1488] Initialization Sequence Completed

    Sun Dec 22 02:32:31 2019 [1488] TCP connection established with [AF_INET6]::ffff:139.162.116.230:52608

    Sun Dec 22 02:32:31 2019 [1488] ::ffff:139.162.116.230 WARNING: Bad encapsulated packet length from peer (18245), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Sun Dec 22 02:32:31 2019 [1488] ::ffff:139.162.116.230 Connection reset, restarting [0]

    Sun Dec 22 02:32:31 2019 [1488] ::ffff:139.162.116.230 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sun Dec 22 14:05:36 2019 [1488] Closing TUN/TAP interface

    Sun Dec 22 14:05:36 2019 [1488] /bin/ip addr del dev tun0 10.81.234.5/24

    Sun Dec 22 14:05:36 2019 [1488] /bin/ip -6 addr del 2001:db8::1:0/64 dev tun0

    Sun Dec 22 14:05:37 2019 [1488] PLUGIN_CLOSE: /lib/openvpn-plugin-utm.so

    Sun Dec 22 14:05:37 2019 [1488] SIGTERM[hard,] received, process exiting

    Sun Dec 22 14:05:41 2019 [32378] OpenVPN 2.3.6 i486-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov  1 2019

    Sun Dec 22 14:05:41 2019 [32378] library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.09

    Sun Dec 22 14:05:41 2019 [32378] MANAGEMENT: client_uid=0

    Sun Dec 22 14:05:41 2019 [32378] MANAGEMENT: unix domain socket listening on /tmp/openvpn_mgmt

    /scripts/vpn/sslvpn/user-cleanup.sh: line 4: DELETE: not found

    Sun Dec 22 14:05:41 2019 [32378] cleanup success

    Sun Dec 22 14:05:41 2019 [32378] WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want

    Sun Dec 22 14:05:41 2019 [32378] WARNING: --ifconfig-pool-persist will not work with --duplicate-cn

    Sun Dec 22 14:05:41 2019 [32378] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

    grhandle=0x9ce9270

    Authentication server 127.0.0.1 gave login response code 2

    Sun Dec 22 14:05:41 2019 [32378] PLUGIN_INIT: POST /lib/openvpn-plugin-utm.so '[/lib/openvpn-plugin-utm.so]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT

    Sun Dec 22 14:05:41 2019 [32378] Diffie-Hellman initialized with 2048 bit key

    Sun Dec 22 14:05:41 2019 [32378] WARNING: file '/conf/certificate/private/ApplianceCertificate.key' is group or others accessible

    Sun Dec 22 14:05:41 2019 [32378] WARNING: experimental option --capath /conf/certificate/openvpn

    Sun Dec 22 14:05:41 2019 [32378] Socket Buffers: R=[87380->131072] S=[16384->131072]

    Sun Dec 22 14:05:41 2019 [32378] TUN/TAP device tun0 opened

    Sun Dec 22 14:05:41 2019 [32378] TUN/TAP TX queue length set to 100

    Sun Dec 22 14:05:41 2019 [32378] do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1

    Sun Dec 22 14:05:41 2019 [32378] /bin/ip link set dev tun0 up mtu 1500

    Sun Dec 22 14:05:41 2019 [32378] /bin/ip addr add dev tun0 10.81.234.5/24 broadcast 10.81.234.255

    Sun Dec 22 14:05:41 2019 [32378] /bin/ip -6 addr add 2001:db8::1:0/64 dev tun0

    Sun Dec 22 14:05:41 2019 [32378] CSC service status updated to RUNNING

    Sun Dec 22 14:05:41 2019 [32378] Listening for incoming TCP connection on [undef]

    Sun Dec 22 14:05:41 2019 [32378] TCPv6_SERVER link local (bound): [undef]

    Sun Dec 22 14:05:41 2019 [32378] TCPv6_SERVER link remote: [undef]

    Sun Dec 22 14:05:41 2019 [32378] MULTI: multi_init called, r=256 v=256

    Sun Dec 22 14:05:41 2019 [32378] IFCONFIG POOL IPv6: (IPv4) size=50, size_ipv6=65536, netbits=64, base_ipv6=2001:db8::1:1

    Sun Dec 22 14:05:41 2019 [32378] IFCONFIG POOL: base=10.81.234.6 size=50, ipv6=1

    Sun Dec 22 14:05:41 2019 [32378] IFCONFIG POOL LIST

    Sun Dec 22 14:05:41 2019 [32378] MULTI: TCP INIT maxclients=5000 maxevents=5004

    Sun Dec 22 14:05:41 2019 [32378] Initialization Sequence Completed

    Sun Dec 22 14:07:48 2019 [32378] Closing TUN/TAP interface

    Sun Dec 22 14:07:48 2019 [32378] /bin/ip addr del dev tun0 10.81.234.5/24

    Sun Dec 22 14:07:48 2019 [32378] /bin/ip -6 addr del 2001:db8::1:0/64 dev tun0

    Sun Dec 22 14:07:48 2019 [32378] PLUGIN_CLOSE: /lib/openvpn-plugin-utm.so

    Sun Dec 22 14:07:48 2019 [32378] SIGTERM[hard,] received, process exiting

    Sun Dec 22 14:07:52 2019 [32678] OpenVPN 2.3.6 i486-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Nov  1 2019

