Skip to content

Instantly share code, notes, and snippets.

@Demon-tk

Demon-tk/openvpn_client_log.txt Secret

Created March 8, 2021 19:33
Show Gist options
  • Save Demon-tk/c6d840328d1ac0989ee723ab50ac04be to your computer and use it in GitHub Desktop.
Save Demon-tk/c6d840328d1ac0989ee723ab50ac04be to your computer and use it in GitHub Desktop.
Download ZIP
Error log for openvpn client docker image
Raw
openvpn_client_log.txt
nate@mendeshomeserver:~/docker/openvpn$ sudo docker-compose up
WARNING: Found orphan containers (openvpn) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
openvpn-client is up-to-date
Attaching to openvpn-client
openvpn-client | + update_user_gid root openvpn
openvpn-client | + _USERNAME=root
openvpn-client | + _GROUPNAME=openvpn
openvpn-client | + _GID=
openvpn-client | + '[' -n '' ']'
openvpn-client | + update_user_uid root
openvpn-client | + _USERNAME=root
openvpn-client | + _UID=
openvpn-client | + '[' -n '' ']'
openvpn-client | + '[' vpnc-app = vpnc-app ']'
openvpn-client | + shift
openvpn-client | + /app/firewall.sh
openvpn-client | + set -e
openvpn-client | + awk '-F: ' '$0 !~ "lo|wg|tun|tap|^[^0-9]"{print $2;getline}'
openvpn-client | + read interface
openvpn-client | + cut -d@ -f1
openvpn-client | + ip link
openvpn-client | + + awk '$3 == "inet" {print $4}'
openvpn-client | ip -o addr show dev eth0
openvpn-client | + network=172.18.0.2/16
openvpn-client | + '[' -z ]
openvpn-client | + result=172.18.0.2/16
openvpn-client | + read interface
openvpn-client | + echo 172.18.0.2/16
openvpn-client | + docker_networks=172.18.0.2/16
openvpn-client | + '[' -z 172.18.0.2/16 ]
openvpn-client | + iptables -F
openvpn-client | + iptables -X
openvpn-client | + iptables -P INPUT DROP
openvpn-client | + iptables -P FORWARD DROP
openvpn-client | + iptables -P OUTPUT DROP
openvpn-client | + iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
openvpn-client | + iptables -A INPUT -i lo -j ACCEPT
openvpn-client | + iptables -A INPUT -s 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPTopenvpn-client | + iptables -A OUTPUT -o lo -j ACCEPT
openvpn-client | + iptables -A OUTPUT -d 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -o tap+ -j ACCEPT
openvpn-client | + iptables -A OUTPUT -o tun+ -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p tcp -m owner --gid-owner openvpn -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p udp -m owner --gid-owner openvpn -j ACCEPT
openvpn-client | + iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
openvpn-client | + iptables -A FORWARD -i lo -j ACCEPT
openvpn-client | + iptables -A FORWARD -d 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A FORWARD -s 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -t nat -A POSTROUTING -o tap+ -j MASQUERADE
openvpn-client | + iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
openvpn-client | + '[' -n ]
openvpn-client | + /app/firewall6.sh
openvpn-client | + set -e
openvpn-client | + ip link
openvpn-client | + + + cut -d@ -f1
openvpn-client | read interface
openvpn-client | awk '-F: ' '$0 !~ "lo|wg|tun|tap|^[^0-9]"{print $2;getline}'
openvpn-client | + ip -o addr show dev eth0
openvpn-client | + awk '$3 == "inet6" {print $4; exit}'
openvpn-client | + network=
openvpn-client | + '[' -z ]
openvpn-client | + result=
openvpn-client | + read interface
openvpn-client | + echo
openvpn-client | + docker_networks=
openvpn-client | + '[' -z ]
openvpn-client | + echo 'No inet6 network'
openvpn-client | No inet6 network
openvpn-client | + exit
openvpn-client | + /app/routing.sh
openvpn-client | + set -e
openvpn-client | + '[' -n ]
openvpn-client | + /app/routing6.sh
openvpn-client | + set -e
openvpn-client | + '[' -n ]
openvpn-client | + exec /scripts/app-entrypoint.sh /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | + set -e
openvpn-client | + : root
openvpn-client | ++ id -u
openvpn-client | ++ id -u root
openvpn-client | + [[ 0 != \0 ]]
openvpn-client | + [[ -n openvpn ]]
openvpn-client | ++ id -g
openvpn-client | ++ cut -d: ++ getent group openvpn
openvpn-client | -f3
openvpn-client | + [[ 0 != \1\0\1 ]]
openvpn-client | + '[' -n openvpn ']'
openvpn-client | + exec su-exec root:openvpn /scripts/app-entrypoint.sh /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | + set -e
openvpn-client | + : root
openvpn-client | ++ id -u
openvpn-client | ++ id -u root
openvpn-client | + [[ 0 != \0 ]]
openvpn-client | + [[ -n openvpn ]]
openvpn-client | ++ id -g
openvpn-client | ++ ++ getent group openvpn
openvpn-client | cut -d: -f3
openvpn-client | + [[ 101 != \1\0\1 ]]
openvpn-client | + exec /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | 2021-03-08 19:29:20 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
openvpn-client | 2021-03-08 19:29:20 OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
openvpn-client | 2021-03-08 19:29:20 library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10
openvpn-client | 2021-03-08 19:29:20 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn-client | 2021-03-08 19:29:20 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn-client | 2021-03-08 19:29:21 TCP/UDP: Preserving recently used remote address: [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:21 Socket Buffers: R=[212992->212992] S=[212992->212992]openvpn-client | 2021-03-08 19:29:21 UDP link local: (not bound)
openvpn-client | 2021-03-08 19:29:21 UDP link remote: [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:21 TLS: Initial packet from [AF_INET]104.254.90.250:443, sid=76f3e975 d720824b
openvpn-client | 2021-03-08 19:29:21 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
openvpn-client | 2021-03-08 19:29:21 VERIFY KU OK
openvpn-client | 2021-03-08 19:29:21 Validating certificate extended key usage
openvpn-client | 2021-03-08 19:29:21 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
openvpn-client | 2021-03-08 19:29:21 VERIFY EKU OK
openvpn-client | 2021-03-08 19:29:21 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Gorgonea, emailAddress=info@airvpn.org
openvpn-client | 2021-03-08 19:29:21 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA
openvpn-client | 2021-03-08 19:29:21 [Gorgonea] Peer Connection Initiated with [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:21 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.18.20.1,dhcp-option DNS6 fde6:7a:7d20:e14::1,tun-ipv6,route-gateway 10.18.20.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:e14::1024/64 fde6:7a:7d20:e14::1,ifconfig 10.18.20.38 255.255.255.0,peer-id 8,cipher AES-256-GCM'
openvpn-client | 2021-03-08 19:29:21 OPTIONS IMPORT: timers and/or timeouts modified
openvpn-client | 2021-03-08 19:29:21 OPTIONS IMPORT: compression parms modified
openvpn-client | 2021-03-08 19:29:21 OPTIONS IMPORT: --ifconfig/up options modified
openvpn-client | 2021-03-08 19:29:21 OPTIONS IMPORT: route options modified
openvpn-client | 2021-03-08 19:29:21 OPTIONS IMPORT: route-related options modified
openvpn-client | 2021-03-08 19:29:21 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
openvpn-client | 2021-03-08 19:29:21 OPTIONS IMPORT: peer-id set
openvpn-client | 2021-03-08 19:29:21 OPTIONS IMPORT: adjusting link_mtu to 1625
openvpn-client | 2021-03-08 19:29:21 OPTIONS IMPORT: data channel crypto options modified
openvpn-client | 2021-03-08 19:29:21 Data Channel: using negotiated cipher 'AES-256-GCM'
openvpn-client | 2021-03-08 19:29:21 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2021-03-08 19:29:21 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2021-03-08 19:29:21 ROUTE_GATEWAY 172.18.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:12:00:02
openvpn-client | 2021-03-08 19:29:21 GDG6: remote_host_ipv6=n/a
openvpn-client | 2021-03-08 19:29:21 net_route_v6_best_gw query: dst ::
openvpn-client | 2021-03-08 19:29:21 sitnl_send: rtnl: generic error (-101): Network unreachable
openvpn-client | 2021-03-08 19:29:21 ROUTE6: default_gateway=UNDEF
openvpn-client | 2021-03-08 19:29:21 TUN/TAP device tun0 opened
openvpn-client | 2021-03-08 19:29:21 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2021-03-08 19:29:21 /sbin/ip link set dev tun0 up
openvpn-client | 2021-03-08 19:29:21 /sbin/ip addr add dev tun0 10.18.20.38/24
openvpn-client | 2021-03-08 19:29:21 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2021-03-08 19:29:21 /sbin/ip link set dev tun0 up
openvpn-client | 2021-03-08 19:29:21 /sbin/ip -6 addr add fde6:7a:7d20:e14::1024/64 dev tun0
openvpn-client | RTNETLINK answers: Permission denied
openvpn-client | 2021-03-08 19:29:21 Linux ip -6 addr add failed: external program exited with error status: 2
openvpn-client | 2021-03-08 19:29:21 Exiting due to fatal error
openvpn-client | + update_user_gid root openvpn
openvpn-client | + _USERNAME=root
openvpn-client | + _GROUPNAME=openvpn
openvpn-client | + _GID=
openvpn-client | + '[' -n '' ']'
openvpn-client | + update_user_uid root
openvpn-client | + _USERNAME=root
openvpn-client | + _UID=
openvpn-client | + '[' -n '' ']'
openvpn-client | + '[' vpnc-app = vpnc-app ']'
openvpn-client | + shift
openvpn-client | + /app/firewall.sh
openvpn-client | + set -e
openvpn-client | + read interface
openvpn-client | + awk '-F: ' '$0 !~ "lo|wg|tun|tap|^[^0-9]"{print $2;getline}'
openvpn-client | + cut -d@ -f1
openvpn-client | + ip link
openvpn-client | + awk '$3 == "inet" {print $4}'
openvpn-client | + ip -o addr show dev eth0
openvpn-client | + network=172.18.0.2/16
openvpn-client | + '[' -z ]
openvpn-client | + result=172.18.0.2/16
openvpn-client | + read interface
openvpn-client | + echo 172.18.0.2/16
openvpn-client | + docker_networks=172.18.0.2/16
openvpn-client | + '[' -z 172.18.0.2/16 ]
openvpn-client | + iptables -F
openvpn-client | + iptables -X
openvpn-client | + iptables -P INPUT DROP
openvpn-client | + iptables -P FORWARD DROP
openvpn-client | + iptables -P OUTPUT DROP
openvpn-client | + iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
openvpn-client | + iptables -A INPUT -i lo -j ACCEPT
openvpn-client | + iptables -A INPUT -s 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPTopenvpn-client | + iptables -A OUTPUT -o lo -j ACCEPT
openvpn-client | + iptables -A OUTPUT -d 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -o tap+ -j ACCEPT
