1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

VPN Connection issue - So near yet so far

Discussion in 'Tomato Firmware' started by Theblueraja, Aug 4, 2009.

  1. Theblueraja

    Theblueraja Network Guru Member

    Hi,
    Im trying to conntect to StronVPN via the OpenVPN client on my tomato based router running v1.25vpn3.3.4a23156e from http://tomatovpn.keithmoyer.com/

    I've put in all the correct setting as far as i can tell, and the connection appears to come up, looking at the logs i can see no errors, im assigned an IP address from the remote end etc.

    The logs are as follows - edited to remove specifics:-

    Aug 4 21:00:56 BuffaloNet1 daemon.notice openvpn[1095]: OpenVPN 2.1_rc15 mipsel-unknown-linux-gnu [SSL] [LZO2] built on May 31 2009
    Aug 4 21:00:56 BuffaloNet1 daemon.warn openvpn[1095]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Aug 4 21:00:56 BuffaloNet1 daemon.warn openvpn[1095]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Aug 4 21:00:56 BuffaloNet1 daemon.notice openvpn[1095]: Control Channel Authentication: using 'static.key' as a OpenVPN static key file
    Aug 4 21:00:56 BuffaloNet1 daemon.notice openvpn[1095]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug 4 21:00:56 BuffaloNet1 daemon.notice openvpn[1095]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug 4 21:00:56 BuffaloNet1 daemon.notice openvpn[1095]: LZO compression initialized
    Aug 4 21:00:56 BuffaloNet1 daemon.notice openvpn[1095]: Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Aug 4 21:00:56 BuffaloNet1 daemon.notice openvpn[1095]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Aug 4 21:00:56 BuffaloNet1 daemon.notice openvpn[1097]: Socket Buffers: R=[32767->65534] S=[32767->65534]
    Aug 4 21:00:56 BuffaloNet1 daemon.notice openvpn[1097]: UDPv4 link local: [undef]
    Aug 4 21:00:56 BuffaloNet1 daemon.notice openvpn[1097]: UDPv4 link remote: 68.68.XX.XX:XXXX
    Aug 4 21:00:56 BuffaloNet1 daemon.notice openvpn[1097]: TLS: Initial packet from 68.68.XX.XX:XXXX, sid=0a8e9335 02f34149
    Aug 4 21:00:57 BuffaloNet1 daemon.notice openvpn[1097]: VERIFY OK: depth=1, /C=US/ST=NA/L=XXXXX
    Aug 4 21:00:57 BuffaloNet1 daemon.notice openvpn[1097]: VERIFY OK: depth=0, /C=US/ST=NA/O=XXXXX
    Aug 4 21:00:58 BuffaloNet1 daemon.info dnsmasq[920]: DHCPINFORM(br0) 192.168.0.4 XXXXXXXXX
    Aug 4 21:00:58 BuffaloNet1 daemon.info dnsmasq[920]: DHCPACK(br0) 192.168.0.4 XXXXX
    Aug 4 21:01:00 BuffaloNet1 daemon.notice openvpn[1097]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Aug 4 21:01:00 BuffaloNet1 daemon.notice openvpn[1097]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug 4 21:01:00 BuffaloNet1 daemon.notice openvpn[1097]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Aug 4 21:01:00 BuffaloNet1 daemon.notice openvpn[1097]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug 4 21:01:00 BuffaloNet1 daemon.notice openvpn[1097]: Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Aug 4 21:01:00 BuffaloNet1 daemon.notice openvpn[1097]: [ovpn059] Peer Connection Initiated with 68.68.XX.XX:XXXX
    Aug 4 21:01:01 BuffaloNet1 daemon.notice openvpn[1097]: SENT CONTROL [ovpn059]: 'PUSH_REQUEST' (status=1)
    Aug 4 21:01:01 BuffaloNet1 daemon.notice openvpn[1097]: PUSH: Received control message: 'PUSH_REPLY,route-delay 2,dhcp-option DNS 216.131.XX.XX,dhcp-option DNS 216.131.XX.XX,route-metric 1,redirect-gateway def1,route 10.8.XX.XX,topology net30,ping 10,ping-restart 60,ifconfig 1
    Aug 4 21:01:01 BuffaloNet1 daemon.notice openvpn[1097]: OPTIONS IMPORT: timers and/or timeouts modified
    Aug 4 21:01:01 BuffaloNet1 daemon.notice openvpn[1097]: OPTIONS IMPORT: --ifconfig/up options modified
    Aug 4 21:01:01 BuffaloNet1 daemon.notice openvpn[1097]: OPTIONS IMPORT: route options modified
    Aug 4 21:01:01 BuffaloNet1 daemon.notice openvpn[1097]: OPTIONS IMPORT: route-related options modified
    Aug 4 21:01:01 BuffaloNet1 daemon.notice openvpn[1097]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Aug 4 21:01:01 BuffaloNet1 daemon.notice openvpn[1097]: TUN/TAP device tun11 opened
    Aug 4 21:01:01 BuffaloNet1 daemon.notice openvpn[1097]: TUN/TAP TX queue length set to 100
    Aug 4 21:01:01 BuffaloNet1 daemon.notice openvpn[1097]: /sbin/ifconfig tun11 10.8.XX.XX pointopoint 10.8.XX.XX mtu 1500
    Aug 4 21:01:04 BuffaloNet1 daemon.notice openvpn[1097]: /sbin/route add -net 68.68.XX.XX netmask 255.255.255.255 gw 87.87.XX.XX
    Aug 4 21:01:04 BuffaloNet1 daemon.notice openvpn[1097]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.XX.XX
    Aug 4 21:01:04 BuffaloNet1 daemon.notice openvpn[1097]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.XX.XX
    Aug 4 21:01:04 BuffaloNet1 daemon.notice openvpn[1097]: /sbin/route add -net 10.8.XX.XX netmask 255.255.255.255 gw 10.8.XX.XX metric 1
    Aug 4 21:01:04 BuffaloNet1 daemon.notice openvpn[1097]: Initialization Sequence Completed

    The only issue i can find is that the TUN/TUN write bytes under VPN Client Status are 0

    Name Value
    TUN/TAP read bytes 758
    TUN/TAP write bytes 0
    TCP/UDP read bytes 5866
    TCP/UDP write bytes 6450
    Auth read bytes 0
    pre-compress bytes 0
    post-compress bytes 0
    pre-decompress bytes 0
    post-decompress bytes 0

    Has anybody any ideas what im doing wrong - if i need to post more info let me know.
     
  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Do you see your own IP address when visiting http://checkip.dyndns.org or a different address (or does it not work at all)?
     
  3. Theblueraja

    Theblueraja Network Guru Member

    Hi,
    It doesnt work at all, no connection to the internet.

    I should add my setup is as follows:-

    Client 1 Basic
    Start with Router - Ticked
    Interface Type - TUN
    Protocol - UDP
    Server Address/Port - Same as given in .ovpn file
    Firewall - Automatic
    Authorization Mode - TLS
    Extra HMAC authorization (tls-auth) - Outgoing (1)
    Create NAT on tunnel - Ticked

    Advanced

    Redirect Internet traffic Gateway: Unticked
    Accept DNS configuration - Unticked
    Encryption cipher - Use Default
    Compression - Disabled
    Connection retry (in seconds; -1 for infinite) - 30
    Custom Configuration - NONE

    Keys:-
    Certificates given have been copy pasted into here.

    The config file for openvpn (NOT used at all under config in advanced ) is as follows:-

    remote 68.68.xx.xx xxxx
    proto udp
    ca ca.crt - Copied to Certificate Authority under keys
    cert ovpn059.crt - Copied to Client Certificate under keys
    key ovpn059.key - Copied to client key under keys
    tls-auth ta.key 1 - ta.key copied to Static key under keys
    client
    dev tun
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    ;http-proxy-retry # retry on connection failures
    ;http-proxy [proxy server] [proxy port #]
    verb 4
    mute 5
    tun-mtu 1500
    fragment 1300
    mssfix 1450
     
  4. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Hmmm, could you log in to your router via ssh/telnet and try
    Code:
    nslookup google.com
    ping google.com
    ping 74.125.45.100
    ping 10.8.XX.XX (you censored this before, replace the Xs for the server's VPN IP)
     
  5. Theblueraja

    Theblueraja Network Guru Member

    As requested i did a few pings (and thanks for the help):-

    Tomato v1.25vpn3.3


    BusyBox v1.14.0 (2009-05-31 18:41:13 CDT) built-in shell (ash)
    Enter 'help' for a list of built-in commands.

    # nslookup google.com
    Server: 127.0.0.1
    Address 1: 127.0.0.1

    nslookup: can't resolve 'google.com'
    # ping google.com
    ping: bad address 'google.com'
    # ping 74.125.45.100
    PING 74.125.45.100 (74.125.45.100): 56 data bytes


    --- 74.125.45.100 ping statistics ---
    125 packets transmitted, 0 packets received, 100% packet loss

    # ping 10.8.1.217
    PING 10.8.1.217 (10.8.1.217): 56 data bytes

    --- 10.8.1.217 ping statistics ---
    7 packets transmitted, 0 packets received, 100% packet loss

    # ping 10.8.1.221
    PING 10.8.1.221 (10.8.1.221): 56 data bytes
    --- 10.8.1.221 ping statistics ---
    12 packets transmitted, 0 packets received, 100% packet loss

    # ping 87.87.249.237
    PING 87.87.249.237 (87.87.249.237): 56 data bytes
    64 bytes from 87.87.249.237: seq=0 ttl=255 time=32.150 ms
    64 bytes from 87.87.249.237: seq=1 ttl=255 time=33.448 ms
    64 bytes from 87.87.249.237: seq=2 ttl=255 time=32.837 ms
    64 bytes from 87.87.249.237: seq=3 ttl=255 time=32.464 ms

    --- 87.87.249.237 ping statistics ---
    4 packets transmitted, 4 packets received, 0% packet loss
    round-trip min/avg/max = 32.150/32.724/33.448 ms

    Also included is my routing table in case its any help:-

    Code:
    Destination	Gateway	Subnet Mask	Metric	Interface
    68.68.X.X	87.87.X.X	255.255.255.255	0	ppp0
    10.8.1.217	10.8.1.221	255.255.255.255	1	tun11
    10.8.1.221	*	        255.255.255.255	0	tun11
    87.87.X.X	*	        255.255.255.255	0	ppp0
    192.168.0.0	*	        255.255.255.0	0	br0 (LAN)
    127.0.0.0	*	        255.0.0.0	        0	lo
    default	  10.8.1.221	128.0.0.0	        0	tun11
    128.0.0.0	  10.8.1.221	128.0.0.0	        0	tun11
    default	   87.87.X.X	0.0.0.0	        0	ppp0
     
  6. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Hmmm, could you also provide the output of
    Code:
    iptables -t nat -nvL
    ?

    If that is showing the packet count on the tun11 MASQUERADE line in POSTROUTING increase whenever you attempt to ping, then I can't think of anything other than server-side problems that could cause it.

    EDIT: A couple things you may try for debugging:
    • run
      Code:
      iptables -t nat -I POSTROUTING -o tun11 -j LOG --log-prefix "Tunneling "
      Then try some pings and check your syslog. Post the "Tunneling ..." messages here
    • Set up a standalone OpenVPN client on a PC and attempt to connect with their config file.
     
  7. gawd0wns

    gawd0wns LI Guru Member

    I think it is an issue with the DNS servers not being recognized/registered

    Try adding these three lines to your client config file, you need to replace the gateway and DNS server addresses:

    route-gateway 10.8.0.1
    redirect-gateway
    dhcp-option DNS 10.8.0.12 10.8.0.13

    You could try placing the DNS addresses in the Static DNS fields under Basic --> Network as well.
     
  8. gawd0wns

    gawd0wns LI Guru Member

  9. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    He can't even ping IP addresses across the tunnel. I don't think we need to worry about DNS until that is working.
     
  10. gawd0wns

    gawd0wns LI Guru Member

    I think it could be related... if he can't resolve addresses, he can't ping them.
     
  11. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Pinging IP addresses doesn't use DNS at all. You have to get that working before DNS has a chance.
     
  12. Theblueraja

    Theblueraja Network Guru Member

    This does not increase - it stays at 0.

    Nothing shows - is that correct? I entered this in telnet but looked at the logs via the gui.

    Connecting via OpenVPN on the PC works no bother.
     
