ELF@44 44@4@@@p@@@@==@ <  @ @ ?~/lib/ld-uClibc.so.033 44#4 @ F0@J@H@ g4 pppp@ pp;pp o؅@oo`@ ;C =RG}Xv7$ !~\4NL (<:% "=ldA?'PvX8)#S[|\k)35f`|hH:3e#IG089 B,F]J]^rZD`ONa;lyM7>Ss1j2^ 0eqUna6SKc(./{URE99WAoFgA.b [wua 6 z`-i@D~+Zf]M=x(_1g_ ~[z-VBT;mnxJHKU!s+I$@)7p,d*'&*2<c{m4 O+tqxL  &>Q\lYhbCk % 9iKQ8LT?XPRpwYr e>u/2'O W*" P3j t_QH?6k4D{5MEY}V*v!5,.bd/-B%z<jy-("to+sInG:&y#0%c;N r1)wq giE^6/8  V.uf5C#Fh$pTW@,ZJ1m2&o}|:43 !7"0$'44 333 @;4-4@ 3F4?43X4<R4 FX q [G XFDFy.F\B 74A !PB B n0,($ 84!!!! $$$$ P!(! R&4 !(@! 4 @!`!01& !80,($ @'<ڜ'!'>$ !,(!@!􁙏 ! @!(@!0`!8 !@p !,$ 0'<ٜ'!h'(x|tp`@!`b@BC Qc0$Nbb$0'! !($܄ ( B0@! !(  ( D0`@'싂BB$@@ 3$$$ (싂B$@ 0! !(@$ (b@q$$$XB,R@$ B0 @y$$$ ( @z$$$ (b@$싂BbbB$b@@싂Bdb@b0'! !(!0 D܄ (TPL H0@'H'$!8 (@$$$$$ (ŽÎ Ď!bŽ!d!b#B0!b `*C@@ $$$ ( B0*@B B,#@F<4 (@0'$B$!( !0$`'̉ (F!@'! !( $ B$$! $!0'̉ !@!0@$ $ ' ! ( !0@! !(܄ R&! !($܄ @&$ $$$ ' ! $$ $!0 ! !(!0`  '!(!0` ! `| @ '$  @ '!0$$H $H  'l @!' !'<'!' 40,(<8Œ!*G!!!@$  $p $!8 !0 @$bH  <40,(@'b$B6@$@B49*@ $*@! b !C#2S`$"2@$B4$ B@ '!'B!< @!4 <$($@!4H @ $\B$bd('<>'!@$\B$be<='!'084$ `!TbB(@Te$!('('(p $'؆ T@'` $$! 0$!8p '$h$䁙  @'! '4 G$t$䁙  @! ' 5B/@ @@2"@"@BB,@"<4  @"<4$d'$H  BB,@@2"<4  @@2"<4$'$H @2$@2BB,@! "<4  @! "<4$'$H ! (9' 2@2BB,@2"<4  @2"<4$ ($H 2@2BB,@2"<4  @2"<4$8($H 2@2BB,@2"<4  @2"<4$h($H 2@ 2BB,@ 2"<4  @ 2"<4$($H  2@BB,@"<4  @"<4$($H $('@H$d(b!( !0@!@ @!@H$ @! 4'!(t !8@!0H$$T9$H ~H$ v@! 4'!(t !0@!8@$9$2H$ a@!0$9$9H$H$ T@!0@$9$,H$1@H$d$b!(@!@ @!@H$ <@!0@!8H$$9$H 0H$ (@!0@H$$4:$H  @H$$X:$ H$  @H$$l:$H 4@4' PHD@<8X'<J'!'840,($ @<!!! $:$!! X\@!$BH$ v@!0`$:$lH$! $:$ @! @H$ ]@!0`$:$SH$$;$ @! t 6@!@E$&!!(!  &! @!(@' !0@! H$(.9' !(H$ @H$$L7$H H$  @!0`H$$ ;$H @' @840,($ H''!'($ 0,Œ!!! @$x;$H$ $l=$  @$$t=$ @$"$|=$  @(#9' $=$ /@H$  @H$$=$LH H$  @H$$=$$H H$ w@H$$L7$m$=$ @! !($!8(XA9' [@! ( 19' Q$=$ @!t ! !(@!0@((29' 1$=$ @! !($!8(XA9' @! (29' $=$ >@'t ! @!(x  @H$ @H$$=$ @H$$=$H$ @ !0@$>$H$$,>$ =@&t ! @0  @H$ @H$$4>$ @H$$P>$H$ @ !0@$t>$@H$$>$ <@ H$  @H$ d@H$$>$Z X@H$$>$N L@ !0@H$$>$H ;$p;$ @! $>$ (:9' ! (:9' $d;$ %@! !($$(XA9' @! (99' ! (99' $h;$ %@! !($$(XA9' @! ( :9' ! ( :9' $$<$ @! !($!8(XA9' @! (=9' $0<$ @! !($!8(XA9' |@! (4>9' q$>$  @! (>9' ]$>$  @! (d?9' H$?$ .@H$! !($!8(XA9' 0@!t '@!@H$ !0H$$ ?$@&H *@H$  @H$$X?$H @' 0($ 8'@$< @!@ ! !($܄ "#B$""` @$$x;$ " P @$$x;$ 0!(@! !0X 0( 0'<'!@!@!!`@0'$P'p ( 0'$C$$ (0'$C$!0!8 (<4! !0!(!8 l (@$ ( @$$C$H (T@@'! $P'p ( $$C$ (! $C$X (! !8$C$ (B@$ ( @$LD!0$D$H (LD!( ! $$ D$@ (P@P' (|tplhd`\X'<'!'!$ $D$! @$ $ D$$@!0 H $('<'!' -@!)@􅙏 !0@$1$!$$H$% #! b$ B,@#$ b$<$$2"%C.%D%E"( 0'\ $$K$$ !(\``b@$$#X&e\!8 !(!  $ \ $  @!0@$$dL$H \ 80,(@'<'!'4,<80(!!$h$b!@!$b@$6 $$)L$J$H b@B@>$< $\#``"b@$$X"&e\$!8  &$ @! !( '؅ !0@!8$$L$H  @ ' BB,(@!@F<4 @!@! `,9' ! @!@,9' Fbb,@$G$/bHb,@a$ $9b<`'b`'8bb,@$$b/`'b+`'$N$)`'&$O$ "z$O$`'$(O$`'$0O$`'$@O$ `'$PO$`'$XO$ X'`'|$ ld|xtp!C'<\v'!'$ !($ $ ',(@ @@$ $dO$@@$H ,0'2%8%8('%8!( ! @$!0( $lQ$@$ ! !(!0@`!8*+B4*,;9' \TPLHD@`'<8'!'40<8,(!!t` c$pb$l x"c*@b,&"2%82%8%8%$P'!(@$@DB( ?@! d'$` )'P "@8&RCSC'P8<&T'C!0@ ! `!( @$,pq9' 1&', @'ă ! |tplh'< '!'@! @􂙏  '',w9' ! !(  ! @!0 $`'' ! @!($܄ $[B$B0q&$[B$B! $( XP$*@@$$P$TX\`d! ( X$'!( :$ ! @!(!0$   '<'!' ($!B$ C($'`D@&B3<B,@4 3<$$^$ @4H &@ @@싂B( 0'<'!' !@!@bJ@ @B@$  @$$_$H  B$ $[!$!#b@c !CB@&$  @&$$`$H &@@  ('<<'!' @8HD<!f $FbBbB bB !b!e!b#B0!b `P&*@ @ $p`$$  CB#(b C!D!E*b `$p`$$  C!B$*b`$ !E! D L$䊙  $p`$$  Cb,@$$(a!$!""!\@C!B$*b`( $!E! D('$䊙  B B,@! @F<4  @F<$x`$4B@$B!c$*C$@) $!E! D$)'䊙  Q! (  F$$C!!F*b`$ !!E! D!( 䊙  B B,y@! @F<4  o@F<$`$e4B!c$*C$h@* $!E! Db*'$䊙  B B,M@! @F<4  C@F<$`$94B!c$*C$<@+ $!E! D6+'$䊙  D0!Ec$"% *(", $!G! F,'$䊙  D0!Ec$"% *(. $!G! F.'$䊙  B B,@! @F<4  @F<$`$4B!c$*C$@0 $!E! D0'$䊙  D0!Ec$"% *(2 $!G! F2'$䊙  B B,@! @F<4  @F<$`$4B!c$*C$@4 $!E! D4'$䊙  B C! @*C@! `B#Q$ h  D!c$* 5 $!F! E 1&5'$䊙  B B,R@! @F<4  H@F<H CIF#h$4$`$$H  3! @B!c$*C$0@6 $!E! D*6'$䊙  B B,@! @F<4  @! @F<4$a$H  ! @$4  $BH@<8P'<'!',(40$b(@!c$B$ $p`$H$ ` !DE`$c$,@$b!$!""!\@B B,g@$F<4  @F<4$Da$H S$B B,L@$F<4  @F<4$\a$H 8$B B,@F<4  @F<4$xa$H ( @$ !(bB$$ '$䊙  b0%b `#$ "B B,@F<4  @F<4$a$H "@"&$"@"&%$"&!  @$"%&! "&@ B B,@F<4  @F<4$a$H ( @$ !(bB$$"'$䊙 "b0%b#( @$ !(bB$$$'$䊙 $b0%b"R@ #"O@"&M`B@$ @$ "#&'$a$H ".@"&"*@"&#eb(%@"&"*C@" #*C@"&B@"&$  @"&&$$$b$H "&@ !@B B,@F<4  @F<4$b$H "$bc$C$C 4,(8'<'!'!  ! Ԅ  ('<@'!'! h ! $Ԇ B\@! | !  B7@! @|$~$@4 @0 @! 0@!$0@c4! x B@ $b!  B@! ! 0`9' @! Њ ! \  (' $x$ (f@"b@"^@!0$!8$T0(J9' (! @R&$@$T'09' ($@$T'!@09' ( $ !@@$T'09' (!@R&T@! `Bc2+C @ ( @! `$H ( !(!0 ( @$ $$ (#@"@!0$!8$0(J9' ( @R&"$ 0<9' (R& $$ (@!0$!8$0(J9' ( @$ $$ (B@">@":@!0$!8$0(J9' (g @R&$t ($!@t (@Bc2+CO @! ` (H @! `$H (> ; $,$ (B@">@":@!0$!8$0(J9' ( @R&$t ($!@t (ABc2+C @! ` ( @! `<$H ( 0 ,$`$ (4@"0@!0$!8$0(J9' ( @R&$t (Ac2B+C @! ` ( @! `l$H (  4$$ (@"@!0$!8 <0(J9' ( @R&$t ($*b`$ 8$$ (@!0$!8$0(J9' (p @$n <$$ (@!0$!8$0(J9' (V @$T @$$ (o@"k@!0$!8$0(J9' (8 @R&! `!( $$04K9' (+ @02! $ (@R&>H! $ (@$1HBc2+C @! ` ( @! `$H ( Bc2+C @! ` ( @! `P$H ( " D$$ ("@"@!0$!8$0(J9' ( @R&! `!( $$04K9' ( @" $$ ("@"@!0$!8$0(J9' ( @R&! `!( $$04K9' ( @" $$ ("@"@!0$!8$0(J9' (g @R&! `!( $$04K9' (Z @"W $$ (@"@!0$!8$0(J9' (; @R&"8 $$ (@"@!0$!8$0(J9' ( @R&" $$ (@!0$!8$0(J9' ( @$$$ (2@".@!0$!8$0(J9' (@R&$t (@!@Bc2+C@! ` ( @! `$H ( $8$ (2@".@!0$!8$0(J9' (@R&$t (@!@Bc2+C@! ` ( @! `H$H ($p$ (@!0$!8$0(J9' (o@$m$$$ (@!0$!8$0(J9' (U@$S($$ (%@"!