NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
OpenVPN connects to router when clients on Ethernet but not on Wifi
I am having difficulty getting OpenVPN to work to connect to my RS300 router with my Windows 11 computers. I have a Dell XPS 16 9640 and a Microsoft Surface Pro 2103 both running Windows 11 Pro. Both computers have the same issue. The router is a Netgear Nighthawk RS300 v 1.0.5.18. The client computers are running OpenVPN 2.6.14 and GUI 11.55.0.0
I want to connect to the RS300 "remote" LAN via the VPN tunnel and the internet through the local LAN at the client location. This works perfectly as long as the client computers are connected to their local LAN via a hardwired Ethernet connection. If the client computers are connected with a WI-fi connection (which works perfectly without the VPN) on the same local network, there are issues. The VPN still connects properly. The router status shows the active VPN connection is successful. File explorer shows the remote LAN devices properly. However, none of the 3 browsers I have tried can access devices on the remote LAN or access the internet. Although not a complete test, the same thing happens when trying to us a public WI-fi connection at a different location. I have tried the usual things. I run the Open VPN as administrator. I have tried changing the adapter metric, placing the various Wi-fi, Ethernet and VPN adapters in various priorities. I have disabled the firewall. There is no subnet overlap. At this point, I am out of ideas.
Without making any changes, the VPN connection now works over wi-fi on the Dell laptop. The only change was a firmware update from Dell including for the wi-fi adapter. I tried updating the firmware on the tablet, but the problem still persists on that computer. I will continue to look at the difference between the tunnels and see what the difference is and if I can override it.
20 Replies
I have tracked the problem down to the Metric assigned to the network route for the two 0.0.0.0 "routes of last resort". For some reason, on the Surface Pro tablet, the route that goes to the interface IP assigned to the tablet on the server network is being assigned a metric number higher than the route that goes to the interface IP assigned to the tablet on the client network. If, after connecting, I manually assign a lower metric number to the server network route, the recursive addressing error goes away. I would like to find some way to fix this in the client OpenVPN config file that works regardless of what network the client is connected to. I have tried some route-metric commands in the config file but it has not made any difference to the routing table.
Yes the VPN interface name was changed. As noted in my original post, the surface pro tablet connects fine when the tablet is connected by a hard wired Ethernet link but has a recursive routing error when connected by Wi-fi.
The tablet is a Microsoft Surface Pro running Windows 11 Pro, the same as the laptop. The client config files are exactly the same for the 2 computers.
The tablet is a Microsoft Surface Pro running Windows 11 Pro, the same as the laptop.
Ok. Then the same config should work.
Did you remember to rename the VPN interface to NETGEAR_VPN ?
Without making any changes, the VPN connection now works over wi-fi on the Dell laptop. The only change was a firmware update from Dell including for the wi-fi adapter. I tried updating the firmware on the tablet, but the problem still persists on that computer. I will continue to look at the difference between the tunnels and see what the difference is and if I can override it.
Without making any changes, the VPN connection now works over wi-fi on the Dell laptop.
Great.
I will continue to look at the difference between the tunnels and see what the difference is and if I can override it.
If this is an iPad or Android tablet, you should start with the mobile config file you download from the router.
Changing to TUN solves my recursive routing problem. Unfortunately one of the software packages I am running relies on network discovery to connect to the device on the server LAN. That of course, doesn't work with Network layer 3 TUN. I will continue to chase why I get the recursive routing issue with wifi only.
The long posts appear to be difficult for the Forum software to handle. In addition, it marked three of them as SPAM. It may be easier to begin a new conversation than to continue with this one.
Thanks for the response. It might be easier to put the Ethernet and WiFi log files on cloud storage and post Links to them?
Each Netgear WiFi family seems to implement VPN connections differently.
- The original WiFi5 Orbi systems put VPN connections in a subnet "one up" from the primary IP subnet. i.e.
