Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 42 replies
  • Answers 3 answers
  • Subscribers 15 subscribers
  • Views 62137 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN issue after UTM upgrade to 9.404-5

SimonOrlando

Hello,

after the UTM upgrade from 9.403-4 to 9.404-5 the SSL VPN connection is no longer working. I changed nothing on the configuration.

Now I get following error message:

...

2016:06:28-12:24:27 firewall openvpn[9229]: SENT CONTROL [firewall]: 'PUSH_REQUEST' (status=1)

2016:06:28-12:24:27 firewall openvpn[9229]: TCPv4_CLIENT WRITE [56] to [AF_INET]213.136.68.103:44344 (via [AF_INET]10.10.10.254:35371): P_CONTROL_V1 kid=0 [ ] pid=5 DATA len=42
2016:06:28-12:24:27 firewall openvpn[9229]: TCPv4_CLIENT READ [22] from [AF_INET]213.136.68.103:44344 (via [AF_INET]10.10.10.254:35371): P_ACK_V1 kid=0 [ 5 ]
2016:06:28-12:24:27 firewall openvpn[9229]: TCPv4_CLIENT READ [466] from [AF_INET]213.136.68.103:44344 (via [AF_INET]10.10.10.254:35371): P_CONTROL_V1 kid=0 [ ] pid=6 DATA len=452
2016:06:28-12:24:27 firewall openvpn[9229]: PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 192.168.55.1,route 192.168.54.0 255.255.255.0,route 192.168.55.0 255.255.255.0,setenv-safe remote_network_1 192.168.54.0/24,setenv-safe remote_network_2 192.168.55.0/24,setenv-safe local_network_1 192.168.5.0/24,setenv-safe local_network_2 192.168.111.0/24,setenv-safe local_network_3 192.168.250.0/24,setenv-safe local_network_4 192.168.110.0/24,ifconfig 192.168.54.6 192.168.54.5'
2016:06:28-12:24:27 firewall openvpn[9229]: OPTIONS IMPORT: --ifconfig/up options modified
2016:06:28-12:24:27 firewall openvpn[9229]: OPTIONS IMPORT: route options modified
2016:06:28-12:24:27 firewall openvpn[9229]: OPTIONS IMPORT: route-related options modified
2016:06:28-12:24:27 firewall openvpn[9229]: OPTIONS IMPORT: environment modified
2016:06:28-12:24:27 firewall openvpn[9229]: ROUTE_GATEWAY 10.10.10.1/255.255.255.0 IFACE=eth0.10 HWADDR=00:15:5d:6f:14:09
2016:06:28-12:24:27 firewall openvpn[9229]: TUN/TAP device tun1 opened
2016:06:28-12:24:27 firewall openvpn[9229]: TUN/TAP TX queue length set to 100
2016:06:28-12:24:27 firewall openvpn[9229]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2016:06:28-12:24:27 firewall openvpn[9229]: /bin/ip link set dev tun1 up mtu 1500
2016:06:28-12:24:27 firewall openvpn[9229]: /bin/ip addr add dev tun1 192.168.54.6/11 broadcast 255.255.255.254
2016:06:28-12:24:27 firewall openvpn[9229]: /bin/ip route change dev tun1 192.168.54.4/11 proto 41 src 192.168.54.6
2016:06:28-12:24:27 firewall openvpn[9229]: MANAGEMENT: Client disconnected
2016:06:28-12:24:27 firewall openvpn[9229]: Linux ip route change failed: external program exited with error status: 2
2016:06:28-12:24:27 firewall openvpn[9229]: Exiting due to fatal error
2016:06:28-12:24:35 firewall openvpn[6482]: MANAGEMENT: Client disconnected

Because tun1 is not available I tryed to execute this command for a test on another interface and then I got following error message:

firewall:/var/sec/chroot-openvpn/etc/openvpn/conf.d # /bin/ip route change dev tun0 192.168.54.4/11 proto 41 src 192.168.54.6
RTNETLINK answers: Invalid argument

I hope you can help me!

Many Thanks!

Regards

Simon



This thread was automatically locked due to age.
  • 0 in reply to gehtniemandetwasan

    you need backup-file from prior version..


    then you can fresh install with an early iso, update your system until you got the version from your backup-file and import it.

    best is if you have the iso for the version of backup file... then you can install and directly import backup..