  13. Theblueraja

    Theblueraja Network Guru Member

    This doesnt work, it gives me errors in the log file

    Code:
    Aug  5 04:43:19 BuffaloNet1 daemon.notice openvpn[760]: /sbin/ifconfig tun11 10.8.1.222 pointopoint 10.8.1.221 mtu 1500
    Aug  5 04:43:21 BuffaloNet1 daemon.notice openvpn[760]: /sbin/route add -net 68.68.xxx.xxx netmask 255.255.255.255 gw 87.87.xxx.xxx
    Aug  5 04:43:21 BuffaloNet1 daemon.notice openvpn[760]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.0.1
    Aug  5 04:43:21 BuffaloNet1 daemon.warn openvpn[760]: ERROR: Linux route add command failed: external program exited with error status: 1
    Aug  5 04:43:21 BuffaloNet1 daemon.notice openvpn[760]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.0.1
    Aug  5 04:43:21 BuffaloNet1 daemon.warn openvpn[760]: ERROR: Linux route add command failed: external program exited with error status: 1
    Aug  5 04:43:21 BuffaloNet1 daemon.notice openvpn[760]: /sbin/route add -net 10.8.1.217 netmask 255.255.255.255 gw 10.8.0.1 metric 1
    Aug  5 04:43:21 BuffaloNet1 daemon.warn openvpn[760]: ERROR: Linux route add command failed: external program exited with error status: 1
    Aug  5 04:43:21 BuffaloNet1 daemon.notice openvpn[760]: Initialization Sequence Completed
     
  14. gawd0wns

    gawd0wns LI Guru Member

    Without being able to resolve external addresses, you are dead in the water. He can ping the VPN host, but can't resolve or contact any external addresses. I had a similar experience with TUN where DNS was the culprit, and am basing my suggestions on that. If it makes no difference, it is one less thing to worry about.
     
  15. gawd0wns

    gawd0wns LI Guru Member

    Change 10.8.0.1 to your gateway... I don't think it is 10.8.0.1

    "Aug 5 04:43:19 BuffaloNet1 daemon.notice openvpn[760]: /sbin/ifconfig tun11 10.8.1.222 pointopoint 10.8.1.221 mtu 1500"
    Aug 5 04:43:19 BuffaloNet1 daemon.notice openvpn[760]: /sbin/ifconfig tun11 10.8.1.222 pointopoint 10.8.1.221 mtu 1500
    Aug 5 04:43:21 BuffaloNet1 daemon.notice openvpn[760]: /sbin/route add -net 68.68.xxx.xxx netmask 255.255.255.255 gw 87.87.xxx.xxx

    use two lines for the dhcp-option instead of one, change the addresses

    dhcp-option DNS 216.131.XX.XX
    dhcp-option DNS 216.131.XX.XX
     
  16. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    That's really bizarre. Your routing table looks fine, but no traffic is even attempting to go over the tunnel.

    Let's be a little heavier handed in debugging:
    First, I'm assuming you are pinging from the router itself (via ssh, telnet, or web GUI).
    Code:
    iptables -t mangle -I OUTPUT -d 209.85.225.147 -j LOG --log-prefix "MO "
    iptables -t nat -I OUTPUT -d 209.85.225.147 -j LOG --log-prefix "NO "
    iptables -t filter -I OUTPUT -d 209.85.225.147 -j LOG --log-prefix "FO "
    iptables -t mangle -I POSTROUTING -d 209.85.225.147 -j LOG --log-prefix "MP "
    iptables -t nat -I POSTROUTING -d 209.85.225.147 -j LOG --log-prefix "NP "
    Then ping 209.85.225.147 and check the syslog.
     
  17. Theblueraja

    Theblueraja Network Guru Member

    Once agiain, thanks for the help, ping was done from a telnet session on the router.

    Code:
    Aug  5 06:38:21 BuffaloNet1 daemon.info dnsmasq[99]: DHCPREQUEST(br0) 192.168.0.4 
    Aug  5 06:38:21 BuffaloNet1 daemon.info dnsmasq[99]: DHCPACK(br0) 192.168.0.4 00:12:f0:XX:XX:XX Laptop
    Aug  5 06:38:29 BuffaloNet1 daemon.info dnsmasq[99]: DHCPINFORM(br0) 192.168.0.4 00:12:f0:XX:XX:XX 
    Aug  5 06:38:29 BuffaloNet1 daemon.info dnsmasq[99]: DHCPACK(br0) 192.168.0.4 00:12:f0:XX:XX:XX Laptop
    Aug  5 06:39:41 BuffaloNet1 daemon.info dnsmasq[99]: DHCPINFORM(br0) 192.168.0.4 00:12:f0:XX:XX:XX 
    Aug  5 06:39:41 BuffaloNet1 daemon.info dnsmasq[99]: DHCPACK(br0) 192.168.0.4 00:12:f0:XX:XX:XX Laptop
    Aug  5 06:40:41 BuffaloNet1 daemon.notice openvpn[906]: OpenVPN 2.1_rc15 mipsel-unknown-linux-gnu [SSL] [LZO2] built on May 31 2009
    Aug  5 06:40:41 BuffaloNet1 daemon.warn openvpn[906]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Aug  5 06:40:41 BuffaloNet1 daemon.warn openvpn[906]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Aug  5 06:40:41 BuffaloNet1 daemon.notice openvpn[906]: Control Channel Authentication: using 'static.key' as a OpenVPN static key file
    Aug  5 06:40:41 BuffaloNet1 daemon.notice openvpn[906]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug  5 06:40:41 BuffaloNet1 daemon.notice openvpn[906]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug  5 06:40:41 BuffaloNet1 daemon.notice openvpn[906]: LZO compression initialized
    Aug  5 06:40:41 BuffaloNet1 daemon.notice openvpn[906]: Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Aug  5 06:40:41 BuffaloNet1 daemon.notice openvpn[906]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Aug  5 06:40:41 BuffaloNet1 daemon.notice openvpn[910]: Socket Buffers: R=[32767->65534] S=[32767->65534]
    Aug  5 06:40:41 BuffaloNet1 daemon.notice openvpn[910]: UDPv4 link local: [undef]
    Aug  5 06:40:41 BuffaloNet1 daemon.notice openvpn[910]: UDPv4 link remote: 68.68.XX.XX:XXXX
    Aug  5 06:40:41 BuffaloNet1 daemon.notice openvpn[910]: TLS: Initial packet from 68.68.XX.XX:XXXX, sid=ecb3d06b d2e39634
    Aug  5 06:40:42 BuffaloNet1 daemon.notice openvpn[910]: VERIFY OK: depth=1, /C=US/ST=NA/L=San-Francisco/O=oakweb.com/CN=ovpn059/Email=techies@reliablehosting.com
    Aug  5 06:40:42 BuffaloNet1 daemon.notice openvpn[910]: VERIFY OK: depth=0, /C=US/ST=NA/O=oakweb.com/CN=ovpn059/Email=techies@reliablehosting.com
    Aug  5 06:40:45 BuffaloNet1 daemon.err openvpn[910]: event_wait : Interrupted system call (code=4)
    Aug  5 06:40:45 BuffaloNet1 daemon.notice openvpn[910]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Aug  5 06:40:45 BuffaloNet1 daemon.notice openvpn[910]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug  5 06:40:45 BuffaloNet1 daemon.notice openvpn[910]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Aug  5 06:40:45 BuffaloNet1 daemon.notice openvpn[910]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug  5 06:40:45 BuffaloNet1 daemon.notice openvpn[910]: Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Aug  5 06:40:45 BuffaloNet1 daemon.notice openvpn[910]: [ovpn059] Peer Connection Initiated with 68.68.XX.XX:XXXX
    Aug  5 06:40:46 BuffaloNet1 daemon.notice openvpn[910]: SENT CONTROL [ovpn059]: 'PUSH_REQUEST' (status=1)
    Aug  5 06:40:46 BuffaloNet1 daemon.notice openvpn[910]: PUSH: Received control message: 'PUSH_REPLY,route-delay 2,dhcp-option DNS 216.131.95.20,dhcp-option DNS 216.131.94.5,route-metric 1,redirect-gateway def1,route 10.8.1.217,topology net30,ping 10,ping-restart 60,ifconfig 10
    Aug  5 06:40:46 BuffaloNet1 daemon.notice openvpn[910]: OPTIONS IMPORT: timers and/or timeouts modified
    Aug  5 06:40:46 BuffaloNet1 daemon.notice openvpn[910]: OPTIONS IMPORT: --ifconfig/up options modified
    Aug  5 06:40:46 BuffaloNet1 daemon.notice openvpn[910]: OPTIONS IMPORT: route options modified
    Aug  5 06:40:46 BuffaloNet1 daemon.notice openvpn[910]: OPTIONS IMPORT: route-related options modified
    Aug  5 06:40:46 BuffaloNet1 daemon.notice openvpn[910]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Aug  5 06:40:46 BuffaloNet1 daemon.notice openvpn[910]: TUN/TAP device tun11 opened
    Aug  5 06:40:46 BuffaloNet1 daemon.notice openvpn[910]: TUN/TAP TX queue length set to 100
    Aug  5 06:40:46 BuffaloNet1 daemon.notice openvpn[910]: /sbin/ifconfig tun11 10.8.1.222 pointopoint 10.8.1.221 mtu 1500
    Aug  5 06:40:48 BuffaloNet1 daemon.info dnsmasq[99]: DHCPINFORM(br0) 192.168.0.4 00:12:f0:XX:XX:XX 
    Aug  5 06:40:48 BuffaloNet1 daemon.info dnsmasq[99]: DHCPACK(br0) 192.168.0.4 00:12:f0:XX:XX:XX Laptop
    Aug  5 06:40:48 BuffaloNet1 daemon.notice openvpn[910]: /sbin/route add -net 68.68.XX.XX netmask 255.255.255.255 gw 87.87.xx.xx
    Aug  5 06:40:48 BuffaloNet1 daemon.notice openvpn[910]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.1.221
    Aug  5 06:40:48 BuffaloNet1 daemon.notice openvpn[910]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.1.221
    Aug  5 06:40:48 BuffaloNet1 daemon.notice openvpn[910]: /sbin/route add -net 10.8.1.217 netmask 255.255.255.255 gw 10.8.1.221 metric 1
    Aug  5 06:40:48 BuffaloNet1 daemon.notice openvpn[910]: Initialization Sequence Completed
    Aug  5 06:41:07 BuffaloNet1 auth.info login[922]: root login on 'pts/0'
    Aug  5 06:41:46 BuffaloNet1 daemon.notice openvpn[910]: [ovpn059] Inactivity timeout (--ping-restart), restarting
    Aug  5 06:41:46 BuffaloNet1 daemon.notice openvpn[910]: TCP/UDP: Closing socket
    Aug  5 06:41:46 BuffaloNet1 daemon.notice openvpn[910]: SIGUSR1[soft,ping-restart] received, process restarting
    Aug  5 06:41:46 BuffaloNet1 daemon.notice openvpn[910]: Restart pause, 2 second(s)
    Aug  5 06:41:48 BuffaloNet1 daemon.warn openvpn[910]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Aug  5 06:41:48 BuffaloNet1 daemon.warn openvpn[910]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Aug  5 06:41:48 BuffaloNet1 daemon.notice openvpn[910]: Re-using SSL/TLS context
    Aug  5 06:41:48 BuffaloNet1 daemon.notice openvpn[910]: LZO compression initialized
    Aug  5 06:41:48 BuffaloNet1 daemon.notice openvpn[910]: Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Aug  5 06:41:48 BuffaloNet1 daemon.notice openvpn[910]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Aug  5 06:41:48 BuffaloNet1 daemon.notice openvpn[910]: Socket Buffers: R=[32767->65534] S=[32767->65534]
    Aug  5 06:41:48 BuffaloNet1 daemon.notice openvpn[910]: UDPv4 link local: [undef]
    Aug  5 06:41:48 BuffaloNet1 daemon.notice openvpn[910]: UDPv4 link remote: 68.68.XX.XX:XXXX
    Aug  5 06:41:48 BuffaloNet1 daemon.notice openvpn[910]: TLS: Initial packet from 68.68.XX.XX:XXXX, sid=c32ee3da 2f6c56a6
    Aug  5 06:41:49 BuffaloNet1 daemon.notice openvpn[910]: VERIFY OK: depth=1, /C=US/ST=NA/L=XXXXXXXXXXXXXX
    Aug  5 06:41:49 BuffaloNet1 daemon.notice openvpn[910]: VERIFY OK: depth=0, /C=US/ST=NA/XXXXXXXXXXXXXXXXXXXXXX
    Aug  5 06:41:52 BuffaloNet1 daemon.notice openvpn[910]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Aug  5 06:41:52 BuffaloNet1 daemon.notice openvpn[910]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug  5 06:41:52 BuffaloNet1 daemon.notice openvpn[910]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Aug  5 06:41:52 BuffaloNet1 daemon.notice openvpn[910]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug  5 06:41:52 BuffaloNet1 daemon.notice openvpn[910]: Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Aug  5 06:41:52 BuffaloNet1 daemon.notice openvpn[910]: [ovpn059] Peer Connection Initiated with 68.68.XX.XX:XXXX
    Aug  5 06:41:53 BuffaloNet1 daemon.notice openvpn[910]: SENT CONTROL [ovpn059]: 'PUSH_REQUEST' (status=1)
    Aug  5 06:41:53 BuffaloNet1 daemon.notice openvpn[910]: PUSH: Received control message: 'PUSH_REPLY,route-delay 2,dhcp-option DNS 216.131.95.20,dhcp-option DNS 216.131.94.5,route-metric 1,redirect-gateway def1,route 10.8.1.217,topology net30,ping 10,ping-restart 60,ifconfig 10
    Aug  5 06:41:53 BuffaloNet1 daemon.notice openvpn[910]: OPTIONS IMPORT: timers and/or timeouts modified
    Aug  5 06:41:53 BuffaloNet1 daemon.notice openvpn[910]: OPTIONS IMPORT: --ifconfig/up options modified
    Aug  5 06:41:53 BuffaloNet1 daemon.notice openvpn[910]: OPTIONS IMPORT: route options modified
    Aug  5 06:41:53 BuffaloNet1 daemon.notice openvpn[910]: OPTIONS IMPORT: route-related options modified
    Aug  5 06:41:53 BuffaloNet1 daemon.notice openvpn[910]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Aug  5 06:41:53 BuffaloNet1 daemon.notice openvpn[910]: Preserving previous TUN/TAP instance: tun11
    Aug  5 06:41:53 BuffaloNet1 daemon.notice openvpn[910]: Initialization Sequence Completed
    Aug  5 06:42:13 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.XX.XX.9 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45040 DPT=53 LEN=42 
    Aug  5 06:42:14 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.XX.XX.7 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45040 DPT=53 LEN=42 
    Aug  5 06:42:26 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.XX.XX.7 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=39073 DPT=53 LEN=42 
    Aug  5 06:42:26 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.XX.XX.9 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=39073 DPT=53 LEN=42 
    Aug  5 06:42:40 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=0 
    Aug  5 06:42:40 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=0 
    Aug  5 06:42:40 BuffaloNet1 user.warn kernel: NO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=0 
    Aug  5 06:42:40 BuffaloNet1 user.warn kernel: NO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=0 
    Aug  5 06:42:40 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=0 
    Aug  5 06:42:40 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=0 
    Aug  5 06:42:40 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=0 
    Aug  5 06:42:40 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=0 
    Aug  5 06:42:40 BuffaloNet1 user.warn kernel: NP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=0 
    Aug  5 06:42:40 BuffaloNet1 user.warn kernel: NP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=0 
    Aug  5 06:42:40 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=0 
    Aug  5 06:42:41 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=1 
    Aug  5 06:42:41 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=1 
    Aug  5 06:42:41 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=1 
    Aug  5 06:42:41 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=1 
    Aug  5 06:42:41 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=1 
    Aug  5 06:42:41 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=1 
    Aug  5 06:42:42 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=2 
    Aug  5 06:42:42 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=2 
    Aug  5 06:42:42 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=2 
    Aug  5 06:42:42 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=2 
    Aug  5 06:42:42 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=2 
    Aug  5 06:42:42 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=2 
    Aug  5 06:42:43 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=3 
    Aug  5 06:42:43 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=3 
    Aug  5 06:42:43 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=3 
    Aug  5 06:42:43 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=3 
    Aug  5 06:42:43 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=3 
    Aug  5 06:42:43 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=3 
    Aug  5 06:42:44 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=4 
    Aug  5 06:42:44 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=4 
    Aug  5 06:42:44 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=4 
    Aug  5 06:42:44 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=4 
    Aug  5 06:42:44 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=4 
    Aug  5 06:42:44 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=4 
    Aug  5 06:42:45 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=5 
    Aug  5 06:42:45 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=5 
    Aug  5 06:42:45 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=5 
    Aug  5 06:42:45 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=5 
    Aug  5 06:42:45 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=5 
    Aug  5 06:42:45 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=5 
    Aug  5 06:42:46 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=6 
    Aug  5 06:42:46 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=6 
    Aug  5 06:42:46 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=6 
    Aug  5 06:42:46 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=6 
    Aug  5 06:42:46 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=6 
    Aug  5 06:42:46 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=6 
    Aug  5 06:42:47 BuffaloNet1 daemon.info dnsmasq[99]: DHCPINFORM(br0) 192.168.0.4 00:12:f0:XX:XX:XX 
    Aug  5 06:42:47 BuffaloNet1 daemon.info dnsmasq[99]: DHCPACK(br0) 192.168.0.4 00:12:f0:XX:XX:XX Laptop
    Aug  5 06:42:47 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=7 
    Aug  5 06:42:47 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=7 
    Aug  5 06:42:47 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=7 
    Aug  5 06:42:47 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=7 
    Aug  5 06:42:47 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=7 
    Aug  5 06:42:47 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=7 
    Aug  5 06:42:48 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=8 
    Aug  5 06:42:48 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=8 
    Aug  5 06:42:48 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=8 
    Aug  5 06:42:48 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=8 
    Aug  5 06:42:48 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=8 
    Aug  5 06:42:48 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=8 
    Aug  5 06:42:49 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=9 
    Aug  5 06:42:49 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=9 
    Aug  5 06:42:49 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=9 
    