If the primary subnet is the default (192.168.1.x) then VPN connections receive IPs in 192.168.2.x - The WiFi6 Orbi systems put VPN connections in 192.168.254.x. I have an RBR750 that has a primary IP subnet of 10.10.0.x
When a device connects to the RBR750 over VPN, it gets an IP in 192.168.254.x
Alas, I have no experience with the RS product line. Perhaps Netgear decided to place devices connecting via VPN into the primary IP subnet (in this case 192.168.1.x)
Another consideration is the 'mode'. OpenVPN supports two types of connections: tap (for "network tap") and tun (for "tunnel")
Do an internet search for details. AI summary:The default configuration file for Windows computers is tap, using UDP port 12974. With the latest versions of OpenVPN, I have been more successful manually changing the configuration to tun, port 12973. i.e.:
client dev tun proto udp remote xxxxxxx.mynetgear.com 12973With the latest versions of OpenVPN, I have been more successful manually changing the configuration to tun, port 12973
KngDa​ - I also found I needed to do this (though with an Orbi system, not the RS300). Might be worth a try (though in my case I needed it to connect to remote servers connected with ethernet, so my symptoms were a bit different).
In addition, it marked three of them as SPAM.
FWIW, ReadyNAS log snippets are often marked as SPAM by the automated filter. That was also the case with the old forum software. I wish they'd adjust the filter to fix that.
- The original WiFi5 Orbi systems put VPN connections in a subnet "one up" from the primary IP subnet. i.e.
Sorry. I got the Ethernet log in there twice.
2025-11-10 13:28:08 us=156000 remote_cert_eku = 'TLS Web Server Authentication'
2025-11-10 13:28:08 us=156000 ssl_flags = 192
2025-11-10 13:28:08 us=156000 tls_timeout = 2
2025-11-10 13:28:08 us=156000 renegotiate_bytes = -1
2025-11-10 13:28:08 us=156000 renegotiate_packets = 0
2025-11-10 13:28:08 us=156000 renegotiate_seconds = 3600
2025-11-10 13:28:08 us=156000 handshake_window = 60
2025-11-10 13:28:08 us=156000 transition_window = 3600
2025-11-10 13:28:08 us=156000 single_session = DISABLED
2025-11-10 13:28:08 us=156000 push_peer_info = DISABLED
2025-11-10 13:28:08 us=156000 tls_exit = DISABLED
2025-11-10 13:28:08 us=156000 tls_crypt_v2_metadata = '[UNDEF]'
2025-11-10 13:28:08 us=156000 pkcs11_protected_authentication = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_protected_authentication = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_protected_authentication = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_protected_authentication = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_protected_authentication = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_protected_authentication = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_protected_authentication = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_protected_authentication = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_protected_authentication = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_protected_authentication = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_protected_authentication = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_protected_authentication = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_protected_authentication = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_protected_authentication = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_protected_authentication = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_protected_authentication = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_private_mode = 00000000