@!0$!8<0(J9' (R&6@!0"@!0@R&%! !8`0$9' ($$$ (L@"H@"D@!0$!8<0(J9' (@R&%$!0!8t (%!@$!0!8t (@ $Bc2+C@! ` (@! `$H ($$ (@!0$!8<0(J9' (@$$$ (@!0$!8$0(J9' (@$L$$ (@!0$!8$0(J9' (@$P$$ (@!0$!8$0(J9' (h@"@R&aTB$\T$$ (@"@!0$!8$0(J9' (@@R&%! ` (7$$ (@"@!0$!8$0(J9' (@R&"$$ (@"@!0$!8$0(J9' (@R&"$ $ (#@"@!0$!8$0(J9' (@R&"@! R&!( !8$059' ($,$ (@"@!0$!8$0(J9' (R&$<$ (@!0$!8$0(J9' (@$$D$ (@!0$!8$0(J9' (~@$|$T$ (@!0$!8$0(J9' (d@$b$d$ (@!0$!8$0(J9' (J@$H $t$ (!@"@!0$!8$0(J9' (,@R&% ! ` (!@R&d"`$|$ (@!0$!8$0(J9' (@$($$ (#@"@!0$!8$0(J9' (@R&$$pt٥$ (@tp$$ (@!0$!8$0(J9' (@$p$$ (#@"@!0$!8$0(J9' (@R&$$hl٥$ (@lh$$ (@!0$!8$0(J9' (w@$uh$$ (@!0$!8$0(J9' (]@[$$ (y@!0$!8$0(J9' (C@$P'!',($40 !!1@!$2'!!c$ @* eRBB,@F<4  @F 1%@*R B%H%%82"%H&%@%8^ f n B,%+% 3@%F<4  *@!(8'! @t  ! `!(8'!@t  ! !(8'!@t  F<(!8 4$$!0H  @ `(+~@!!`@&('$!00  }@!   xW$<BB,@F<4  @! !(8't  F<@!0@4D$H  8@8'  <pld`\XTPLHx'<'!$D!b$ B,# @!8$8 c$c$ $b$¬ì$!b(@!< '!',(40! B"!F<B,3@4 ! +@ ' F@!c$b@&* @$ $ B@`":b@$ @! ! ' !0@@$ $H ! | @$$  @$$ $H $؄ \0'! ! @| @! $  @! $ $H ! 89' @!' !'< ֜'!'B840,($ @<!!!X\`@!$ @'!  !0@$ $H D!($D !@hB<@!4z@B\`@ '@!  `$b;4BDC0%CF$Œ$@B@$  @,'D $  !0@$ $H  $ ÌČŌŒ ì,¬$Ĭ(Ŭ$dB,@,'  PHD@<840X'<\̜'!'$ < @!@ ! !($܄ $  !('<˜'!'<40,($@8 !!!\`dh ! $$ ! ,8@9' ! 89' ! !@8ܟ9' <!@p8@xDLPTlX\XtH| $& $ $ $ b$ $ D @$ $ @$ b$ $ D @$ $  bc4#0#@$ b `$ $ D @$ $ &04,04$$Hb@@D!@$ $ $  B' @$ $  B! 8ȡ9' ! 89' ! $!0!8809' @<40,($ H'< ǜ'!' D@<8LH!!!0,( ! $$  @! B@!( S@! !( 8<9'  L"@0",D$)$#b8#,$B, e$('89'  "( @3$ $  B@! $,'!8@809'  B@$(R$H#hb(@$`('=!b!09"$, E$89'  "$%$!889'  %$ $  '`"$UB$ $89'  ~ $_$  s4('%P#,&, $$&89'  B(@$ x"&%&'Ȍ  M$I%&'8  ><"8@('%P#, $ $&!089'  B@'&$ %&h  B@$#$"4#d 0"$! !0!8@809'  B@B@(@B@$  @$0$H  #$bb$X%&89'  $|  $  $'@  $T%  $  D"c@J`$  C@$$섙  !0@$|$H  1/`$  (@$$섙  $@%0'$!@0  !@@"$@!0$$$H  B'@$  @$$섙  $$ $0'+(!@0  !8@!0$$H  `B@S0@0'  LD@<8P'<'!'$ m!'6@q03 $BB,@<4  @<4$H | @$@$  @$@$$H $ '@| @$@$  @$@$$H $ h& &؁  ! X $('<'!$,B$<'!'$ $0$D  '<0'!'HD@PLŒ8h bŒ! @$bŒ!(b Œ!,b $"'$8'p  '8$!0 $8' $ !0@'@$ B@! @$ @! @$$!0d$H ! @h$!0X  $$h '@$$ $t$8'0  $!0@$!8@l @@$  @@$x$H "9@('$8'! p ! @$$X $$ $t$8'0 &!8@! $ 4,!(@! $$@ 8@8' PHD@X'<'!'B4!<0,<8(!! $@!4  '@!  D '$!@ ''!' 0,($!! !$$ @& @$$  $B#B!@F$! $(!@ $B* @$$ "!*C$@!'! !(`!0'䊙 !(t! !0@䊙 ! `!(!0@䊙 ! r!( !0䊙 $0($ !`8'<0<'!' D@!!('H<PL8!!܅  4B @!$$  Dpl(F&!(   @#$$  $(@@e&" #$B$!d" `$! `$䊙  $$$  $ !" #$B$!d" $$%$  hC%bbB"@p&,(40!   ! !(!08B9'  @+$$  0BP4BD8B<<B8 @HX'<9'!' HD@PL! B!!h@8('܅  ! !( $8B9'  @! BE@! (b@!  $"e!  @!  $"e&! ! l ($B$&$ '!8l  '!($܄ $$(! l  '!($܄ !!`'< '!'<,PLHD@840(Œ!C$!\ b $ $ $$ 'P !@b(@c$B$ $ $  `$ !DF`$c$!2$b!(B\@9'  &*T@s&!  !@싂Bb싁# `& 싑1 @Z$$  *#@&#q*b@ï'A%$"b&$8`:9'  BB,@<4  @<4-$H  @$#D*b2`! !($$8P;9'  BB, @<4  @! H  $@<-$4-$H  0@!&b&B*B(@c$B$E0$&&B*E@$B$c$(@('  ,`\TPLHD@<8h'$ (T$ b(&$?$ ((&$ ( @@$$ ($@x0("4,"0"4"8" <"bB$-b&b"bB@len=%d type=FRAG_WHOLE flags=0x%08xspurrious FRAG_WHOLE flagsFRAG_IN len=%d type=%d seq_id=%d frag_id=%d size=%d flags=0x%08xbad fragment sizefragment.cfragment buffer overflowFRAG_TEST not implementedunknown fragment typeFRAG_IN error flags=0x%08x: %sFRAG_OUT len=%d type=%d seq_id=%d frag_id=%d frag_size=%d flags=0x%08xFRAG: outgoing buffer is not empty, len=[%d,%d]too many fragments would be required to send datagramFRAG_OUT error, len=%d frag_size=%d MAX_FRAGS=%d: %sFRAG TTL expired i=%dd2d2< X<  <x d dgremlin.cUPDOWNGREMLIN: CONNECTION GOING %s FOR %d SECONDSGREMLIN: Random packet dropGREMLIN: Packet Corruption, method=%dAA AhAAA((%s (/%d)helper.croute-gateway %sroute %s %sroute %s%s %d%s IP addresses %s and %s are not in the same %s subnet--server and --client cannot be used together--server and --server-bridge cannot be used together--server and --secret cannot be used together (you must use SSL/TLS keys)--server already defines an ifconfig-pool, so you can't also specify --ifconfig-pool explicitly--server directive only makes sense with --dev tun or --dev tap--server directive network/netmask combination is invalid--server directive netmask is invalid--server directive netmask allows for too many host addresses (subnet must be %s or higher)--server directive when used with --dev tun must define a subnet of %s or lower--server directive when used with --dev tap must define a subnet of %s or lower--server-bridge and --client cannot be used together--server-bridge already defines an ifconfig-pool, so you can't also specify --ifconfig-pool explicitly--server-bridge and --secret cannot be used together (you must use SSL/TLS keys)--server-bridge directive only makes sense with --dev tap--server-bridge--client requires --key-method 2--proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client--keepalive parameters must be > 0the second parameter to --keepalive (restart timeout=%d) must be at least twice the value of the first parameter (ping interval=%d). A ratio of 1:5 or 1:6 would be even better. Recommended setting is --keepalive 10 60.