     
  18. Theblueraja

    Theblueraja Network Guru Member

    Continued

    Code:
    Aug  5 06:42:49 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=9 
    Aug  5 06:42:49 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=9 
    Aug  5 06:42:49 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=9 
    Aug  5 06:42:50 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=10 
    Aug  5 06:42:50 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=10 
    Aug  5 06:42:50 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=10 
    Aug  5 06:42:50 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=10 
    Aug  5 06:42:50 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=10 
    Aug  5 06:42:50 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=10 
    Aug  5 06:42:51 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=11 
    Aug  5 06:42:51 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=11 
    Aug  5 06:42:51 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=11 
    Aug  5 06:42:51 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=11 
    Aug  5 06:42:51 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=11 
    Aug  5 06:42:51 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=11 
    Aug  5 06:42:52 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=12 
    Aug  5 06:42:52 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=12 
    Aug  5 06:42:52 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=12 
    Aug  5 06:42:52 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=12 
    Aug  5 06:42:52 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=12 
    Aug  5 06:42:52 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=12 
    Aug  5 06:42:53 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=13 
    Aug  5 06:42:53 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=13 
    Aug  5 06:42:53 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=13 
    Aug  5 06:42:53 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=13 
    Aug  5 06:42:53 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=13 
    Aug  5 06:42:53 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=13 
    Aug  5 06:42:53 BuffaloNet1 daemon.notice openvpn[910]: [ovpn059] Inactivity timeout (--ping-restart), restarting
    Aug  5 06:42:53 BuffaloNet1 daemon.notice openvpn[910]: TCP/UDP: Closing socket
    Aug  5 06:42:53 BuffaloNet1 daemon.notice openvpn[910]: SIGUSR1[soft,ping-restart] received, process restarting
    Aug  5 06:42:53 BuffaloNet1 daemon.notice openvpn[910]: Restart pause, 2 second(s)
    Aug  5 06:42:54 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=14 
    Aug  5 06:42:54 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=14 
    Aug  5 06:42:54 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=14 
    Aug  5 06:42:54 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=14 
    Aug  5 06:42:54 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=14 
    Aug  5 06:42:54 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=14 
    Aug  5 06:42:55 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=15 
    Aug  5 06:42:55 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=15 
    Aug  5 06:42:55 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=15 
    Aug  5 06:42:55 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=15 
    Aug  5 06:42:55 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=15 
    Aug  5 06:42:55 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=15 
    Aug  5 06:42:55 BuffaloNet1 daemon.warn openvpn[910]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Aug  5 06:42:55 BuffaloNet1 daemon.warn openvpn[910]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Aug  5 06:42:55 BuffaloNet1 daemon.notice openvpn[910]: Re-using SSL/TLS context
    Aug  5 06:42:55 BuffaloNet1 daemon.notice openvpn[910]: LZO compression initialized
    Aug  5 06:42:55 BuffaloNet1 daemon.notice openvpn[910]: Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Aug  5 06:42:55 BuffaloNet1 daemon.notice openvpn[910]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Aug  5 06:42:55 BuffaloNet1 daemon.notice openvpn[910]: Socket Buffers: R=[32767->65534] S=[32767->65534]
    Aug  5 06:42:55 BuffaloNet1 daemon.notice openvpn[910]: UDPv4 link local: [undef]
    Aug  5 06:42:55 BuffaloNet1 daemon.notice openvpn[910]: UDPv4 link remote: 68.68.XX.XX:XXXX
    Aug  5 06:42:55 BuffaloNet1 daemon.notice openvpn[910]: TLS: Initial packet from 68.68.XX.XX:XXXX, sid=473573dc 01b79873
    Aug  5 06:42:56 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=16 
    Aug  5 06:42:56 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=16 
    Aug  5 06:42:56 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=16 
    Aug  5 06:42:56 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=16 
    Aug  5 06:42:56 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=16 
    Aug  5 06:42:56 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=16 
    Aug  5 06:42:56 BuffaloNet1 daemon.notice openvpn[910]: VERIFY OK: depth=1, /C=US/ST=NA/L=San-Francisco/O=oakweb.com/CN=ovpn059/Email=techies@reliablehosting.com
    Aug  5 06:42:56 BuffaloNet1 daemon.notice openvpn[910]: VERIFY OK: depth=0, /C=US/ST=NA/O=oakweb.com/CN=ovpn059/Email=techies@reliablehosting.com
    Aug  5 06:42:57 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=17 
    Aug  5 06:42:57 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=17 
    Aug  5 06:42:57 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=17 
    Aug  5 06:42:57 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=17 
    Aug  5 06:42:57 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=17 
    Aug  5 06:42:57 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=17 
    Aug  5 06:42:58 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=18 
    Aug  5 06:42:58 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=18 
    Aug  5 06:42:58 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=18 
    Aug  5 06:42:58 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=18 
    Aug  5 06:42:58 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=18 
    Aug  5 06:42:58 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=18 
    Aug  5 06:42:59 BuffaloNet1 daemon.notice openvpn[910]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Aug  5 06:42:59 BuffaloNet1 daemon.notice openvpn[910]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug  5 06:42:59 BuffaloNet1 daemon.notice openvpn[910]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Aug  5 06:42:59 BuffaloNet1 daemon.notice openvpn[910]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug  5 06:42:59 BuffaloNet1 daemon.notice openvpn[910]: Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Aug  5 06:42:59 BuffaloNet1 daemon.notice openvpn[910]: [ovpn059] Peer Connection Initiated with 68.68.XX.XX:XXXX
    Aug  5 06:42:59 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=19 
    Aug  5 06:42:59 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=19 
    Aug  5 06:42:59 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=19 
    Aug  5 06:42:59 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=19 
    Aug  5 06:42:59 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=19 
    Aug  5 06:42:59 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=19 
    Aug  5 06:43:00 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=20 
    Aug  5 06:43:00 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=20 
    Aug  5 06:43:00 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=20 
    Aug  5 06:43:00 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=20 
    Aug  5 06:43:00 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=20 
    Aug  5 06:43:00 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=20 
    Aug  5 06:43:00 BuffaloNet1 daemon.notice openvpn[910]: SENT CONTROL [ovpn059]: 'PUSH_REQUEST' (status=1)
    Aug  5 06:43:00 BuffaloNet1 daemon.notice openvpn[910]: PUSH: Received control message: 'PUSH_REPLY,route-delay 2,dhcp-option DNS 216.131.95.20,dhcp-option DNS 216.131.94.5,route-metric 1,redirect-gateway def1,route 10.8.1.217,topology net30,ping 10,ping-restart 60,ifconfig 10
    Aug  5 06:43:00 BuffaloNet1 daemon.notice openvpn[910]: OPTIONS IMPORT: timers and/or timeouts modified
    Aug  5 06:43:00 BuffaloNet1 daemon.notice openvpn[910]: OPTIONS IMPORT: --ifconfig/up options modified
    Aug  5 06:43:00 BuffaloNet1 daemon.notice openvpn[910]: OPTIONS IMPORT: route options modified
    Aug  5 06:43:00 BuffaloNet1 daemon.notice openvpn[910]: OPTIONS IMPORT: route-related options modified
    Aug  5 06:43:00 BuffaloNet1 daemon.notice openvpn[910]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Aug  5 06:43:00 BuffaloNet1 daemon.notice openvpn[910]: Preserving previous TUN/TAP instance: tun11
    Aug  5 06:43:00 BuffaloNet1 daemon.notice openvpn[910]: Initialization Sequence Completed
    Aug  5 06:43:01 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=21 
    Aug  5 06:43:01 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=21 
    Aug  5 06:43:01 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=21 
    Aug  5 06:43:01 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=21 
    Aug  5 06:43:01 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=21 
    Aug  5 06:43:01 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=21 
    Aug  5 06:43:02 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=22 
    Aug  5 06:43:02 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=22 
    Aug  5 06:43:02 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=22 
    Aug  5 06:43:02 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=22 
    Aug  5 06:43:02 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=22 
    Aug  5 06:43:02 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=22 
    Aug  5 06:43:03 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=23 
    Aug  5 06:43:03 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=23 
    Aug  5 06:43:03 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=23 
    Aug  5 06:43:03 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=23 
    Aug  5 06:43:03 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=23 
    Aug  5 06:43:03 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=23 
    Aug  5 06:43:04 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=24 
    Aug  5 06:43:04 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=24 
    Aug  5 06:43:04 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=24 
    Aug  5 06:43:04 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=24 
    Aug  5 06:43:04 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=24 
    Aug  5 06:43:04 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=24 
    Aug  5 06:43:05 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=25 
    Aug  5 06:43:05 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=25 
    Aug  5 06:43:05 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=25 
    Aug  5 06:43:05 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=25 
    Aug  5 06:43:05 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=25 
    Aug  5 06:43:05 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=25 
    Aug  5 06:43:06 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=26 
    Aug  5 06:43:06 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=26 
    Aug  5 06:43:06 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=26 
    Aug  5 06:43:06 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=26 
    Aug  5 06:43:06 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=42499 SEQ=26 
    
     
  19. Theblueraja

    Theblueraja Network Guru Member

    Thanks will try this later as i need to head to work.
     
