Hello,
I try to set up an openvpn server on microtik and after i fallowed all in this topic i get tls error.
I will post my configs and logs maybe someone can point me where i`m wrong.
Microtik Log :
20:20:38 ovpn,debug,error,20076,29312,60348,61328,27884,20684,58064,60344,l2tp,info,60348,debug,79,65535,critical,8976,62372,29584,20008,20760,31112,29312,20148,20144,20684,
41904,20684,packet duplicate packet, dropping
20:20:38 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=35e032ad92ca5c6b pid=1 DATA len=293
20:20:38 ovpn,debug,packet sent P_ACK kid=0 sid=9a7e849ce3139b68 [1 sid=35e032ad92ca5c6b] DATA len=0
20:20:38 ovpn,debug,packet sent P_CONTROL kid=0 sid=9a7e849ce3139b68 pid=1 DATA len=933
20:20:38 ovpn,debug <10.10.10.3>: disconnected <peer disconnected>
20:20:43 ovpn,info TCP connection established from 10.10.10.3
20:20:43 ovpn,debug,packet sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=156fd32f2dee8e68 pid=0 DATA len=0
20:20:44 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=effd2eb77764ddc4 pid=0 DATA len=0
20:20:44 ovpn,debug,packet sent P_ACK kid=0 sid=156fd32f2dee8e68 [0 sid=effd2eb77764ddc4] DATA len=0
20:20:44 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=effd2eb77764ddc4 [0 sid=156fd32f2dee8e68] pid=0 DATA len=0
20:20:44 ovpn,debug,error,20076,29312,60348,61328,27884,20684,58064,60344,l2tp,info,60348,debug,79,65535,critical,8976,62372,29584,20008,20760,31112,29312,20148,20144,20684,
41904,20684,packet duplicate packet, dropping
20:20:44 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=effd2eb77764ddc4 pid=1 DATA len=293
20:20:44 ovpn,debug,packet sent P_ACK kid=0 sid=156fd32f2dee8e68 [1 sid=effd2eb77764ddc4] DATA len=0
20:20:44 ovpn,debug,packet sent P_CONTROL kid=0 sid=156fd32f2dee8e68 pid=1 DATA len=933
20:20:44 ovpn,debug <10.10.10.3>: disconnected <peer disconnected>
20:20:49 ovpn,info TCP connection established from 10.10.10.3
20:20:49 ovpn,debug,packet sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=e91b8bfe5da9ee27 pid=0 DATA len=0
20:20:50 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=35efaf7d447f6c7 pid=0 DATA len=0
20:20:50 ovpn,debug,packet sent P_ACK kid=0 sid=e91b8bfe5da9ee27 [0 sid=35efaf7d447f6c7] DATA len=0
20:20:50 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=35efaf7d447f6c7 [0 sid=e91b8bfe5da9ee27] pid=0 DATA len=0
20:20:50 ovpn,debug,error,20076,29312,60348,61328,27884,20684,58064,60344,l2tp,info,60348,debug,79,65535,critical,8976,62372,29584,20008,20760,31112,29312,20148,20144,20684,
41904,20684,packet duplicate packet, dropping
20:20:50 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=35efaf7d447f6c7 pid=1 DATA len=293
20:20:50 ovpn,debug,packet sent P_ACK kid=0 sid=e91b8bfe5da9ee27 [1 sid=35efaf7d447f6c7] DATA len=0
20:20:50 ovpn,debug,packet sent P_CONTROL kid=0 sid=e91b8bfe5da9ee27 pid=1 DATA len=933
20:20:50 ovpn,debug <10.10.10.3>: disconnected <peer disconnected>
20:20:56 ovpn,info TCP connection established from 10.10.10.3
20:20:56 ovpn,debug,packet sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=9986814ecf7f806a pid=0 DATA len=0
20:20:56 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=d899584ffaf3574 pid=0 DATA len=0
20:20:56 ovpn,debug,packet sent P_ACK kid=0 sid=9986814ecf7f806a [0 sid=d899584ffaf3574] DATA len=0
20:20:56 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=d899584ffaf3574 [0 sid=9986814ecf7f806a] pid=0 DATA len=0
20:20:56 ovpn,debug,error,20076,29312,60348,61328,27884,20684,58064,60344,l2tp,info,60348,debug,79,65535,critical,8976,62372,29584,20008,20760,31112,29312,20148,20144,20684,
41904,20684,packet duplicate packet, dropping
20:20:56 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=d899584ffaf3574 pid=1 DATA len=293
20:20:56 ovpn,debug,packet sent P_ACK kid=0 sid=9986814ecf7f806a [1 sid=d899584ffaf3574] DATA len=0
20:20:56 ovpn,debug,packet sent P_CONTROL kid=0 sid=9986814ecf7f806a pid=1 DATA len=933