--keepalive conflicts with --ping, --ping-exit, or --ping-restart. If you use --keepalive, you don't need any of the other --ping directives.pingping-restart((shared secret output file (--secret)Randomly generated %d bit key written to %sTUN/TAP device (--dev)options --mktun or --rmtun should only be used together with --devinit.cdaemon() failedwill be delayed because of --client, --pull, or --up-delayNOTE: chroot %sNOTE: UID/GID downgrade %s[%s] Initialization Sequence Completed%s With Errors%sSUCCESSERRORWARNING: route-up plugin call failedscript_typeroute-upRoute script failedtuninitupPreserving previous TUN/TAP instance: %srestartClosing TUN/TAP interfacedownNOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.OPTIONS IMPORT: --verb and/or --mute level changedOPTIONS IMPORT: timers and/or timeouts modifiedOPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udpOPTIONS IMPORT: explicit notify parm(s) modifiedOPTIONS IMPORT: traffic shaper enabledOPTIONS IMPORT: --persist options modifiedOPTIONS IMPORT: --ifconfig/up options modifiedOPTIONS IMPORT: route options modifiedOPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modifiedOPTIONS IMPORT: environment modifiedRestart pause, %d second(s)secretStatic EncryptStatic DecryptRe-using pre-shared static keyError: private key password verification failedprivate-key-password-failureRe-using SSL/TLS contextControl Channel MTU parmsTLS-Auth MTU parms******* WARNING *******: all encryption and authentication features disabled -- all data will be tunnelled as cleartextWARNING: using --fragment and --mtu-test together may produce an inaccurate MTU test resultWARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu %d (currently it is %d)IMPORTANT: OpenVPN's default port number is now %d, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.WARNING: --ping should normally be used with --ping-restart or --ping-exitWARNING: you are using user/group/chroot without persist-key/persist-tun -- this may cause restarts to failWARNING: using --pull/--client and --ifconfig together is probably not what you wantWARNING: using --duplicate-cn and --client-config-dir together is probably not what you wantWARNING: --ifconfig-pool-persist will not work with --duplicate-cnWARNING: --keepalive option is missing from server configWARNING: You have disabled Replay Protection (--no-replay) which may make OpenVPN less secureWARNING: You have disabled Crypto IVs (--no-iv) which may make OpenVPN less secureWARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.Data Channel MTU parmsFragmentation MTU parmsLocal Options String: '%s'Expected Remote Options String: '%s'Local Options hash (VER=%s): '%s'Expected Remote Options hash (VER=%s): '%s'OpenVPN started by inetd/xinetd cannot restart... Exiting.NOTE: --fast-io is disabled since we are not using UDPNOTE: --fast-io is disabled since we are using --shaperERROR: Sorry, this command is currently only implemented on WindowsSignal received from management interface, exitinginit_instanceMultithreaded malloc test....Alist.c@A0A AAAAAԠAĠAAA((Management Interface for %sCommands:auth-retry t : Auth failure retry mode (none,interact,nointeract).echo [on|off] [N|all] : Like log, but only show messages in echo buffer.exit|quit : Close management session.help : Print this message.hold [on|off|release] : Set/show hold flag to on/off state, or release current hold and start tunnel.kill cn : Kill the client instance(s) having common name cn.kill IP:port : Kill the client instance connecting from IP:port.log [on|off] [N|all] : Turn on/off realtime log display + show last N lines or 'all' for entire history.mute [n] : Set log mute level to n, or show level if n is absent.net : (Windows only) Show network info and routing table.password type p : Enter password p for a queried OpenVPN password.signal s : Send signal s to daemon, s = SIGHUP|SIGTERM|SIGUSR1|SIGUSR2.state [on|off] [N|all] : Like log, but show state history.status [n] : Show current daemon status info using format #n.test n : Produce n lines of output for testing/debugging.username type u : Enter username u for a queried OpenVPN username.verb [n] : Set log verbosity level to n, or show if n is absent.version : Show current version number.END?INITIALCONNECTINGWAITAUTHGET_CONFIGASSIGN_IPADD_ROUTESCONNECTEDRECONNECTINGEXITINGAAAAA,A@AAȨAܨA>INFO:OpenVPN Management Interface Version %d -- type 'help' for more info%sSUCCESS: password is correctERROR: bad passwordMAN: client connection rejected after %d failed password attemptsENTER PASSWORD:SUCCESS: signal %s thrownERROR: signal '%s' is not a known signal typeERROR: The 'status' command is not supported by the current daemon modeSUCCESS: %d client(s) at address %s:%d killedERROR: client at address %s:%d not foundERROR: port number is out of range: %sERROR: error parsing IP address: %sSUCCESS: common name '%s' found, %d client(s) killedERROR: common name '%s' not foundERROR: kill parseERROR: The 'kill' command is not supported by the current daemon modeonSUCCESS: real-time %s notification set to ONoffSUCCESS: real-time %s notification set to OFFallERROR: %s parameter must be 'on' or 'off' or some number n or 'all'logechostatemanage.cSUCCESS: '%s' %s entered, but not yet verifiedERROR: %s of type '%s' entered, but we need one of type '%s'ERROR: no %s is currently needed at this timeusernamepasswordERROR: The 'net' command is not supported by the current daemon modeSUCCESS: hold flag set to ONSUCCESS: hold flag set to OFFreleaseSUCCESS: hold release succeededERROR: bad hold command parameterSUCCESS: hold=%dat