openvpn-client | + iptables -A OUTPUT -o tun+ -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p tcp -m owner --gid-owner openvpn -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p udp -m owner --gid-owner openvpn -j ACCEPT
openvpn-client | + iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
openvpn-client | + iptables -A FORWARD -i lo -j ACCEPT
openvpn-client | + iptables -A FORWARD -d 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A FORWARD -s 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -t nat -A POSTROUTING -o tap+ -j MASQUERADE
openvpn-client | + iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
openvpn-client | + '[' -n ]
openvpn-client | + /app/firewall6.sh
openvpn-client | + set -e
openvpn-client | + ip link
openvpn-client | + read interface
openvpn-client | + cut -d@ -f1
openvpn-client | + awk '-F: ' '$0 !~ "lo|wg|tun|tap|^[^0-9]"{print $2;getline}'
openvpn-client | + ip -o addr show dev eth0
openvpn-client | + awk '$3 == "inet6" {print $4; exit}'
openvpn-client | + network=
openvpn-client | + '[' -z ]
openvpn-client | + result=
openvpn-client | + read interface
openvpn-client | + echo
openvpn-client | + docker_networks=
openvpn-client | + '[' -z ]
openvpn-client | + echo 'No inet6 network'
openvpn-client | No inet6 network
openvpn-client | + exit
openvpn-client | + /app/routing.sh
openvpn-client | + set -e
openvpn-client | + '[' -n ]
openvpn-client | + /app/routing6.sh
openvpn-client | + set -e
openvpn-client | + '[' -n ]
openvpn-client | + exec /scripts/app-entrypoint.sh /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | + set -e
openvpn-client | + : root
openvpn-client | ++ id -u
openvpn-client | ++ id -u root
openvpn-client | + [[ 0 != \0 ]]
openvpn-client | + [[ -n openvpn ]]
openvpn-client | ++ id -g
openvpn-client | ++ getent group openvpn
openvpn-client | ++ cut -d: -f3
openvpn-client | + [[ 0 != \1\0\1 ]]
openvpn-client | + '[' -n openvpn ']'
openvpn-client | + exec su-exec root:openvpn /scripts/app-entrypoint.sh /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | + set -e
openvpn-client | + : root
openvpn-client | ++ id -u
openvpn-client | ++ id -u root
openvpn-client | + [[ 0 != \0 ]]
openvpn-client | + [[ -n openvpn ]]
openvpn-client | ++ id -g
openvpn-client | ++ cut -d: -f3
openvpn-client | ++ getent group openvpn
openvpn-client | + [[ 101 != \1\0\1 ]]
openvpn-client | + exec /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | 2021-03-08 19:29:24 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
openvpn-client | 2021-03-08 19:29:24 OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
openvpn-client | 2021-03-08 19:29:24 library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10
openvpn-client | 2021-03-08 19:29:24 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn-client | 2021-03-08 19:29:24 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn-client | 2021-03-08 19:29:24 TCP/UDP: Preserving recently used remote address: [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:24 Socket Buffers: R=[212992->212992] S=[212992->212992]openvpn-client | 2021-03-08 19:29:24 UDP link local: (not bound)
openvpn-client | 2021-03-08 19:29:24 UDP link remote: [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:24 TLS: Initial packet from [AF_INET]104.254.90.250:443, sid=e1f6bba9 d6b4877c
openvpn-client | 2021-03-08 19:29:24 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
openvpn-client | 2021-03-08 19:29:24 VERIFY KU OK
openvpn-client | 2021-03-08 19:29:24 Validating certificate extended key usage
openvpn-client | 2021-03-08 19:29:24 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
openvpn-client | 2021-03-08 19:29:24 VERIFY EKU OK
openvpn-client | 2021-03-08 19:29:24 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Gorgonea, emailAddress=info@airvpn.org
openvpn-client | 2021-03-08 19:29:24 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA
openvpn-client | 2021-03-08 19:29:24 [Gorgonea] Peer Connection Initiated with [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:25 SENT CONTROL [Gorgonea]: 'PUSH_REQUEST' (status=1)
openvpn-client | 2021-03-08 19:29:25 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.18.20.1,dhcp-option DNS6 fde6:7a:7d20:e14::1,tun-ipv6,route-gateway 10.18.20.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:e14::1024/64 fde6:7a:7d20:e14::1,ifconfig 10.18.20.38 255.255.255.0,peer-id 9,cipher AES-256-GCM'
openvpn-client | 2021-03-08 19:29:25 OPTIONS IMPORT: timers and/or timeouts modified
openvpn-client | 2021-03-08 19:29:25 OPTIONS IMPORT: compression parms modified
openvpn-client | 2021-03-08 19:29:25 OPTIONS IMPORT: --ifconfig/up options modified
openvpn-client | 2021-03-08 19:29:25 OPTIONS IMPORT: route options modified
openvpn-client | 2021-03-08 19:29:25 OPTIONS IMPORT: route-related options modified
openvpn-client | 2021-03-08 19:29:25 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
openvpn-client | 2021-03-08 19:29:25 OPTIONS IMPORT: peer-id set
openvpn-client | 2021-03-08 19:29:25 OPTIONS IMPORT: adjusting link_mtu to 1625
openvpn-client | 2021-03-08 19:29:25 OPTIONS IMPORT: data channel crypto options modified
openvpn-client | 2021-03-08 19:29:25 Data Channel: using negotiated cipher 'AES-256-GCM'
openvpn-client | 2021-03-08 19:29:25 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2021-03-08 19:29:25 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2021-03-08 19:29:25 ROUTE_GATEWAY 172.18.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:12:00:02
openvpn-client | 2021-03-08 19:29:25 GDG6: remote_host_ipv6=n/a
openvpn-client | 2021-03-08 19:29:25 net_route_v6_best_gw query: dst ::
openvpn-client | 2021-03-08 19:29:25 sitnl_send: rtnl: generic error (-101): Network unreachable
openvpn-client | 2021-03-08 19:29:25 ROUTE6: default_gateway=UNDEF
openvpn-client | 2021-03-08 19:29:25 TUN/TAP device tun0 opened
openvpn-client | 2021-03-08 19:29:25 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2021-03-08 19:29:25 /sbin/ip link set dev tun0 up
openvpn-client | 2021-03-08 19:29:25 /sbin/ip addr add dev tun0 10.18.20.38/24
openvpn-client | 2021-03-08 19:29:25 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2021-03-08 19:29:25 /sbin/ip link set dev tun0 up
openvpn-client | 2021-03-08 19:29:25 /sbin/ip -6 addr add fde6:7a:7d20:e14::1024/64 dev tun0
openvpn-client | RTNETLINK answers: Permission denied
openvpn-client | 2021-03-08 19:29:25 Linux ip -6 addr add failed: external program exited with error status: 2
openvpn-client | 2021-03-08 19:29:25 Exiting due to fatal error
openvpn-client | + update_user_gid root openvpn
openvpn-client | + _USERNAME=root
openvpn-client | + _GROUPNAME=openvpn
openvpn-client | + _GID=
openvpn-client | + '[' -n '' ']'
openvpn-client | + update_user_uid root
openvpn-client | + _USERNAME=root
openvpn-client | + _UID=
openvpn-client | + '[' -n '' ']'
openvpn-client | + '[' vpnc-app = vpnc-app ']'
openvpn-client | + shift
openvpn-client | + /app/firewall.sh
openvpn-client | + set -e
openvpn-client | + cut -d@ -f1
openvpn-client | + read interface
openvpn-client | + ip link
openvpn-client | + awk '-F: ' '$0 !~ "lo|wg|tun|tap|^[^0-9]"{print $2;getline}'
openvpn-client | + ip -o addr show dev eth0
openvpn-client | + awk '$3 == "inet" {print $4}'
openvpn-client | + network=172.18.0.2/16
openvpn-client | + '[' -z ]
openvpn-client | + result=172.18.0.2/16
openvpn-client | + read interface
openvpn-client | + echo 172.18.0.2/16
openvpn-client | + docker_networks=172.18.0.2/16
openvpn-client | + '[' -z 172.18.0.2/16 ]
openvpn-client | + iptables -F
openvpn-client | + iptables -X
openvpn-client | + iptables -P INPUT DROP
openvpn-client | + iptables -P FORWARD DROP
openvpn-client | + iptables -P OUTPUT DROP
openvpn-client | + iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
openvpn-client | + iptables -A INPUT -i lo -j ACCEPT
openvpn-client | + iptables -A INPUT -s 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPTopenvpn-client | + iptables -A OUTPUT -o lo -j ACCEPT
openvpn-client | + iptables -A OUTPUT -d 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -o tap+ -j ACCEPT
openvpn-client | + iptables -A OUTPUT -o tun+ -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p tcp -m owner --gid-owner openvpn -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p udp -m owner --gid-owner openvpn -j ACCEPT
openvpn-client | + iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
openvpn-client | + iptables -A FORWARD -i lo -j ACCEPT
openvpn-client | + iptables -A FORWARD -d 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A FORWARD -s 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -t nat -A POSTROUTING -o tap+ -j MASQUERADE
openvpn-client | + iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
openvpn-client | + '[' -n ]
openvpn-client | + /app/firewall6.sh
openvpn-client | + set -e
openvpn-client | + ip link+ read interface
openvpn-client | + awk '-F: ' '$0 !~ "lo|wg|tun|tap|^[^0-9]"{print $2;getline}'
openvpn-client |
openvpn-client | + cut -d@ -f1
openvpn-client | + ip -o addr show+ dev eth0
openvpn-client | awk '$3 == "inet6" {print $4; exit}'
openvpn-client | + network=
openvpn-client | + '[' -z ]
openvpn-client | + result=
openvpn-client | + read interface
openvpn-client | + echo
openvpn-client | + docker_networks=
openvpn-client | + '[' -z ]
openvpn-client | + echo 'No inet6 network'
openvpn-client | No inet6 network
openvpn-client | + exit
openvpn-client | + /app/routing.sh
openvpn-client | + set -e
openvpn-client | + '[' -n ]
openvpn-client | + /app/routing6.sh
openvpn-client | + set -e
openvpn-client | + '[' -n ]
openvpn-client | + exec /scripts/app-entrypoint.sh /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | + set -e
openvpn-client | + : root
openvpn-client | ++ id -u
openvpn-client | ++ id -u root
openvpn-client | + [[ 0 != \0 ]]
openvpn-client | + [[ -n openvpn ]]
openvpn-client | ++ id -g
openvpn-client | ++ getent group ++ cut -d: -f3
openvpn-client | openvpn
openvpn-client | + [[ 0 != \1\0\1 ]]
openvpn-client | + '[' -n openvpn ']'
openvpn-client | + exec su-exec root:openvpn /scripts/app-entrypoint.sh /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | + set -e
openvpn-client | + : root
