nothing makes me think the config is wrong. just to pay attention that you've accidentally made your private key available to the public (anybody on the net can connect using your key), but that is fine if the config was public already.
пн, 18 нояб. 2024 г. в 08:31, נתי שטרן <nsh...@gmail.com>: > this is configuration: > > > client > nobind > dev tun > remote-cert-tls server > > remote 103.6.170.21 1194 udp > > <key> > -----BEGIN PRIVATE KEY----- > MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDHcRa93/VAJxQ7 > ZvAKTfWgmnBavFPMCxpf19alf6wMcFfJ4bln8U2MIwAciLkmsBNnSmV+I17A26re > C05nodgjY7AUJ4BBS+AE4wqSl8C3fgjOTSkbE5eZiZIjRfwei8tCy6x03he3S3B8 > nvSK5ochSkh6owQVu1ktGjRdU8Ltk25/2NK8oaQo/+eEFRenvI+W4y19PxZdwe2P > 3tTR2skyvK5dG8jZ1Gz61JbqQ12L4UlKMePcnbncqAwfAQaUEYUIdaHAtj+e6OlE > JyoxEOOHtJu9lShb3vd6t0PfQ0XDl9WgcKOn6bhbx0yNdHolwkaCzDHwxCSbT2UC > 2UEARdPBAgMBAAECggEAKos5Kq/HhTPQ4QsIUWpn5yaKqRBbX79OlPtZ0lv1u4GL > eIkqH74dqLMepveTZ2lP+kyoccvhvoodXNhUlU606Heva90xQryIwQIdkz/D4GCG > SFu1VQ1M3Xe3MMcRDQMNDOadlyB5NqRlDnBqAedDFBrgcyirCme4kiJw4SepATx8 > 7ALd5mCIILQ0ugR/2drjzmkhm8nGd1ABteeINsnvbtx4cnM/V84BS3LIvAXG9Aql > PeblwoHwqGmOS9dQnyi1hM/ALCI35wfTBYICGgze/N8zW2Q7SxUHzHDAX6pJoTQF > JGQof6gfInnWQn4Q39ISyeP8ygv9bDW2svmDTBJTcQKBgQD8XnSIC9xiXUeP5b38 > GKqrNphClB7rIlj6wq/yX6X540oHrQctcFAfPkI1MG7WaaMZlkdNsJJ0g3CPCE5J > wcuD2sofVjCJmiQdLUW2bEzWpUz+YrX1/+XG1x/s2ZZW700X9ZkvSkKLYa2Gt1f9 > QTQXewPIffoOsSubTmhZL9TPBwKBgQDKT7AkI7l91gq4MPWUvYgoCHOkk4K3/mw5 > 0QrhmQ+0tPh8qdwsdaa1uLAwrAN/jlOylgdhCrjPOv+NGrKCZdfBNJrv/xkC1Rbx > fpSMq/QnqTtLtbTPfNsIU3LGRwlrub8D1Lci2EILBAtnHw9QneQOJJdu+lsy1/1/ > 29gklKRM9wKBgHIiKaOJca8OrpmWdlh3s1/hPfUGVgFTNFicCcScm0yrDUTxbMiQ > /btThc/WSpovhjLBMxggneuRsisNv5I90dOc9EI90Y+5pVGIsvlwe0Or2GlHrTFG > /NzzV53fPc2tRflq+k9Xz0aH81l0u5dukKd529klmBxi5ezEBg8nwZ+rAoGAPGTF > hERV30bCNHIJHbnmp2y+eObAIwUEcc4BnY7/rUZI144td+g3OBBGKIFxGeb2/Vzk > HwgAW3yVRR4vI9YbLkXx6qsQYFQUYUsUNVovrJdMaDF6JGZ1TGr83EvgeBQe/ZnG > gdRlArzWWpZfEAXSSpaJzktWZjssJbsPLvxgf8kCgYBXfi3jGHf8zLN+6MKHnlfn > i0qCoYf5yo1LXKaUEER6v6zZ7JKrCqC23wurawTJcg+pImRVZ+3Kyjay0Kj7c3MU > AhH4Bzd8BO9+VcJc5DPxi4ZSxiUJZUqDb87PrZuGOJemj0gzxJTqw4qBhB4GAIvy > GM/49Q/PG5ZJbjxW9vlerg== > -----END PRIVATE KEY----- > </key> > <cert> > -----BEGIN CERTIFICATE----- > MIIDVjCCAj6gAwIBAgIRAN337cep9V2XeeYXWF2fnvAwDQYJKoZIhvcNAQELBQAw > FjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjQxMTE3MDQyMDMwWhcNMjcwMjIw > MDQyMDMwWjASMRAwDgYDVQQDDAdjbGllbnQxMIIBIjANBgkqhkiG9w0BAQEFAAOC > AQ8AMIIBCgKCAQEAx3EWvd/1QCcUO2bwCk31oJpwWrxTzAsaX9fWpX+sDHBXyeG5 > Z/FNjCMAHIi5JrATZ0plfiNewNuq3gtOZ6HYI2OwFCeAQUvgBOMKkpfAt34Izk0p > GxOXmYmSI0X8HovLQsusdN4Xt0twfJ70iuaHIUpIeqMEFbtZLRo0XVPC7ZNuf9jS > vKGkKP/nhBUXp7yPluMtfT8WXcHtj97U0drJMryuXRvI2dRs+tSW6kNdi+FJSjHj > 3J253KgMHwEGlBGFCHWhwLY/nujpRCcqMRDjh7SbvZUoW973erdD30NFw5fVoHCj > p+m4W8dMjXR6JcJGgswx8MQkm09lAtlBAEXTwQIDAQABo4GiMIGfMAkGA1UdEwQC > MAAwHQYDVR0OBBYEFD2d6hxKSgVE6IiivIH8sTlblwdlMFEGA1UdIwRKMEiAFCcz > 2FBZReYg+fwhVdbI0iGjYM1KoRqkGDAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQYIU > EkzQbbp3EDAwIKfb1HyU5VWMWPswEwYDVR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0P > BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IBAQBD4Ongiy24hB5UuYvFhTwta5UmOyij > /L7I48LJBoFX+HKFYSFdWUxuQZEtmTyxZZYMZjucDyZgmmdpmQx7XPstnQx46Rvh > gpvukDr3sTQeoBdIRkIJKMMSYbah7cWUMZSGWGISD2LeU4+qD9HPIiVcEJtZ+bQj > O799wpqguh4QZ/+zV2EP9v/Vr5QuXIpvHj0aKPmehPQmdC36WyN0yE8HaeRVCqV7 > HeAAFq7oOv9RFNYABXLSVxB6hdD9P768xlrVSrR2Z4SKA14aI88xv1aUYB/pdcFR > L5Qyof+SPg+Ey3ySTJ8MEcDiPrHqq2gdDIev+vH3H9evD75kESI6tyL6 > -----END CERTIFICATE----- > </cert> > <ca> > -----BEGIN CERTIFICATE----- > MIIDSzCCAjOgAwIBAgIUEkzQbbp3EDAwIKfb1HyU5VWMWPswDQYJKoZIhvcNAQEL > BQAwFjEUMBIGA1UEAwwLRWFzeS1SU0EgQ0EwHhcNMjQxMTE3MDQxNzM3WhcNMzQx > MTE1MDQxNzM3WjAWMRQwEgYDVQQDDAtFYXN5LVJTQSBDQTCCASIwDQYJKoZIhvcN > AQEBBQADggEPADCCAQoCggEBAJkQ6h8+LudptnikgbOJ+jZxHj7lO64so5OBZZb2 > XHLzAfOy/MyCpwVhEGF1StlSgTSb537+mHr0ovcpXYuDlKVA0QpcQHfPScEHFOEF > zM/Fh2TYTnQutSZxEWidFcHGRkxfEG6ogfqWVAcdlN9q2m2XU3W5BkgzWrPyYRX4 > +sgGTUFYRewfjYwUEO0tHhPdkbAhxcIYkMgKf7eqjG91ZgIIZUaeGb19DVR5YwVR > ZmADGccFKmyOtZlBlUtDuPTxdx2Jq1nYjqI3SV/Uf7kmUSeTRJp80Uclc7tZqgHz > sSfKCJTmn7nCIEdl9dKzhycA35BsbAtIChCJ7KTvvgdLI4UCAwEAAaOBkDCBjTAd > BgNVHQ4EFgQUJzPYUFlF5iD5/CFV1sjSIaNgzUowUQYDVR0jBEowSIAUJzPYUFlF > 5iD5/CFV1sjSIaNgzUqhGqQYMBYxFDASBgNVBAMMC0Vhc3ktUlNBIENBghQSTNBt > uncQMDAgp9vUfJTlVYxY+zAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkq > hkiG9w0BAQsFAAOCAQEAioxSqfWqYw1Gnd5EhzUaT10adIQ63+VyNzSsQrqC7lPs > bPX8+99QSyxouESCLSd6UCR3rfWFTRUxxuoV314AM3fbxBws7A56o4nw4JhYwToi > +DPVGH8bdiBe/65dv8TNoh1g95OM/+hKT2Bwwt5rJuNZ7stzgRkul+Xp8Tet8REn > QkIJBJ+BbRhlvtvDkPbk1G5qGvbXGOnNLb0bW33H3TlW2jGXWqRd66wLH2k+uGQE > SeFU4Lr55f+tW6srJogtmtLI+580gYWvJEZC/MgFx3OlqZepYzTakqqav+jJE7mH > etn+5+8kbeEQhVyC0VezpFg2JyKxhlnbyKqlIDkQqA== > -----END CERTIFICATE----- > </ca> > key-direction 1 > <tls-auth> > # > # 2048 bit OpenVPN static key > # > -----BEGIN OpenVPN Static key V1----- > 1e54b4a61b91a4abc09fa8d5829e0973 > e37ba2081b86cf55a76756245e489890 > 9388ee247381e36a35d2a4a14f812a5b > 4ec96ff336bac2557539ad4860c7ccc1 > 7fbc1820e0fe5c1136c350b961e934aa > 6a165d5b810f93a9acc62e69e0f4d873 > eaae2fefc4dce042506c023e1203e8a5 > 5db314ef747aba013128bae175b903be > 7be79ad92e1846c8d87369a0b868fe2a > 0e6f363b75814e5a3333c657a96bb296 > 542682ac59711a9bacd3efc2a2f6cc40 > d239057492e79a4bb794d347713da273 > c06173d5517040bb5c39472e240cc6a1 > f65f0fa0a833f7f6254dfc4726eddda3 > 192efd195941dcae6cd34f9cdf4fce2a > fd321f51c35edc2c6721a658b09a9f01 > -----END OpenVPN Static key V1----- > </tls-auth> > > redirect-gateway def1 > > > verb 9 > > > What's your opinion on this ? > > בתאריך יום ב׳, 18 בנוב׳ 2024 ב-9:26 מאת Илья Шипицин < > chipits...@gmail.com>: > >> That must be investigated together with server side logs. >> >> Generally, some packet lost can lead to this, I see similar issues from >> time to time. >> >> On Mon, Nov 18, 2024, 08:11 נתי שטרן <nsh...@gmail.com> wrote: >> >>> Hello, >>> I don't have access to server logs, I sent you the client logs as well >>> as the line pointing to the DoS: >>> TLS Error: TLS key negotiation failed to occur within 5 seconds >>> SIGUSR1[soft,tls-error] received, process restarting >>> >>> בתאריך יום א׳, 17 בנוב׳ 2024 ב-21:09 מאת Arne Schwabe < >>> a...@rfc2549.org>: >>> >>>> We asked you for many things in the past mails. We expect to do ALL >>>> these things to properly report the issue. Not just one of them. E.g. logs >>>> of server, usage of a modern version, a description what the DoS >>>> vulnerability actually is and so on are still missing. Just sending the >>>> client is just not enough. >>>> Am 17.11.2024 um 17:16 schrieb נתי שטרן: >>>> >>>> i attached logs >>>> >>>> בתאריך יום א׳, 17 בנוב׳ 2024 ב-17:51 מאת Gert Doering < >>>> g...@greenie.muc.de>: >>>> >>>> >>> >>> -- >>> <https://netanel.ml> >>> _______________________________________________ >>> Openvpn-devel mailing list >>> Openvpn-devel@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/openvpn-devel >>> >> > > -- > <https://netanel.ml> >
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