least sERROR: the '%s' command requires %s%d parameter%sexitquithelpversionOpenVPN Version: %sManagement Version: %dsignalstatuskillverbSUCCESS: verb level changedERROR: verb level is out of rangeSUCCESS: verb=%dmuteSUCCESS: mute level changedERROR: mute level is out of rangeSUCCESS: mute=%dauth-retrySUCCESS: auth-retry parameter changedERROR: bad auth-retry parameterSUCCESS: auth-retry=%s1netholdtest[%d] The purpose of this command is to generate large amounts of output.ERROR: unknown command, enter 'help' for more optionsMANAGEMENT: Client connected from %sMANAGEMENT: Cannot bind TCP socket on %sMANAGEMENT: listen() failedMANAGEMENT: TCP Socket listening on %sMANAGEMENT: Client disconnectedTCPMANAGEMENT: CMD 'password [...]'MANAGEMENT: CMD '%s'MANAGEMENT: TCP %s error: %srecvsendManagementtunnel>PASSWORD:Verification Failed: '%s'Need password(s) from management interface, waiting...Need hold release from management interface, waiting...username/password>PASSWORD:Need '%s' %s>HOLD:Waiting for hold release>FATAL:>LOG:>ECHO:>STATE:%u,%s,,%s integer.hmbuf.cMBUF: mbuf packet droppedMBUF: dereferenced queued packet((chroot to '%s' failed/cd to '%s' failedchroot to '%s' and cd to '%s' succeededfailed to find UID for user %ssetuid('%s') failedUID set to %sfailed to find GID for group %ssetgid('%s') failedGID set to %ssetgroups('%s') failedWARNING: nice %d failednice %d succeededsignalscript_contexttun_mtulink_mtudevmisc.c%s %d %d %s %s %sERROR: up/down plugin call failedscript_type%s %s %d %d %s %s %s%sscript failedwOpen error on pid file %s%u Close error on pid file %sWARNING: mlockall call failedmlockall call succeeded/dev/nullINETD_SOCKET_DESCRIPTOR dup(%d) failedSYSTEM[%u] '%s'SYSTEM return=%uWARNING: cannot stat file '%s'WARNING: file '%s' is group or others accessibleshell command fork failedshell command did not exit normallyshell command exited normallycould not execute shell commandshell command exited with error status: %d%s: %s%s=%sENV [%d] '%s'%llu%dputenv('%s') failed%u.%u.%u.%urTEST FILE '%s' [%d]UNDEFopenvpn_%u_%u.tmp...%s%s/dev/ttystdinmanagementERROR: could not read %s username/password from management interfaceEnter %s Username:Enter %s Password:ERROR: could not read %s username from stdinERROR: %s username is emptyERROR: could not not read %s password from stdinSorry, '%s' password cannot be read from a fileError opening '%s' auth file: %sError reading password from %s authfile: %sError reading username and password (must be on two consecutive lines) from %s authfile: %sERROR: username from %s authfile '%s' is emptymake_arg_array((Need IPv6 code in mroute_extract_addr_from_packetmroute.c[NULL]:%s/%d:%dIPV6UNKNOWNMROUTE CIDR netlen: /%dmss.cMSS: %d -> %d((?TA_UNDEFTA_SOCKET_READTA_SOCKET_READ_RESIDUALTA_SOCKET_WRITETA_SOCKET_WRITE_READYTA_SOCKET_WRITE_DEFERREDTA_TUN_READTA_TUN_WRITETA_INITIALTA_TIMEOUTTA_TUN_WRITE_TIMEOUT[B\B$\B8\BL\B`\Bt\B\B\B\B\BMULTI TCP: new incoming client address matches existing client address -- new client takes precedenceMULTI TCP: instance added: %sMULTI TCP: new client instance failedmtcp.cMULTI TCP: TCP client address is undefinedMULTI: TCP INIT maxclients=%d maxevents=%dMULTI TCP: transmitting previously deferred packetMULTI TCP: queuing deferred packetMULTI TCP: multi_tcp_wait_lite a=%s mi=0x%08lxMULTI TCP: multi_tcp_wait_lite, unhandled action=%dMULTI TCP: multi_tcp_dispatch a=%s mi=0x%08lxmulti.hMULTI TCP: multi_tcp_dispatch, unhandled action=%dlBlB$oBnB0oBlBnB`oBmBnBMULTI TCP: multi_tcp_post bad state, mi=%s flags=%dMULTI TCP: multi_tcp_post %s -> %sMULTI TCP: multi_tcp_action a=%s p=%dMULTI TCP: I/O wait required blocking in multi_tcp_action, action=%dmtu.cTUN MTU value (%d) must be at least %dMTU is too smallMTU DYNAMIC mtu=%d, flags=%u, %d -> %d%s [ L:%d D:%d EF:%d EB:%d ET:%d EL:%d AF:%u/%d ]%sError setting IP_MTU_DISCOVER type=%d on TCP/UDP socketyesmaybenoinvalid --mtu-disc type: '%s' -- valid types are 'yes', 'maybe', or 'no'CMSG=%d|NO-INFO|ETIMEDOUT|EMSGSIZE Path-MTU=%d|ECONNREFUSED|EPROTO|EHOSTUNREACH|ENETUNREACH|EACCES|UNKNOWN|Note: enable extended error passing on TCP/UDP socket failed (IP_RECVERR)((MULTI: Connection from %s would exceed new connection frequency limit as controlled by --connect-freq[succeeded][created][failed]GET INST BY REAL: %s %smudp.cmulti.h(("%s" "%s" "%s"WARNING: learn-address plugin call failedlearn-addressscript_type%s "%s" "%s"WARNING: learn-address command failedMULTI: REAP range %d -> %dMULTI: REAP DEL %sdeleteMULTI: multi_init called, r=%d v=%dmulti.c%s/%sUNDEFbytes_receivedbytes_sentWARNING: client-disconnect plugin call failedclient-disconnectclient-disconnect command failedMULTI: multi_close_instance calledMULTI: multi_create_instance calledMULTI: new incoming connection would exceed maximum number of clients (%d)MULTI: unable to add real address [%s] to iterator hash tableMULTI: signal occurred during client instance initializationOpenVPN CLIENT LISTUpdated,%sCommon Name,Real Address,Bytes Received,Bytes Sent,Connected Since%s,%s,%llu,%llu,%sROUTING TABLEVirtual Address,Common Name,Real Address,Last Ref%s%s,%s,%s,%sGLOBAL STATSMax bcast/mcast queue