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • 0 in reply to zaphod

    fresh install is not an option in our enviorement.

    We have a ha system with more than 30 vpn connections and mission critical systems behind our firewalls which have to be reached from outside. So we can not accept downtimes longer than 2 minutes.

    We need a solution from sophos ASAP. Nobody from sophos in this forum??

  • 0 in reply to gehtniemandetwasan

    have you opened a ticket? have you contacted your reseller? have you called sophos support by phone?


    ..würde versuchen sophos per telefon support zu kontaktieren... wenn du den passenden Support-Vertrag hast.

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • 0 in reply to BAlfson

    Hi Bob,

    unfortunatly I'm no longer able to provide the details because I've restored some days ago the old version (9.403-4). This VPN connection is mandatory for us.

    Regards

    Simon

  • 0

    we've created a support case at Sophos but we didn't get a solution yet. The only workarround for us was to downgrade like zaphod desriped. It takes less than 30 min if you have the correct version and the correct backup.

    Greetings

  • 0 in reply to zaphod

    Yes we have. But no solution till now ....

  • 0 in reply to gehtniemandetwasan

    ok then i see two options for you at the moment:


    1: 30 Minutes service-window to fresh install your sophos with an iso and import the backup file (good preparation and have the right iso...)

    2: wait for the fix from sophos.. hope you get a hotfix file from support... i have waited 3 weeks until they fixed the pppoe-reconnect-ipsec-vpn-bug...

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • 0 in reply to gehtniemandetwasan

    You had a UTM running a non-UTM SSL VPN client successfully?  I don't know of anyone else that has done this.  Can you generate the log I requested and get the customer to send you the concurrent log from their pfSense?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Our Sophos UTM is the client side of the ssl-vpn tunnel. We got the config-file from our customer. So we do not need a setup on our side. Our UTM act as a client with a single ip address and do snat to the customer.

    Here the tool to create an apc file from ovpn github.com/.../ovpn-to-apc

  • 0 in reply to BAlfson

    Log SIDE Client.