20:20:57 ovpn,debug <10.10.10.3>: disconnected <peer disconnected>
Windows client config
##############################################
# Sample client-side OpenVPN 2.0 config file #
# for connecting to multi-client server. #
# #
# This configuration can be used by multiple #
# clients, however each client should have #
# its own cert and key files. #
# #
# On Windows, you might want to rename this #
# file so it has a .ovpn extension #
##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives
# from the server.
client
# Use the same setting as you are using on
# the server.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as
# on the server.
proto tcp
;proto udp
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
remote kiaunel.fiberdatatelecom.ro 1194
;remote my-server-2 1194
# Choose a random host from the remote
# list for load-balancing. Otherwise
# try hosts in the order specified.
;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody
# Try to preserve some state across restarts.
persist-key
persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN
# server, put the proxy server/IP and
# port number here. See the man page
# if your proxy server requires
# authentication.
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot
# of duplicate packets. Set this flag
# to silence duplicate packet warnings.
;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more
# description. It's best to use
# a separate .crt/.key file pair
# for each client. A single ca
# file can be used for all clients.
ca myCa.crt
cert client.crt
key client.key
# Verify server certificate by checking that the
# certicate has the correct key usage set.
# This is an important precaution to protect against
# a potential attack discussed here:
#
http://openvpn.net/howto.html#mitm
#
# To use this feature, you will need to generate
# your server certificates with the keyUsage set to
# digitalSignature, keyEncipherment
# and the extendedKeyUsage to
# serverAuth
# EasyRSA can do this for you.
remote-cert-tls server
# If a tls-auth key is used on the server
# then every client must also have the key.
;tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher AES 128
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
;comp-lzo
# Set log file verbosity.
verb 5
# Silence repeating messages
;mute 20
Windows client log :
Sun Jan 24 20:20:31 2016 us=64211 Current Parameter Settings:
Sun Jan 24 20:20:31 2016 us=64211 config = 'client.ovpn'
Sun Jan 24 20:20:31 2016 us=64211 mode = 0
Sun Jan 24 20:20:31 2016 us=64211 show_ciphers = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 show_digests = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 show_engines = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 genkey = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 key_pass_file = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 show_tls_ciphers = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 Connection profiles [default]:
Sun Jan 24 20:20:31 2016 us=64211 proto = tcp-client
Sun Jan 24 20:20:31 2016 us=64211 local = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 local_port = 0
Sun Jan 24 20:20:31 2016 us=64211 remote = 'kiaunel.fiberdatatelecom.ro'
Sun Jan 24 20:20:31 2016 us=64211 remote_port = 1194
Sun Jan 24 20:20:31 2016 us=64211 remote_float = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 bind_defined = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 bind_local = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 connect_retry_seconds = 5
Sun Jan 24 20:20:31 2016 us=64211 connect_timeout = 10
Sun Jan 24 20:20:31 2016 us=64211 connect_retry_max = 0
Sun Jan 24 20:20:31 2016 us=64211 socks_proxy_server = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 socks_proxy_port = 0
Sun Jan 24 20:20:31 2016 us=64211 socks_proxy_retry = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 tun_mtu = 1500
Sun Jan 24 20:20:31 2016 us=64211 tun_mtu_defined = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 link_mtu = 1500
Sun Jan 24 20:20:31 2016 us=64211 link_mtu_defined = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 tun_mtu_extra = 0
Sun Jan 24 20:20:31 2016 us=64211 tun_mtu_extra_defined = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 mtu_discover_type = -1
Sun Jan 24 20:20:31 2016 us=64211 fragment = 0
Sun Jan 24 20:20:31 2016 us=64211 mssfix = 1450
Sun Jan 24 20:20:31 2016 us=64211 explicit_exit_notification = 0
Sun Jan 24 20:20:31 2016 us=64211 Connection profiles END