openvpn-client | ++ id -u
openvpn-client | ++ id -u root
openvpn-client | + [[ 0 != \0 ]]
openvpn-client | + [[ -n openvpn ]]
openvpn-client | ++ id -g
openvpn-client | ++ cut -d: -f3
openvpn-client | ++ getent group openvpn
openvpn-client | + [[ 101 != \1\0\1 ]]
openvpn-client | + exec /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | 2021-03-08 19:29:29 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
openvpn-client | 2021-03-08 19:29:29 OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
openvpn-client | 2021-03-08 19:29:29 library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10
openvpn-client | 2021-03-08 19:29:29 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn-client | 2021-03-08 19:29:29 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn-client | 2021-03-08 19:29:29 TCP/UDP: Preserving recently used remote address: [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:29 Socket Buffers: R=[212992->212992] S=[212992->212992]openvpn-client | 2021-03-08 19:29:29 UDP link local: (not bound)
openvpn-client | 2021-03-08 19:29:29 UDP link remote: [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:29 TLS: Initial packet from [AF_INET]104.254.90.250:443, sid=9bfffc7e 1f012327
openvpn-client | 2021-03-08 19:29:29 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
openvpn-client | 2021-03-08 19:29:29 VERIFY KU OK
openvpn-client | 2021-03-08 19:29:29 Validating certificate extended key usage
openvpn-client | 2021-03-08 19:29:29 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
openvpn-client | 2021-03-08 19:29:29 VERIFY EKU OK
openvpn-client | 2021-03-08 19:29:29 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Gorgonea, emailAddress=info@airvpn.org
openvpn-client | 2021-03-08 19:29:29 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA
openvpn-client | 2021-03-08 19:29:29 [Gorgonea] Peer Connection Initiated with [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:30 SENT CONTROL [Gorgonea]: 'PUSH_REQUEST' (status=1)
openvpn-client | 2021-03-08 19:29:30 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.18.20.1,dhcp-option DNS6 fde6:7a:7d20:e14::1,tun-ipv6,route-gateway 10.18.20.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:e14::1024/64 fde6:7a:7d20:e14::1,ifconfig 10.18.20.38 255.255.255.0,peer-id 7,cipher AES-256-GCM'
openvpn-client | 2021-03-08 19:29:30 OPTIONS IMPORT: timers and/or timeouts modified
openvpn-client | 2021-03-08 19:29:30 OPTIONS IMPORT: compression parms modified
openvpn-client | 2021-03-08 19:29:30 OPTIONS IMPORT: --ifconfig/up options modified
openvpn-client | 2021-03-08 19:29:30 OPTIONS IMPORT: route options modified
openvpn-client | 2021-03-08 19:29:30 OPTIONS IMPORT: route-related options modified
openvpn-client | 2021-03-08 19:29:30 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
openvpn-client | 2021-03-08 19:29:30 OPTIONS IMPORT: peer-id set
openvpn-client | 2021-03-08 19:29:30 OPTIONS IMPORT: adjusting link_mtu to 1625
openvpn-client | 2021-03-08 19:29:30 OPTIONS IMPORT: data channel crypto options modified
openvpn-client | 2021-03-08 19:29:30 Data Channel: using negotiated cipher 'AES-256-GCM'
openvpn-client | 2021-03-08 19:29:30 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2021-03-08 19:29:30 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2021-03-08 19:29:30 ROUTE_GATEWAY 172.18.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:12:00:02
openvpn-client | 2021-03-08 19:29:30 GDG6: remote_host_ipv6=n/a
openvpn-client | 2021-03-08 19:29:30 net_route_v6_best_gw query: dst ::
openvpn-client | 2021-03-08 19:29:30 sitnl_send: rtnl: generic error (-101): Network unreachable
openvpn-client | 2021-03-08 19:29:30 ROUTE6: default_gateway=UNDEF
openvpn-client | 2021-03-08 19:29:30 TUN/TAP device tun0 opened
openvpn-client | 2021-03-08 19:29:30 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2021-03-08 19:29:30 /sbin/ip link set dev tun0 up
openvpn-client | 2021-03-08 19:29:30 /sbin/ip addr add dev tun0 10.18.20.38/24
openvpn-client | 2021-03-08 19:29:30 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2021-03-08 19:29:30 /sbin/ip link set dev tun0 up
openvpn-client | 2021-03-08 19:29:30 /sbin/ip -6 addr add fde6:7a:7d20:e14::1024/64 dev tun0
openvpn-client | RTNETLINK answers: Permission denied
openvpn-client | 2021-03-08 19:29:30 Linux ip -6 addr add failed: external program exited with error status: 2
openvpn-client | 2021-03-08 19:29:30 Exiting due to fatal error
openvpn-client | + update_user_gid root openvpn
openvpn-client | + _USERNAME=root
openvpn-client | + _GROUPNAME=openvpn
openvpn-client | + _GID=
openvpn-client | + '[' -n '' ']'
openvpn-client | + update_user_uid root
openvpn-client | + _USERNAME=root
openvpn-client | + _UID=
openvpn-client | + '[' -n '' ']'
openvpn-client | + '[' vpnc-app = vpnc-app ']'
openvpn-client | + shift
openvpn-client | + /app/firewall.sh
openvpn-client | + set -e
openvpn-client | + ip link
openvpn-client | + read interface
openvpn-client | + cut -d@ -f1
openvpn-client | + awk '-F: ' '$0 !~ "lo|wg|tun|tap|^[^0-9]"{print $2;getline}'
openvpn-client | + awk '$3 == "inet" {print $4}'
openvpn-client | + ip -o addr show dev eth0
openvpn-client | + network=172.18.0.2/16
openvpn-client | + '[' -z ]
openvpn-client | + result=172.18.0.2/16
openvpn-client | + read interface
openvpn-client | + echo 172.18.0.2/16
openvpn-client | + docker_networks=172.18.0.2/16
openvpn-client | + '[' -z 172.18.0.2/16 ]
openvpn-client | + iptables -F
openvpn-client | + iptables -X
openvpn-client | + iptables -P INPUT DROP
openvpn-client | + iptables -P FORWARD DROP
openvpn-client | + iptables -P OUTPUT DROP
openvpn-client | + iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
openvpn-client | + iptables -A INPUT -i lo -j ACCEPT
openvpn-client | + iptables -A INPUT -s 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPTopenvpn-client | + iptables -A OUTPUT -o lo -j ACCEPT
openvpn-client | + iptables -A OUTPUT -d 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -o tap+ -j ACCEPT
openvpn-client | + iptables -A OUTPUT -o tun+ -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p tcp -m owner --gid-owner openvpn -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p udp -m owner --gid-owner openvpn -j ACCEPT
openvpn-client | + iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
openvpn-client | + iptables -A FORWARD -i lo -j ACCEPT
openvpn-client | + iptables -A FORWARD -d 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A FORWARD -s 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -t nat -A POSTROUTING -o tap+ -j MASQUERADE
openvpn-client | + iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
openvpn-client | + '[' -n ]
openvpn-client | + /app/firewall6.sh
openvpn-client | + set -e
openvpn-client | + ip link
openvpn-client | + read interface
openvpn-client | + + cut -d@ -f1
openvpn-client | awk '-F: ' '$0 !~ "lo|wg|tun|tap|^[^0-9]"{print $2;getline}'
openvpn-client | + ip -o addr show dev eth0
openvpn-client | + awk '$3 == "inet6" {print $4; exit}'
openvpn-client | + network=
openvpn-client | + '[' -z ]
openvpn-client | + result=
openvpn-client | + read interface
openvpn-client | + echo
openvpn-client | + docker_networks=
openvpn-client | + '[' -z ]
openvpn-client | + echo 'No inet6 network'
openvpn-client | No inet6 network
openvpn-client | + exit
openvpn-client | + /app/routing.sh
openvpn-client | + set -e
openvpn-client | + '[' -n ]
openvpn-client | + /app/routing6.sh
openvpn-client | + set -e
openvpn-client | + '[' -n ]
openvpn-client | + exec /scripts/app-entrypoint.sh /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | + set -e
openvpn-client | + : root
openvpn-client | ++ id -u
openvpn-client | ++ id -u root
openvpn-client | + [[ 0 != \0 ]]
openvpn-client | + [[ -n openvpn ]]
openvpn-client | ++ id -g
openvpn-client | ++ getent ++ cut -d: -f3
openvpn-client | group openvpn
openvpn-client | + [[ 0 != \1\0\1 ]]
openvpn-client | + '[' -n openvpn ']'
openvpn-client | + exec su-exec root:openvpn /scripts/app-entrypoint.sh /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | + set -e
openvpn-client | + : root
openvpn-client | ++ id -u
openvpn-client | ++ id -u root
openvpn-client | + [[ 0 != \0 ]]
openvpn-client | + [[ -n openvpn ]]
openvpn-client | ++ id -g
openvpn-client | ++ ++ cut getent group -d: -f3openvpn
openvpn-client |
openvpn-client | + [[ 101 != \1\0\1 ]]
openvpn-client | + exec /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | 2021-03-08 19:29:33 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
openvpn-client | 2021-03-08 19:29:33 OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
openvpn-client | 2021-03-08 19:29:33 library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10
openvpn-client | 2021-03-08 19:29:33 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn-client | 2021-03-08 19:29:33 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn-client | 2021-03-08 19:29:33 TCP/UDP: Preserving recently used remote address: [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:33 Socket Buffers: R=[212992->212992] S=[212992->212992]openvpn-client | 2021-03-08 19:29:33 UDP link local: (not bound)
openvpn-client | 2021-03-08 19:29:33 UDP link remote: [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:33 TLS: Initial packet from [AF_INET]104.254.90.250:443, sid=008cc616 66c692f5
openvpn-client | 2021-03-08 19:29:33 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
openvpn-client | 2021-03-08 19:29:33 VERIFY KU OK
openvpn-client | 2021-03-08 19:29:33 Validating certificate extended key usage
openvpn-client | 2021-03-08 19:29:33 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
openvpn-client | 2021-03-08 19:29:33 VERIFY EKU OK
openvpn-client | 2021-03-08 19:29:33 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Gorgonea, emailAddress=info@airvpn.org
openvpn-client | 2021-03-08 19:29:33 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA
openvpn-client | 2021-03-08 19:29:33 [Gorgonea] Peer Connection Initiated with [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:34 SENT CONTROL [Gorgonea]: 'PUSH_REQUEST' (status=1)