  20. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Those logs look just how I would expect them to. Was the ping working? Did the masquerade count go up? If not, please provide the output of
    Code:
    iptables -t nat -nvL
     
  21. Theblueraja

    Theblueraja Network Guru Member

    Hi,
    The ping did not work, however i dont have access to the router for around another 2 hours, i will post the output of the command then.

    This is weird though - if everything looks right then it must be something we've overlooked?
     
  22. Theblueraja

    Theblueraja Network Guru Member

    Ok, as mentioned the ping does not succeed, also MASQUARADE does not increase.

    The first part of the log is below for THIS test.

    Code:
    Aug  5 16:41:32 BuffaloNet1 daemon.notice openvpn[1057]: OpenVPN 2.1_rc15 mipsel-unknown-linux-gnu [SSL] [LZO2] built on May 31 2009
    Aug  5 16:41:32 BuffaloNet1 daemon.warn openvpn[1057]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Aug  5 16:41:32 BuffaloNet1 daemon.warn openvpn[1057]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Aug  5 16:41:32 BuffaloNet1 daemon.notice openvpn[1057]: Control Channel Authentication: using 'static.key' as a OpenVPN static key file
    Aug  5 16:41:32 BuffaloNet1 daemon.notice openvpn[1057]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug  5 16:41:32 BuffaloNet1 daemon.notice openvpn[1057]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug  5 16:41:32 BuffaloNet1 daemon.notice openvpn[1057]: LZO compression initialized
    Aug  5 16:41:32 BuffaloNet1 daemon.notice openvpn[1057]: Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Aug  5 16:41:32 BuffaloNet1 daemon.notice openvpn[1057]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Aug  5 16:41:32 BuffaloNet1 daemon.notice openvpn[1061]: Socket Buffers: R=[32767->65534] S=[32767->65534]
    Aug  5 16:41:32 BuffaloNet1 daemon.notice openvpn[1061]: UDPv4 link local: [undef]
    Aug  5 16:41:32 BuffaloNet1 daemon.notice openvpn[1061]: UDPv4 link remote: 68.68.XX.XX:XXXX
    Aug  5 16:41:33 BuffaloNet1 daemon.notice openvpn[1061]: TLS: Initial packet from 68.68.XX.XX:XXXX, sid=9522b892 2213c458
    Aug  5 16:41:33 BuffaloNet1 daemon.notice openvpn[1061]: VERIFY OK: depth=1, /C=US/ST=NA/L=San-Francisco/O=oakweb.com/CN=ovpn059/Email=techies@reliablehosting.com
    Aug  5 16:41:33 BuffaloNet1 daemon.notice openvpn[1061]: VERIFY OK: depth=0, /C=US/ST=NA/O=oakweb.com/CN=ovpn059/Email=techies@reliablehosting.com
    Aug  5 16:41:36 BuffaloNet1 daemon.err openvpn[1061]: event_wait : Interrupted system call (code=4)
    Aug  5 16:41:36 BuffaloNet1 daemon.notice openvpn[1061]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Aug  5 16:41:36 BuffaloNet1 daemon.notice openvpn[1061]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug  5 16:41:36 BuffaloNet1 daemon.notice openvpn[1061]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Aug  5 16:41:36 BuffaloNet1 daemon.notice openvpn[1061]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug  5 16:41:36 BuffaloNet1 daemon.notice openvpn[1061]: Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Aug  5 16:41:36 BuffaloNet1 daemon.notice openvpn[1061]: [ovpn059] Peer Connection Initiated with 68.68.XX.XX:XXXX
    Aug  5 16:41:38 BuffaloNet1 daemon.notice openvpn[1061]: SENT CONTROL [ovpn059]: 'PUSH_REQUEST' (status=1)
    Aug  5 16:41:38 BuffaloNet1 daemon.notice openvpn[1061]: PUSH: Received control message: 'PUSH_REPLY,route-delay 2,dhcp-option DNS 216.131.95.20,dhcp-option DNS 216.131.94.5,route-metric 1,redirect-gateway def1,route 10.8.1.217,topology net30,ping 10,ping-restart 60,ifconfig 1
    Aug  5 16:41:38 BuffaloNet1 daemon.notice openvpn[1061]: OPTIONS IMPORT: timers and/or timeouts modified
    Aug  5 16:41:38 BuffaloNet1 daemon.notice openvpn[1061]: OPTIONS IMPORT: --ifconfig/up options modified
    Aug  5 16:41:38 BuffaloNet1 daemon.notice openvpn[1061]: OPTIONS IMPORT: route options modified
    Aug  5 16:41:38 BuffaloNet1 daemon.notice openvpn[1061]: OPTIONS IMPORT: route-related options modified
    Aug  5 16:41:38 BuffaloNet1 daemon.notice openvpn[1061]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Aug  5 16:41:38 BuffaloNet1 daemon.notice openvpn[1061]: TUN/TAP device tun11 opened
    Aug  5 16:41:38 BuffaloNet1 daemon.notice openvpn[1061]: TUN/TAP TX queue length set to 100
    Aug  5 16:41:38 BuffaloNet1 daemon.notice openvpn[1061]: /sbin/ifconfig tun11 10.8.1.222 pointopoint 10.8.1.221 mtu 1500
    Aug  5 16:41:40 BuffaloNet1 daemon.notice openvpn[1061]: /sbin/route add -net 68.68.XX.XX netmask 255.255.255.255 gw 87.87.XX.XX
    Aug  5 16:41:40 BuffaloNet1 daemon.notice openvpn[1061]: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.1.221
    Aug  5 16:41:40 BuffaloNet1 daemon.notice openvpn[1061]: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.1.221
    Aug  5 16:41:40 BuffaloNet1 daemon.notice openvpn[1061]: /sbin/route add -net 10.8.1.217 netmask 255.255.255.255 gw 10.8.1.221 metric 1
    Aug  5 16:41:40 BuffaloNet1 daemon.notice openvpn[1061]: Initialization Sequence Completed
    Aug  5 16:41:56 BuffaloNet1 daemon.err openvpn[1061]: event_wait : Interrupted system call (code=4)
    Aug  5 16:42:04 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=0 
    Aug  5 16:42:04 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=0 
    Aug  5 16:42:04 BuffaloNet1 user.warn kernel: NO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=0 
    Aug  5 16:42:04 BuffaloNet1 user.warn kernel: NO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=0 
    Aug  5 16:42:04 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=0 
    Aug  5 16:42:04 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=0 
    Aug  5 16:42:04 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=0 
    Aug  5 16:42:04 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=0 
    Aug  5 16:42:04 BuffaloNet1 user.warn kernel: NP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=0 
    Aug  5 16:42:04 BuffaloNet1 user.warn kernel: NP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=0 
    Aug  5 16:42:04 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=0 
    Aug  5 16:42:05 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=1 
    Aug  5 16:42:05 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=1 
    Aug  5 16:42:05 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=1 
    Aug  5 16:42:05 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=1 
    Aug  5 16:42:05 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=1 
    Aug  5 16:42:05 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=1 
    Aug  5 16:42:06 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=2 
    Aug  5 16:42:06 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=2 
    Aug  5 16:42:06 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=2 
    Aug  5 16:42:06 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=2 
    Aug  5 16:42:06 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=2 
    Aug  5 16:42:06 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=2 
    Aug  5 16:42:07 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=3 
    Aug  5 16:42:07 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=3 
    Aug  5 16:42:07 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=3 
    Aug  5 16:42:07 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=3 
    Aug  5 16:42:07 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=3 
    Aug  5 16:42:07 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=3 
    Aug  5 16:42:08 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=4 
    Aug  5 16:42:08 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=4 
    Aug  5 16:42:08 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=4 
    Aug  5 16:42:08 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=4 
    Aug  5 16:42:08 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=4 
    Aug  5 16:42:08 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=4 
    Aug  5 16:42:09 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=5 
    Aug  5 16:42:09 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=5 
    Aug  5 16:42:09 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=5 
    Aug  5 16:42:09 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=5 
    Aug  5 16:42:09 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=5 
    Aug  5 16:42:09 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=13828 SEQ=5 
    Aug  5 16:42:20 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX7 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=9201 DPT=53 LEN=50 
    Aug  5 16:42:21 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX9 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=9201 DPT=53 LEN=50 
    Aug  5 16:42:32 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX7 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=58246 DPT=53 LEN=50 
    Aug  5 16:42:32 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX9 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=58246 DPT=53 LEN=50 
    Aug  5 16:42:34 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX7 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=9138 DPT=53 LEN=42 
    Aug  5 16:42:34 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX9 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=9138 DPT=53 LEN=42 
    Aug  5 16:42:38 BuffaloNet1 daemon.notice openvpn[1061]: [ovpn059] Inactivity timeout (--ping-restart), restarting
    Aug  5 16:42:38 BuffaloNet1 daemon.notice openvpn[1061]: TCP/UDP: Closing socket
    Aug  5 16:42:38 BuffaloNet1 daemon.notice openvpn[1061]: SIGUSR1[soft,ping-restart] received, process restarting
    Aug  5 16:42:38 BuffaloNet1 daemon.notice openvpn[1061]: Restart pause, 2 second(s)
    Aug  5 16:42:40 BuffaloNet1 daemon.warn openvpn[1061]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Aug  5 16:42:40 BuffaloNet1 daemon.warn openvpn[1061]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Aug  5 16:42:40 BuffaloNet1 daemon.notice openvpn[1061]: Re-using SSL/TLS context
    Aug  5 16:42:40 BuffaloNet1 daemon.notice openvpn[1061]: LZO compression initialized
    Aug  5 16:42:40 BuffaloNet1 daemon.notice openvpn[1061]: Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Aug  5 16:42:40 BuffaloNet1 daemon.notice openvpn[1061]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Aug  5 16:42:40 BuffaloNet1 daemon.notice openvpn[1061]: Socket Buffers: R=[32767->65534] S=[32767->65534]
    Aug  5 16:42:40 BuffaloNet1 daemon.notice openvpn[1061]: UDPv4 link local: [undef]
    Aug  5 16:42:40 BuffaloNet1 daemon.notice openvpn[1061]: UDPv4 link remote: 68.68.XX.XX:XXXX
    Aug  5 16:42:40 BuffaloNet1 daemon.notice openvpn[1061]: TLS: Initial packet from 68.68.XX.XX:XXXX, sid=719dffa1 086e0dc4
    Aug  5 16:42:41 BuffaloNet1 daemon.notice openvpn[1061]: VERIFY OK: depth=1, /C=US/ST=NA/L=San-Francisco/O=oakweb.com/CN=ovpn059/Email=techies@reliablehosting.com
    Aug  5 16:42:41 BuffaloNet1 daemon.notice openvpn[1061]: VERIFY OK: depth=0, /C=US/ST=NA/O=oakweb.com/CN=ovpn059/Email=techies@reliablehosting.com
    Aug  5 16:42:44 BuffaloNet1 daemon.notice openvpn[1061]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Aug  5 16:42:44 BuffaloNet1 daemon.notice openvpn[1061]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug  5 16:42:44 BuffaloNet1 daemon.notice openvpn[1061]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Aug  5 16:42:44 BuffaloNet1 daemon.notice openvpn[1061]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug  5 16:42:44 BuffaloNet1 daemon.notice openvpn[1061]: Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Aug  5 16:42:44 BuffaloNet1 daemon.notice openvpn[1061]: [ovpn059] Peer Connection Initiated with 68.68.XX.XX:XXXX
    Aug  5 16:42:45 BuffaloNet1 daemon.notice openvpn[1061]: SENT CONTROL [ovpn059]: 'PUSH_REQUEST' (status=1)
    Aug  5 16:42:46 BuffaloNet1 daemon.notice openvpn[1061]: PUSH: Received control message: 'PUSH_REPLY,route-delay 2,dhcp-option DNS 216.131.95.20,dhcp-option DNS 216.131.94.5,route-metric 1,redirect-gateway def1,route 10.8.1.217,topology net30,ping 10,ping-restart 60,ifconfig 1
    Aug  5 16:42:46 BuffaloNet1 daemon.notice openvpn[1061]: OPTIONS IMPORT: timers and/or timeouts modified
    Aug  5 16:42:46 BuffaloNet1 daemon.notice openvpn[1061]: OPTIONS IMPORT: --ifconfig/up options modified
    Aug  5 16:42:46 BuffaloNet1 daemon.notice openvpn[1061]: OPTIONS IMPORT: route options modified
    Aug  5 16:42:46 BuffaloNet1 daemon.notice openvpn[1061]: OPTIONS IMPORT: route-related options modified
    Aug  5 16:42:46 BuffaloNet1 daemon.notice openvpn[1061]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Aug  5 16:42:46 BuffaloNet1 daemon.notice openvpn[1061]: Preserving previous TUN/TAP instance: tun11
    Aug  5 16:42:46 BuffaloNet1 daemon.notice openvpn[1061]: Initialization Sequence Completed
    Aug  5 16:42:54 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX7 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=18945 DPT=53 LEN=42 
    Aug  5 16:42:54 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX9 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=18945 DPT=53 LEN=42 
    Aug  5 16:43:06 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX7 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=61351 DPT=53 LEN=42 
    Aug  5 16:43:06 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX9 LEN=62 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=61351 DPT=53 LEN=42 
    Aug  5 16:43:10 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX7 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=10657 DPT=53 LEN=51 
    Aug  5 16:43:10 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX9 LEN=71 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=10657 DPT=53 LEN=51 
    Aug  5 16:43:15 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX7 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=22659 DPT=53 LEN=50 
    Aug  5 16:43:15 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX9 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=22659 DPT=53 LEN=50 
    Aug  5 16:43:23 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX7 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=16852 DPT=53 LEN=43 
    Aug  5 16:43:23 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX9 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=16852 DPT=53 LEN=43 
    Aug  5 16:43:27 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX7 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=57800 DPT=53 LEN=50 
    Aug  5 16:43:27 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX9 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=57800 DPT=53 LEN=50 
    Aug  5 16:43:35 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX7 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=23922 DPT=53 LEN=43 
    Aug  5 16:43:35 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX9 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=23922 DPT=53 LEN=43 
    