Sun Jan 24 20:20:31 2016 us=64211 remote_random = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 ipchange = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 dev = 'tun'
Sun Jan 24 20:20:31 2016 us=64211 dev_type = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 dev_node = 'MyTap'
Sun Jan 24 20:20:31 2016 us=64211 lladdr = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 topology = 1
Sun Jan 24 20:20:31 2016 us=64211 tun_ipv6 = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 ifconfig_local = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 ifconfig_remote_netmask = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 ifconfig_noexec = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 ifconfig_nowarn = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 ifconfig_ipv6_local = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 ifconfig_ipv6_netbits = 0
Sun Jan 24 20:20:31 2016 us=64211 ifconfig_ipv6_remote = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 shaper = 0
Sun Jan 24 20:20:31 2016 us=64211 mtu_test = 0
Sun Jan 24 20:20:31 2016 us=64211 mlock = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 keepalive_ping = 0
Sun Jan 24 20:20:31 2016 us=64211 keepalive_timeout = 0
Sun Jan 24 20:20:31 2016 us=64211 inactivity_timeout = 0
Sun Jan 24 20:20:31 2016 us=64211 ping_send_timeout = 0
Sun Jan 24 20:20:31 2016 us=64211 ping_rec_timeout = 0
Sun Jan 24 20:20:31 2016 us=64211 ping_rec_timeout_action = 0
Sun Jan 24 20:20:31 2016 us=64211 ping_timer_remote = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 remap_sigusr1 = 0
Sun Jan 24 20:20:31 2016 us=64211 persist_tun = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 persist_local_ip = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 persist_remote_ip = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 persist_key = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 passtos = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 resolve_retry_seconds = 1000000000
Sun Jan 24 20:20:31 2016 us=64211 username = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 groupname = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 chroot_dir = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 cd_dir = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 writepid = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 up_script = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 down_script = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 down_pre = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 up_restart = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 up_delay = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 daemon = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 inetd = 0
Sun Jan 24 20:20:31 2016 us=64211 log = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 suppress_timestamps = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 nice = 0
Sun Jan 24 20:20:31 2016 us=64211 verbosity = 5
Sun Jan 24 20:20:31 2016 us=64211 mute = 0
Sun Jan 24 20:20:31 2016 us=64211 gremlin = 0
Sun Jan 24 20:20:31 2016 us=64211 status_file = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 status_file_version = 1
Sun Jan 24 20:20:31 2016 us=64211 status_file_update_freq = 60
Sun Jan 24 20:20:31 2016 us=64211 occ = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 rcvbuf = 0
Sun Jan 24 20:20:31 2016 us=64211 sndbuf = 0
Sun Jan 24 20:20:31 2016 us=64211 sockflags = 0
Sun Jan 24 20:20:31 2016 us=64211 fast_io = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 lzo = 0
Sun Jan 24 20:20:31 2016 us=64211 route_script = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 route_default_gateway = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 route_default_metric = 0
Sun Jan 24 20:20:31 2016 us=64211 route_noexec = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 route_delay = 5
Sun Jan 24 20:20:31 2016 us=64211 route_delay_window = 30
Sun Jan 24 20:20:31 2016 us=64211 route_delay_defined = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 route_nopull = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 route_gateway_via_dhcp = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 max_routes = 100
Sun Jan 24 20:20:31 2016 us=64211 allow_pull_fqdn = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 management_addr = '127.0.0.1'
Sun Jan 24 20:20:31 2016 us=64211 management_port = 25340
Sun Jan 24 20:20:31 2016 us=64211 management_user_pass = 'stdin'
Sun Jan 24 20:20:31 2016 us=64211 management_log_history_cache = 250
Sun Jan 24 20:20:31 2016 us=64211 management_echo_buffer_size = 100