openvpn-client | 2021-03-08 19:29:34 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.18.20.1,dhcp-option DNS6 fde6:7a:7d20:e14::1,tun-ipv6,route-gateway 10.18.20.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:e14::1024/64 fde6:7a:7d20:e14::1,ifconfig 10.18.20.38 255.255.255.0,peer-id 9,cipher AES-256-GCM'
openvpn-client | 2021-03-08 19:29:34 OPTIONS IMPORT: timers and/or timeouts modified
openvpn-client | 2021-03-08 19:29:34 OPTIONS IMPORT: compression parms modified
openvpn-client | 2021-03-08 19:29:34 OPTIONS IMPORT: --ifconfig/up options modified
openvpn-client | 2021-03-08 19:29:34 OPTIONS IMPORT: route options modified
openvpn-client | 2021-03-08 19:29:34 OPTIONS IMPORT: route-related options modified
openvpn-client | 2021-03-08 19:29:34 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
openvpn-client | 2021-03-08 19:29:34 OPTIONS IMPORT: peer-id set
openvpn-client | 2021-03-08 19:29:34 OPTIONS IMPORT: adjusting link_mtu to 1625
openvpn-client | 2021-03-08 19:29:34 OPTIONS IMPORT: data channel crypto options modified
openvpn-client | 2021-03-08 19:29:34 Data Channel: using negotiated cipher 'AES-256-GCM'
openvpn-client | 2021-03-08 19:29:34 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2021-03-08 19:29:34 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2021-03-08 19:29:34 ROUTE_GATEWAY 172.18.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:12:00:02
openvpn-client | 2021-03-08 19:29:34 GDG6: remote_host_ipv6=n/a
openvpn-client | 2021-03-08 19:29:34 net_route_v6_best_gw query: dst ::
openvpn-client | 2021-03-08 19:29:34 sitnl_send: rtnl: generic error (-101): Network unreachable
openvpn-client | 2021-03-08 19:29:34 ROUTE6: default_gateway=UNDEF
openvpn-client | 2021-03-08 19:29:34 TUN/TAP device tun0 opened
openvpn-client | 2021-03-08 19:29:34 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2021-03-08 19:29:34 /sbin/ip link set dev tun0 up
openvpn-client | 2021-03-08 19:29:34 /sbin/ip addr add dev tun0 10.18.20.38/24
openvpn-client | 2021-03-08 19:29:34 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2021-03-08 19:29:34 /sbin/ip link set dev tun0 up
openvpn-client | 2021-03-08 19:29:34 /sbin/ip -6 addr add fde6:7a:7d20:e14::1024/64 dev tun0
openvpn-client | RTNETLINK answers: Permission denied
openvpn-client | 2021-03-08 19:29:34 Linux ip -6 addr add failed: external program exited with error status: 2
openvpn-client | 2021-03-08 19:29:34 Exiting due to fatal error
openvpn-client | + update_user_gid root openvpn
openvpn-client | + _USERNAME=root
openvpn-client | + _GROUPNAME=openvpn
openvpn-client | + _GID=
openvpn-client | + '[' -n '' ']'
openvpn-client | + update_user_uid root
openvpn-client | + _USERNAME=root
openvpn-client | + _UID=
openvpn-client | + '[' -n '' ']'
openvpn-client | + '[' vpnc-app = vpnc-app ']'
openvpn-client | + shift
openvpn-client | + /app/firewall.sh
openvpn-client | + set -e
openvpn-client | + awk '-F: ' '$0 !~ "lo|wg|tun|tap|^[^0-9]"{print $2;getline}'
openvpn-client | + ip link
openvpn-client | + cut -d@ -f1
openvpn-client | + read interface
openvpn-client | + awk '$3 == "inet" {print $4}'
openvpn-client | + ip -o addr show dev eth0
openvpn-client | + network=172.18.0.2/16
openvpn-client | + '[' -z ]
openvpn-client | + result=172.18.0.2/16
openvpn-client | + read interface
openvpn-client | + echo 172.18.0.2/16
openvpn-client | + docker_networks=172.18.0.2/16
openvpn-client | + '[' -z 172.18.0.2/16 ]
openvpn-client | + iptables -F
openvpn-client | + iptables -X
openvpn-client | + iptables -P INPUT DROP
openvpn-client | + iptables -P FORWARD DROP
openvpn-client | + iptables -P OUTPUT DROP
openvpn-client | + iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
openvpn-client | + iptables -A INPUT -i lo -j ACCEPT
openvpn-client | + iptables -A INPUT -s 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPTopenvpn-client | + iptables -A OUTPUT -o lo -j ACCEPT
openvpn-client | + iptables -A OUTPUT -d 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -o tap+ -j ACCEPT
openvpn-client | + iptables -A OUTPUT -o tun+ -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p tcp -m owner --gid-owner openvpn -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p udp -m owner --gid-owner openvpn -j ACCEPT
openvpn-client | + iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
openvpn-client | + iptables -A FORWARD -i lo -j ACCEPT
openvpn-client | + iptables -A FORWARD -d 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A FORWARD -s 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -t nat -A POSTROUTING -o tap+ -j MASQUERADE
openvpn-client | + iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
openvpn-client | + '[' -n ]
openvpn-client | + /app/firewall6.sh
openvpn-client | + set -e
openvpn-client | + ip link
openvpn-client | + read interface
openvpn-client | + awk '-F: ' '$0 !~ "lo|wg|tun|tap|^[^0-9]"{print $2;getline}'+ cut -d@ -f1
openvpn-client |
openvpn-client | + ip -o addr show dev eth0
openvpn-client | + awk '$3 == "inet6" {print $4; exit}'
openvpn-client | + network=
openvpn-client | + '[' -z ]
openvpn-client | + result=
openvpn-client | + read interface
openvpn-client | + echo
openvpn-client | + docker_networks=
openvpn-client | + '[' -z ]
openvpn-client | + echo 'No inet6 network'
openvpn-client | No inet6 network
openvpn-client | + exit
openvpn-client | + /app/routing.sh
openvpn-client | + set -e
openvpn-client | + '[' -n ]
openvpn-client | + /app/routing6.sh
openvpn-client | + set -e
openvpn-client | + '[' -n ]
openvpn-client | + exec /scripts/app-entrypoint.sh /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | + set -e
openvpn-client | + : root
openvpn-client | ++ id -u
openvpn-client | ++ id -u root
openvpn-client | + [[ 0 != \0 ]]
openvpn-client | + [[ -n openvpn ]]
openvpn-client | ++ id -g
openvpn-client | ++ getent group openvpn
openvpn-client | ++ cut -d: -f3
openvpn-client | + [[ 0 != \1\0\1 ]]
openvpn-client | + '[' -n openvpn ']'
openvpn-client | + exec su-exec root:openvpn /scripts/app-entrypoint.sh /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | + set -e
openvpn-client | + : root
openvpn-client | ++ id -u
openvpn-client | ++ id -u root
openvpn-client | + [[ 0 != \0 ]]
openvpn-client | + [[ -n openvpn ]]
openvpn-client | ++ id -g
openvpn-client | ++ getent ++ cut -d: -f3
openvpn-client | group openvpn
openvpn-client | + [[ 101 != \1\0\1 ]]
openvpn-client | + exec /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | 2021-03-08 19:29:37 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
openvpn-client | 2021-03-08 19:29:37 OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
openvpn-client | 2021-03-08 19:29:37 library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10
openvpn-client | 2021-03-08 19:29:37 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn-client | 2021-03-08 19:29:37 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn-client | 2021-03-08 19:29:37 TCP/UDP: Preserving recently used remote address: [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:37 Socket Buffers: R=[212992->212992] S=[212992->212992]openvpn-client | 2021-03-08 19:29:37 UDP link local: (not bound)
openvpn-client | 2021-03-08 19:29:37 UDP link remote: [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:37 TLS: Initial packet from [AF_INET]104.254.90.250:443, sid=77a2b870 26a04189
openvpn-client | 2021-03-08 19:29:37 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
openvpn-client | 2021-03-08 19:29:37 VERIFY KU OK
openvpn-client | 2021-03-08 19:29:37 Validating certificate extended key usage
openvpn-client | 2021-03-08 19:29:37 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
openvpn-client | 2021-03-08 19:29:37 VERIFY EKU OK
openvpn-client | 2021-03-08 19:29:37 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Gorgonea, emailAddress=info@airvpn.org
openvpn-client | 2021-03-08 19:29:37 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA
openvpn-client | 2021-03-08 19:29:37 [Gorgonea] Peer Connection Initiated with [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:38 SENT CONTROL [Gorgonea]: 'PUSH_REQUEST' (status=1)
openvpn-client | 2021-03-08 19:29:38 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.18.20.1,dhcp-option DNS6 fde6:7a:7d20:e14::1,tun-ipv6,route-gateway 10.18.20.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:e14::1024/64 fde6:7a:7d20:e14::1,ifconfig 10.18.20.38 255.255.255.0,peer-id 7,cipher AES-256-GCM'
openvpn-client | 2021-03-08 19:29:38 OPTIONS IMPORT: timers and/or timeouts modified
openvpn-client | 2021-03-08 19:29:38 OPTIONS IMPORT: compression parms modified
openvpn-client | 2021-03-08 19:29:38 OPTIONS IMPORT: --ifconfig/up options modified
openvpn-client | 2021-03-08 19:29:38 OPTIONS IMPORT: route options modified
openvpn-client | 2021-03-08 19:29:38 OPTIONS IMPORT: route-related options modified
openvpn-client | 2021-03-08 19:29:38 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
openvpn-client | 2021-03-08 19:29:38 OPTIONS IMPORT: peer-id set
openvpn-client | 2021-03-08 19:29:38 OPTIONS IMPORT: adjusting link_mtu to 1625
openvpn-client | 2021-03-08 19:29:38 OPTIONS IMPORT: data channel crypto options modified
openvpn-client | 2021-03-08 19:29:38 Data Channel: using negotiated cipher 'AES-256-GCM'
openvpn-client | 2021-03-08 19:29:38 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2021-03-08 19:29:38 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2021-03-08 19:29:38 ROUTE_GATEWAY 172.18.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:12:00:02
openvpn-client | 2021-03-08 19:29:38 GDG6: remote_host_ipv6=n/a
openvpn-client | 2021-03-08 19:29:38 net_route_v6_best_gw query: dst ::
openvpn-client | 2021-03-08 19:29:38 sitnl_send: rtnl: generic error (-101): Network unreachable
openvpn-client | 2021-03-08 19:29:38 ROUTE6: default_gateway=UNDEF
openvpn-client | 2021-03-08 19:29:38 TUN/TAP device tun0 opened
openvpn-client | 2021-03-08 19:29:38 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2021-03-08 19:29:38 /sbin/ip link set dev tun0 up
openvpn-client | 2021-03-08 19:29:38 /sbin/ip addr add dev tun0 10.18.20.38/24
openvpn-client | 2021-03-08 19:29:38 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2021-03-08 19:29:38 /sbin/ip link set dev tun0 up
openvpn-client | 2021-03-08 19:29:38 /sbin/ip -6 addr add fde6:7a:7d20:e14::1024/64 dev tun0