length,%dTITLE,%sTIME,%s,%uHEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t)CLIENT_LIST,%s,%s,%s,%llu,%llu,%s,%uHEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)ROUTING_TABLE,%s%s,%s,%s,%s,%uGLOBAL_STATS,Max bcast/mcast queue length,%dENDERROR: bad status format version numberupdateadd FAILEDMULTI: Learn%s: %s -> %sGET INST BY VIRT: %s -> %s via %sGET INST BY VIRT: %s [failed]MULTI: internal route %s/%d -> %sMULTI: internal route %s -> %sMULTI: new connection by client '%s' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.MULTI: no --ifconfig-pool netmask parameter is available to push to %sMULTI: no free --ifconfig-pool addresses are availableifconfig_pool_local_ipifconfig_pool_remote_ipifconfig_pool_netmaskMULTI: problem deleting temporary file: %sDEFAULTcommon_nameWARNING: client-connect plugin call failedclient-connect%s %sclient-connect command failedMULTI: client has been rejected due to 'disable' directiveMULTI: no dynamic or static remote --ifconfig address is available for %sMULTI: primary virtual IP for %s: %sMULTI: --iroute options rejected for %s -- iroute only works with tun-style tunnelsMULTI: packet dropped due to output saturation (multi_add_mbuf)MULTI: bad source address from client [%s], packet droppedMULTI: packet dropped due to output saturation (multi_process_incoming_tun)MULTI: C2C/MCAST/BCASTMULTI: Outgoing TUN queue full, dropped packet len=%dMULTI ROUTE: route quota (%d) exceeded for %s (see --max-routes-per-client option)GREMLIN_FLOOD_CLIENTS: flooding clients with %d packets of size %dclient-instance((%sTlRMTVNTUAABAAAAAgIAAA==ntlm.cNTLMSSP(((4kz-VӯE      pppppp888888jjjjjjNOTE: failed to obtain options consistency info from peer -- this could occur if the remote peer is running a version of OpenVPN before 1.5-beta8 or if there is a network connectivity problem, and will not necessarily prevent OpenVPN from running (%llu bytes received from peer, %llu bytes authenticated data channel traffic) -- you can disable the options consistency check with --disable-occ.NOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.NOTE: failed to empirically measure MTU (requires OpenVPN 1.5 or higher at other end of connection).occ.cSENT OCC_REQUESTSENT OCC_REPLYSENT OCC_MTU_REQUESTSENT OCC_MTU_REPLYSENT OCC_MTU_LOAD_REQUESTSENT OCC_MTU_LOAD min_int(%d-%d-%d-%d,%d) size=%dSENT OCC_EXITCdCCCCPCCRECEIVED OCC_REQUESTRECEIVED OCC_MTU_REQUESTRECEIVED OCC_MTU_LOAD_REQUESTRECEIVED OCC_REPLYRECEIVED OCC_MTU_REPLYNOTE: Empirical MTU test completed [Tried,Actual] local->remote=[%d,%d] remote->local=[%d,%d]NOTE: This connection is unable to accomodate a UDP packet size of %d. Consider using --fragment or --mssfix options as a workaround.RECEIVED OCC_EXITremote-exit` C C8 C<C C CC((%sopenvpn.c((OpenVPN 2.0.9 mipsel-unknown-linux [SSL] [EPOLL] built on Apr 12 2007%s General Options: --config file : Read configuration options from file. --help : Show options. --version : Show copyright and version information. Tunnel Options: --local host : Local host name or ip address. --remote host [port] : Remote host name or ip address. --remote-random : If multiple --remote options specified, choose one randomly. --mode m : Major mode, m = 'p2p' (default, point-to-point) or 'server'. --proto p : Use protocol p for communicating with peer. p = udp (default), tcp-server, or tcp-client --connect-retry n : For --proto tcp-client, number of seconds to wait between connection retries (default=%d). --http-proxy s p [up] [auth] : Connect to remote host through an HTTP proxy at address s and port p. If proxy authentication is required, up is a file containing username/password on 2 lines, or 'stdin' to prompt from console. Add auth='ntlm' if the proxy requires NTLM authentication. --http-proxy-retry : Retry indefinitely on HTTP proxy errors. --http-proxy-timeout n : Proxy timeout in seconds, default=5. --http-proxy-option type [parm] : Set extended HTTP proxy options. Repeat to set multiple options. VERSION version (default=1.0) AGENT user-agent --socks-proxy s [p]: Connect to remote host through a Socks5 proxy at address s and port p (default port = 1080). --socks-proxy-retry : Retry indefinitely on Socks proxy errors. --resolv-retry n: If hostname resolve fails for --remote, retry resolve for n seconds before failing (disabled by default). Set n="infinite" to retry indefinitely. --float : Allow remote to change its IP address/port, such as through DHCP (this is the default if --remote is not used). --ipchange cmd : Execute shell command cmd on remote ip address initial setting or change -- execute as: cmd ip-address port# --port port : TCP/UDP port # for both local and remote. --lport port : TCP/UDP port # for local (default=%d). --rport port : TCP/UDP port # for remote (default=%d). --nobind : Do not bind to local address and port. --dev tunX|tapX : tun/tap device (X can be omitted for dynamic device. --dev-type dt : Which device type are we using? (dt = tun or tap) Use this option only if the tun/tap device used with --dev does not begin with "tun" or "tap". --dev-node node : Explicitly set the device node rather than using /dev/net/tun, /dev/tun, /dev/tap, etc. --tun-ipv6 : Build tun link capable of forwarding IPv6 traffic. --ifconfig l rn : TUN: configure device to use IP address l as a local endpoint and rn as a