    2016:06:29-07:57:00 zeus openvpn[7700]: REF_LtGyVxezOr/189.114.142.152:32971 PUSH: Received control message: 'PUSH_REQUEST'
    2016:06:29-07:57:00 zeus openvpn[7700]: REF_LtGyVxezOr/189.114.142.152:32971 send_push_reply(): safe_cap=940
    2016:06:29-07:57:00 zeus openvpn[7700]: REF_LtGyVxezOr/189.114.142.152:32971 SENT CONTROL [REF_LtGyVxezOr]: 'PUSH_REPLY,topology subnet,route-gateway 192.168.10.1,route 192.168.55.0 255.255.255.0,setenv-safe remote_network_1 192.168.55.0/24,setenv-safe local_network_1 192.168.155.0/24,ifconfig 192.168.50.1 192.168.10.1' (status=1)
    2016:06:29-07:57:00 zeus openvpn[7700]: REF_LtGyVxezOr/189.114.142.152:32971 Connection reset, restarting [0]
    2016:06:29-07:57:00 zeus openvpn[7700]: REF_LtGyVxezOr/189.114.142.152:32971 SIGUSR1[soft,connection-reset] received, client-instance restarting
    2016:06:29-07:57:00 zeus openvpn[7700]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ssl" connection="REF_oPBGKYYZIw" address="200.97.128.10"
    2016:06:29-07:57:00 zeus openvpn[7700]: PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_CLIENT_DISCONNECT status=0
    2016:06:29-07:57:07 zeus openvpn[7700]: MANAGEMENT: Client connected from /var/run/openvpn_mgmt
    2016:06:29-07:57:07 zeus openvpn[7700]: MANAGEMENT: CMD 'status -1'
    2016:06:29-07:57:07 zeus openvpn[7700]: MANAGEMENT: CMD 'status -1'
    2016:06:29-07:57:17 zeus openvpn[7700]: MANAGEMENT: Client disconnected
    2016:06:29-07:58:10 zeus openvpn[7700]: MANAGEMENT: Client connected from /var/run/openvpn_mgmt
    2016:06:29-07:58:10 zeus openvpn[7700]: MANAGEMENT: CMD 'status -1'
    2016:06:29-07:58:20 zeus openvpn[7700]: MANAGEMENT: Client disconnected
    2016:06:29-07:58:45 zeus openvpn[7700]: TCP connection established with [AF_INET]174.27.83.106:60685 (via [AF_INET]200.97.128.10:443)
    2016:06:29-07:58:45 zeus openvpn[7700]: 174.27.83.106:60685 Non-OpenVPN client protocol detected
    2016:06:29-07:58:45 zeus openvpn[7700]: 174.27.83.106:60685 SIGTERM[soft,port-share-redirect] received, client-instance exiting
    2016:06:29-07:59:04 zeus openvpn[7700]: TCP connection established with [AF_INET]223.16.36.250:58588 (via [AF_INET]200.97.128.10:443)
    2016:06:29-07:59:04 zeus openvpn[7700]: 223.16.36.250:58588 Non-OpenVPN client protocol detected
    2016:06:29-07:59:04 zeus openvpn[7700]: 223.16.36.250:58588 SIGTERM[soft,port-share-redirect] received, client-instance exiting
    2016:06:29-07:59:10 zeus openvpn[7700]: MANAGEMENT: Client connected from /var/run/openvpn_mgmt
    2016:06:29-07:59:10 zeus openvpn[7700]: MANAGEMENT: CMD 'status -1'
    2016:06:29-07:59:20 zeus openvpn[7700]: MANAGEMENT: Client disconnected
    2016:06:29-08:00:12 zeus openvpn[7700]: MANAGEMENT: Client connected from /var/run/openvpn_mgmt
    2016:06:29-08:00:12 zeus openvpn[7700]: MANAGEMENT: CMD 'status -1'
    2016:06:29-08:00:22 zeus openvpn[7700]: MANAGEMENT: Client disconnected
    2016:06:29-08:01:04 zeus openvpn[7700]: MANAGEMENT: Client connected from /var/run/openvpn_mgmt