openvpn-client | RTNETLINK answers: Permission denied
openvpn-client | 2021-03-08 19:29:38 Linux ip -6 addr add failed: external program exited with error status: 2
openvpn-client | 2021-03-08 19:29:38 Exiting due to fatal error
openvpn-client | + update_user_gid root openvpn
openvpn-client | + _USERNAME=root
openvpn-client | + _GROUPNAME=openvpn
openvpn-client | + _GID=
openvpn-client | + '[' -n '' ']'
openvpn-client | + update_user_uid root
openvpn-client | + _USERNAME=root
openvpn-client | + _UID=
openvpn-client | + '[' -n '' ']'
openvpn-client | + '[' vpnc-app = vpnc-app ']'
openvpn-client | + shift
openvpn-client | + /app/firewall.sh
openvpn-client | + set -e
openvpn-client | + ip link
openvpn-client | + awk '-F: ' '$0 !~ "lo|wg|tun|tap|^[^0-9]"{print $2;getline}'
openvpn-client | + cut -d@ -f1
openvpn-client | + read interface
openvpn-client | + ip -o addr show dev eth0
openvpn-client | + awk '$3 == "inet" {print $4}'
openvpn-client | + network=172.18.0.2/16
openvpn-client | + '[' -z ]
openvpn-client | + result=172.18.0.2/16
openvpn-client | + read interface
openvpn-client | + echo 172.18.0.2/16
openvpn-client | + docker_networks=172.18.0.2/16
openvpn-client | + '[' -z 172.18.0.2/16 ]
openvpn-client | + iptables -F
openvpn-client | + iptables -X
openvpn-client | + iptables -P INPUT DROP
openvpn-client | + iptables -P FORWARD DROP
openvpn-client | + iptables -P OUTPUT DROP
openvpn-client | + iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
openvpn-client | + iptables -A INPUT -i lo -j ACCEPT
openvpn-client | + iptables -A INPUT -s 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPTopenvpn-client | + iptables -A OUTPUT -o lo -j ACCEPT
openvpn-client | + iptables -A OUTPUT -d 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -o tap+ -j ACCEPT
openvpn-client | + iptables -A OUTPUT -o tun+ -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p tcp -m owner --gid-owner openvpn -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p udp -m owner --gid-owner openvpn -j ACCEPT
openvpn-client | + iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
openvpn-client | + iptables -A FORWARD -i lo -j ACCEPT
openvpn-client | + iptables -A FORWARD -d 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A FORWARD -s 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -t nat -A POSTROUTING -o tap+ -j MASQUERADE
openvpn-client | + iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
openvpn-client | + '[' -n ]
openvpn-client | + /app/firewall6.sh
openvpn-client | + set -e
openvpn-client | + ip link
openvpn-client | + read interface
openvpn-client | + awk '-F: ' '$0 !~ "lo|wg|tun|tap|^[^0-9]"{print $2;getline}'
openvpn-client | + cut -d@ -f1
openvpn-client | + ip -o addr show dev eth0
openvpn-client | + awk '$3 == "inet6" {print $4; exit}'
openvpn-client | + network=
openvpn-client | + '[' -z ]
openvpn-client | + result=
openvpn-client | + read interface
openvpn-client | + echo
openvpn-client | + docker_networks=
openvpn-client | + '[' -z ]
openvpn-client | + echo 'No inet6 network'
openvpn-client | No inet6 network
openvpn-client | + exit
openvpn-client | + /app/routing.sh
openvpn-client | + set -e
openvpn-client | + '[' -n ]
openvpn-client | + /app/routing6.sh
openvpn-client | + set -e
openvpn-client | + '[' -n ]
openvpn-client | + exec /scripts/app-entrypoint.sh /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | + set -e
openvpn-client | + : root
openvpn-client | ++ id -u
openvpn-client | ++ id -u root
openvpn-client | + [[ 0 != \0 ]]
openvpn-client | + [[ -n openvpn ]]
openvpn-client | ++ id -g
openvpn-client | ++ getent ++ cut -d: -f3
openvpn-client | group openvpn
openvpn-client | + [[ 0 != \1\0\1 ]]
openvpn-client | + '[' -n openvpn ']'
openvpn-client | + exec su-exec root:openvpn /scripts/app-entrypoint.sh /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | + set -e
openvpn-client | + : root
openvpn-client | ++ id -u
openvpn-client | ++ id -u root
openvpn-client | + [[ 0 != \0 ]]
openvpn-client | + [[ -n openvpn ]]
openvpn-client | ++ id -g
openvpn-client | ++ ++ getent group openvpn
openvpn-client | cut -d: -f3
openvpn-client | + [[ 101 != \1\0\1 ]]
openvpn-client | + exec /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | 2021-03-08 19:29:41 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
openvpn-client | 2021-03-08 19:29:41 OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
openvpn-client | 2021-03-08 19:29:41 library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10
openvpn-client | 2021-03-08 19:29:41 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn-client | 2021-03-08 19:29:41 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn-client | 2021-03-08 19:29:41 TCP/UDP: Preserving recently used remote address: [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:41 Socket Buffers: R=[212992->212992] S=[212992->212992]openvpn-client | 2021-03-08 19:29:41 UDP link local: (not bound)
openvpn-client | 2021-03-08 19:29:41 UDP link remote: [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:41 TLS: Initial packet from [AF_INET]104.254.90.250:443, sid=99b0547e e8a2588b
openvpn-client | 2021-03-08 19:29:41 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
openvpn-client | 2021-03-08 19:29:41 VERIFY KU OK
openvpn-client | 2021-03-08 19:29:41 Validating certificate extended key usage
openvpn-client | 2021-03-08 19:29:41 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
openvpn-client | 2021-03-08 19:29:41 VERIFY EKU OK
openvpn-client | 2021-03-08 19:29:41 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Gorgonea, emailAddress=info@airvpn.org
openvpn-client | 2021-03-08 19:29:42 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA
openvpn-client | 2021-03-08 19:29:42 [Gorgonea] Peer Connection Initiated with [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:42 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.18.20.1,dhcp-option DNS6 fde6:7a:7d20:e14::1,tun-ipv6,route-gateway 10.18.20.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:e14::1024/64 fde6:7a:7d20:e14::1,ifconfig 10.18.20.38 255.255.255.0,peer-id 8,cipher AES-256-GCM'
openvpn-client | 2021-03-08 19:29:42 OPTIONS IMPORT: timers and/or timeouts modified
openvpn-client | 2021-03-08 19:29:42 OPTIONS IMPORT: compression parms modified
openvpn-client | 2021-03-08 19:29:42 OPTIONS IMPORT: --ifconfig/up options modified
openvpn-client | 2021-03-08 19:29:42 OPTIONS IMPORT: route options modified
openvpn-client | 2021-03-08 19:29:42 OPTIONS IMPORT: route-related options modified
openvpn-client | 2021-03-08 19:29:42 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
openvpn-client | 2021-03-08 19:29:42 OPTIONS IMPORT: peer-id set
openvpn-client | 2021-03-08 19:29:42 OPTIONS IMPORT: adjusting link_mtu to 1625
openvpn-client | 2021-03-08 19:29:42 OPTIONS IMPORT: data channel crypto options modified
openvpn-client | 2021-03-08 19:29:42 Data Channel: using negotiated cipher 'AES-256-GCM'
openvpn-client | 2021-03-08 19:29:42 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2021-03-08 19:29:42 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2021-03-08 19:29:42 ROUTE_GATEWAY 172.18.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:12:00:02
openvpn-client | 2021-03-08 19:29:42 GDG6: remote_host_ipv6=n/a
openvpn-client | 2021-03-08 19:29:42 net_route_v6_best_gw query: dst ::
openvpn-client | 2021-03-08 19:29:42 sitnl_send: rtnl: generic error (-101): Network unreachable
openvpn-client | 2021-03-08 19:29:42 ROUTE6: default_gateway=UNDEF
openvpn-client | 2021-03-08 19:29:42 TUN/TAP device tun0 opened
openvpn-client | 2021-03-08 19:29:42 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2021-03-08 19:29:42 /sbin/ip link set dev tun0 up
openvpn-client | 2021-03-08 19:29:42 /sbin/ip addr add dev tun0 10.18.20.38/24
openvpn-client | 2021-03-08 19:29:42 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2021-03-08 19:29:42 /sbin/ip link set dev tun0 up
openvpn-client | 2021-03-08 19:29:42 /sbin/ip -6 addr add fde6:7a:7d20:e14::1024/64 dev tun0
openvpn-client | RTNETLINK answers: Permission denied
openvpn-client | 2021-03-08 19:29:42 Linux ip -6 addr add failed: external program exited with error status: 2
openvpn-client | 2021-03-08 19:29:42 Exiting due to fatal error
openvpn-client | + update_user_gid root openvpn
openvpn-client | + _USERNAME=root
openvpn-client | + _GROUPNAME=openvpn
openvpn-client | + _GID=
openvpn-client | + '[' -n '' ']'
openvpn-client | + update_user_uid root
openvpn-client | + _USERNAME=root
openvpn-client | + _UID=
openvpn-client | + '[' -n '' ']'
openvpn-client | + '[' vpnc-app = vpnc-app ']'
openvpn-client | + shift
openvpn-client | + /app/firewall.sh
openvpn-client | + set -e
openvpn-client | + ip link
openvpn-client | + awk '-F: ' '$0 !~ "lo|wg|tun|tap|^[^0-9]"{print $2;getline}'
openvpn-client | + cut -d@ -f1
openvpn-client | + read interface
openvpn-client | + ip -o addr show dev eth0
openvpn-client | + awk '$3 == "inet" {print $4}'
openvpn-client | + network=172.18.0.2/16
openvpn-client | + '[' -z ]
openvpn-client | + result=172.18.0.2/16
openvpn-client | + read interface
openvpn-client | + echo 172.18.0.2/16
openvpn-client | + docker_networks=172.18.0.2/16
openvpn-client | + '[' -z 172.18.0.2/16 ]
openvpn-client | + iptables -F
openvpn-client | + iptables -X
openvpn-client | + iptables -P INPUT DROP
openvpn-client | + iptables -P FORWARD DROP
openvpn-client | + iptables -P OUTPUT DROP
openvpn-client | + iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
openvpn-client | + iptables -A INPUT -i lo -j ACCEPT
openvpn-client | + iptables -A INPUT -s 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPTopenvpn-client | + iptables -A OUTPUT -o lo -j ACCEPT
openvpn-client | + iptables -A OUTPUT -d 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -o tap+ -j ACCEPT
openvpn-client | + iptables -A OUTPUT -o tun+ -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p tcp -m owner --gid-owner openvpn -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p udp -m owner --gid-owner openvpn -j ACCEPT
openvpn-client | + iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
openvpn-client | + iptables -A FORWARD -i lo -j ACCEPT