Sun Jan 24 20:20:31 2016 us=64211 management_write_peer_info_file = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 management_client_user = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 management_client_group = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 management_flags = 6
Sun Jan 24 20:20:31 2016 us=64211 shared_secret_file = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 key_direction = 0
Sun Jan 24 20:20:31 2016 us=64211 ciphername_defined = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 ciphername = 'BF-CBC'
Sun Jan 24 20:20:31 2016 us=64211 authname_defined = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 authname = 'SHA1'
Sun Jan 24 20:20:31 2016 us=64211 prng_hash = 'SHA1'
Sun Jan 24 20:20:31 2016 us=64211 prng_nonce_secret_len = 16
Sun Jan 24 20:20:31 2016 us=64211 keysize = 0
Sun Jan 24 20:20:31 2016 us=64211 engine = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 replay = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 mute_replay_warnings = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 replay_window = 64
Sun Jan 24 20:20:31 2016 us=64211 replay_time = 15
Sun Jan 24 20:20:31 2016 us=64211 packet_id_file = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 use_iv = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 test_crypto = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 tls_server = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 tls_client = ENABLED
Sun Jan 24 20:20:31 2016 us=64211 key_method = 2
Sun Jan 24 20:20:31 2016 us=64211 ca_file = 'myCa.crt'
Sun Jan 24 20:20:31 2016 us=64211 ca_path = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 dh_file = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 cert_file = 'client.crt'
Sun Jan 24 20:20:31 2016 us=64211 extra_certs_file = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 priv_key_file = 'client.key'
Sun Jan 24 20:20:31 2016 us=64211 pkcs12_file = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 cryptoapi_cert = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 cipher_list = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 tls_verify = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 tls_export_cert = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 verify_x509_type = 0
Sun Jan 24 20:20:31 2016 us=64211 verify_x509_name = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 crl_file = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 ns_cert_type = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku
= 160
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku = 136
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku[i] = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku[i] = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku[i] = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku[i] = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku[i] = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_ku[i] = 0
Sun Jan 24 20:20:31 2016 us=64211 remote_cert_eku = 'TLS Web Server Authentication'
Sun Jan 24 20:20:31 2016 us=64211 ssl_flags = 0
Sun Jan 24 20:20:31 2016 us=64211 tls_timeout = 2
Sun Jan 24 20:20:31 2016 us=64211 renegotiate_bytes = 0
Sun Jan 24 20:20:31 2016 us=64211 renegotiate_packets = 0
Sun Jan 24 20:20:31 2016 us=64211 renegotiate_seconds = 3600
Sun Jan 24 20:20:31 2016 us=64211 handshake_window = 60
Sun Jan 24 20:20:31 2016 us=64211 transition_window = 3600
Sun Jan 24 20:20:31 2016 us=64211 single_session = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 push_peer_info = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 tls_exit = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 tls_auth_file = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_protected_authentication = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_private_mode = 00000000
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_cert_private = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_pin_cache_period = -1
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_id = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=64211 pkcs11_id_management = DISABLED
Sun Jan 24 20:20:31 2016 us=64211 server_network = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=64211 server_netmask = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=81850 server_network_ipv6 = ::
Sun Jan 24 20:20:31 2016 us=81850 server_netbits_ipv6 = 0
