Re: [Openvpn-users] OpenVPN in China

Thu, 23 Oct 2014 16:54:07 -0700 

That's fascinating Michael,
This week I also set up a new OpenVPN client for a user going to China, and I also noticed failed connections from other Chinese IP addresses other than the address the client was using. EG 36.103.27.63, 175.17.195.177, 118.250.123.52 and others. The log entries are the same format as yours. 

Regards,

Mark Dods, VK3ZR mad...@optusnet.com.au
QF22NE

On 24/10/2014 6:54 AM, Michael Deynet wrote:

Hello,

last week I had a trip to china and I used OpenVPN. OpenVPN worked 
well but looking into the server logs I'm a little bit confused.
After the VPN connection was established from the hotel IP 
(116.6.x.yy) another IP tried to connect to the VPN, too (every time a 
used vpn, not only once). Can anyone tell me what exactly happend? Is 
there a security problem with the VPN server?


Regards
Michael

Part of log file:

Sun Oct 12 13:09:33 2014 MULTI: multi_create_instance called
Sun Oct 12 13:09:33 2014 116.6.xx.y:52188 Re-using SSL/TLS context
Sun Oct 12 13:09:33 2014 116.6.xx.y:52188 LZO compression initialized

Sun Oct 12 13:09:33 2014 116.6.xx.y:52188 Control Channel MTU parms [ 
L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Oct 12 13:09:33 2014 116.6.xx.y:52188 Data Channel MTU parms [ 
L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Oct 12 13:09:33 2014 116.6.xx.y:52188 Local Options hash (VER=V4): 
'420ddedd'
Sun Oct 12 13:09:33 2014 116.6.xx.y:52188 Expected Remote Options hash 
(VER=V4): '90461919'
Sun Oct 12 13:09:33 2014 116.6.xx.y:52188 TLS: Initial packet from 
[AF_INET]116.6.xx.y:52188, sid=b4b4ab0c 74d5b8e6

Sun Oct 12 13:09:34 2014 MULTI: multi_create_instance called
Sun Oct 12 13:09:34 2014 58.20.98.241:56958 Re-using SSL/TLS context
Sun Oct 12 13:09:34 2014 58.20.98.241:56958 LZO compression initialized

Sun Oct 12 13:09:34 2014 58.20.98.241:56958 Control Channel MTU parms 
[ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Oct 12 13:09:34 2014 58.20.98.241:56958 Data Channel MTU parms [ 
L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Sun Oct 12 13:09:34 2014 58.20.98.241:56958 Local Options hash 
(VER=V4): '420ddedd'
Sun Oct 12 13:09:34 2014 58.20.98.241:56958 Expected Remote Options 
hash (VER=V4): '90461919'
Sun Oct 12 13:09:34 2014 58.20.98.241:56958 TLS: Initial packet from 
[AF_INET]58.20.98.241:56958, sid=3f0cdef8 841dce48
Sun Oct 12 13:09:36 2014 read UDPv4 [ECONNREFUSED]: Connection refused 
(code=111)
Sun Oct 12 13:09:36 2014 116.6.xx.y:52188 VERIFY OK: depth=1, 
/C=DE/ST=DE/L=HW/O=MD/OU=MD/CN=MD/name=MD/emailAddress=
Sun Oct 12 13:09:36 2014 116.6.xx.y:52188 VERIFY OK: depth=0, 
/C=DE/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=client3/name=changeme/emailAddress=mail@host.domain
Sun Oct 12 13:09:37 2014 116.6.xx.y:52188 Data Channel Encrypt: Cipher 
'BF-CBC' initialized with 128 bit key
Sun Oct 12 13:09:37 2014 116.6.xx.y:52188 Data Channel Encrypt: Using 
160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 12 13:09:37 2014 116.6.xx.y:52188 Data Channel Decrypt: Cipher 
'BF-CBC' initialized with 128 bit key
Sun Oct 12 13:09:37 2014 116.6.xx.y:52188 Data Channel Decrypt: Using 
160 bit message hash 'SHA1' for HMAC authentication
Sun Oct 12 13:09:37 2014 116.6.xx.y:52188 Control Channel: TLSv1, 
cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Oct 12 13:09:37 2014 116.6.xx.y:52188 [client3] Peer Connection 
Initiated with [AF_INET]116.6.xx.y:52188
Sun Oct 12 13:09:37 2014 client3/116.6.xx.y:52188 MULTI_sva: pool 
returned IPv4=10.8.0.6, IPv6=bccd:800:8ced:200:14c2:700:2c12:ae01
Sun Oct 12 13:09:37 2014 client3/116.6.xx.y:52188 MULTI: Learn: 
10.8.0.6 -> client3/116.6.xx.y:52188
Sun Oct 12 13:09:37 2014 client3/116.6.xx.y:52188 MULTI: primary 
virtual IP for client3/116.6.xx.y:52188: 10.8.0.6
Sun Oct 12 13:09:37 2014 client3/116.6.xx.y:52188 PUSH: Received 
control message: 'PUSH_REQUEST'
Sun Oct 12 13:09:37 2014 client3/116.6.xx.y:52188 send_push_reply(): 
safe_cap=960
Sun Oct 12 13:09:37 2014 client3/116.6.xx.y:52188 SENT CONTROL 
[client3]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option 
DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.$
Sun Oct 12 13:09:40 2014 read UDPv4 [ECONNREFUSED]: Connection refused 
(code=111)
Sun Oct 12 13:10:34 2014 58.20.98.241:56958 TLS Error: TLS key 
negotiation failed to occur within 60 seconds (check your network 
connectivity)
Sun Oct 12 13:10:34 2014 58.20.98.241:56958 TLS Error: TLS handshake 
failed
Sun Oct 12 13:10:34 2014 58.20.98.241:56958 SIGUSR1[soft,tls-error] 
received, client-instance restarting
Sun Oct 12 13:19:36 2014 client3/116.6.xx.y:52188 [client3] Inactivity 
timeout (--ping-restart), restarting
Sun Oct 12 13:19:36 2014 client3/116.6.xx.y:52188 
SIGUSR1[soft,ping-restart] received, client-instance restarting

Sun Oct 12 13:56:43 2014 MULTI: multi_create_instance called


------------------------------------------------------------------------------


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users



--
Regards,

Mark Dods, VK3ZR mad...@optusnet.com.au
QF22NE


------------------------------------------------------------------------------

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to