    2016:06:29-08:01:04 zeus openvpn[7700]: MANAGEMENT: CMD 'status -1'
    2016:06:29-08:01:05 zeus openvpn[7700]: MANAGEMENT: CMD 'status -1'
    2016:06:29-08:01:13 zeus openvpn[7700]: MANAGEMENT: CMD 'status -1'
    2016:06:29-08:01:23 zeus openvpn[7700]: MANAGEMENT: Client disconnected
    2016:06:29-08:02:14 zeus openvpn[7700]: MANAGEMENT: Client connected from /var/run/openvpn_mgmt
    2016:06:29-08:02:14 zeus openvpn[7700]: MANAGEMENT: CMD 'status -1'
    2016:06:29-08:02:18 zeus openvpn[7700]: MANAGEMENT: CMD 'status -1'
    2016:06:29-08:02:22 zeus openvpn[7700]: MANAGEMENT: CMD 'status -1'
    2016:06:29-08:02:32 zeus openvpn[7700]: MANAGEMENT: Client disconnected
    2016:06:29-08:03:20 zeus openvpn[7700]: MANAGEMENT: Client connected from /var/run/openvpn_mgmt
    2016:06:29-08:03:20 zeus openvpn[7700]: MANAGEMENT: CMD 'status -1'
    2016:06:29-08:03:30 zeus openvpn[7700]: MANAGEMENT: Client disconnected
    2016:06:29-08:04:15 zeus openvpn[7700]: MANAGEMENT: Client connected from /var/run/openvpn_mgmt
    2016:06:29-08:04:15 zeus openvpn[7700]: MANAGEMENT: CMD 'status -1'
    2016:06:29-08:04:15 zeus openvpn[7700]: MANAGEMENT: CMD 'status -1'
    2016:06:29-08:04:25 zeus openvpn[7700]: MANAGEMENT: Client disconnected
    2016:06:29-08:05:36 zeus openvpn[7700]: TCP connection established with [AF_INET]189.114.142.152:32992 (via [AF_INET]200.97.128.10:443)
    2016:06:29-08:05:37 zeus openvpn[7700]: 189.114.142.152:32992 TLS: Initial packet from [AF_INET]189.114.142.152:32992 (via [AF_INET]200.97.128.10:443), sid=cbc59c4c 17890da8
    2016:06:29-08:05:37 zeus openvpn[7700]: 189.114.142.152:32992 VERIFY OK: depth=0, C=br, L=Petropolis, O=Binzel do Brasil indrustrial Ltda, CN=REF_oPBGKYYZIw
    2016:06:29-08:05:37 zeus openvpn[7700]: 189.114.142.152:32992 VERIFY OK: depth=1, C=br, L=Petropolis, O=Binzel do Brasil indrustrial Ltda, CN=Binzel do Brasil indrustrial Ltda VPN CA, emailAddress=amoglia@binzel-abicor.com.br
    2016:06:29-08:05:37 zeus openvpn[7700]: 189.114.142.152:32992 VERIFY OK: depth=1, C=br, L=Petropolis, O=Binzel do Brasil indrustrial Ltda, CN=Binzel do Brasil indrustrial Ltda VPN CA, emailAddress=amoglia@binzel-abicor.com.br
    2016:06:29-08:05:37 zeus openvpn[7700]: 189.114.142.152:32992 VERIFY OK: depth=0, C=br, L=Petropolis, O=Binzel do Brasil indrustrial Ltda, CN=REF_oPBGKYYZIw
    2016:06:29-08:05:38 zeus openvpn[7700]: 189.114.142.152:32992 PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
    2016:06:29-08:05:38 zeus openvpn[7700]: 189.114.142.152:32992 TLS: Username/Password authentication deferred for username 'REF_LtGyVxezOr' [CN SET]
    2016:06:29-08:05:38 zeus openvpn[7700]: 189.114.142.152:32992 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    2016:06:29-08:05:38 zeus openvpn[7700]: 189.114.142.152:32992 Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
    2016:06:29-08:05:38 zeus openvpn[7700]: 189.114.142.152:32992 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    2016:06:29-08:05:38 zeus openvpn[7700]: 189.114.142.152:32992 Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