Sun Jan 24 20:20:31 2016 us=81850 server_bridge_ip = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=81850 server_bridge_netmask = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=81850 server_bridge_pool_start = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=81850 server_bridge_pool_end = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=81850 ifconfig_pool_defined = DISABLED
Sun Jan 24 20:20:31 2016 us=81850 ifconfig_pool_start = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=81850 ifconfig_pool_end = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=81850 ifconfig_pool_netmask = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=81850 ifconfig_pool_persist_filename = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=81850 ifconfig_pool_persist_refresh_freq = 600
Sun Jan 24 20:20:31 2016 us=81850 ifconfig_ipv6_pool_defined = DISABLED
Sun Jan 24 20:20:31 2016 us=81850 ifconfig_ipv6_pool_base = ::
Sun Jan 24 20:20:31 2016 us=81850 ifconfig_ipv6_pool_netbits = 0
Sun Jan 24 20:20:31 2016 us=81850 n_bcast_buf = 256
Sun Jan 24 20:20:31 2016 us=81850 tcp_queue_limit = 64
Sun Jan 24 20:20:31 2016 us=81850 real_hash_size = 256
Sun Jan 24 20:20:31 2016 us=82351 virtual_hash_size = 256
Sun Jan 24 20:20:31 2016 us=82351 client_connect_script = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=82351 learn_address_script = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=82351 client_disconnect_script = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=82351 client_config_dir = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=82351 ccd_exclusive = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 tmp_dir = 'C:\Users\kiaunel\AppData\Local\Temp\'
Sun Jan 24 20:20:31 2016 us=82351 push_ifconfig_defined = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 push_ifconfig_local = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=82351 push_ifconfig_remote_netmask = 0.0.0.0
Sun Jan 24 20:20:31 2016 us=82351 push_ifconfig_ipv6_defined = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 push_ifconfig_ipv6_local = ::/0
Sun Jan 24 20:20:31 2016 us=82351 push_ifconfig_ipv6_remote = ::
Sun Jan 24 20:20:31 2016 us=82351 enable_c2c = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 duplicate_cn = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 cf_max = 0
Sun Jan 24 20:20:31 2016 us=82351 cf_per = 0
Sun Jan 24 20:20:31 2016 us=82351 max_clients = 1024
Sun Jan 24 20:20:31 2016 us=82351 max_routes_per_client = 256
Sun Jan 24 20:20:31 2016 us=82351 auth_user_pass_verify_script = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=82351 auth_user_pass_verify_script_via_file = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 client = ENABLED
Sun Jan 24 20:20:31 2016 us=82351 pull = ENABLED
Sun Jan 24 20:20:31 2016 us=82351 auth_user_pass_file = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=82351 show_net_up = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 route_method = 0
Sun Jan 24 20:20:31 2016 us=82351 block_outside_dns = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 ip_win32_defined = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 ip_win32_type = 3
Sun Jan 24 20:20:31 2016 us=82351 dhcp_masq_offset = 0
Sun Jan 24 20:20:31 2016 us=82351 dhcp_lease_time = 31536000
Sun Jan 24 20:20:31 2016 us=82351 tap_sleep = 0
Sun Jan 24 20:20:31 2016 us=82351 dhcp_options = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 dhcp_renew = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 dhcp_pre_release = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 dhcp_release = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 domain = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=82351 netbios_scope = '[UNDEF]'
Sun Jan 24 20:20:31 2016 us=82351 netbios_node_type = 0
Sun Jan 24 20:20:31 2016 us=82351 disable_nbt = DISABLED
Sun Jan 24 20:20:31 2016 us=82351 OpenVPN 2.3.10 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jan 4 2016
Sun Jan 24 20:20:31 2016 us=82851 Windows version 6.2 (Windows 8 or greater)
Sun Jan 24 20:20:31 2016 us=82851 library versions: OpenSSL 1.0.1q 3 Dec 2015, LZO 2.09
Enter Management Password:
Sun Jan 24 20:20:31 2016 us=82851 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Jan 24 20:20:31 2016 us=83351 Need hold release from management interface, waiting...
Sun Jan 24 20:20:31 2016 us=558936 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun Jan 24 20:20:31 2016 us=670061 MANAGEMENT: CMD 'state on'
Sun Jan 24 20:20:31 2016 us=670560 MANAGEMENT: CMD 'log all on'
Sun Jan 24 20:20:31 2016 us=825697 MANAGEMENT: CMD 'hold off'
Sun Jan 24 20:20:31 2016 us=825697 MANAGEMENT: CMD 'hold release'
Sun Jan 24 20:20:37 2016 us=124614 MANAGEMENT: CMD 'password [...]'