openvpn-client | + iptables -A FORWARD -d 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A FORWARD -s 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -t nat -A POSTROUTING -o tap+ -j MASQUERADE
openvpn-client | + iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
openvpn-client | + '[' -n ]
openvpn-client | + /app/firewall6.sh
openvpn-client | + set -e
openvpn-client | + ip link
openvpn-client | + read interface
openvpn-client | + awk '-F: ' '$0 !~ "lo|wg|tun|tap|^[^0-9]"{print $2;getline}'
openvpn-client | + cut -d@ -f1
openvpn-client | + ip -o addr show dev eth0
openvpn-client | + awk '$3 == "inet6" {print $4; exit}'
openvpn-client | + network=
openvpn-client | + '[' -z ]
openvpn-client | + result=
openvpn-client | + read interface
openvpn-client | + echo
openvpn-client | + docker_networks=
openvpn-client | + '[' -z ]
openvpn-client | + echo 'No inet6 network'
openvpn-client | No inet6 network
openvpn-client | + exit
openvpn-client | + /app/routing.sh
openvpn-client | + set -e
openvpn-client | + '[' -n ]
openvpn-client | + /app/routing6.sh
openvpn-client | + set -e
openvpn-client | + '[' -n ]
openvpn-client | + exec /scripts/app-entrypoint.sh /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | + set -e
openvpn-client | + : root
openvpn-client | ++ id -u
openvpn-client | ++ id -u root
openvpn-client | + [[ 0 != \0 ]]
openvpn-client | + [[ -n openvpn ]]
openvpn-client | ++ id -g
openvpn-client | ++ getent group ++ cut -d: -f3
openvpn-client | openvpn
openvpn-client | + [[ 0 != \1\0\1 ]]
openvpn-client | + '[' -n openvpn ']'
openvpn-client | + exec su-exec root:openvpn /scripts/app-entrypoint.sh /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | + set -e
openvpn-client | + : root
openvpn-client | ++ id -u
openvpn-client | ++ id -u root
openvpn-client | + [[ 0 != \0 ]]
openvpn-client | + [[ -n openvpn ]]
openvpn-client | ++ id -g
openvpn-client | ++ getent group openvpn
openvpn-client | ++ cut -d: -f3
openvpn-client | + [[ 101 != \1\0\1 ]]
openvpn-client | + exec /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | 2021-03-08 19:29:47 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
openvpn-client | 2021-03-08 19:29:47 OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
openvpn-client | 2021-03-08 19:29:47 library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10
openvpn-client | 2021-03-08 19:29:47 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn-client | 2021-03-08 19:29:47 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn-client | 2021-03-08 19:29:47 TCP/UDP: Preserving recently used remote address: [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:47 Socket Buffers: R=[212992->212992] S=[212992->212992]openvpn-client | 2021-03-08 19:29:47 UDP link local: (not bound)
openvpn-client | 2021-03-08 19:29:47 UDP link remote: [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:47 TLS: Initial packet from [AF_INET]104.254.90.250:443, sid=05604980 b1e15548
openvpn-client | 2021-03-08 19:29:47 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
openvpn-client | 2021-03-08 19:29:47 VERIFY KU OK
openvpn-client | 2021-03-08 19:29:47 Validating certificate extended key usage
openvpn-client | 2021-03-08 19:29:47 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
openvpn-client | 2021-03-08 19:29:47 VERIFY EKU OK
openvpn-client | 2021-03-08 19:29:47 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Gorgonea, emailAddress=info@airvpn.org
openvpn-client | 2021-03-08 19:29:47 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA
openvpn-client | 2021-03-08 19:29:47 [Gorgonea] Peer Connection Initiated with [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:48 SENT CONTROL [Gorgonea]: 'PUSH_REQUEST' (status=1)
openvpn-client | 2021-03-08 19:29:48 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.18.20.1,dhcp-option DNS6 fde6:7a:7d20:e14::1,tun-ipv6,route-gateway 10.18.20.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:e14::1024/64 fde6:7a:7d20:e14::1,ifconfig 10.18.20.38 255.255.255.0,peer-id 9,cipher AES-256-GCM'
openvpn-client | 2021-03-08 19:29:48 OPTIONS IMPORT: timers and/or timeouts modified
openvpn-client | 2021-03-08 19:29:48 OPTIONS IMPORT: compression parms modified
openvpn-client | 2021-03-08 19:29:48 OPTIONS IMPORT: --ifconfig/up options modified
openvpn-client | 2021-03-08 19:29:48 OPTIONS IMPORT: route options modified
openvpn-client | 2021-03-08 19:29:48 OPTIONS IMPORT: route-related options modified
openvpn-client | 2021-03-08 19:29:48 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
openvpn-client | 2021-03-08 19:29:48 OPTIONS IMPORT: peer-id set
openvpn-client | 2021-03-08 19:29:48 OPTIONS IMPORT: adjusting link_mtu to 1625
openvpn-client | 2021-03-08 19:29:48 OPTIONS IMPORT: data channel crypto options modified
openvpn-client | 2021-03-08 19:29:48 Data Channel: using negotiated cipher 'AES-256-GCM'
openvpn-client | 2021-03-08 19:29:48 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2021-03-08 19:29:48 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2021-03-08 19:29:48 ROUTE_GATEWAY 172.18.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:12:00:02
openvpn-client | 2021-03-08 19:29:48 GDG6: remote_host_ipv6=n/a
openvpn-client | 2021-03-08 19:29:48 net_route_v6_best_gw query: dst ::
openvpn-client | 2021-03-08 19:29:48 sitnl_send: rtnl: generic error (-101): Network unreachable
openvpn-client | 2021-03-08 19:29:48 ROUTE6: default_gateway=UNDEF
openvpn-client | 2021-03-08 19:29:48 TUN/TAP device tun0 opened
openvpn-client | 2021-03-08 19:29:48 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2021-03-08 19:29:48 /sbin/ip link set dev tun0 up
openvpn-client | 2021-03-08 19:29:48 /sbin/ip addr add dev tun0 10.18.20.38/24
openvpn-client | 2021-03-08 19:29:48 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2021-03-08 19:29:48 /sbin/ip link set dev tun0 up
openvpn-client | 2021-03-08 19:29:48 /sbin/ip -6 addr add fde6:7a:7d20:e14::1024/64 dev tun0
openvpn-client | RTNETLINK answers: Permission denied
openvpn-client | 2021-03-08 19:29:48 Linux ip -6 addr add failed: external program exited with error status: 2
openvpn-client | 2021-03-08 19:29:48 Exiting due to fatal error
openvpn-client | + update_user_gid root openvpn
openvpn-client | + _USERNAME=root
openvpn-client | + _GROUPNAME=openvpn
openvpn-client | + _GID=
openvpn-client | + '[' -n '' ']'
openvpn-client | + update_user_uid root
openvpn-client | + _USERNAME=root
openvpn-client | + _UID=
openvpn-client | + '[' -n '' ']'
openvpn-client | + '[' vpnc-app = vpnc-app ']'
openvpn-client | + shift
openvpn-client | + /app/firewall.sh
openvpn-client | + set -e
openvpn-client | + ip link
openvpn-client | + awk '-F: ' '$0 !~ "lo|wg|tun|tap|^[^0-9]"{print $2;getline}'
openvpn-client | + cut -d@ -f1
openvpn-client | + read interface
openvpn-client | + ip -o+ addr show devawk eth0 '$3 == "inet" {print $4}'
openvpn-client |
openvpn-client | + network=172.18.0.2/16
openvpn-client | + '[' -z ]
openvpn-client | + result=172.18.0.2/16
openvpn-client | + read interface
openvpn-client | + echo 172.18.0.2/16
openvpn-client | + docker_networks=172.18.0.2/16
openvpn-client | + '[' -z 172.18.0.2/16 ]
openvpn-client | + iptables -F
openvpn-client | + iptables -X
openvpn-client | + iptables -P INPUT DROP
openvpn-client | + iptables -P FORWARD DROP
openvpn-client | + iptables -P OUTPUT DROP
openvpn-client | + iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
openvpn-client | + iptables -A INPUT -i lo -j ACCEPT
openvpn-client | + iptables -A INPUT -s 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPTopenvpn-client | + iptables -A OUTPUT -o lo -j ACCEPT
openvpn-client | + iptables -A OUTPUT -d 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -o tap+ -j ACCEPT
openvpn-client | + iptables -A OUTPUT -o tun+ -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p tcp -m owner --gid-owner openvpn -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p udp -m owner --gid-owner openvpn -j ACCEPT
openvpn-client | + iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
openvpn-client | + iptables -A FORWARD -i lo -j ACCEPT
openvpn-client | + iptables -A FORWARD -d 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A FORWARD -s 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -t nat -A POSTROUTING -o tap+ -j MASQUERADE
openvpn-client | + iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
openvpn-client | + '[' -n ]
openvpn-client | + /app/firewall6.sh
openvpn-client | + set -e
openvpn-client | + ip link
openvpn-client | + read interface
openvpn-client | + awk '-F: ' '$0 !~ "lo|wg|tun|tap|^[^0-9]"{print $2;getline}'
openvpn-client | + cut -d@ -f1
openvpn-client | + ip -o addr show dev eth0
openvpn-client | + awk '$3 == "inet6" {print $4; exit}'
openvpn-client | + network=
openvpn-client | + '[' -z ]
openvpn-client | + result=
openvpn-client | + read interface
openvpn-client | + echo
openvpn-client | + docker_networks=
openvpn-client | + '[' -z ]
openvpn-client | + echo 'No inet6 network'
openvpn-client | No inet6 network
openvpn-client | + exit
openvpn-client | + /app/routing.sh
openvpn-client | + set -e
openvpn-client | + '[' -n ]
openvpn-client | + /app/routing6.sh
openvpn-client | + set -e
openvpn-client | + '[' -n ]
openvpn-client | + exec /scripts/app-entrypoint.sh /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | + set -e
openvpn-client | + : root
openvpn-client | ++ id -u
openvpn-client | ++ id -u root
openvpn-client | + [[ 0 != \0 ]]
openvpn-client | + [[ -n openvpn ]]
openvpn-client | ++ id -g
openvpn-client | ++ getent group openvpn
openvpn-client | ++ cut -d: -f3
openvpn-client | + [[ 0 != \1\0\1 ]]
openvpn-client | + '[' -n openvpn ']'
openvpn-client | + exec su-exec root:openvpn /scripts/app-entrypoint.sh /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | + set -e
openvpn-client | + : root
openvpn-client | ++ id -u
openvpn-client | ++ id -u root
openvpn-client | + [[ 0 != \0 ]]
openvpn-client | + [[ -n openvpn ]]
openvpn-client | ++ id -g
openvpn-client | ++ getent ++ group cut -d: -f3
openvpn-client | openvpn
openvpn-client | + [[ 101 != \1\0\1 ]]
openvpn-client | + exec /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | 2021-03-08 19:29:57 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