    Sun Dec 22 14:07:52 2019 [32678] library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.09

    Sun Dec 22 14:07:52 2019 [32678] MANAGEMENT: client_uid=0

    Sun Dec 22 14:07:52 2019 [32678] MANAGEMENT: unix domain socket listening on /tmp/openvpn_mgmt

    /scripts/vpn/sslvpn/user-cleanup.sh: line 4: DELETE: not found

    Sun Dec 22 14:07:52 2019 [32678] cleanup success

    Sun Dec 22 14:07:52 2019 [32678] WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want

    Sun Dec 22 14:07:52 2019 [32678] WARNING: --ifconfig-pool-persist will not work with --duplicate-cn

    Sun Dec 22 14:07:52 2019 [32678] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

    grhandle=0x84d2270

    Authentication server 127.0.0.1 gave login response code 2

    Sun Dec 22 14:07:52 2019 [32678] PLUGIN_INIT: POST /lib/openvpn-plugin-utm.so '[/lib/openvpn-plugin-utm.so]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT

    Sun Dec 22 14:07:52 2019 [32678] Diffie-Hellman initialized with 2048 bit key

    Sun Dec 22 14:07:52 2019 [32678] WARNING: file '/conf/certificate/private/ApplianceCertificate.key' is group or others accessible

    Sun Dec 22 14:07:52 2019 [32678] WARNING: experimental option --capath /conf/certificate/openvpn

    Sun Dec 22 14:07:52 2019 [32678] Socket Buffers: R=[87380->131072] S=[16384->131072]

    Sun Dec 22 14:07:52 2019 [32678] TUN/TAP device tun0 opened

    Sun Dec 22 14:07:52 2019 [32678] TUN/TAP TX queue length set to 100

    Sun Dec 22 14:07:52 2019 [32678] do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1

    Sun Dec 22 14:07:52 2019 [32678] /bin/ip link set dev tun0 up mtu 1500

    Sun Dec 22 14:07:52 2019 [32678] /bin/ip addr add dev tun0 10.81.234.5/24 broadcast 10.81.234.255

    Sun Dec 22 14:07:52 2019 [32678] /bin/ip -6 addr add 2001:db8::1:0/64 dev tun0

    Sun Dec 22 14:07:52 2019 [32678] CSC service status updated to RUNNING

    Sun Dec 22 14:07:52 2019 [32678] Listening for incoming TCP connection on [undef]

    Sun Dec 22 14:07:52 2019 [32678] TCPv6_SERVER link local (bound): [undef]

    Sun Dec 22 14:07:52 2019 [32678] TCPv6_SERVER link remote: [undef]

    Sun Dec 22 14:07:52 2019 [32678] MULTI: multi_init called, r=256 v=256

    Sun Dec 22 14:07:52 2019 [32678] IFCONFIG POOL IPv6: (IPv4) size=50, size_ipv6=65536, netbits=64, base_ipv6=2001:db8::1:1

    Sun Dec 22 14:07:52 2019 [32678] IFCONFIG POOL: base=10.81.234.6 size=50, ipv6=1

    Sun Dec 22 14:07:52 2019 [32678] IFCONFIG POOL LIST

    Sun Dec 22 14:07:52 2019 [32678] MULTI: TCP INIT maxclients=5000 maxevents=5004

    Sun Dec 22 14:07:52 2019 [32678] Initialization Sequence Completed

    Sun Dec 22 15:04:28 2019 [32678] TCP connection established with [AF_INET6]::ffff:184.105.139.69:59512

    Sun Dec 22 15:04:28 2019 [32678] ::ffff:184.105.139.69 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Sun Dec 22 15:04:28 2019 [32678] ::ffff:184.105.139.69 Connection reset, restarting [0]

    Sun Dec 22 15:04:28 2019 [32678] ::ffff:184.105.139.69 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sun Dec 22 17:54:24 2019 [32678] TCP connection established with [AF_INET6]::ffff:198.199.98.246:33023

    Sun Dec 22 17:54:24 2019 [32678] ::ffff:198.199.98.246 Connection reset, restarting [0]

    Sun Dec 22 17:54:24 2019 [32678] ::ffff:198.199.98.246 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sun Dec 22 18:14:55 2019 [32678] TCP connection established with [AF_INET6]::ffff:88.198.46.51:32932

    Sun Dec 22 18:14:55 2019 [32678] ::ffff:88.198.46.51 Connection reset, restarting [0]

    Sun Dec 22 18:14:55 2019 [32678] ::ffff:88.198.46.51 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sun Dec 22 18:15:21 2019 [32678] TCP connection established with [AF_INET6]::ffff:81.240.98.110:49766

    Sun Dec 22 18:15:21 2019 [32678] ::ffff:81.240.98.110 WARNING: Bad encapsulated packet length from peer (18245), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Sun Dec 22 18:15:21 2019 [32678] ::ffff:81.240.98.110 Connection reset, restarting [0]