Sun Jan 24 20:20:37 2016 us=125117 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Jan 24 20:20:37 2016 us=134123 Control Channel MTU parms [ L:1543 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Sun Jan 24 20:20:37 2016 us=134624 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Jan 24 20:20:37 2016 us=134624 MANAGEMENT: >STATE:1453659637,RESOLVE,,,
Sun Jan 24 20:20:37 2016 us=281429 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:12 ET:0 EL:3 ]
Sun Jan 24 20:20:37 2016 us=281429 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Jan 24 20:20:37 2016 us=281429 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Jan 24 20:20:37 2016 us=281429 Local Options hash (VER=V4): 'db02a8f8'
Sun Jan 24 20:20:37 2016 us=281429 Expected Remote Options hash (VER=V4): '7e068940'
Sun Jan 24 20:20:37 2016 us=281429 Attempting to establish TCP connection with [AF_INET]89.137.228.94:1194 [nonblock]
Sun Jan 24 20:20:37 2016 us=281429 MANAGEMENT: >STATE:1453659637,TCP_CONNECT,,,
Sun Jan 24 20:20:38 2016 us=313123 TCP connection established with [AF_INET]89.137.228.94:1194
Sun Jan 24 20:20:38 2016 us=313123 TCPv4_CLIENT link local: [undef]
Sun Jan 24 20:20:38 2016 us=313623 TCPv4_CLIENT link remote: [AF_INET]89.137.228.94:1194
Sun Jan 24 20:20:38 2016 us=314122 MANAGEMENT: >STATE:1453659638,WAIT,,,
Sun Jan 24 20:20:38 2016 us=315124 MANAGEMENT: >STATE:1453659638,AUTH,,,
Sun Jan 24 20:20:38 2016 us=315630 TLS: Initial packet from [AF_INET]89.137.228.94:1194, sid=9a7e849c e3139b68
Sun Jan 24 20:20:38 2016 us=632417 Validating certificate key usage
Sun Jan 24 20:20:38 2016 us=632417 ++ Certificate has key usage 0006, expects 00a0
Sun Jan 24 20:20:38 2016 us=632417 ++ Certificate has key usage 0006, expects 0088
Sun Jan 24 20:20:38 2016 us=632417 VERIFY KU ERROR
Sun Jan 24 20:20:38 2016 us=632417 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sun Jan 24 20:20:38 2016 us=632417 TLS Error: TLS object -> incoming plaintext read error
Sun Jan 24 20:20:38 2016 us=632417 TLS Error: TLS handshake failed
Sun Jan 24 20:20:38 2016 us=632417 Fatal TLS error (check_tls_errors_co), restarting
Sun Jan 24 20:20:38 2016 us=632417 TCP/UDP: Closing socket
Sun Jan 24 20:20:38 2016 us=632417 SIGUSR1[soft,tls-error] received, process restarting
Sun Jan 24 20:20:38 2016 us=632417 MANAGEMENT: >STATE:1453659638,RECONNECTING,tls-error,,
Sun Jan 24 20:20:38 2016 us=632417 Restart pause, 5 second(s)
Sun Jan 24 20:20:43 2016 us=656149 Re-using SSL/TLS context
Sun Jan 24 20:20:43 2016 us=656657 Control Channel MTU parms [ L:1543 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Sun Jan 24 20:20:43 2016 us=657157 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Jan 24 20:20:43 2016 us=657157 MANAGEMENT: >STATE:1453659643,RESOLVE,,,
Sun Jan 24 20:20:43 2016 us=658158 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:12 ET:0 EL:3 ]
Sun Jan 24 20:20:43 2016 us=658658 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Jan 24 20:20:43 2016 us=659170 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Jan 24 20:20:43 2016 us=659664 Local Options hash (VER=V4): 'db02a8f8'
Sun Jan 24 20:20:43 2016 us=659664 Expected Remote Options hash (VER=V4): '7e068940'
Sun Jan 24 20:20:43 2016 us=659664 Attempting to establish TCP connection with [AF_INET]89.137.228.94:1194 [nonblock]
Sun Jan 24 20:20:43 2016 us=660165 MANAGEMENT: >STATE:1453659643,TCP_CONNECT,,,
Sun Jan 24 20:20:44 2016 us=672632 TCP connection established with [AF_INET]89.137.228.94:1194