remote endpoint. l & rn should be swapped on the other peer. l & rn must be private addresses outside of the subnets used by either peer. TAP: configure device to use IP address l as a local endpoint and rn as a subnet mask. --ifconfig-noexec : Don't actually execute ifconfig/netsh command, instead pass --ifconfig parms by environment to scripts. --ifconfig-nowarn : Don't warn if the --ifconfig option on this side of the connection doesn't match the remote side. --route network [netmask] [gateway] [metric] : Add route to routing table after connection is established. Multiple routes can be specified. netmask default: 255.255.255.255 gateway default: taken from --route-gateway or --ifconfig Specify default by leaving blank or setting to "nil". --route-gateway gw : Specify a default gateway for use with --route. --route-delay n [w] : Delay n seconds after connection initiation before adding routes (may be 0). If not specified, routes will be added immediately after tun/tap open. On Windows, wait up to w seconds for TUN/TAP adapter to come up. --route-up cmd : Execute shell cmd after routes are added. --route-noexec : Don't add routes automatically. Instead pass routes to --route-up script using environmental variables. --redirect-gateway [flags]: (Experimental) Automatically execute routing commands to redirect all outgoing IP traffic through the VPN. Add 'local' flag if both OpenVPN servers are directly connected via a common subnet, such as with WiFi. Add 'def1' flag to set default route using using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. --setenv name value : Set a custom environmental variable to pass to script. --shaper n : Restrict output to peer to n bytes per second. --keepalive n m : Helper option for setting timeouts in server mode. Send ping once every n seconds, restart if ping not received for m seconds. --inactive n : Exit after n seconds of inactivity on tun/tap device. --ping-exit n : Exit if n seconds pass without reception of remote ping. --ping-restart n: Restart if n seconds pass without reception of remote ping. --ping-timer-rem: Run the --ping-exit/--ping-restart timer only if we have a remote address. --ping n : Ping remote once every n seconds over TCP/UDP port. --fast-io : (experimental) Optimize TUN/TAP/UDP writes. --remap-usr1 s : On SIGUSR1 signals, remap signal (s='SIGHUP' or 'SIGTERM'). --persist-tun : Keep tun/tap device open across SIGUSR1 or --ping-restart. --persist-remote-ip : Keep remote IP address across SIGUSR1 or --ping-restart. --persist-local-ip : Keep local IP address across SIGUSR1 or --ping-restart. --persist-key : Don't re-read key files across SIGUSR1 or --ping-restart. --passtos : TOS passthrough (applies to IPv4 only). --tun-mtu n : Take the tun/tap device MTU to be n and derive the TCP/UDP MTU from it (default=%d). --tun-mtu-extra n : Assume that tun/tap device might return as many as n bytes more than the tun-mtu size on read (default TUN=0 TAP=%d). --link-mtu n : Take the TCP/UDP device MTU to be n and derive the tun MTU from it. --mtu-disc type : Should we do Path MTU discovery on TCP/UDP channel? 'no' -- Never send DF (Don't Fragment) frames 'maybe' -- Use per-route hints 'yes' -- Always DF (Don't Fragment) --mtu-test : Empirically measure and report MTU. --fragment max : Enable internal datagram fragmentation so that no UDP datagrams are sent which are larger than max bytes. Adds 4 bytes of overhead per datagram. --mssfix [n] : Set upper bound on TCP MSS, default = tun-mtu size or --fragment max value, whichever is lower. --sndbuf size : Set the TCP/UDP send buffer size. --rcvbuf size : Set the TCP/UDP receive buffer size. --txqueuelen n : Set the tun/tap TX queue length to n (Linux only). --mlock : Disable Paging -- ensures key material and tunnel data will never be written to disk. --up cmd : Shell cmd to execute after successful tun device open. Execute as: cmd tun/tap-dev tun-mtu link-mtu \ ifconfig-local-ip ifconfig-remote-ip (pre --user or --group UID/GID change) --up-delay : Delay tun/tap open and possible --up script execution until after TCP/UDP connection establishment with peer. --down cmd : Shell cmd to run after tun device close. (post --user/--group UID/GID change and/or --chroot) (script parameters are same as --up option) --down-pre : Call --down cmd/script before TUN/TAP close. --up-restart : Run up/down scripts for all restarts including those caused by --ping-restart or SIGUSR1 --user user : Set UID to user after initialization. --group group : Set GID to group after initialization. --chroot dir : Chroot to this directory after initialization. --cd dir : Change to this directory before initialization. --daemon [name] : Become a daemon after initialization. The optional 'name' parameter will be passed as the program name to the system logger. --syslog [name] : Output to syslog, but do not become a daemon. See --daemon above for a description of the 'name' parm. --inetd [name] ['wait'|'nowait'] : Run as an inetd or xinetd server. See --daemon above for a description of the 'name' parm. --log file : Output log to file which is created/truncated on open. --log-append file : Append log to file, or create file if nonexistent. --suppress-timestamps : Don't