openvpn-client | 2021-03-08 19:29:57 OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
openvpn-client | 2021-03-08 19:29:57 library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10
openvpn-client | 2021-03-08 19:29:57 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn-client | 2021-03-08 19:29:57 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn-client | 2021-03-08 19:29:57 TCP/UDP: Preserving recently used remote address: [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:57 Socket Buffers: R=[212992->212992] S=[212992->212992]openvpn-client | 2021-03-08 19:29:57 UDP link local: (not bound)
openvpn-client | 2021-03-08 19:29:57 UDP link remote: [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:57 TLS: Initial packet from [AF_INET]104.254.90.250:443, sid=605bee1f 89e421eb
openvpn-client | 2021-03-08 19:29:57 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
openvpn-client | 2021-03-08 19:29:57 VERIFY KU OK
openvpn-client | 2021-03-08 19:29:57 Validating certificate extended key usage
openvpn-client | 2021-03-08 19:29:57 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
openvpn-client | 2021-03-08 19:29:57 VERIFY EKU OK
openvpn-client | 2021-03-08 19:29:57 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Gorgonea, emailAddress=info@airvpn.org
openvpn-client | 2021-03-08 19:29:57 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA
openvpn-client | 2021-03-08 19:29:57 [Gorgonea] Peer Connection Initiated with [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:29:58 SENT CONTROL [Gorgonea]: 'PUSH_REQUEST' (status=1)
openvpn-client | 2021-03-08 19:29:58 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.18.20.1,dhcp-option DNS6 fde6:7a:7d20:e14::1,tun-ipv6,route-gateway 10.18.20.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:e14::1024/64 fde6:7a:7d20:e14::1,ifconfig 10.18.20.38 255.255.255.0,peer-id 7,cipher AES-256-GCM'
openvpn-client | 2021-03-08 19:29:58 OPTIONS IMPORT: timers and/or timeouts modified
openvpn-client | 2021-03-08 19:29:58 OPTIONS IMPORT: compression parms modified
openvpn-client | 2021-03-08 19:29:58 OPTIONS IMPORT: --ifconfig/up options modified
openvpn-client | 2021-03-08 19:29:58 OPTIONS IMPORT: route options modified
openvpn-client | 2021-03-08 19:29:58 OPTIONS IMPORT: route-related options modified
openvpn-client | 2021-03-08 19:29:58 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
openvpn-client | 2021-03-08 19:29:58 OPTIONS IMPORT: peer-id set
openvpn-client | 2021-03-08 19:29:58 OPTIONS IMPORT: adjusting link_mtu to 1625
openvpn-client | 2021-03-08 19:29:58 OPTIONS IMPORT: data channel crypto options modified
openvpn-client | 2021-03-08 19:29:58 Data Channel: using negotiated cipher 'AES-256-GCM'
openvpn-client | 2021-03-08 19:29:58 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2021-03-08 19:29:58 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2021-03-08 19:29:58 ROUTE_GATEWAY 172.18.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:12:00:02
openvpn-client | 2021-03-08 19:29:58 GDG6: remote_host_ipv6=n/a
openvpn-client | 2021-03-08 19:29:58 net_route_v6_best_gw query: dst ::
openvpn-client | 2021-03-08 19:29:58 sitnl_send: rtnl: generic error (-101): Network unreachable
openvpn-client | 2021-03-08 19:29:58 ROUTE6: default_gateway=UNDEF
openvpn-client | 2021-03-08 19:29:58 TUN/TAP device tun0 opened
openvpn-client | 2021-03-08 19:29:58 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2021-03-08 19:29:58 /sbin/ip link set dev tun0 up
openvpn-client | 2021-03-08 19:29:58 /sbin/ip addr add dev tun0 10.18.20.38/24
openvpn-client | 2021-03-08 19:29:58 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2021-03-08 19:29:58 /sbin/ip link set dev tun0 up
openvpn-client | 2021-03-08 19:29:58 /sbin/ip -6 addr add fde6:7a:7d20:e14::1024/64 dev tun0
openvpn-client | RTNETLINK answers: Permission denied
openvpn-client | 2021-03-08 19:29:58 Linux ip -6 addr add failed: external program exited with error status: 2
openvpn-client | 2021-03-08 19:29:58 Exiting due to fatal error
openvpn-client | + update_user_gid root openvpn
openvpn-client | + _USERNAME=root
openvpn-client | + _GROUPNAME=openvpn
openvpn-client | + _GID=
openvpn-client | + '[' -n '' ']'
openvpn-client | + update_user_uid root
openvpn-client | + _USERNAME=root
openvpn-client | + _UID=
openvpn-client | + '[' -n '' ']'
openvpn-client | + '[' vpnc-app = vpnc-app ']'
openvpn-client | + shift
openvpn-client | + /app/firewall.sh
openvpn-client | + set -e
openvpn-client | + read interface
openvpn-client | + cut -d@ -f1
openvpn-client | + awk '-F: ' '$0 !~ "lo|wg|tun|tap|^[^0-9]"{print $2;getline}'
openvpn-client | + ip link
openvpn-client | + ip -o addr show dev eth0
openvpn-client | + awk '$3 == "inet" {print $4}'
openvpn-client | + network=172.18.0.2/16
openvpn-client | + '[' -z ]
openvpn-client | + result=172.18.0.2/16
openvpn-client | + read interface
openvpn-client | + echo 172.18.0.2/16
openvpn-client | + docker_networks=172.18.0.2/16
openvpn-client | + '[' -z 172.18.0.2/16 ]
openvpn-client | + iptables -F
openvpn-client | + iptables -X
openvpn-client | + iptables -P INPUT DROP
openvpn-client | + iptables -P FORWARD DROP
openvpn-client | + iptables -P OUTPUT DROP
openvpn-client | + iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
openvpn-client | + iptables -A INPUT -i lo -j ACCEPT
openvpn-client | + iptables -A INPUT -s 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPTopenvpn-client | + iptables -A OUTPUT -o lo -j ACCEPT
openvpn-client | + iptables -A OUTPUT -d 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -o tap+ -j ACCEPT
openvpn-client | + iptables -A OUTPUT -o tun+ -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p tcp -m owner --gid-owner openvpn -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p udp -m owner --gid-owner openvpn -j ACCEPT
openvpn-client | + iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
openvpn-client | + iptables -A FORWARD -i lo -j ACCEPT
openvpn-client | + iptables -A FORWARD -d 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A FORWARD -s 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -t nat -A POSTROUTING -o tap+ -j MASQUERADE
openvpn-client | + iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
openvpn-client | + '[' -n ]
openvpn-client | + /app/firewall6.sh
openvpn-client | + set -e
openvpn-client | + ip link
openvpn-client | + awk '-F: ' '$0 !~ "lo|wg|tun|tap|^[^0-9]"{print $2;getline}'
openvpn-client | + + read interfacecut
openvpn-client | -d@ -f1
openvpn-client | + + awk '$3 == "inet6" {print $4; exit}'
openvpn-client | ip -o addr show dev eth0
openvpn-client | + network=
openvpn-client | + '[' -z ]
openvpn-client | + result=
openvpn-client | + read interface
openvpn-client | + echo
openvpn-client | + docker_networks=
openvpn-client | + '[' -z ]
openvpn-client | + echo 'No inet6 network'
openvpn-client | No inet6 network
openvpn-client | + exit
openvpn-client | + /app/routing.sh
openvpn-client | + set -e
openvpn-client | + '[' -n ]
openvpn-client | + /app/routing6.sh
openvpn-client | + set -e
openvpn-client | + '[' -n ]
openvpn-client | + exec /scripts/app-entrypoint.sh /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | + set -e
openvpn-client | + : root
openvpn-client | ++ id -u
openvpn-client | ++ id -u root
openvpn-client | + [[ 0 != \0 ]]
openvpn-client | + [[ -n openvpn ]]
openvpn-client | ++ id -g
openvpn-client | ++ getent group openvpn
openvpn-client | ++ cut -d: -f3
openvpn-client | + [[ 0 != \1\0\1 ]]
openvpn-client | + '[' -n openvpn ']'
openvpn-client | + exec su-exec root:openvpn /scripts/app-entrypoint.sh /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | + set -e
openvpn-client | + : root
openvpn-client | ++ id -u
openvpn-client | ++ id -u root
openvpn-client | + [[ 0 != \0 ]]
openvpn-client | + [[ -n openvpn ]]
openvpn-client | ++ id -g
openvpn-client | ++ getent group ++ cut -d: -f3
openvpn-client | openvpn
openvpn-client | + [[ 101 != \1\0\1 ]]
openvpn-client | + exec /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | 2021-03-08 19:30:12 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
openvpn-client | 2021-03-08 19:30:12 OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
openvpn-client | 2021-03-08 19:30:12 library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10
openvpn-client | 2021-03-08 19:30:12 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn-client | 2021-03-08 19:30:12 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn-client | 2021-03-08 19:30:12 TCP/UDP: Preserving recently used remote address: [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:30:12 Socket Buffers: R=[212992->212992] S=[212992->212992]openvpn-client | 2021-03-08 19:30:12 UDP link local: (not bound)
openvpn-client | 2021-03-08 19:30:12 UDP link remote: [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:30:12 TLS: Initial packet from [AF_INET]104.254.90.250:443, sid=b781b373 23cc5b6a
openvpn-client | 2021-03-08 19:30:12 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
openvpn-client | 2021-03-08 19:30:12 VERIFY KU OK
openvpn-client | 2021-03-08 19:30:12 Validating certificate extended key usage
openvpn-client | 2021-03-08 19:30:12 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
openvpn-client | 2021-03-08 19:30:12 VERIFY EKU OK
openvpn-client | 2021-03-08 19:30:12 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Gorgonea, emailAddress=info@airvpn.org
openvpn-client | 2021-03-08 19:30:12 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA
openvpn-client | 2021-03-08 19:30:12 [Gorgonea] Peer Connection Initiated with [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:30:13 SENT CONTROL [Gorgonea]: 'PUSH_REQUEST' (status=1)
openvpn-client | 2021-03-08 19:30:13 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.18.20.1,dhcp-option DNS6 fde6:7a:7d20:e14::1,tun-ipv6,route-gateway 10.18.20.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:e14::1024/64 fde6:7a:7d20:e14::1,ifconfig 10.18.20.38 255.255.255.0,peer-id 9,cipher AES-256-GCM'
openvpn-client | 2021-03-08 19:30:13 OPTIONS IMPORT: timers and/or timeouts modified
openvpn-client | 2021-03-08 19:30:13 OPTIONS IMPORT: compression parms modified