Sun Jan 24 20:20:44 2016 us=673120 TCPv4_CLIENT link local: [undef]
Sun Jan 24 20:20:44 2016 us=673120 TCPv4_CLIENT link remote: [AF_INET]89.137.228.94:1194
Sun Jan 24 20:20:44 2016 us=673120 MANAGEMENT: >STATE:1453659644,WAIT,,,
Sun Jan 24 20:20:44 2016 us=674127 MANAGEMENT: >STATE:1453659644,AUTH,,,
Sun Jan 24 20:20:44 2016 us=674627 TLS: Initial packet from [AF_INET]89.137.228.94:1194, sid=156fd32f 2dee8e68
Sun Jan 24 20:20:44 2016 us=727861 Validating certificate key usage
Sun Jan 24 20:20:44 2016 us=727861 ++ Certificate has key usage 0006, expects 00a0
Sun Jan 24 20:20:44 2016 us=727861 ++ Certificate has key usage 0006, expects 0088
Sun Jan 24 20:20:44 2016 us=727861 VERIFY KU ERROR
Sun Jan 24 20:20:44 2016 us=727861 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sun Jan 24 20:20:44 2016 us=727861 TLS Error: TLS object -> incoming plaintext read error
Sun Jan 24 20:20:44 2016 us=727861 TLS Error: TLS handshake failed
Sun Jan 24 20:20:44 2016 us=727861 Fatal TLS error (check_tls_errors_co), restarting
Sun Jan 24 20:20:44 2016 us=727861 TCP/UDP: Closing socket
Sun Jan 24 20:20:44 2016 us=727861 SIGUSR1[soft,tls-error] received, process restarting
Sun Jan 24 20:20:44 2016 us=727861 MANAGEMENT: >STATE:1453659644,RECONNECTING,tls-error,,
Sun Jan 24 20:20:44 2016 us=727861 Restart pause, 5 second(s)
Sun Jan 24 20:20:49 2016 us=761155 Re-using SSL/TLS context
Sun Jan 24 20:20:49 2016 us=761664 Control Channel MTU parms [ L:1543 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Sun Jan 24 20:20:49 2016 us=761664 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Jan 24 20:20:49 2016 us=762162 MANAGEMENT: >STATE:1453659649,RESOLVE,,,
Sun Jan 24 20:20:49 2016 us=762665 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:12 ET:0 EL:3 ]
Sun Jan 24 20:20:49 2016 us=762665 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Jan 24 20:20:49 2016 us=763165 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Jan 24 20:20:49 2016 us=763165 Local Options hash (VER=V4): 'db02a8f8'
Sun Jan 24 20:20:49 2016 us=763165 Expected Remote Options hash (VER=V4): '7e068940'
Sun Jan 24 20:20:49 2016 us=763165 Attempting to establish TCP connection with [AF_INET]89.137.228.94:1194 [nonblock]
Sun Jan 24 20:20:49 2016 us=763666 MANAGEMENT: >STATE:1453659649,TCP_CONNECT,,,
Sun Jan 24 20:20:50 2016 us=777603 TCP connection established with [AF_INET]89.137.228.94:1194
Sun Jan 24 20:20:50 2016 us=778104 TCPv4_CLIENT link local: [undef]
Sun Jan 24 20:20:50 2016 us=778104 TCPv4_CLIENT link remote: [AF_INET]89.137.228.94:1194
Sun Jan 24 20:20:50 2016 us=778605 MANAGEMENT: >STATE:1453659650,WAIT,,,
Sun Jan 24 20:20:50 2016 us=779608 MANAGEMENT: >STATE:1453659650,AUTH,,,
Sun Jan 24 20:20:50 2016 us=780105 TLS: Initial packet from [AF_INET]89.137.228.94:1194, sid=e91b8bfe 5da9ee27
Sun Jan 24 20:20:50 2016 us=822462 Validating certificate key usage
Sun Jan 24 20:20:50 2016 us=822462 ++ Certificate has key usage 0006, expects 00a0
Sun Jan 24 20:20:50 2016 us=822462 ++ Certificate has key usage 0006, expects 0088
Sun Jan 24 20:20:50 2016 us=822462 VERIFY KU ERROR
Sun Jan 24 20:20:50 2016 us=822462 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sun Jan 24 20:20:50 2016 us=822462 TLS Error: TLS object -> incoming plaintext read error
Sun Jan 24 20:20:50 2016 us=822462 TLS Error: TLS handshake failed
Sun Jan 24 20:20:50 2016 us=822462 Fatal TLS error (check_tls_errors_co), restarting
Sun Jan 24 20:20:50 2016 us=822462 TCP/UDP: Closing socket