    Sun Dec 22 18:15:21 2019 [32678] ::ffff:81.240.98.110 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sun Dec 22 18:15:21 2019 [32678] TCP connection established with [AF_INET6]::ffff:81.240.98.110:49768

    Sun Dec 22 18:15:21 2019 [32678] ::ffff:81.240.98.110 WARNING: Bad encapsulated packet length from peer (18245), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Sun Dec 22 18:15:21 2019 [32678] ::ffff:81.240.98.110 Connection reset, restarting [0]

    Sun Dec 22 18:15:21 2019 [32678] ::ffff:81.240.98.110 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sun Dec 22 18:15:24 2019 [32678] TCP connection established with [AF_INET6]::ffff:81.240.98.110:49770

    Sun Dec 22 18:15:24 2019 [32678] ::ffff:81.240.98.110 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Sun Dec 22 18:15:24 2019 [32678] ::ffff:81.240.98.110 Connection reset, restarting [0]

    Sun Dec 22 18:15:24 2019 [32678] ::ffff:81.240.98.110 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sun Dec 22 18:15:26 2019 [32678] TCP connection established with [AF_INET6]::ffff:81.240.98.110:49773

    Sun Dec 22 18:15:26 2019 [32678] ::ffff:81.240.98.110 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Sun Dec 22 18:15:26 2019 [32678] ::ffff:81.240.98.110 Connection reset, restarting [0]

    Sun Dec 22 18:15:26 2019 [32678] ::ffff:81.240.98.110 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sun Dec 22 18:15:27 2019 [32678] TCP connection established with [AF_INET6]::ffff:81.240.98.110:49775

    Sun Dec 22 18:15:27 2019 [32678] ::ffff:81.240.98.110 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Sun Dec 22 18:15:27 2019 [32678] ::ffff:81.240.98.110 Connection reset, restarting [0]

    Sun Dec 22 18:15:27 2019 [32678] ::ffff:81.240.98.110 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sun Dec 22 18:15:28 2019 [32678] TCP connection established with [AF_INET6]::ffff:81.240.98.110:49777

    Sun Dec 22 18:15:28 2019 [32678] ::ffff:81.240.98.110 WARNING: Bad encapsulated packet length from peer (18245), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Sun Dec 22 18:15:28 2019 [32678] ::ffff:81.240.98.110 Connection reset, restarting [0]

    Sun Dec 22 18:15:28 2019 [32678] ::ffff:81.240.98.110 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sun Dec 22 18:15:29 2019 [32678] TCP connection established with [AF_INET6]::ffff:81.240.98.110:49779

    Sun Dec 22 18:15:29 2019 [32678] ::ffff:81.240.98.110 WARNING: Bad encapsulated packet length from peer (18245), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Sun Dec 22 18:15:29 2019 [32678] ::ffff:81.240.98.110 Connection reset, restarting [0]

    Sun Dec 22 18:15:29 2019 [32678] ::ffff:81.240.98.110 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sun Dec 22 18:15:29 2019 [32678] TCP connection established with [AF_INET6]::ffff:81.240.98.110:49781

    Sun Dec 22 18:15:29 2019 [32678] ::ffff:81.240.98.110 WARNING: Bad encapsulated packet length from peer (18245), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Sun Dec 22 18:15:29 2019 [32678] ::ffff:81.240.98.110 Connection reset, restarting [0]

    Sun Dec 22 18:15:29 2019 [32678] ::ffff:81.240.98.110 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sun Dec 22 18:15:35 2019 [32678] TCP connection established with [AF_INET6]::ffff:81.240.98.110:49784

    Sun Dec 22 18:15:35 2019 [32678] ::ffff:81.240.98.110 WARNING: Bad encapsulated packet length from peer (18245), which must be > 0 and <= 1572 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

    Sun Dec 22 18:15:35 2019 [32678] ::ffff:81.240.98.110 Connection reset, restarting [0]

    Sun Dec 22 18:15:35 2019 [32678] ::ffff:81.240.98.110 SIGUSR1[soft,connection-reset] received, client-instance restarting

    Sun Dec 22 18:23:26 2019 [32678] TCP connection established with [AF_INET6]::ffff:85.10.218.146:53644

    Sun Dec 22 18:23:28 2019 [32678] ::ffff:85.10.218.146 Connection reset, restarting [0]

    Sun Dec 22 18:23:28 2019 [32678] ::ffff:85.10.218.146 SIGUSR1[soft,connection-reset] received, client-instance restarting

    XG106_XN01_SFOS 17.5.9 MR-9#

  • I called a "senior sophos friend" and I made a user for him to test.

    He was able to connect to my network without any problem. 

    So i tried to connect through a hotspot from my mobile and it's working. 

    2019-12-22 18:47:39.495174 Initialization Sequence Completed

    2019-12-22 18:47:39.495237 MANAGEMENT: >STATE:1577036859,CONNECTED,SUCCESS,10.81.234.6,84.197.138.2,8443,172.20.10.11,53107

    This error took me 50 hours to solve lol :-D