2025-11-10 13:28:08 us=156000 pkcs11_private_mode = 00000000
2025-11-10 13:28:08 us=156000 pkcs11_private_mode = 00000000
2025-11-10 13:28:08 us=156000 pkcs11_private_mode = 00000000
2025-11-10 13:28:08 us=156000 pkcs11_private_mode = 00000000
2025-11-10 13:28:08 us=156000 pkcs11_private_mode = 00000000
2025-11-10 13:28:08 us=156000 pkcs11_private_mode = 00000000
2025-11-10 13:28:08 us=156000 pkcs11_private_mode = 00000000
2025-11-10 13:28:08 us=156000 pkcs11_private_mode = 00000000
2025-11-10 13:28:08 us=156000 pkcs11_private_mode = 00000000
2025-11-10 13:28:08 us=156000 pkcs11_private_mode = 00000000
2025-11-10 13:28:08 us=156000 pkcs11_private_mode = 00000000
2025-11-10 13:28:08 us=156000 pkcs11_private_mode = 00000000
2025-11-10 13:28:08 us=156000 pkcs11_private_mode = 00000000
2025-11-10 13:28:08 us=156000 pkcs11_private_mode = 00000000
2025-11-10 13:28:08 us=156000 pkcs11_private_mode = 00000000
2025-11-10 13:28:08 us=156000 pkcs11_cert_private = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_cert_private = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_cert_private = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_cert_private = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_cert_private = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_cert_private = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_cert_private = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_cert_private = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_cert_private = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_cert_private = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_cert_private = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_cert_private = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_cert_private = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_cert_private = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_cert_private = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_cert_private = DISABLED
2025-11-10 13:28:08 us=156000 pkcs11_pin_cache_period = -1
2025-11-10 13:28:08 us=156000 pkcs11_id = '[UNDEF]'
2025-11-10 13:28:08 us=156000 pkcs11_id_management = DISABLED
2025-11-10 13:28:08 us=156000 server_network = 0.0.0.0
2025-11-10 13:28:08 us=156000 server_netmask = 0.0.0.0
2025-11-10 13:28:08 us=156000 server_network_ipv6 = ::
2025-11-10 13:28:08 us=156000 server_netbits_ipv6 = 0
2025-11-10 13:28:08 us=156000 server_bridge_ip = 0.0.0.0
2025-11-10 13:28:08 us=156000 server_bridge_netmask = 0.0.0.0
2025-11-10 13:28:08 us=156000 server_bridge_pool_start = 0.0.0.0
2025-11-10 13:28:08 us=156000 server_bridge_pool_end = 0.0.0.0
2025-11-10 13:28:08 us=156000 ifconfig_pool_defined = DISABLED
2025-11-10 13:28:08 us=156000 ifconfig_pool_start = 0.0.0.0
2025-11-10 13:28:08 us=156000 ifconfig_pool_end = 0.0.0.0
2025-11-10 13:28:08 us=156000 ifconfig_pool_netmask = 0.0.0.0
2025-11-10 13:28:08 us=156000 ifconfig_pool_persist_filename = '[UNDEF]'
2025-11-10 13:28:08 us=156000 ifconfig_pool_persist_refresh_freq = 600
2025-11-10 13:28:08 us=156000 ifconfig_ipv6_pool_defined = DISABLED
2025-11-10 13:28:08 us=156000 ifconfig_ipv6_pool_base = ::
2025-11-10 13:28:08 us=156000 ifconfig_ipv6_pool_netbits = 0
2025-11-10 13:28:08 us=156000 n_bcast_buf = 256
2025-11-10 13:28:08 us=156000 tcp_queue_limit = 64
2025-11-10 13:28:08 us=156000 real_hash_size = 256