    2016:06:29-08:05:38 zeus openvpn[7700]: 189.114.142.152:32992 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
    2016:06:29-08:05:38 zeus openvpn[7700]: 189.114.142.152:32992 [REF_LtGyVxezOr] Peer Connection Initiated with [AF_INET]189.114.142.152:32992 (via [AF_INET]200.97.128.10:443)
    2016:06:29-08:05:39 zeus openvpn[7700]: REF_LtGyVxezOr/189.114.142.152:32992 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/conf.d/REF_LtGyVxezOr
    2016:06:29-08:05:39 zeus openvpn[7700]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ssl" connection="REF_oPBGKYYZIw" address="200.97.128.10"
    2016:06:29-08:05:39 zeus openvpn[7700]: REF_LtGyVxezOr/189.114.142.152:32992 PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_CLIENT_CONNECT status=0
    2016:06:29-08:05:39 zeus openvpn[7700]: REF_LtGyVxezOr/189.114.142.152:32992 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_1660385a517d60d189d479634a69b7fd.tmp
    2016:06:29-08:05:39 zeus openvpn[7700]: REF_LtGyVxezOr/189.114.142.152:32992 MULTI ERROR: primary virtual IP for REF_LtGyVxezOr/189.114.142.152:32992 (192.168.50.1) violates tunnel network/netmask constraint (192.168.10.0/255.255.255.0)
    2016:06:29-08:05:39 zeus openvpn[7700]: REF_LtGyVxezOr/189.114.142.152:32992 MULTI: Learn: 192.168.50.1 -> REF_LtGyVxezOr/189.114.142.152:32992
    2016:06:29-08:05:39 zeus openvpn[7700]: REF_LtGyVxezOr/189.114.142.152:32992 MULTI: primary virtual IP for REF_LtGyVxezOr/189.114.142.152:32992: 192.168.50.1
    2016:06:29-08:05:39 zeus openvpn[7700]: REF_LtGyVxezOr/189.114.142.152:32992 MULTI: internal route 192.168.155.0/24 -> REF_LtGyVxezOr/189.114.142.152:32992
    2016:06:29-08:05:39 zeus openvpn[7700]: REF_LtGyVxezOr/189.114.142.152:32992 MULTI: Learn: 192.168.155.0/24 -> REF_LtGyVxezOr/189.114.142.152:32992
    2016:06:29-08:05:40 zeus openvpn[7700]: REF_LtGyVxezOr/189.114.142.152:32992 PUSH: Received control message: 'PUSH_REQUEST'
    2016:06:29-08:05:40 zeus openvpn[7700]: REF_LtGyVxezOr/189.114.142.152:32992 send_push_reply(): safe_cap=940
    2016:06:29-08:05:40 zeus openvpn[7700]: REF_LtGyVxezOr/189.114.142.152:32992 SENT CONTROL [REF_LtGyVxezOr]: 'PUSH_REPLY,topology subnet,route-gateway 192.168.10.1,route 192.168.55.0 255.255.255.0,setenv-safe remote_network_1 192.168.55.0/24,setenv-safe local_network_1 192.168.155.0/24,ifconfig 192.168.50.1 192.168.10.1' (status=1)
    2016:06:29-08:05:40 zeus openvpn[7700]: REF_LtGyVxezOr/189.114.142.152:32992 Connection reset, restarting [0]
    2016:06:29-08:05:40 zeus openvpn[7700]: REF_LtGyVxezOr/189.114.142.152:32992 SIGUSR1[soft,connection-reset] received, client-instance restarting
    2016:06:29-08:05:40 zeus openvpn[7700]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ssl" connection="REF_oPBGKYYZIw" address="200.97.128.10"
    2016:06:29-08:05:40 zeus openvpn[7700]: PLUGIN_CALL: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so/PLUGIN_CLIENT_DISCONNECT status=0