     
  23. Theblueraja

    Theblueraja Network Guru Member

    The rest of the log:-

    Code:
    Aug  5 16:43:37 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=0 
    Aug  5 16:43:37 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=0 
    Aug  5 16:43:37 BuffaloNet1 user.warn kernel: NO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=0 
    Aug  5 16:43:37 BuffaloNet1 user.warn kernel: NO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=0 
    Aug  5 16:43:37 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=0 
    Aug  5 16:43:37 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=0 
    Aug  5 16:43:37 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=0 
    Aug  5 16:43:37 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=0 
    Aug  5 16:43:37 BuffaloNet1 user.warn kernel: NP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=0 
    Aug  5 16:43:37 BuffaloNet1 user.warn kernel: NP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=0 
    Aug  5 16:43:37 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=0 
    Aug  5 16:43:38 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=1 
    Aug  5 16:43:38 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=1 
    Aug  5 16:43:38 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=1 
    Aug  5 16:43:38 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=1 
    Aug  5 16:43:38 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=1 
    Aug  5 16:43:38 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=1 
    Aug  5 16:43:39 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=2 
    Aug  5 16:43:39 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=2 
    Aug  5 16:43:39 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=2 
    Aug  5 16:43:39 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=2 
    Aug  5 16:43:39 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=2 
    Aug  5 16:43:39 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=2 
    Aug  5 16:43:40 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX7 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=13248 DPT=53 LEN=50 
    Aug  5 16:43:40 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX9 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=13248 DPT=53 LEN=50 
    Aug  5 16:43:40 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=3 
    Aug  5 16:43:40 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=3 
    Aug  5 16:43:40 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=3 
    Aug  5 16:43:40 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=3 
    Aug  5 16:43:40 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=3 
    Aug  5 16:43:40 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=3 
    Aug  5 16:43:41 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=4 
    Aug  5 16:43:41 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=4 
    Aug  5 16:43:41 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=4 
    Aug  5 16:43:41 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=4 
    Aug  5 16:43:41 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=4 
    Aug  5 16:43:41 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=4 
    Aug  5 16:43:42 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=5 
    Aug  5 16:43:42 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=5 
    Aug  5 16:43:42 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=5 
    Aug  5 16:43:42 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=5 
    Aug  5 16:43:42 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=5 
    Aug  5 16:43:42 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=5 
    Aug  5 16:43:43 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=6 
    Aug  5 16:43:43 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=6 
    Aug  5 16:43:43 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=6 
    Aug  5 16:43:43 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=6 
    Aug  5 16:43:43 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=6 
    Aug  5 16:43:43 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=6 
    Aug  5 16:43:44 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=7 
    Aug  5 16:43:44 BuffaloNet1 user.warn kernel: MO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=7 
    Aug  5 16:43:44 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=7 
    Aug  5 16:43:44 BuffaloNet1 user.warn kernel: FO IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=7 
    Aug  5 16:43:44 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=7 
    Aug  5 16:43:44 BuffaloNet1 user.warn kernel: MP IN= OUT=tun11 SRC=10.8.1.222 DST=209.85.225.147 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=16388 SEQ=7 
    Aug  5 16:43:46 BuffaloNet1 daemon.notice openvpn[1061]: [ovpn059] Inactivity timeout (--ping-restart), restarting
    Aug  5 16:43:46 BuffaloNet1 daemon.notice openvpn[1061]: TCP/UDP: Closing socket
    Aug  5 16:43:46 BuffaloNet1 daemon.notice openvpn[1061]: SIGUSR1[soft,ping-restart] received, process restarting
    Aug  5 16:43:46 BuffaloNet1 daemon.notice openvpn[1061]: Restart pause, 2 second(s)
    Aug  5 16:43:47 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX7 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=34344 DPT=53 LEN=43 
    Aug  5 16:43:47 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX9 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=34344 DPT=53 LEN=43 
    Aug  5 16:43:48 BuffaloNet1 daemon.warn openvpn[1061]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    Aug  5 16:43:48 BuffaloNet1 daemon.warn openvpn[1061]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
    Aug  5 16:43:48 BuffaloNet1 daemon.notice openvpn[1061]: Re-using SSL/TLS context
    Aug  5 16:43:48 BuffaloNet1 daemon.notice openvpn[1061]: LZO compression initialized
    Aug  5 16:43:48 BuffaloNet1 daemon.notice openvpn[1061]: Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
    Aug  5 16:43:48 BuffaloNet1 daemon.notice openvpn[1061]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Aug  5 16:43:48 BuffaloNet1 daemon.notice openvpn[1061]: Socket Buffers: R=[32767->65534] S=[32767->65534]
    Aug  5 16:43:48 BuffaloNet1 daemon.notice openvpn[1061]: UDPv4 link local: [undef]
    Aug  5 16:43:48 BuffaloNet1 daemon.notice openvpn[1061]: UDPv4 link remote: 68.68.XX.XX:XXXX
    Aug  5 16:43:48 BuffaloNet1 daemon.notice openvpn[1061]: TLS: Initial packet from 68.68.XX.XX:XXXX, sid=cc68183b 2da98a6a
    Aug  5 16:43:49 BuffaloNet1 daemon.notice openvpn[1061]: VERIFY OK: depth=1, /C=US/ST=NA/L=San-Francisco/O=oakweb.com/CN=ovpn059/Email=techies@reliablehosting.com
    Aug  5 16:43:49 BuffaloNet1 daemon.notice openvpn[1061]: VERIFY OK: depth=0, /C=US/ST=NA/O=oakweb.com/CN=ovpn059/Email=techies@reliablehosting.com
    Aug  5 16:43:52 BuffaloNet1 daemon.notice openvpn[1061]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Aug  5 16:43:52 BuffaloNet1 daemon.notice openvpn[1061]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug  5 16:43:52 BuffaloNet1 daemon.notice openvpn[1061]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Aug  5 16:43:52 BuffaloNet1 daemon.notice openvpn[1061]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug  5 16:43:52 BuffaloNet1 daemon.notice openvpn[1061]: Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 1024 bit RSA
    Aug  5 16:43:52 BuffaloNet1 daemon.notice openvpn[1061]: [ovpn059] Peer Connection Initiated with 68.68.XX.XX:XXXX
    Aug  5 16:43:52 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX7 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=63388 DPT=53 LEN=50 
    Aug  5 16:43:52 BuffaloNet1 user.warn kernel: Tunneling IN= OUT=tun11 SRC=10.8.1.222 DST=90.207.XX.XX9 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=63388 DPT=53 LEN=50 
    Aug  5 16:43:53 BuffaloNet1 daemon.notice openvpn[1061]: SENT CONTROL [ovpn059]: 'PUSH_REQUEST' (status=1)
    Aug  5 16:43:54 BuffaloNet1 daemon.notice openvpn[1061]: PUSH: Received control message: 'PUSH_REPLY,route-delay 2,dhcp-option DNS 216.131.95.20,dhcp-option DNS 216.131.94.5,route-metric 1,redirect-gateway def1,route 10.8.1.217,topology net30,ping 10,ping-restart 60,ifconfig 1
    Aug  5 16:43:54 BuffaloNet1 daemon.notice openvpn[1061]: OPTIONS IMPORT: timers and/or timeouts modified
    Aug  5 16:43:54 BuffaloNet1 daemon.notice openvpn[1061]: OPTIONS IMPORT: --ifconfig/up options modified
    Aug  5 16:43:54 BuffaloNet1 daemon.notice openvpn[1061]: OPTIONS IMPORT: route options modified
    Aug  5 16:43:54 BuffaloNet1 daemon.notice openvpn[1061]: OPTIONS IMPORT: route-related options modified
    Aug  5 16:43:54 BuffaloNet1 daemon.notice openvpn[1061]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Aug  5 16:43:54 BuffaloNet1 daemon.notice openvpn[1061]: Preserving previous TUN/TAP instance: tun11
    Aug  5 16:43:54 BuffaloNet1 daemon.notice openvpn[1061]: Initialization Sequence Complet
    
    AND the output to the ping command and IP Tables

    Code:
    # ping 209.85.225.147
    PING 209.85.225.147 (209.85.225.147): 56 data bytes
    
    --- 209.85.225.147 ping statistics ---
    8 packets transmitted, 0 packets received, 100% packet loss
    
    # iptables -t nat -nvL
    Chain PREROUTING (policy ACCEPT 2477 packets, 179K bytes)
     pkts bytes target     prot opt in     out     source               destination
    
        0     0 DROP       0    --  ppp+   *       0.0.0.0/0            192.168.0.0/
    24
        0     0 DNAT       icmp --  *      *       0.0.0.0/0            90.199.XX.XX
    7       to:192.168.0.1
      297 19753 upnp       0    --  *      *       0.0.0.0/0            90.199.XX.XX
    7
    
    Chain POSTROUTING (policy ACCEPT 2346 packets, 662K bytes)
     pkts bytes target     prot opt in     out     source               destination
    
        2   104 MASQUERADE  0    --  *      tun11   192.168.0.0/24       0.0.0.0/0
    
        3   252 LOG        0    --  *      *       0.0.0.0/0            209.85.225.1
    47      LOG flags 0 level 4 prefix `NP '
        3   252 LOG        0    --  *      *       0.0.0.0/0            209.85.225.1
    47      LOG flags 0 level 4 prefix `NP '
       33  2226 LOG        0    --  *      tun11   0.0.0.0/0            0.0.0.0/0
            LOG flags 0 level 4 prefix `Tunneling '
      621 36537 MASQUERADE  0    --  *      ppp+    0.0.0.0/0            0.0.0.0/0
    
    
    Chain OUTPUT (policy ACCEPT 2700 packets, 685K bytes)
     pkts bytes target     prot opt in     out     source               destination
    
        3   252 LOG        0    --  *      *       0.0.0.0/0            209.85.225.1
    47      LOG flags 0 level 4 prefix `NO '
        3   252 LOG        0    --  *      *       0.0.0.0/0            209.85.225.1
    47      LOG flags 0 level 4 prefix `NO '
    
    Chain upnp (1 references)
     pkts bytes target     prot opt in     out     source               destination
    
    #
    Couple of questions for you-

    Why is it that the only thing i can ping with the tunnel up is the Gateway, why cant i ping either end of the tunnel if its up, i.e. 10.8.1.X?