2025-11-10 13:28:08 us=156000 virtual_hash_size = 256
2025-11-10 13:28:08 us=156000 client_connect_script = '[UNDEF]'
2025-11-10 13:28:08 us=156000 learn_address_script = '[UNDEF]'
2025-11-10 13:28:08 us=156000 client_disconnect_script = '[UNDEF]'
2025-11-10 13:28:08 us=156000 client_crresponse_script = '[UNDEF]'
2025-11-10 13:28:08 us=156000 client_config_dir = '[UNDEF]'
2025-11-10 13:28:08 us=156000 ccd_exclusive = DISABLED
2025-11-10 13:28:08 us=156000 tmp_dir = 'C:\Users\theki\AppData\Local\Temp\'
2025-11-10 13:28:08 us=156000 push_ifconfig_defined = DISABLED
2025-11-10 13:28:08 us=156000 push_ifconfig_local = 0.0.0.0
2025-11-10 13:28:08 us=156000 push_ifconfig_remote_netmask = 0.0.0.0
2025-11-10 13:28:08 us=156000 push_ifconfig_ipv6_defined = DISABLED
2025-11-10 13:28:08 us=156000 push_ifconfig_ipv6_local = ::/0
2025-11-10 13:28:08 us=156000 push_ifconfig_ipv6_remote = ::
2025-11-10 13:28:08 us=156000 enable_c2c = DISABLED
2025-11-10 13:28:08 us=156000 duplicate_cn = DISABLED
2025-11-10 13:28:08 us=156000 cf_max = 0
2025-11-10 13:28:08 us=156000 cf_per = 0
2025-11-10 13:28:08 us=156000 cf_initial_max = 100
2025-11-10 13:28:08 us=156000 cf_initial_per = 10
2025-11-10 13:28:08 us=156000 max_clients = 1024
2025-11-10 13:28:08 us=156000 max_routes_per_client = 256
2025-11-10 13:28:08 us=156000 auth_user_pass_verify_script = '[UNDEF]'
2025-11-10 13:28:08 us=156000 auth_user_pass_verify_script_via_file = DISABLED
2025-11-10 13:28:08 us=156000 auth_token_generate = DISABLED
2025-11-10 13:28:08 us=156000 force_key_material_export = DISABLED
2025-11-10 13:28:08 us=156000 auth_token_lifetime = 0
2025-11-10 13:28:08 us=156000 auth_token_secret_file = '[UNDEF]'
2025-11-10 13:28:08 us=156000 vlan_tagging = DISABLED
2025-11-10 13:28:08 us=156000 vlan_accept = all
2025-11-10 13:28:08 us=156000 vlan_pvid = 1
2025-11-10 13:28:08 us=156000 client = ENABLED
2025-11-10 13:28:08 us=156000 pull = ENABLED
2025-11-10 13:28:08 us=156000 auth_user_pass_file = '[UNDEF]'
2025-11-10 13:28:08 us=156000 show_net_up = DISABLED
2025-11-10 13:28:08 us=156000 route_method = 3
2025-11-10 13:28:08 us=156000 block_outside_dns = DISABLED
2025-11-10 13:28:08 us=156000 ip_win32_defined = DISABLED
2025-11-10 13:28:08 us=156000 ip_win32_type = 3
2025-11-10 13:28:08 us=156000 dhcp_masq_offset = 0
2025-11-10 13:28:08 us=156000 dhcp_lease_time = 31536000
2025-11-10 13:28:08 us=156000 tap_sleep = 0
2025-11-10 13:28:08 us=156000 dhcp_options = 0x00000000
2025-11-10 13:28:08 us=156000 dhcp_renew = DISABLED
2025-11-10 13:28:08 us=156000 dhcp_pre_release = DISABLED
2025-11-10 13:28:08 us=156000 domain = '[UNDEF]'
2025-11-10 13:28:08 us=156000 netbios_scope = '[UNDEF]'
2025-11-10 13:28:08 us=156000 netbios_node_type = 0
2025-11-10 13:28:08 us=156000 disable_nbt = DISABLED
2025-11-10 13:28:08 us=156000 OpenVPN 2.6.14 [git:v2.6.14/f588592ee6c6323b] Windows [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Aug 6 2025
2025-11-10 13:28:08 us=156000 Windows version 10.0 (Windows 10 or greater), amd64 executable
2025-11-10 13:28:08 us=156000 library versions: OpenSSL 3.5.1 1 Jul 2025, LZO 2.10
2025-11-10 13:28:08 us=156000 DCO version: 1.3.3
2025-11-10 13:28:08 us=156000 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2025-11-10 13:28:08 us=156000 Need hold release from management interface, waiting...
2025-11-10 13:28:08 us=625000 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:60730
2025-11-10 13:28:08 us=734000 MANAGEMENT: CMD 'state on'
2025-11-10 13:28:08 us=734000 MANAGEMENT: CMD 'log on all'