    Log Server Side

    2016:06:29-07:57:00 astaro openvpn[4580]: ROUTE_GATEWAY 187.115.211.232
    2016:06:29-07:57:00 astaro openvpn[4580]: TUN/TAP device tun0 opened
    2016:06:29-07:57:00 astaro openvpn[4580]: TUN/TAP TX queue length set to 100
    2016:06:29-07:57:00 astaro openvpn[4580]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    2016:06:29-07:57:00 astaro openvpn[4580]: /bin/ip link set dev tun0 up mtu 1500
    2016:06:29-07:57:00 astaro openvpn[4580]: /bin/ip addr add dev tun0 192.168.50.1/8 broadcast 255.255.247.255
    2016:06:29-07:57:00 astaro openvpn[4580]: /bin/ip route change dev tun0 192.168.2.1/8 proto 41 src 192.168.50.1
    2016:06:29-07:57:00 astaro openvpn[4580]: MANAGEMENT: Client disconnected
    2016:06:29-07:57:00 astaro openvpn[4580]: Linux ip route change failed: external program exited with error status: 2
    2016:06:29-07:57:00 astaro openvpn[4580]: Exiting due to fatal error
    2016:06:29-08:05:36 astaro openvpn[6783]: DEPRECATED OPTION: --tls-remote, please update your configuration
    2016:06:29-08:05:36 astaro openvpn[6783]: OpenVPN 2.3.10 i686-suse-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jun 8 2016
    2016:06:29-08:05:36 astaro openvpn[6783]: library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.09
    2016:06:29-08:05:36 astaro openvpn[6784]: MANAGEMENT: client_uid=0
    2016:06:29-08:05:36 astaro openvpn[6784]: MANAGEMENT: client_gid=0
    2016:06:29-08:05:36 astaro openvpn[6784]: MANAGEMENT: unix domain socket listening on /var/run/openvpn_mgmt_REF_uotJtKdIzZ
    2016:06:29-08:05:36 astaro openvpn[6784]: PLUGIN_INIT: POST /usr/lib/openvpn/plugins/openvpn-plugin-utm.so '[/usr/lib/openvpn/plugins/openvpn-plugin-utm.so] [REF_uotJtKdIzZ]' intercepted=PLUGIN_UP|PLUGIN_DOWN|PLUGIN_ROUTE_UP|PLUGIN_ROUTE_PREDOWN
    2016:06:29-08:05:36 astaro openvpn[6784]: Socket Buffers: R=[87380->87380] S=[16384->16384]
    2016:06:29-08:05:36 astaro openvpn[6784]: Attempting to establish TCP connection with [AF_INET]200.97.128.10:443 [nonblock]
    2016:06:29-08:05:36 astaro openvpn[6784]: MANAGEMENT: Client connected from /var/run/openvpn_mgmt_REF_uotJtKdIzZ
    2016:06:29-08:05:36 astaro openvpn[6784]: MANAGEMENT: CMD 'state'
    2016:06:29-08:05:37 astaro openvpn[6784]: TCP connection established with [AF_INET]200.97.128.10:443 (via [AF_INET]189.114.142.152:32992)
    2016:06:29-08:05:37 astaro openvpn[6784]: TCPv4_CLIENT link local: [undef]
    2016:06:29-08:05:37 astaro openvpn[6784]: TCPv4_CLIENT link remote: [AF_INET]200.97.128.10:443
    2016:06:29-08:05:37 astaro openvpn[6784]: TLS: Initial packet from [AF_INET]200.97.128.10:443 (via [AF_INET]189.114.142.152:32992), sid=d6f44092 892bebba
    2016:06:29-08:05:37 astaro openvpn[6784]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    2016:06:29-08:05:37 astaro openvpn[6784]: VERIFY OK: depth=1, /C=br/L=Petropolis/O=Binzel_do_Brasil_indrustrial_Ltda/CN=Binzel_do_Brasil_indrustrial_Ltda_VPN_CA/emailAddress=amoglia@binzel-abicor.com.br
    2016:06:29-08:05:37 astaro openvpn[6784]: VERIFY X509NAME OK: /C=br/L=Petropolis/O=Binzel_do_Brasil_indrustrial_Ltda/CN=zeus/emailAddress=amoglia@binzel-abicor.com.br
    2016:06:29-08:05:37 astaro openvpn[6784]: VERIFY OK: depth=0, /C=br/L=Petropolis/O=Binzel_do_Brasil_indrustrial_Ltda/CN=zeus/emailAddress=amoglia@binzel-abicor.com.br
    2016:06:29-08:05:38 astaro openvpn[6784]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    2016:06:29-08:05:38 astaro openvpn[6784]: Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
    2016:06:29-08:05:38 astaro openvpn[6784]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    2016:06:29-08:05:38 astaro openvpn[6784]: Data Channel Decrypt: Using 128 bit message hash 'MD5' for HMAC authentication
    2016:06:29-08:05:38 astaro openvpn[6784]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
    2016:06:29-08:05:38 astaro openvpn[6784]: [zeus] Peer Connection Initiated with [AF_INET]200.97.128.10:443 (via [AF_INET]189.114.142.152:32992)
    2016:06:29-08:05:40 astaro openvpn[6784]: SENT CONTROL [zeus]: 'PUSH_REQUEST' (status=1)
    2016:06:29-08:05:40 astaro openvpn[6784]: PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway 192.168.10.1,route 192.168.55.0 255.255.255.0,setenv-safe remote_network_1 192.168.55.0/24,setenv-safe local_network_1 192.168.155.0/24,ifconfig 192.168.50.1 192.168.10.1'
    2016:06:29-08:05:40 astaro openvpn[6784]: OPTIONS IMPORT: --ifconfig/up options modified
    2016:06:29-08:05:40 astaro openvpn[6784]: OPTIONS IMPORT: route options modified
    2016:06:29-08:05:40 astaro openvpn[6784]: OPTIONS IMPORT: route-related options modified
    2016:06:29-08:05:40 astaro openvpn[6784]: OPTIONS IMPORT: environment modified
    2016:06:29-08:05:40 astaro openvpn[6784]: ROUTE_GATEWAY 187.115.211.232
    2016:06:29-08:05:40 astaro openvpn[6784]: TUN/TAP device tun0 opened
    2016:06:29-08:05:40 astaro openvpn[6784]: TUN/TAP TX queue length set to 100
    2016:06:29-08:05:40 astaro openvpn[6784]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    2016:06:29-08:05:40 astaro openvpn[6784]: /bin/ip link set dev tun0 up mtu 1500
    2016:06:29-08:05:40 astaro openvpn[6784]: /bin/ip addr add dev tun0 192.168.50.1/8 broadcast 255.255.247.255
    2016:06:29-08:05:40 astaro openvpn[6784]: /bin/ip route change dev tun0 192.168.2.1/8 proto 41 src 192.168.50.1
    2016:06:29-08:05:40 astaro openvpn[6784]: MANAGEMENT: Client disconnected
    2016:06:29-08:05:40 astaro openvpn[6784]: Linux ip route change failed: external program exited with error status: 2
    2016:06:29-08:05:40 astaro openvpn[6784]: Exiting due to fatal error

Unfiltered HTML