Sun Jan 24 20:20:50 2016 us=822462 SIGUSR1[soft,tls-error] received, process restarting
Sun Jan 24 20:20:50 2016 us=822462 MANAGEMENT: >STATE:1453659650,RECONNECTING,tls-error,,
Sun Jan 24 20:20:50 2016 us=822462 Restart pause, 5 second(s)
Sun Jan 24 20:20:55 2016 us=877529 Re-using SSL/TLS context
Sun Jan 24 20:20:55 2016 us=877529 Control Channel MTU parms [ L:1543 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Sun Jan 24 20:20:55 2016 us=878032 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Jan 24 20:20:55 2016 us=878530 MANAGEMENT: >STATE:1453659655,RESOLVE,,,
Sun Jan 24 20:20:55 2016 us=879528 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:12 ET:0 EL:3 ]
Sun Jan 24 20:20:55 2016 us=879528 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Jan 24 20:20:55 2016 us=880025 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Jan 24 20:20:55 2016 us=880025 Local Options hash (VER=V4): 'db02a8f8'
Sun Jan 24 20:20:55 2016 us=880025 Expected Remote Options hash (VER=V4): '7e068940'
Sun Jan 24 20:20:55 2016 us=880526 Attempting to establish TCP connection with [AF_INET]89.137.228.94:1194 [nonblock]
Sun Jan 24 20:20:55 2016 us=880526 MANAGEMENT: >STATE:1453659655,TCP_CONNECT,,,
Sun Jan 24 20:20:56 2016 us=893345 TCP connection established with [AF_INET]89.137.228.94:1194
Sun Jan 24 20:20:56 2016 us=893842 TCPv4_CLIENT link local: [undef]
Sun Jan 24 20:20:56 2016 us=893842 TCPv4_CLIENT link remote: [AF_INET]89.137.228.94:1194
Sun Jan 24 20:20:56 2016 us=894343 MANAGEMENT: >STATE:1453659656,WAIT,,,
Sun Jan 24 20:20:56 2016 us=895342 MANAGEMENT: >STATE:1453659656,AUTH,,,
Sun Jan 24 20:20:56 2016 us=895843 TLS: Initial packet from [AF_INET]89.137.228.94:1194, sid=9986814e cf7f806a
Sun Jan 24 20:20:56 2016 us=946811 Validating certificate key usage
Sun Jan 24 20:20:56 2016 us=946811 ++ Certificate has key usage 0006, expects 00a0
Sun Jan 24 20:20:56 2016 us=947301 ++ Certificate has key usage 0006, expects 0088
Sun Jan 24 20:20:56 2016 us=947301 VERIFY KU ERROR
Sun Jan 24 20:20:56 2016 us=947796 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sun Jan 24 20:20:56 2016 us=947796 TLS Error: TLS object -> incoming plaintext read error
Sun Jan 24 20:20:56 2016 us=947796 TLS Error: TLS handshake failed
Sun Jan 24 20:20:56 2016 us=948305 Fatal TLS error (check_tls_errors_co), restarting
Sun Jan 24 20:20:56 2016 us=948305 TCP/UDP: Closing socket
Sun Jan 24 20:20:56 2016 us=948305 SIGUSR1[soft,tls-error] received, process restarting
Sun Jan 24 20:20:56 2016 us=948305 MANAGEMENT: >STATE:1453659656,RECONNECTING,tls-error,,
Sun Jan 24 20:20:56 2016 us=948305 Restart pause, 5 second(s)
Sun Jan 24 20:21:01 2016 us=966630 SIGTERM[hard,init_instance] received, process exiting
Sun Jan 24 20:21:01 2016 us=966630 MANAGEMENT: >STATE:1453659661,EXITING,init_instance,,
WRWRWRRWRWRWRRWRWRWRRWRWRWRR
Microtik server configuration
[admin@MikroTik] > cert print
Flags: K - private-key, D - dsa, L - crl, C - smart-card-key, A - authority, I - issued, R - revoked, E - expired, T - trusted
# NAME COMMON-NAME SUBJECT-ALT-NAME FINGERPRINT
0 microtik fiberdatatelecom.ro email:iulian.c@fiberdatatelecom.ro
1 L T certificate-response.pem_0 fiberdatatelecom.ro DNS:fiberdatatelecom.ro b99b3a15fe14c1187543797056d2a...
2 K A T myCa myCa 30ca22675721690a47d731c946570...
3 K A T server server 7604c6b2281305afb208beb35840d...
4 K A T client1 client1 e4956724a5ec3d8b1254ceb6d1ca5...
5 K A T client2 client2 2e9e5c16bbac7bb9388cf10e02247...
[admin@MikroTik] >
I`m using Ros 6.3.33.
Thanks in advance.