2025-11-10 13:28:08 us=796000 MANAGEMENT: CMD 'echo on all'
2025-11-10 13:28:08 us=812000 MANAGEMENT: CMD 'bytecount 5'
2025-11-10 13:28:08 us=812000 MANAGEMENT: CMD 'state'
2025-11-10 13:28:08 us=812000 MANAGEMENT: CMD 'hold off'
2025-11-10 13:28:08 us=812000 MANAGEMENT: CMD 'hold release'
2025-11-10 13:28:08 us=812000 LZO compression initializing
2025-11-10 13:28:08 us=812000 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2025-11-10 13:28:08 us=812000 MANAGEMENT: >STATE:1762806488,RESOLVE,,,,,,
2025-11-10 13:28:08 us=953000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1800 tailroom:568 ET:32 ]
2025-11-10 13:28:08 us=953000 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.246.109:12974
2025-11-10 13:28:08 us=953000 Socket Buffers: R=[65536->393216] S=[65536->393216]
2025-11-10 13:28:08 us=953000 UDPv4 link local: (not bound)
2025-11-10 13:28:08 us=953000 UDPv4 link remote: [AF_INET]XXX.XXX.246.109:12974
2025-11-10 13:28:08 us=953000 MANAGEMENT: >STATE:1762806488,WAIT,,,,,,
WR2025-11-10 13:28:09 MANAGEMENT: >STATE:1762806489,AUTH,,,,,,
2025-11-10 13:28:09 TLS: Initial packet from [AF_INET]XXX.XXX.246.109:12974, sid=0b7bc3b5 f1536ff7
WWRRWRWR2025-11-10 13:28:09 us=46000 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, name=changeme, emailAddress=mail@netgear.com
2025-11-10 13:28:09 us=46000 VERIFY KU OK
2025-11-10 13:28:09 us=46000 Validating certificate extended key usage
2025-11-10 13:28:09 us=46000 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2025-11-10 13:28:09 us=46000 VERIFY EKU OK
2025-11-10 13:28:09 us=46000 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=netgear, OU=netgear, CN=netgear, name=changeme, emailAddress=mail@netgear.com
WWWRRWR2025-11-10 13:28:09 us=109000 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 1024 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
2025-11-10 13:28:09 us=109000 [netgear] Peer Connection Initiated with [AF_INET]XXX.XXX.246.109:12974
2025-11-10 13:28:09 us=109000 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2025-11-10 13:28:09 us=109000 TLS: tls_multi_process: initial untrusted session promoted to trusted
W2025-11-10 13:28:10 us=140000 MANAGEMENT: >STATE:1762806490,GET_CONFIG,,,,,,
2025-11-10 13:28:10 us=140000 SENT CONTROL [netgear]: 'PUSH_REQUEST' (status=1)
WRR2025-11-10 13:28:10 us=171000 PUSH: Received control message: 'PUSH_REPLY,ping 10,ping-restart 120,route-delay 10,route 192.168.1.0 255.255.255.0 192.168.1.1,route 75.2.84.193 255.255.255.255 192.168.1.1,route 99.83.191.32 255.255.255.255 192.168.1.1,peer-id 0,cipher AES-256-GCM'
2025-11-10 13:28:10 us=171000 OPTIONS IMPORT: route options modified
2025-11-10 13:28:10 us=171000 OPTIONS IMPORT: route-related options modified
2025-11-10 13:28:10 us=171000 interactive service msg_channel=952
2025-11-10 13:28:10 us=171000 ROUTE_GATEWAY 192.168.2.254/255.255.255.0 I=17 HWADDR=dc:97:ba:93:e6:71
2025-11-10 13:28:10 us=171000 open_tun
2025-11-10 13:28:10 us=187000 tap-windows6 device [NETGEAR-VPN] opened
2025-11-10 13:28:10 us=187000 TAP-Windows Driver Version 9.27
2025-11-10 13:28:10 us=187000 TAP-Windows MTU=1500
2025-11-10 13:28:10 us=187000 Successful ARP Flush on interface [8] {608A8556-FD5F-4C06-8486-CA49D0B130FD}
2025-11-10 13:28:10 us=187000 do_ifconfig, ipv4=0, ipv6=0
2025-11-10 13:28:10 us=187000 MANAGEMENT: >STATE:1762806490,ASSIGN_IP,,,,,,
2025-11-10 13:28:10 us=187000 Data Channel MTU parms [ mss_fix:1367 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1800 tailroom:568 ET:32 ]