openvpn-client | 2021-03-08 19:30:13 OPTIONS IMPORT: --ifconfig/up options modified
openvpn-client | 2021-03-08 19:30:13 OPTIONS IMPORT: route options modified
openvpn-client | 2021-03-08 19:30:13 OPTIONS IMPORT: route-related options modified
openvpn-client | 2021-03-08 19:30:13 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
openvpn-client | 2021-03-08 19:30:13 OPTIONS IMPORT: peer-id set
openvpn-client | 2021-03-08 19:30:13 OPTIONS IMPORT: adjusting link_mtu to 1625
openvpn-client | 2021-03-08 19:30:13 OPTIONS IMPORT: data channel crypto options modified
openvpn-client | 2021-03-08 19:30:13 Data Channel: using negotiated cipher 'AES-256-GCM'
openvpn-client | 2021-03-08 19:30:13 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2021-03-08 19:30:13 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2021-03-08 19:30:13 ROUTE_GATEWAY 172.18.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:12:00:02
openvpn-client | 2021-03-08 19:30:13 GDG6: remote_host_ipv6=n/a
openvpn-client | 2021-03-08 19:30:13 net_route_v6_best_gw query: dst ::
openvpn-client | 2021-03-08 19:30:13 sitnl_send: rtnl: generic error (-101): Network unreachable
openvpn-client | 2021-03-08 19:30:13 ROUTE6: default_gateway=UNDEF
openvpn-client | 2021-03-08 19:30:13 TUN/TAP device tun0 opened
openvpn-client | 2021-03-08 19:30:13 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2021-03-08 19:30:13 /sbin/ip link set dev tun0 up
openvpn-client | 2021-03-08 19:30:13 /sbin/ip addr add dev tun0 10.18.20.38/24
openvpn-client | 2021-03-08 19:30:13 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2021-03-08 19:30:13 /sbin/ip link set dev tun0 up
openvpn-client | 2021-03-08 19:30:13 /sbin/ip -6 addr add fde6:7a:7d20:e14::1024/64 dev tun0
openvpn-client | RTNETLINK answers: Permission denied
openvpn-client | 2021-03-08 19:30:13 Linux ip -6 addr add failed: external program exited with error status: 2
openvpn-client | 2021-03-08 19:30:13 Exiting due to fatal error
openvpn-client | + update_user_gid root openvpn
openvpn-client | + _USERNAME=root
openvpn-client | + _GROUPNAME=openvpn
openvpn-client | + _GID=
openvpn-client | + '[' -n '' ']'
openvpn-client | + update_user_uid root
openvpn-client | + _USERNAME=root
openvpn-client | + _UID=
openvpn-client | + '[' -n '' ']'
openvpn-client | + '[' vpnc-app = vpnc-app ']'
openvpn-client | + shift
openvpn-client | + /app/firewall.sh
openvpn-client | + set -e
openvpn-client | + ip link
openvpn-client | + read interface
openvpn-client | + cut -d@ -f1
openvpn-client | + awk '-F: ' '$0 !~ "lo|wg|tun|tap|^[^0-9]"{print $2;getline}'
openvpn-client | + ip -o addr show dev eth0
openvpn-client | + awk '$3 == "inet" {print $4}'
openvpn-client | + network=172.18.0.2/16
openvpn-client | + '[' -z ]
openvpn-client | + result=172.18.0.2/16
openvpn-client | + read interface
openvpn-client | + echo 172.18.0.2/16
openvpn-client | + docker_networks=172.18.0.2/16
openvpn-client | + '[' -z 172.18.0.2/16 ]
openvpn-client | + iptables -F
openvpn-client | + iptables -X
openvpn-client | + iptables -P INPUT DROP
openvpn-client | + iptables -P FORWARD DROP
openvpn-client | + iptables -P OUTPUT DROP
openvpn-client | + iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
openvpn-client | + iptables -A INPUT -i lo -j ACCEPT
openvpn-client | + iptables -A INPUT -s 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPTopenvpn-client | + iptables -A OUTPUT -o lo -j ACCEPT
openvpn-client | + iptables -A OUTPUT -d 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -o tap+ -j ACCEPT
openvpn-client | + iptables -A OUTPUT -o tun+ -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p tcp -m owner --gid-owner openvpn -j ACCEPT
openvpn-client | + iptables -A OUTPUT -p udp -m owner --gid-owner openvpn -j ACCEPT
openvpn-client | + iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
openvpn-client | + iptables -A FORWARD -i lo -j ACCEPT
openvpn-client | + iptables -A FORWARD -d 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -A FORWARD -s 172.18.0.2/16 -j ACCEPT
openvpn-client | + iptables -t nat -A POSTROUTING -o tap+ -j MASQUERADE
openvpn-client | + iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
openvpn-client | + '[' -n ]
openvpn-client | + /app/firewall6.sh
openvpn-client | + set -e
openvpn-client | + ip link
openvpn-client | + read interface
openvpn-client | + cut -d@ -f1
openvpn-client | + awk '-F: ' '$0 !~ "lo|wg|tun|tap|^[^0-9]"{print $2;getline}'
openvpn-client | + ip+ awk '$3 == "inet6" {print $4; exit}'
openvpn-client | -o addr show dev eth0
openvpn-client | + network=
openvpn-client | + '[' -z ]
openvpn-client | + result=
openvpn-client | + read interface
openvpn-client | + echo
openvpn-client | + docker_networks=
openvpn-client | + '[' -z ]
openvpn-client | + echo 'No inet6 network'
openvpn-client | No inet6 network
openvpn-client | + exit
openvpn-client | + /app/routing.sh
openvpn-client | + set -e
openvpn-client | + '[' -n ]
openvpn-client | + /app/routing6.sh
openvpn-client | + set -e
openvpn-client | + '[' -n ]
openvpn-client | + exec /scripts/app-entrypoint.sh /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | + set -e
openvpn-client | + : root
openvpn-client | ++ id -u
openvpn-client | ++ id -u root
openvpn-client | + [[ 0 != \0 ]]
openvpn-client | + [[ -n openvpn ]]
openvpn-client | ++ id -g
openvpn-client | ++ getent group ++ cut -d: -f3
openvpn-client | openvpn
openvpn-client | + [[ 0 != \1\0\1 ]]
openvpn-client | + '[' -n openvpn ']'
openvpn-client | + exec su-exec root:openvpn /scripts/app-entrypoint.sh /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | + set -e
openvpn-client | + : root
openvpn-client | ++ id -u
openvpn-client | ++ id -u root
openvpn-client | + [[ 0 != \0 ]]
openvpn-client | + [[ -n openvpn ]]
openvpn-client | ++ id -g
openvpn-client | ++ getent group openvpn++ cut -d: -f3
openvpn-client |
openvpn-client | + [[ 101 != \1\0\1 ]]
openvpn-client | + exec /usr/sbin/openvpn --config /config/client.ovpn
openvpn-client | 2021-03-08 19:30:41 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
openvpn-client | 2021-03-08 19:30:41 OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
openvpn-client | 2021-03-08 19:30:41 library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10
openvpn-client | 2021-03-08 19:30:41 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn-client | 2021-03-08 19:30:41 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
openvpn-client | 2021-03-08 19:30:41 TCP/UDP: Preserving recently used remote address: [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:30:41 Socket Buffers: R=[212992->212992] S=[212992->212992]openvpn-client | 2021-03-08 19:30:41 UDP link local: (not bound)
openvpn-client | 2021-03-08 19:30:41 UDP link remote: [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:30:41 TLS: Initial packet from [AF_INET]104.254.90.250:443, sid=e6cf0704 0d484139
openvpn-client | 2021-03-08 19:30:41 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
openvpn-client | 2021-03-08 19:30:41 VERIFY KU OK
openvpn-client | 2021-03-08 19:30:41 Validating certificate extended key usage
openvpn-client | 2021-03-08 19:30:41 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
openvpn-client | 2021-03-08 19:30:41 VERIFY EKU OK
openvpn-client | 2021-03-08 19:30:41 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Gorgonea, emailAddress=info@airvpn.org
openvpn-client | 2021-03-08 19:30:41 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA
openvpn-client | 2021-03-08 19:30:41 [Gorgonea] Peer Connection Initiated with [AF_INET]104.254.90.250:443
openvpn-client | 2021-03-08 19:30:42 SENT CONTROL [Gorgonea]: 'PUSH_REQUEST' (status=1)
openvpn-client | 2021-03-08 19:30:42 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.18.20.1,dhcp-option DNS6 fde6:7a:7d20:e14::1,tun-ipv6,route-gateway 10.18.20.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:e14::1024/64 fde6:7a:7d20:e14::1,ifconfig 10.18.20.38 255.255.255.0,peer-id 7,cipher AES-256-GCM'
openvpn-client | 2021-03-08 19:30:42 OPTIONS IMPORT: timers and/or timeouts modified
openvpn-client | 2021-03-08 19:30:42 OPTIONS IMPORT: compression parms modified
openvpn-client | 2021-03-08 19:30:42 OPTIONS IMPORT: --ifconfig/up options modified
openvpn-client | 2021-03-08 19:30:42 OPTIONS IMPORT: route options modified
openvpn-client | 2021-03-08 19:30:42 OPTIONS IMPORT: route-related options modified
openvpn-client | 2021-03-08 19:30:42 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
openvpn-client | 2021-03-08 19:30:42 OPTIONS IMPORT: peer-id set
openvpn-client | 2021-03-08 19:30:42 OPTIONS IMPORT: adjusting link_mtu to 1625
openvpn-client | 2021-03-08 19:30:42 OPTIONS IMPORT: data channel crypto options modified
openvpn-client | 2021-03-08 19:30:42 Data Channel: using negotiated cipher 'AES-256-GCM'
openvpn-client | 2021-03-08 19:30:42 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2021-03-08 19:30:42 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2021-03-08 19:30:42 ROUTE_GATEWAY 172.18.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:12:00:02
openvpn-client | 2021-03-08 19:30:42 GDG6: remote_host_ipv6=n/a
openvpn-client | 2021-03-08 19:30:42 net_route_v6_best_gw query: dst ::
openvpn-client | 2021-03-08 19:30:42 sitnl_send: rtnl: generic error (-101): Network unreachable
openvpn-client | 2021-03-08 19:30:42 ROUTE6: default_gateway=UNDEF
openvpn-client | 2021-03-08 19:30:42 TUN/TAP device tun0 opened
openvpn-client | 2021-03-08 19:30:42 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2021-03-08 19:30:42 /sbin/ip link set dev tun0 up
openvpn-client | 2021-03-08 19:30:42 /sbin/ip addr add dev tun0 10.18.20.38/24
openvpn-client | 2021-03-08 19:30:42 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2021-03-08 19:30:42 /sbin/ip link set dev tun0 up
openvpn-client | 2021-03-08 19:30:42 /sbin/ip -6 addr add fde6:7a:7d20:e14::1024/64 dev tun0
openvpn-client | RTNETLINK answers: Permission denied
openvpn-client | 2021-03-08 19:30:42 Linux ip -6 addr add failed: external program exited with error status: 2
openvpn-client | 2021-03-08 19:30:42 Exiting due to fatal error
openvpn-client exited with code 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment