I can't make an OpenVPN server work with the new easy-rsa 3.0 setup. Worked flawlessly in the past with the bundled 2.0-branch. Tried it on two separate host providers (one with a working legacy config). # uname -a Linux server-asia 3.13

Tue Apr 7 16:44:04 2020 us=988966 / UDPv4 READ [96] from [AF_INET]: P_CONTROL_V1 kid=0 pid=[ #12 ] [ ] pid=6 DATA len=42 Tue Apr 7 16:44:04 2020 us=989052 / PUSH: Received control message: 'PUSH_REQUEST' Tue Apr 7 16:44:04 2020 us=989117 / SENT CONTROL []: 'PUSH_REPLY,route 172.16 Prepend a one-byte OpenVPN data channel P_DATA_V1 opcode to the packet. More void tls_prepend_opcode_v2 (const struct tls_multi *multi, struct buffer *buf) Prepend an OpenVPN data channel P_DATA_V2 header to the packet. More void tls_post_encrypt (struct tls_multi *multi, struct buffer *buf) Perform some accounting for the key state used IP Address 157.55.39.110 Internet provider Microsoft Bingbot NOT CONNECTED Your Internet provider can possibly track your Internet activity. Just did a clean install of the latest pfSense-CE-2.5.0-DEVELOPMENT-amd64-20190322-1846.iso Restored a backup config from 2.4.5. Had issues with limiters fq_codel (will post in the relevent thread later) but got around them. Now i'm having issues with my IPCop Firewall Linux firewall distribution geared towards home and SOHO users. Jul 24, 2014 · If --key-method 1 is used, the keys are generated directly from the OpenSSL RAND_bytes function. --key-method 2 was introduced with OpenVPN 1.5.0 and will be made the default in OpenVPN 2.0. During SSL/TLS rekeying, there is a transition-window parameter that permits overlap between old and new key usage, so there is no time pressure or latency

dort funktioniert die gleiche openvpn-Verbindung nicht (sonstige Internetzugriffe funktionieren). Die gleiche Konfiguration nur mir Arcor-DSL funktioniert nach wie vor. Im nichtfunktionierenden Fall finde ich im openvpn.log TLS Error: Unroutable control packet received from XX.XX.XXX.X:1194 (si=3 op=P_CONTROL_V1)

TLS payload ciphertext (n bytes) (only for P_CONTROL_V1). Note that when –tls-auth is used, all message types are protected with an HMAC signature, even the initial packets of the TLS handshake. This makes it easy for OpenVPN to throw away bogus packets quickly, without wasting resources on attempting a TLS handshake which will ultimately fail. I can't make an OpenVPN server work with the new easy-rsa 3.0 setup. Worked flawlessly in the past with the bundled 2.0-branch. Tried it on two separate host providers (one with a working legacy config). # uname -a Linux server-asia 3.13

This is openvpn on pfSense server to Fedora 25 client ovpn 2.3.14 My question is, what does this mean: "TLS Error: Unroutable control packet received" Is it a network problem or is this something to do with security ?

Added new packet format P_DATA_V2, which includes peer-id. If server supports, client sends all data packets in the new format. When data packet arrives, server identifies peer by peer-id.