2025-11-10 13:28:10 us=187000 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2025-11-10 13:28:10 us=187000 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2025-11-10 13:28:10 us=187000 Data Channel: cipher 'AES-256-GCM', peer-id: 0, compression: 'lzo'
2025-11-10 13:28:10 us=187000 Timers: ping 10, ping-restart 120
WrWrWRwrWRwRwrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWrWRwrWrWRwrWrWrWrWrWrWrWrWrWRwrWrWrWrWRwrWrWrWrWrWRwrWrWrWRwrWRwRwrWRwRwrWrWrWrWrWrWrWrWrWRwrWrWrWrWrWrWrWrWRwrWRwRwRwrWRwRwrWrWrWrWrWrWRwRwRwrWrWRwrWrWrWRwRwRwrWrWrWrWRwRwrWrWRwrWRwrWRwRwRwrWrWrWrWRwrWRwrWRwrWrWrWRwRwRwRwRwrWrWrWrWRwRwRwRwRwrWRwrWRwrWrWrWRwRwrWr2025-11-10 13:28:14 us=531000 Recursive routing detected, drop tun packet to [AF_INET]XXX.XXX.246.109:12974
rWr2025-11-10 13:28:14 us=531000 Recursive routing detected, drop tun packet to [AF_INET]XXX.XXX.246.109:12974
RwRwrWr2025-11-10 13:28:14 us=531000 Recursive routing detected, drop tun packet to [AF_INET]XXX.XXX.246.109:12974
rWr2025-11-10 13:28:14 us=531000 Recursive routing detected, drop tun packet to [AF_INET]XXX.XXX.246.109:12974
Log when connecting with WiFi
2025-11-10 13:28:08 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2025-11-10 13:28:08 us=156000 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
2025-11-10 13:28:08 us=156000 Current Parameter Settings:
2025-11-10 13:28:08 us=156000 config = 'client.ovpn'
2025-11-10 13:28:08 us=156000 mode = 0
2025-11-10 13:28:08 us=156000 show_ciphers = DISABLED
2025-11-10 13:28:08 us=156000 show_digests = DISABLED
2025-11-10 13:28:08 us=156000 show_engines = DISABLED
2025-11-10 13:28:08 us=156000 genkey = DISABLED
2025-11-10 13:28:08 us=156000 genkey_filename = '[UNDEF]'
2025-11-10 13:28:08 us=156000 key_pass_file = '[UNDEF]'
2025-11-10 13:28:08 us=156000 show_tls_ciphers = DISABLED
2025-11-10 13:28:08 us=156000 connect_retry_max = 0
2025-11-10 13:28:08 us=156000 Connection profiles [0]:
2025-11-10 13:28:08 us=156000 proto = udp
2025-11-10 13:28:08 us=156000 local = '[UNDEF]'
2025-11-10 13:28:08 us=156000 local_port = '[UNDEF]'
2025-11-10 13:28:08 us=156000 remote = 'cameras.dyndns.org'
2025-11-10 13:28:08 us=156000 remote_port = '12974'
2025-11-10 13:28:08 us=156000 remote_float = DISABLED
2025-11-10 13:28:08 us=156000 bind_defined = DISABLED
2025-11-10 13:28:08 us=156000 bind_local = DISABLED
2025-11-10 13:28:08 us=156000 bind_ipv6_only = DISABLED
2025-11-10 13:28:08 us=156000 connect_retry_seconds = 1
2025-11-10 13:28:08 us=156000 connect_timeout = 120
2025-11-10 13:28:08 us=156000 socks_proxy_server = '[UNDEF]'
2025-11-10 13:28:08 us=156000 socks_proxy_port = '[UNDEF]'
2025-11-10 13:28:08 us=156000 tun_mtu = 1500
2025-11-10 13:28:08 us=156000 tun_mtu_defined = ENABLED
2025-11-10 13:28:08 us=156000 link_mtu = 1500
2025-11-10 13:28:08 us=156000 link_mtu_defined = DISABLED
2025-11-10 13:28:08 us=156000 tun_mtu_extra = 32
2025-11-10 13:28:08 us=156000 tun_mtu_extra_defined = ENABLED
2025-11-10 13:28:08 us=156000 tls_mtu = 1250
2025-11-10 13:28:08 us=156000 mtu_discover_type = -1
2025-11-10 13:28:08 us=156000 fragment = 0
2025-11-10 13:28:08 us=156000 mssfix = 1492
2025-11-10 13:28:08 us=156000 mssfix_encap = ENABLED
2025-11-10 13:28:08 us=156000 mssfix_fixed = DISABLED
2025-11-10 13:28:08 us=156000 explicit_exit_notification = 0
2025-11-10 13:28:08 us=156000 tls_auth_file = '[UNDEF]'
2025-11-10 13:28:08 us=156000 key_direction = not set
2025-11-10 13:28:08 us=156000 tls_crypt_file = '[UNDEF]'
2025-11-10 13:28:08 us=156000 tls_crypt_v2_file = '[UNDEF]'