    And why is ther NEVER any TUN/TAP write bytes when eveything else is incrementing?

    TUN/TAP read bytes 840
    TUN/TAP write bytes 0
    TCP/UDP read bytes 5622
    TCP/UDP write bytes 5727
     
  24. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    The answer to both of those is likely the same, and is what we need to figure out.

    I'm thinking it has to be some sort of firewall problem.

    Here's a bit more of an exhaustive test:
    Code:
    <connect to VPN service>
    service firewall restart
    iptables -t mangle -I PREROUTING -d 209.85.225.147 -j LOG --log-prefix "MPREO "
    iptables -t mangle -I PREROUTING -s 209.85.255.147 -j LOG --log-prefix "MPREI "
    iptables -t nat -I PREROUTING -d 209.85.225.147 -j LOG --log-prefix "NPREO "
    iptables -t nat -I PREROUTING -s 209.85.255.147 -j LOG --log-prefix "NPREI "
    iptables -t mangle -I FORWARD -d 209.85.225.147 -j LOG --log-prefix "MFORO "
    iptables -t mangle -I FORWARD -s 209.85.255.147 -j LOG --log-prefix "MFORI "
    iptables -t filter -I FORWARD -d 209.85.225.147 -j LOG --log-prefix "FFORO "
    iptables -t filter -I FORWARD -s 209.85.255.147 -j LOG --log-prefix "FFORI "
    iptables -t mangle -I POSTROUTING -d 209.85.225.147 -j LOG --log-prefix "MPOSTO "
    iptables -t mangle -I POSTROUTING -s 209.85.255.147 -j LOG --log-prefix "MPOSTI "
    iptables -t nat -I POSTROUTING -d 209.85.225.147 -j LOG --log-prefix "NPOSTO "
    iptables -t nat -I POSTROUTING -s 209.85.255.147 -j LOG --log-prefix "NPOSTI "
    <ping 209.85.255.147 from a LAN computer>
    iptables -t mangle -nvL
    iptables -t nat -nvL
    iptables -t filter -nvL
    
    This will allow us to watch your pings and the responses traverse every firewall chain in your syslogs. The output of the last three commands will also show us what's going on.
     
  25. Theblueraja

    Theblueraja Network Guru Member

    Code:
    #iptables -t mangle -nvL
    Chain PREROUTING (policy ACCEPT 627 packets, 94449 bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        0    --  *      *       209.85.255.147       0.0.0.0/0           LOG flags 0 level 4 prefix `MPREI '
        0     0 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `MPREO '
    
    Chain INPUT (policy ACCEPT 10969 packets, 1810K bytes)
     pkts bytes target     prot opt in     out     source               destination 
    
    Chain FORWARD (policy ACCEPT 5099 packets, 2716K bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        0    --  *      *       209.85.255.147       0.0.0.0/0           LOG flags 0 level 4 prefix `MFORI '
        0     0 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `MFORO '
    
    Chain OUTPUT (policy ACCEPT 752 packets, 157K bytes)
     pkts bytes target     prot opt in     out     source               destination 
    
    Chain POSTROUTING (policy ACCEPT 20724 packets, 6598K bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        0    --  *      *       209.85.255.147       0.0.0.0/0           LOG flags 0 level 4 prefix `MPOSTI '
        0     0 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `MPOSTO '
    # iptables -t nat -nvL
    Chain PREROUTING (policy ACCEPT 70 packets, 3640 bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        0    --  *      *       209.85.255.147       0.0.0.0/0           LOG flags 0 level 4 prefix `NPREI '
        0     0 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `NPREO '
        0     0 DROP       0    --  ppp+   *       0.0.0.0/0            192.168.0.0/24
        0     0 DNAT       icmp --  *      *       0.0.0.0/0            90.203.XX.XX      to:192.168.0.1
        0     0 upnp       0    --  *      *       0.0.0.0/0            90.203.XX.XX
    
    Chain POSTROUTING (policy ACCEPT 2 packets, 576 bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        0    --  *      *       209.85.255.147       0.0.0.0/0           LOG flags 0 level 4 prefix `NPOSTI '
        0     0 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `NPOSTO '
        4   216 MASQUERADE  0    --  *      tun11   192.168.0.0/24       0.0.0.0/0  
        0     0 MASQUERADE  0    --  *      ppp+    0.0.0.0/0            0.0.0.0/0  
    
    Chain OUTPUT (policy ACCEPT 2 packets, 576 bytes)
     pkts bytes target     prot opt in     out     source               destination 
    
    Chain upnp (1 references)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 DNAT       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:58222 to:192.168.0.2:58222
    # iptables -t filter -nvL
    Chain INPUT (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 ACCEPT     0    --  tun11  *       0.0.0.0/0            0.0.0.0/0   
        0     0 DROP       0    --  br0    *       0.0.0.0/0            90.203.XX.XX
        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
      566 95633 ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
       85  7423 ACCEPT     0    --  br0    *       0.0.0.0/0            0.0.0.0/0   
        0     0 ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0   
    
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        0    --  *      *       209.85.255.147       0.0.0.0/0           LOG flags 0 level 4 prefix `FFORI '
        0     0 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `FFORO '
        0     0 ACCEPT     0    --  tun11  *       0.0.0.0/0            0.0.0.0/0   
        0     0 ACCEPT     0    --  br0    br0     0.0.0.0/0            0.0.0.0/0   
        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
        9   456 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 tcpmss match 1453:65535 TCPMSS set 1452
        6   534 ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
        0     0 wanin      0    --  ppp+   *       0.0.0.0/0            0.0.0.0/0   
        0     0 wanout     0    --  *      ppp+    0.0.0.0/0            0.0.0.0/0   
       13   696 ACCEPT     0    --  br0    *       0.0.0.0/0            0.0.0.0/0   
        0     0 upnp       0    --  ppp+   *       0.0.0.0/0            0.0.0.0/0   
    
    Chain OUTPUT (policy ACCEPT 812 packets, 172K bytes)
     pkts bytes target     prot opt in     out     source               destination 
    
    Chain upnp (1 references)
     pkts bytes target     prot opt in     out     source               destination 
    
    Chain wanin (1 references)
     pkts bytes target     prot opt in     out     source               destination 
    
    Chain wanout (1 references)
     pkts bytes target     prot opt in     out     source               destination
    
    Fingers crossed.
     
  26. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    And you pinged 209.85.255.147 from a LAN computer between the LOG and -nvL iptables steps? There doesn't appear to even be any attempted traffic to/from that address...
    Did anything show up in your syslog?
     
  27. Theblueraja

    Theblueraja Network Guru Member

    Right, this is weird, i dont get anthing in the syslog or via running all those commands after pinging from my PC to the IP address you gave.

    I have went throguh this a few times to be sure.

    I also disabled my firewall just in case, even though pings to news.bbc.co.uk work when the vpn is off.

    Yet nothing shows for that IP in either the syslog or those commands.

    What could cause that?

    EDIT - Im noticing that even with the VPN off those values dont increment (should it?) if i ping that IP and i still cannot ping that IP, pings to news.bbc.co.uk and its resolved IP of 212.58.226.140 do work however (with VPN off).
     
  28. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Whoops. A typo on my part. :blush: It was supposed to be 209.85.225.147 everywhere. I accidentally typed 209.85.255.147 once and copied it a bunch of places. If you change all of the 255s with 225s, you should be better off.

    But, since that IP was just supposed to be a known good one (google), you could also replace the whole thing with 212.58.226.140 if you'd like.
     
  29. Theblueraja

    Theblueraja Network Guru Member

    LOL, i should have noticed that!

    Anyway, i've ran the lot again and heres the results, looks like we get some hits now:-

    Code:
    # iptables -t mangle -nvL
    Chain PREROUTING (policy ACCEPT 562 packets, 73047 bytes)
     pkts bytes target     prot opt in     out     source               destination      
        0     0 LOG        0    --  *      *       209.85.255.147       0.0.0.0/0           LOG flags 0 level 4 prefix `MPREI '
        8   480 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `MPREO '
        0     0 LOG        0    --  *      *       209.85.255.147       0.0.0.0/0           LOG flags 0 level 4 prefix `MPREI '
        8   480 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `MPREO '
    
    Chain INPUT (policy ACCEPT 1199 packets, 188K bytes)
     pkts bytes target     prot opt in     out     source               destination      
    
    Chain FORWARD (policy ACCEPT 322 packets, 88680 bytes)
     pkts bytes target     prot opt in     out     source               destination      
        0     0 LOG        0    --  *      *       209.85.255.147       0.0.0.0/0           LOG flags 0 level 4 prefix `MFORI '
        8   480 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `MFORO '
    
    Chain OUTPUT (policy ACCEPT 534 packets, 73126 bytes)
     pkts bytes target     prot opt in     out     source               destination      
    
    Chain POSTROUTING (policy ACCEPT 1571 packets, 356K bytes)
     pkts bytes target     prot opt in     out     source               destination      
        0     0 LOG        0    --  *      *       209.85.255.147       0.0.0.0/0           LOG flags 0 level 4 prefix `MPOSTI '
        8   480 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `MPOSTO '
    # iptables -t nat -nvL
    Chain PREROUTING (policy ACCEPT 99 packets, 8591 bytes)
     pkts bytes target     prot opt in     out     source               destination      
        0     0 LOG        0    --  *      *       209.85.255.147       0.0.0.0/0           LOG flags 0 level 4 prefix `NPREI '
        1    60 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `NPREO '
        0     0 DROP       0    --  ppp+   *       0.0.0.0/0            192.168.0.0/24   
        0     0 DNAT       icmp --  *      *       0.0.0.0/0            90.203.XX.XX       to:192.168.0.1
        0     0 upnp       0    --  *      *       0.0.0.0/0            90.203.XX.XX   
    
    Chain POSTROUTING (policy ACCEPT 17 packets, 2766 bytes)
     pkts bytes target     prot opt in     out     source               destination      
        0     0 LOG        0    --  *      *       209.85.255.147       0.0.0.0/0           LOG flags 0 level 4 prefix `NPOSTI '
        1    60 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `NPOSTO '
        8   530 MASQUERADE  0    --  *      tun11   192.168.0.0/24       0.0.0.0/0       
        0     0 MASQUERADE  0    --  *      ppp+    0.0.0.0/0            0.0.0.0/0       
    
    Chain OUTPUT (policy ACCEPT 17 packets, 2766 bytes)
     pkts bytes target     prot opt in     out     source               destination      
    
    Chain upnp (1 references)
     pkts bytes target     prot opt in     out     source               destination      
    # iptables -t filter -nvL
    Chain INPUT (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination      
        0     0 ACCEPT     0    --  tun11  *       0.0.0.0/0            0.0.0.0/0        
        0     0 DROP       0    --  br0    *       0.0.0.0/0            90.203.XX.XX    
        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
      372 54295 ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
      126 14784 ACCEPT     0    --  br0    *       0.0.0.0/0            0.0.0.0/0        
        0     0 ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0        
    
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination      
        0     0 LOG        0    --  *      *       209.85.255.147       0.0.0.0/0           LOG flags 0 level 4 prefix `FFORI '
        8   480 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `FFORO '
        0     0 ACCEPT     0    --  tun11  *       0.0.0.0/0            0.0.0.0/0        
        0     0 ACCEPT     0    --  br0    br0     0.0.0.0/0            0.0.0.0/0        
        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
        9   432 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 tcpmss match 1453:65535 TCPMSS set 1452
        0     0 ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
        0     0 wanin      0    --  ppp+   *       0.0.0.0/0            0.0.0.0/0        
        0     0 wanout     0    --  *      ppp+    0.0.0.0/0            0.0.0.0/0        
       38  2631 ACCEPT     0    --  br0    *       0.0.0.0/0            0.0.0.0/0        
        0     0 upnp       0    --  ppp+   *       0.0.0.0/0            0.0.0.0/0        
    
    Chain OUTPUT (policy ACCEPT 546 packets, 76984 bytes)
     pkts bytes target     prot opt in     out     source               destination      
    
    Chain upnp (1 references)
     pkts bytes target     prot opt in     out     source               destination      
    
    Chain wanin (1 references)
     pkts bytes target     prot opt in     out     source               destination      
    
    Chain wanout (1 references)
     pkts bytes target     prot opt in     out     source               destination      
    #
    
    I can see some stuff in the syslog too:-

    Code:
    Aug  5 20:39:36 unknown user.warn kernel: MPREO IN=br0 OUT= MAC=<REMOVED> SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=5630 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1590 
    Aug  5 20:39:36 unknown user.warn kernel: MPREO IN=br0 OUT= MAC=<REMOVED> SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=5630 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1590 
    Aug  5 20:39:36 unknown user.warn kernel: MFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=5630 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1590 
    Aug  5 20:39:36 unknown user.warn kernel: FFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=5630 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1590 
    Aug  5 20:39:36 unknown user.warn kernel: MPOSTO IN= OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=5630 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1590 
    Aug  5 20:39:41 unknown user.warn kernel: MPREO IN=br0 OUT= MAC=<REMOVED> SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=5634 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1591 
    Aug  5 20:39:41 unknown user.warn kernel: MPREO IN=br0 OUT= MAC=<REMOVED> SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=5634 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1591 
    Aug  5 20:39:41 unknown user.warn kernel: MFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=5634 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1591 
    Aug  5 20:39:41 unknown user.warn kernel: FFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=5634 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1591 
    Aug  5 20:39:41 unknown user.warn kernel: MPOSTO IN= OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=5634 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1591 
    Aug  5 20:39:46 unknown user.warn kernel: MPREO IN=br0 OUT= MAC=<REMOVED> SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=5636 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1592 
    Aug  5 20:39:46 unknown user.warn kernel: MPREO IN=br0 OUT= MAC=<REMOVED> SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=5636 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1592 
    Aug  5 20:39:46 unknown user.warn kernel: MFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=5636 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1592 
    Aug  5 20:39:46 unknown user.warn kernel: FFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=5636 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1592 
    Aug  5 20:39:46 unknown user.warn kernel: MPOSTO IN= OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=5636 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1592 
    Aug  5 20:39:51 unknown user.warn kernel: MPREO IN=br0 OUT= MAC=<REMOVED> SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=5667 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1596 
    Aug  5 20:39:51 unknown user.warn kernel: MPREO IN=br0 OUT= MAC=<REMOVED> SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=5667 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1596 
    Aug  5 20:39:51 unknown user.warn kernel: MFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=5667 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1596 
    Aug  5 20:39:51 unknown user.warn kernel: FFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=5667 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1596 
    Aug  5 20:39:51 unknown user.warn kernel: MPOSTO IN= OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=5667 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1596 
    Aug  5 20:39:56 unknown user.warn kernel: MPREO IN=br0 OUT= MAC=<REMOVED> SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=5670 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1597 
    Aug  5 20:39:56 unknown user.warn kernel: MPREO IN=br0 OUT= MAC=<REMOVED> SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=5670 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1597 
    Aug  5 20:39:56 unknown user.warn kernel: MFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=5670 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1597 
    Aug  5 20:39:56 unknown user.warn kernel: FFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=5670 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1597 
    Aug  5 20:39:56 unknown user.warn kernel: MPOSTO IN= OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=5670 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1597 
    
     
  30. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Unfortunately, there are still lots of 255s in your rules. Try again, replacing them all with 225s.
     
  31. Theblueraja

    Theblueraja Network Guru Member

    Ok, looks like your not the only one with cut / paste issues :)

    Lets try that one again:-

    Code:
    # iptables -t mangle -nvL
    Chain PREROUTING (policy ACCEPT 465 packets, 71642 bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        0    --  *      *       209.85.225.147       0.0.0.0/0           LOG flags 0 level 4 prefix `MPREI '
       10   600 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `MPREO '
    
    Chain INPUT (policy ACCEPT 784 packets, 118K bytes)
     pkts bytes target     prot opt in     out     source               destination 
    
    Chain FORWARD (policy ACCEPT 90 packets, 5723 bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        0    --  *      *       209.85.225.147       0.0.0.0/0           LOG flags 0 level 4 prefix `MFORI '
       10   600 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `MFORO '
    
    Chain OUTPUT (policy ACCEPT 432 packets, 65570 bytes)
     pkts bytes target     prot opt in     out     source               destination 
    
    Chain POSTROUTING (policy ACCEPT 932 packets, 183K bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        0    --  *      *       209.85.225.147       0.0.0.0/0           LOG flags 0 level 4 prefix `MPOSTI '
       10   600 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `MPOSTO '
    # iptables -t nat -nvL
    Chain PREROUTING (policy ACCEPT 89 packets, 8829 bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        0    --  *      *       209.85.225.147       0.0.0.0/0           LOG flags 0 level 4 prefix `NPREI '
        1    60 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `NPREO '
        0     0 DROP       0    --  ppp+   *       0.0.0.0/0            192.168.0.0/24
        0     0 DNAT       icmp --  *      *       0.0.0.0/0            90.203.xx.xx       to:192.168.0.1
        0     0 upnp       0    --  *      *       0.0.0.0/0            90.203.xx.xx
    
    Chain POSTROUTING (policy ACCEPT 17 packets, 2328 bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        0    --  *      *       209.85.225.147       0.0.0.0/0           LOG flags 0 level 4 prefix `NPOSTI '
        1    60 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `NPOSTO '
        4   212 MASQUERADE  0    --  *      tun11   192.168.0.0/24       0.0.0.0/0  
        0     0 MASQUERADE  0    --  *      ppp+    0.0.0.0/0            0.0.0.0/0  
    
    Chain OUTPUT (policy ACCEPT 17 packets, 2328 bytes)
     pkts bytes target     prot opt in     out     source               destination 
    
    Chain upnp (1 references)
     pkts bytes target     prot opt in     out     source               destination 
    # iptables -t filter -nvL
    Chain INPUT (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 ACCEPT     0    --  tun11  *       0.0.0.0/0            0.0.0.0/0   
        0     0 DROP       0    --  br0    *       0.0.0.0/0            90.203.xx.xx
        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
      317 49706 ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
      139 24210 ACCEPT     0    --  br0    *       0.0.0.0/0            0.0.0.0/0   
        0     0 ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0   
    
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        0    --  *      *       209.85.225.147       0.0.0.0/0           LOG flags 0 level 4 prefix `FFORI '
       10   600 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `FFORO '
        0     0 ACCEPT     0    --  tun11  *       0.0.0.0/0            0.0.0.0/0   
        0     0 ACCEPT     0    --  br0    br0     0.0.0.0/0            0.0.0.0/0   
        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
        9   448 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 tcpmss match 1453:65535 TCPMSS set 1452
        0     0 ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
        0     0 wanin      0    --  ppp+   *       0.0.0.0/0            0.0.0.0/0   
        0     0 wanout     0    --  *      ppp+    0.0.0.0/0            0.0.0.0/0   
       24  1493 ACCEPT     0    --  br0    *       0.0.0.0/0            0.0.0.0/0   
        0     0 upnp       0    --  ppp+   *       0.0.0.0/0            0.0.0.0/0   
    
    Chain OUTPUT (policy ACCEPT 501 packets, 76446 bytes)
     pkts bytes target     prot opt in     out     source               destination 
    
    Chain upnp (1 references)
     pkts bytes target     prot opt in     out     source               destination 
    
    Chain wanin (1 references)
     pkts bytes target     prot opt in     out     source               destination 
    
    Chain wanout (1 references)
     pkts bytes target     prot opt in     out     source               destination 
    #
    
    Code:
    Aug  5 21:07:30 unknown user.warn kernel: MPREO IN=br0 OUT= MAC=<removed> SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=19536 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1693 
    Aug  5 21:07:30 unknown user.warn kernel: MFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19536 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1693 
    Aug  5 21:07:30 unknown user.warn kernel: FFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19536 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1693 
    Aug  5 21:07:30 unknown user.warn kernel: MPOSTO IN= OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19536 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1693 
    Aug  5 21:07:35 unknown user.warn kernel: MPREO IN=br0 OUT= MAC=<removed> SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=19546 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1694 
    Aug  5 21:07:35 unknown user.warn kernel: MFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19546 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1694 
    Aug  5 21:07:35 unknown user.warn kernel: FFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19546 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1694 
    Aug  5 21:07:35 unknown user.warn kernel: MPOSTO IN= OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19546 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1694 
    Aug  5 21:07:40 unknown user.warn kernel: MPREO IN=br0 OUT= MAC=<removed> SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=19591 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1695 
    Aug  5 21:07:40 unknown user.warn kernel: MFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19591 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1695 
    Aug  5 21:07:40 unknown user.warn kernel: FFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19591 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1695 
    Aug  5 21:07:40 unknown user.warn kernel: MPOSTO IN= OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19591 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1695 
    Aug  5 21:07:45 unknown user.warn kernel: MPREO IN=br0 OUT= MAC=<removed> SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=19606 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1696 
    Aug  5 21:07:45 unknown user.warn kernel: MFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19606 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1696 
    Aug  5 21:07:45 unknown user.warn kernel: FFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19606 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1696 
    Aug  5 21:07:45 unknown user.warn kernel: MPOSTO IN= OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19606 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1696 
    Aug  5 21:07:50 unknown user.warn kernel: MPREO IN=br0 OUT= MAC=<removed> SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=19612 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1697 
    Aug  5 21:07:50 unknown user.warn kernel: MFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19612 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1697 
    Aug  5 21:07:50 unknown user.warn kernel: FFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19612 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1697 
    Aug  5 21:07:50 unknown user.warn kernel: MPOSTO IN= OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19612 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1697 
    Aug  5 21:07:55 unknown user.warn kernel: MPREO IN=br0 OUT= MAC=<removed> SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=19649 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1701 
    Aug  5 21:07:55 unknown user.warn kernel: MFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19649 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1701 
    Aug  5 21:07:55 unknown user.warn kernel: FFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19649 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1701 
    Aug  5 21:07:55 unknown user.warn kernel: MPOSTO IN= OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19649 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1701 
    Aug  5 21:08:00 unknown user.warn kernel: MPREO IN=br0 OUT= MAC=<removed> SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=19659 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1702 
    Aug  5 21:08:00 unknown user.warn kernel: MFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19659 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1702 
    Aug  5 21:08:00 unknown user.warn kernel: FFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19659 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1702 
    Aug  5 21:08:00 unknown user.warn kernel: MPOSTO IN= OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19659 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1702 
    Aug  5 21:08:05 unknown user.warn kernel: MPREO IN=br0 OUT= MAC=<removed> SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=19666 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1703 
    Aug  5 21:08:05 unknown user.warn kernel: MFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19666 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1703 
    Aug  5 21:08:05 unknown user.warn kernel: FFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19666 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1703 
    Aug  5 21:08:05 unknown user.warn kernel: MPOSTO IN= OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19666 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1703 
    Aug  5 21:08:10 unknown user.warn kernel: MPREO IN=br0 OUT= MAC=<removed> SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=19677 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1704 
    Aug  5 21:08:10 unknown user.warn kernel: MFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19677 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1704 
    Aug  5 21:08:10 unknown user.warn kernel: FFORO IN=br0 OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19677 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1704 
    Aug  5 21:08:10 unknown user.warn kernel: MPOSTO IN= OUT=tun11 SRC=192.168.0.2 DST=209.85.225.147 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=19677 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=1704 
    
     
  32. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Very bizarre. Your ping packets are showing up in your mangle table, but not your nat table. From my understanding, this just should not happen.

    I have to ask: have you erased nvram (thorough) since the last time you upgraded the firmware?
     
  33. Theblueraja

    Theblueraja Network Guru Member

    Yes,
    I even did a hard reset, the hold reset for 30 seconds - power off for 30 (still holding) - then powering back on and holding for a further 30 seconds.

    Any manual way of wiping it i can try? I did "upgrade" from DD-WRT using the update firmware tab.
     
  34. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    The manual way is in the web GUI: "Administration"->"Configuration"->"Restore Default Configuration"->"Erase all data in NVRAM memory (thorough)".
     
  35. Theblueraja

    Theblueraja Network Guru Member

    Okay, just to rule out the possibility, even though this i've second time i've done this procedure today, i did the above and selected Erase all data in NVRAM memory (thorough).