2025-11-10 13:28:08 us=156000 Connection profiles END
2025-11-10 13:28:08 us=156000 remote_random = DISABLED
2025-11-10 13:28:08 us=156000 ipchange = '[UNDEF]'
2025-11-10 13:28:08 us=156000 dev = 'tap'
2025-11-10 13:28:08 us=156000 dev_type = '[UNDEF]'
2025-11-10 13:28:08 us=156000 dev_node = 'NETGEAR-VPN'
2025-11-10 13:28:08 us=156000 tuntap_options.disable_dco = ENABLED
2025-11-10 13:28:08 us=156000 lladdr = '[UNDEF]'
2025-11-10 13:28:08 us=156000 topology = 1
2025-11-10 13:28:08 us=156000 ifconfig_local = '[UNDEF]'
2025-11-10 13:28:08 us=156000 ifconfig_remote_netmask = '[UNDEF]'
2025-11-10 13:28:08 us=156000 ifconfig_noexec = DISABLED
2025-11-10 13:28:08 us=156000 ifconfig_nowarn = DISABLED
2025-11-10 13:28:08 us=156000 ifconfig_ipv6_local = '[UNDEF]'
2025-11-10 13:28:08 us=156000 ifconfig_ipv6_netbits = 0
2025-11-10 13:28:08 us=156000 ifconfig_ipv6_remote = '[UNDEF]'
2025-11-10 13:28:08 us=156000 shaper = 0
2025-11-10 13:28:08 us=156000 mtu_test = 0
2025-11-10 13:28:08 us=156000 mlock = DISABLED
2025-11-10 13:28:08 us=156000 keepalive_ping = 0
2025-11-10 13:28:08 us=156000 keepalive_timeout = 0
2025-11-10 13:28:08 us=156000 inactivity_timeout = 0
2025-11-10 13:28:08 us=156000 session_timeout = 0
2025-11-10 13:28:08 us=156000 inactivity_minimum_bytes = 0
2025-11-10 13:28:08 us=156000 ping_send_timeout = 0
2025-11-10 13:28:08 us=156000 ping_rec_timeout = 0
2025-11-10 13:28:08 us=156000 ping_rec_timeout_action = 0
2025-11-10 13:28:08 us=156000 ping_timer_remote = DISABLED
2025-11-10 13:28:08 us=156000 remap_sigusr1 = 0
2025-11-10 13:28:08 us=156000 persist_tun = ENABLED
2025-11-10 13:28:08 us=156000 persist_local_ip = DISABLED
2025-11-10 13:28:08 us=156000 persist_remote_ip = DISABLED
2025-11-10 13:28:08 us=156000 persist_key = ENABLED
2025-11-10 13:28:08 us=156000 passtos = DISABLED
2025-11-10 13:28:08 us=156000 resolve_retry_seconds = 1000000000
2025-11-10 13:28:08 us=156000 resolve_in_advance = DISABLED
2025-11-10 13:28:08 us=156000 username = '[UNDEF]'
2025-11-10 13:28:08 us=156000 groupname = '[UNDEF]'
2025-11-10 13:28:08 us=156000 chroot_dir = '[UNDEF]'
2025-11-10 13:28:08 us=156000 cd_dir = '[UNDEF]'
2025-11-10 13:28:08 us=156000 writepid = '[UNDEF]'
2025-11-10 13:28:08 us=156000 up_script = '[UNDEF]'
2025-11-10 13:28:08 us=156000 down_script = '[UNDEF]'
2025-11-10 13:28:08 us=156000 down_pre = DISABLED
2025-11-10 13:28:08 us=156000 up_restart = DISABLED
2025-11-10 13:28:08 us=156000 up_delay = DISABLED
2025-11-10 13:28:08 us=156000 daemon = DISABLED
2025-11-10 13:28:08 us=156000 log = ENABLED
2025-11-10 13:28:08 us=156000 suppress_timestamps = DISABLED
2025-11-10 13:28:08 us=156000 machine_readable_output = DISABLED
2025-11-10 13:28:08 us=156000 nice = 0
2025-11-10 13:28:08 us=156000 verbosity = 5
2025-11-10 13:28:08 us=156000 mute = 0
2025-11-10 13:28:08 us=156000 gremlin = 0
2025-11-10 13:28:08 us=156000 status_file = '[UNDEF]'
2025-11-10 13:28:08 us=156000 status_file_version = 1
2025-11-10 13:28:08 us=156000 status_file_update_freq = 60
2025-11-10 13:28:08 us=156000 occ = ENABLED
2025-11-10 13:28:08 us=156000 rcvbuf = 393216
2025-11-10 13:28:08 us=156000 sndbuf = 393216
2025-11-10 13:28:08 us=156000 sockflags = 0
2025-11-10 13:28:08 us=156000 fast_io = DISABLED
2025-11-10 13:28:08 us=156000 comp.alg = 2
2025-11-10 13:28:08 us=156000 comp.flags = 1
2025-11-10 13:28:08 us=156000 route_script = '[UNDEF]'
2025-11-10 13:28:08 us=156000 route_default_gateway = '[UNDEF]'
2025-11-10 13:28:08 us=156000 route_default_metric = 0
2025-11-10 13:28:08 us=156000 route_noexec = DISABLED
2025-11-10 13:28:08 us=156000 route_delay = 5
2025-11-10 13:28:08 us=156000 route_delay_window = 30
2025-11-10 13:28:08 us=156000 route_delay_defined = ENABLED
2025-11-10 13:28:08 us=156000 route_nopull = DISABLED
2025-11-10 13:28:08 us=156000 route_gateway_via_dhcp = DISABLED
2025-11-10 13:28:08 us=156000 allow_pull_fqdn = DISABLED
2025-11-10 13:28:08 us=156000 Pull filters:
2025-11-10 13:28:08 us=156000 ignore "route-method"
2025-11-10 13:28:08 us=156000 management_addr = '127.0.0.1'
2025-11-10 13:28:08 us=156000 management_port = '25340'
2025-11-10 13:28:08 us=156000 management_user_pass = 'stdin'
2025-11-10 13:28:08 us=156000 management_log_history_cache = 250
2025-11-10 13:28:08 us=156000 management_echo_buffer_size = 100
2025-11-10 13:28:08 us=156000 management_client_user = '[UNDEF]'
2025-11-10 13:28:08 us=156000 management_client_group = '[UNDEF]'
2025-11-10 13:28:08 us=156000 management_flags = 6
2025-11-10 13:28:08 us=156000 shared_secret_file = '[UNDEF]'
2025-11-10 13:28:08 us=156000 key_direction = not set
2025-11-10 13:28:08 us=156000 ciphername = 'AES-128-CBC'
2025-11-10 13:28:08 us=156000 ncp_ciphers = 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305'
2025-11-10 13:28:08 us=156000 authname = 'SHA1'
2025-11-10 13:28:08 us=156000 engine = DISABLED
2025-11-10 13:28:08 us=156000 replay = ENABLED
2025-11-10 13:28:08 us=156000 mute_replay_warnings = DISABLED
2025-11-10 13:28:08 us=156000 replay_window = 64
2025-11-10 13:28:08 us=156000 replay_time = 15
2025-11-10 13:28:08 us=156000 packet_id_file = '[UNDEF]'
2025-11-10 13:28:08 us=156000 test_crypto = DISABLED
2025-11-10 13:28:08 us=156000 tls_server = DISABLED
2025-11-10 13:28:08 us=156000 tls_client = ENABLED
2025-11-10 13:28:08 us=156000 ca_file = 'ca.crt'
2025-11-10 13:28:08 us=156000 ca_path = '[UNDEF]'
2025-11-10 13:28:08 us=156000 dh_file = '[UNDEF]'
2025-11-10 13:28:08 us=156000 cert_file = 'client.crt'
2025-11-10 13:28:08 us=156000 extra_certs_file = '[UNDEF]'
2025-11-10 13:28:08 us=156000 priv_key_file = 'client.key'
2025-11-10 13:28:08 us=156000 pkcs12_file = '[UNDEF]'
2025-11-10 13:28:08 us=156000 cryptoapi_cert = '[UNDEF]'
2025-11-10 13:28:08 us=156000 cipher_list = '[UNDEF]'
2025-11-10 13:28:08 us=156000 cipher_list_tls13 = '[UNDEF]'
2025-11-10 13:28:08 us=156000 tls_cert_profile = '[UNDEF]'
2025-11-10 13:28:08 us=156000 tls_verify = '[UNDEF]'
2025-11-10 13:28:08 us=156000 tls_export_peer_cert_dir = '[UNDEF]'
2025-11-10 13:28:08 us=156000 verify_x509_type = 0
2025-11-10 13:28:08 us=156000 verify_x509_name = '[UNDEF]'
2025-11-10 13:28:08 us=156000 crl_file = '[UNDEF]'
2025-11-10 13:28:08 us=156000 ns_cert_type = 0
2025-11-10 13:28:08 us=156000 remote_cert_ku[i] = 65535
2025-11-10 13:28:08 us=156000 remote_cert_ku[i] = 0
2025-11-10 13:28:08 us=156000 remote_cert_ku[i] = 0
2025-11-10 13:28:08 us=156000 remote_cert_ku[i] = 0
2025-11-10 13:28:08 us=156000 remote_cert_ku[i] = 0
2025-11-10 13:28:08 us=156000 remote_cert_ku[i] = 0
2025-11-10 13:28:08 us=156000 remote_cert_ku[i] = 0
2025-11-10 13:28:08 us=156000 remote_cert_ku[i] = 0
2025-11-10 13:28:08 us=156000 remote_cert_ku[i] = 0
2025-11-10 13:28:08 us=156000 remote_cert_ku[i] = 0
2025-11-10 13:28:08 us=156000 remote_cert_ku[i] = 0
2025-11-10 13:28:08 us=156000 remote_cert_ku[i] = 0
2025-11-10 13:28:08 us=156000 remote_cert_ku[i] = 0
2025-11-10 13:28:08 us=156000 remote_cert_ku[i] = 0
2025-11-10 13:28:08 us=156000 remote_cert_ku[i] = 0
2025-11-10 13:28:08 us=156000 remote_cert_ku[i] = 0