    I then waited for the router to come back up, set it all back up again, and ran in the following:-

    Code:
    iptables -t mangle -I OUTPUT -d 209.85.225.147 -j LOG --log-prefix "MO "
    iptables -t nat -I OUTPUT -d 209.85.225.147 -j LOG --log-prefix "NO "
    iptables -t filter -I OUTPUT -d 209.85.225.147 -j LOG --log-prefix "FO "
    iptables -t mangle -I POSTROUTING -d 209.85.225.147 -j LOG --log-prefix "MP "
    iptables -t nat -I POSTROUTING -d 209.85.225.147 -j LOG --log-prefix "NP "
    iptables -t nat -I POSTROUTING -o tun11 -j LOG --log-prefix "Tunneling "
    
    <connect to VPN service>
    service firewall restart
    iptables -t mangle -I PREROUTING -d 209.85.225.147 -j LOG --log-prefix "MPREO "
    iptables -t mangle -I PREROUTING -s 209.85.225.147 -j LOG --log-prefix "MPREI "
    iptables -t nat -I PREROUTING -d 209.85.225.147 -j LOG --log-prefix "NPREO "
    iptables -t nat -I PREROUTING -s 209.85.225.147 -j LOG --log-prefix "NPREI "
    iptables -t mangle -I FORWARD -d 209.85.225.147 -j LOG --log-prefix "MFORO "
    iptables -t mangle -I FORWARD -s 209.85.225.147 -j LOG --log-prefix "MFORI "
    iptables -t filter -I FORWARD -d 209.85.225.147 -j LOG --log-prefix "FFORO "
    iptables -t filter -I FORWARD -s 209.85.225.147 -j LOG --log-prefix "FFORI "
    iptables -t mangle -I POSTROUTING -d 209.85.225.147 -j LOG --log-prefix "MPOSTO "
    iptables -t mangle -I POSTROUTING -s 209.85.225.147 -j LOG --log-prefix "MPOSTI "
    iptables -t nat -I POSTROUTING -d 209.85.225.147 -j LOG --log-prefix "NPOSTO "
    iptables -t nat -I POSTROUTING -s 209.85.225.147 -j LOG --log-prefix "NPOSTI "
    <ping 209.85.225.147 from a LAN computer>
    iptables -t mangle -nvL
    iptables -t nat -nvL
    iptables -t filter -nvL
    The results were the same by the look of it

    Code:
    "
    # iptables -t mangle -nvL
    Chain PREROUTING (policy ACCEPT 260 packets, 38309 bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        0    --  *      *       209.85.225.147       0.0.0.0/0           LOG flags 0 level 4 prefix `MPREI '
        4   240 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `MPREO '
    
    Chain INPUT (policy ACCEPT 2085 packets, 354K bytes)
     pkts bytes target     prot opt in     out     source               destination 
    
    Chain FORWARD (policy ACCEPT 228 packets, 35606 bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        0    --  *      *       209.85.225.147       0.0.0.0/0           LOG flags 0 level 4 prefix `MFORI '
        4   240 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `MFORO '
    
    Chain OUTPUT (policy ACCEPT 221 packets, 28757 bytes)
     pkts bytes target     prot opt in     out     source               destination 
    
    Chain POSTROUTING (policy ACCEPT 2227 packets, 555K bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        0    --  *      *       209.85.225.147       0.0.0.0/0           LOG flags 0 level 4 prefix `MPOSTI '
        4   240 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `MPOSTO '
    # iptables -t nat -nvL
    Chain PREROUTING (policy ACCEPT 80 packets, 15767 bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        0    --  *      *       209.85.225.147       0.0.0.0/0           LOG flags 0 level 4 prefix `NPREI '
        1    60 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `NPREO '
        0     0 DROP       0    --  ppp+   *       0.0.0.0/0            192.168.0.0/24
        0     0 DNAT       icmp --  *      *       0.0.0.0/0            90.203.xx.xx       to:192.168.0.1
        0     0 upnp       0    --  *      *       0.0.0.0/0            90.203.xx.xx
    
    Chain POSTROUTING (policy ACCEPT 10 packets, 1580 bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        0    --  *      *       209.85.225.147       0.0.0.0/0           LOG flags 0 level 4 prefix `NPOSTI '
        1    60 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `NPOSTO '
        1    60 MASQUERADE  0    --  *      tun11   192.168.0.0/24       0.0.0.0/0  
        0     0 MASQUERADE  0    --  *      ppp+    0.0.0.0/0            0.0.0.0/0  
    
    Chain OUTPUT (policy ACCEPT 10 packets, 1580 bytes)
     pkts bytes target     prot opt in     out     source               destination 
    
    Chain upnp (1 references)
     pkts bytes target     prot opt in     out     source               destination 
    # iptables -t filter -nvL
    Chain INPUT (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 ACCEPT     0    --  tun11  *       0.0.0.0/0            0.0.0.0/0   
        0     0 DROP       0    --  br0    *       0.0.0.0/0            90.203.xx.xx
        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
      169 19493 ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
       33  5765 ACCEPT     0    --  br0    *       0.0.0.0/0            0.0.0.0/0   
        0     0 ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0   
    
    Chain FORWARD (policy DROP 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination 
        0     0 LOG        0    --  *      *       209.85.225.147       0.0.0.0/0           LOG flags 0 level 4 prefix `FFORI '
        4   240 LOG        0    --  *      *       0.0.0.0/0            209.85.225.147      LOG flags 0 level 4 prefix `FFORO '
        0     0 ACCEPT     0    --  tun11  *       0.0.0.0/0            0.0.0.0/0   
        0     0 ACCEPT     0    --  br0    br0     0.0.0.0/0            0.0.0.0/0   
        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
        0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 tcpmss match 1453:65535 TCPMSS set 1452
        2   129 ACCEPT     0    --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
        0     0 wanin      0    --  ppp+   *       0.0.0.0/0            0.0.0.0/0   
        0     0 wanout     0    --  *      ppp+    0.0.0.0/0            0.0.0.0/0   
        4   240 ACCEPT     0    --  br0    *       0.0.0.0/0            0.0.0.0/0   
        0     0 upnp       0    --  ppp+   *       0.0.0.0/0            0.0.0.0/0   
    
    Chain OUTPUT (policy ACCEPT 244 packets, 35461 bytes)
     pkts bytes target     prot opt in     out     source               destination 
    
    Chain upnp (1 references)
     pkts bytes target     prot opt in     out     source               destination 
    
    Chain wanin (1 references)
     pkts bytes target     prot opt in     out     source               destination 
    
    Chain wanout (1 references)
     pkts bytes target     prot opt in     out     source               destination 
    
    So i dont think its lingering config unfortunately. Theres nothing other than my PPPoE username/password and the VPN config that i need to set is there?
     
  36. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    I'm about out of ideas...

    It looks like a ping is making it through the firewall, but we're not getting a response.

    Could you try adding
    Code:
    tun-mtu 1500
    fragment 1300
    mssfix 1450
    to your custom config? Those are the only functional lines that are in the config your provider gave that aren't in the firmware's.

    Assuming that doesn't work: connect to the tunnel, ssh/telnet to the router, get all of the files in /etc/openvpn/client1, and try using them on a standalone PC. If it doesn't work, then you can try messing with the differences between that and the provided config until it works. If it does work right away, I'm stymied...
     
  37. Theblueraja

    Theblueraja Network Guru Member

    Ok,
    I can get to that directory but i cant work out how to get the files off the router and onto my PC - can you enlighten me?

    All the stuff i can remember like wput etc dont seem to work.

    Thanks

    EDIT - Sorry - Sussed it, after a bit of reading i found WinSCP.
     
  38. Theblueraja

    Theblueraja Network Guru Member

    Ok, after a LOT of playing around i have discovered that the main stumbling block to this working or not seems to be with the comp-lzo command. I took the config direct from the router and ran it with the PC version of OpenVPN. What i found is that if i remove the "comp-lzo" line in the config, I can connect using the PC client, otherwise im dead in the water.

    Surprisingly, even when its set to disabled within the Client1->Advanced->Compression the setting still generates a "comp-lzo no" command in the config - this is enough to stop it working.

    I cant test on the router as to wether removing this from the config is enough because there is no way i can change the setting to allow it to do this, but on the PC, if i remove that command and use the config below (which is the same one from the router without the comp-lzo command) it works.

    Otherwise i expreience the same thing as i do when the router connects - no internet - even though everything looks fine.

    Is there any way that the client can be programed NOT to include the comp-lzo line when its set to disabled?

    Just to clarify,

    This works:-


    # Automatically generated configuration
    client
    dev tun
    proto udp
    remote XXX.XXX.XX.XX
    resolv-retry 30
    nobind
    persist-key
    persist-tun
    verb 3
    tls-auth static.key 1
    ca ca.crt
    cert client.crt
    key client.key
    status-version 2
    status status

    # Custom Configuration
    tun-mtu 1500
    fragment 1300

    This does not:-

    # Automatically generated configuration
    client
    dev tun
    proto udp
    remote XXXXXXXXXX
    resolv-retry 30
    comp-lzo no
    nobind
    persist-key
    persist-tun
    verb 3
    tls-auth static.key 1
    ca ca.crt
    cert client.crt
    key client.key
    status-version 2
    status status

    # Custom Configuration
    tun-mtu 1500
    fragment 1300
     
  39. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    You're the second person to have a problem with the "comp-lzo no" line recently. Looking at the OpenVPN manual, the only difference between "comp-lzo no" and not specifying "comp-lzo" at all is that in the former case it allows the server to push out a comp-lzo that will override yours. However, there appears to be some other difference that is causing a problem. May be an OpenVPN bug.

    I guess I should add a new option for Compression ("Default" or similar) that leaves the line out altogether.

    I've built up quite a few minor (but completed and tested) changes, none of which I felt deserved a new release - especially since I was expecting there to be a Tomato 1.26 soon after 1.25. I suppose I should go ahead and spit one out, though, so I expect I'll make a 1.25vpn3.4 release before too terribly long (I may not find time to do any of it for several days, though).

    In the meantime, I'm afraid there's no good way to keep using the router GUI for your VPN. You'll either have to get by running it on a PC or creating the config files and keys in the init script and running openvpn manually.
     
  40. Theblueraja

    Theblueraja Network Guru Member

    Thats fine mate, i'll look forward to the new release.

    I wanted to say thanks for all the help though, you've spent a lot of time on this and i guess i just wanted to say its appreciated!

    Thanks
     
  41. fyellin

    fyellin LI Guru Member

    I just glanced at the OpenVPN code. There are a couple of places where it looks like the code does something different for "comp-lzo no" versus not specifying it.

    I just did an experiment. "comp-lzo no" and not-specifying the comp-lzo option seem to not be compatible. My log on the client says "initialization complete", but then it is unable to ping the server.

    Looking at the source code (openvpn/init.c), it seems that the buffers are set up slightly different when lzo is enabled, even if it isn't used.
     
  42. Theblueraja

    Theblueraja Network Guru Member

    So what your saying is that with the comp-lzo command out of your config you cannot connect.

    Which is the opposite of what i get.

    Interestingly, the config provided by my VPN provider does not have the comp-lzo command at all - now we know why.

    So it looks like we would need an option that enables "no" but also an option to remove the line altogether.
     
  43. fyellin

    fyellin LI Guru Member

    Here's the specifics of my setup:

    Server: Tomato running VPN. Flags set to generate "comp-lzo no".

    Client: Tried both Linux box and Mac. For each, created two configuration files, one in which we include the line "comp-lzo no", and another identical but the comp-lzo line is deleted.

    In both cases, there was "Initialization Sequence Complete." But there was no actual communication when the "comp-lzo" line was missing from the client configuration file.

    It appears that there needs to be an option "Don't include this flag."
     
  44. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    I agree, and plan to include that option in my next release.
     
  45. fyellin

    fyellin LI Guru Member

    I was mainly responding to the above quote. Rather than an isolated problem involving obscure settings, this is an easily reproducible problem. The OpenVPN manual is either incorrect or misleading.

    In any case, thanks again for fixing bugs so quickly. Will my latest AES changes get merged into the next build?
     
  46. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Absolutely. Due to the major problems some have had with Tomato 1.25, I expected a 1.26 to be released "soon" after, so I was holding off until then. However, I think I have built up enough changes (including yours) to make a new release. There are just a couple small things I need to find time to add first (like this comp-lzo change) before I do.
     
  47. Theblueraja

    Theblueraja Network Guru Member

    Just wanted to add that this works perfectly now - thanks bud!

    Can i ask now if its possible, say if i have several machines behind the router with VPN set up and running to have some machines route over the VPN and others to not?

    If for example to have 192.168.0.4 / 252 (so 192.168.0.4-7) go over the VPN and 192.168.0.8 /252 (192.168.0.8-11) not go over the VPN.

    Thanks
     
  48. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    This would require either VLANs or the ROUTE target of iptables. I don't know anything about VLANs, but I've tried to help people get that working using the ROUTE target. Bottom line was that the ROUTE target just doesn't work correctly for this kind of use. This is probably why the Netfilter (iptables) folks have distanced themselves from it, dropped support of it, and discourage its use pretty strongly (when I chatted with them about it, they said it was a "dirty hack that worked marginally at best".

    So, I'm afraid I can't help you with that. If you have knowledge of VLANs (or want to learn about them), feel free to experiment and report your results. :smile:
     
  49. Theblueraja

    Theblueraja Network Guru Member

    Thanks anyway - incidentally i didnt think that tomato supported VLANS?
     
  50. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    It does, they just aren't GUI configurable.
     
  51. Theblueraja

    Theblueraja Network Guru Member

    Ah, can you point me to a link to a document expalining it?
     
  52. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Unfortunately, no, I don't know of one off hand, and to look for one I'd just be googling "linux VLAN", which you can probably do just as well as I can :wink:
     

Share This Page