log timestamps to stdout/stderr. --writepid file : Write main process ID to file. --nice n : Change process priority (>0 = lower, <0 = higher). --echo [parms ...] : Echo parameters to log output. --verb n : Set output verbosity to n (default=%d): (Level 3 is recommended if you want a good summary of what's happening without being swamped by output). : 0 -- no output except fatal errors : 1 -- startup info + connection initiated messages + non-fatal encryption & net errors : 2,3 -- show TLS negotiations & route info : 4 -- show parameters : 5 -- show 'RrWw' chars on console for each packet sent and received from TCP/UDP (caps) or tun/tap (lc) : 6 to 11 -- debug messages of increasing verbosity --mute n : Log at most n consecutive messages in the same category. --status file n : Write operational status to file every n seconds. --status-version [n] : Choose the status file format version number. Currently, n can be 1 or 2 (default=1). --disable-occ : Disable options consistency check between peers. --gremlin mask : Special stress testing mode (for debugging only). --management ip port [pass] : Enable a TCP server on ip:port to handle management functions. pass is a password file or 'stdin' to prompt from console. --management-query-passwords : Query management channel for private key and auth-user-pass passwords. --management-hold : Start OpenVPN in a hibernating state, until a client of the management interface explicitly starts it. --management-log-cache n : Cache n lines of log file history for usage by the management channel. --plugin m [str]: Load plug-in module m passing str as an argument to its initialization function. Multi-Client Server options (when --mode server is used): --server network netmask : Helper option to easily configure server mode. --server-bridge IP netmask pool-start-IP pool-end-IP : Helper option to easily configure ethernet bridging server mode. --push "option" : Push a config file option back to the peer for remote execution. Peer must specify --pull in its config file. --push-reset : Don't inherit global push list for specific client instance. --ifconfig-pool start-IP end-IP [netmask] : Set aside a pool of subnets to be dynamically allocated to connecting clients. --ifconfig-pool-linear : Use individual addresses rather than /30 subnets in tun mode. Not compatible with Windows clients. --ifconfig-pool-persist file [seconds] : Persist/unpersist ifconfig-pool data to file, at seconds intervals (default=600). If seconds=0, file will be treated as read-only. --ifconfig-push local remote-netmask : Push an ifconfig option to remote, overrides --ifconfig-pool dynamic allocation. Only valid in a client-specific config file. --iroute network [netmask] : Route subnet to client. Sets up internal routes only. Only valid in a client-specific config file. --disable : Client is disabled. Only valid in a client-specific config file. --client-cert-not-required : Don't require client certificate, client will authenticate using username/password. --username-as-common-name : For auth-user-pass authentication, use the authenticated username as the common name, rather than the common name from the client cert. --auth-user-pass-verify cmd method: Query client for username/password and run script cmd to verify. If method='via-env', pass user/pass via environment, if method='via-file', pass user/pass via temporary file. --client-to-client : Internally route client-to-client traffic. --duplicate-cn : Allow multiple clients with the same common name to concurrently connect. --client-connect cmd : Run script cmd on client connection. --client-disconnect cmd : Run script cmd on client disconnection. --client-config-dir dir : Directory for custom client config files. --ccd-exclusive : Refuse connection unless custom client config is found. --tmp-dir dir : Temporary directory, used for --client-connect return file. --hash-size r v : Set the size of the real address hash table to r and the virtual address table to v. --bcast-buffers n : Allocate n broadcast buffers. --tcp-queue-limit n : Maximum number of queued TCP output packets. --learn-address cmd : Run script cmd to validate client virtual addresses. --connect-freq n s : Allow a maximum of n new connections per s seconds. --max-clients n : Allow a maximum of n simultaneously connected clients. --max-routes-per-client n : Allow a maximum of n internal routes per client. Client options (when connecting to a multi-client server): --client : Helper option to easily configure client mode. --auth-user-pass [up] : Authenticate with server using username/password. up is a file containing username/password on 2 lines, or omit to prompt from console. --pull : Accept certain config file options from the peer as if they were part of the local config file. Must be specified when connecting to a '--mode server' remote host. --auth-retry t : How to handle auth failures. Set t to none (default), interact, or nointeract. --explicit-exit-notify [n] : On exit/restart, send exit signal to server/remote. n = # of retries, default=1. Data Channel Encryption Options (must be compatible between peers): (These options are meaningful for both Static Key & TLS-mode) --secret f [d] : Enable Static Key encryption mode (non-TLS). Use shared secret file f, generate with --genkey. The optional d parameter controls key directionality. If d is specified, use separate keys for each direction, set d=0 on one side of the connection, and d=1 on the other side. --auth alg : Authenticate packets with HMAC using message digest algorithm alg (default=%s). (usually adds 16 or 20 bytes per packet) Set alg=none to disable authentication. --cipher alg : Encrypt packets with cipher algorithm alg (default=%s). Set alg=none to disable encryption. --keysize n : Size of cipher key in bits (optional). If unspecified, defaults to cipher-specific default. --engine [name] : Enable OpenSSL hardware crypto engine functionality. --no-replay : Disable replay protection. --mute-replay-warnings : Silence the output of replay warnings to log file. --replay-window n [t] : Use a replay protection sliding window of size n and a time window of t seconds. Default n=%d t=%d --no-iv : Disable cipher IV -- only allowed with CBC mode ciphers. --replay-persist file : Persist replay-protection state across sessions using file. --test-crypto : Run a self-test of crypto features enabled. For debugging only. TLS Key Negotiation Options: (These options are meaningful only for TLS-mode) --tls-server : Enable TLS and assume server role during TLS handshake. --tls-client : Enable TLS and assume client role during TLS handshake. --key-method m : Data channel key exchange method. m should be a method number, such as 1 (default), 2, etc. --ca file : Certificate authority file in .pem format containing root certificate. --dh file : File containing Diffie Hellman parameters in .pem format (for --tls-server only). Use "openssl dhparam -out dh1024.pem 1024" to generate. --cert file : Local certificate in .pem format -- must be signed by a Certificate Authority in --ca file. --key file : Local private key in .pem format. --pkcs12 file : PKCS#12 file containing local private key, local certificate and root CA certificate. --tls-cipher l : A list l of allowable TLS ciphers separated by : (optional). : Use --show-tls to see a list of supported TLS ciphers. --tls-timeout n : Packet retransmit timeout on TLS control channel if no ACK from remote within n seconds (default=%d). --reneg-bytes n : Renegotiate data chan. key after n bytes sent and recvd. --reneg-pkts n : Renegotiate data chan. key after n packets sent and recvd. --reneg-sec n : Renegotiate data chan. key after n seconds (default=%d). --hand-window n : Data channel key exchange must finalize within n seconds of handshake initiation by any peer (default=%d). --tran-window n : Transition window -- old key can live this many seconds after new key renegotiation begins (default=%d). --single-session: Allow only one session (reset state on restart). --tls-exit : Exit on TLS negotiation failure. --tls-auth f [d]: Add an additional layer of authentication on top of the TLS control channel to protect against DoS attacks. f (required) is a shared-secret passphrase file. The optional d parameter controls key directionality, see --secret option for more info. --askpass [file]: Get PEM password from controlling tty before we daemonize. --auth-nocache : Don't cache --askpass or --auth-user-pass passwords. --crl-verify crl: Check peer certificate against a CRL. --tls-verify cmd: Execute shell command cmd to verify the X509 name of a pending TLS connection that has otherwise passed all other tests of certification. cmd should return 0 to allow TLS handshake to proceed, or 1 to fail. (cmd is executed as 'cmd certificate_depth X509_NAME_oneline') --tls-remote x509name: Accept connections only from a host with X509 name x509name. The remote host must also pass all other tests of verification. --ns-cert-type t: Require that peer certificate was signed with an explicit nsCertType designation t = 'client' | 'server'. SSL Library information: --show-ciphers : Show cipher algorithms to use with --cipher option. --show-digests : Show message digest algorithms to use with --auth option. --show-engines : Show hardware crypto accelerator engines (if available). --show-tls : Show all TLS ciphers (TLS used only as a control channel). Generate a random key (only for non-TLS static key encryption mode): --genkey : Generate a random key to be used as a shared secret, for use with the --secret option. --secret file : Write key to file. Tun/tap config mode (available with linux 2.4+): --mktun : Create a persistent tunnel. --rmtun : Remove a persistent tunnel. --dev tunX|tapX : tun/tap device --dev-type dt : Device type. See tunnel options above for details. BF-CBCSHA1configprotolocallocal_portverbdaemondaemon_log_redirectremote_%dremote_port_%d server_network = %s server_netmask = %s server_bridge_ip = %s server_bridge_netmask = %s server_bridge_pool_start = %s server_bridge_pool_end = %s push_list = '%s'ENABLEDDISABLED ifconfig_pool_defined = %s ifconfig_pool_start = %s ifconfig_pool_end = %s ifconfig_pool_netmask = %s[UNDEF] ifconfig_pool_persist_filename = '%s' ifconfig_pool_persist_refresh_freq = %d ifconfig_pool_linear = %s n_bcast_buf = %d tcp_queue_limit = %d real_hash_size = %d virtual_hash_size = %d client_connect_script = '%s' learn_address_script = '%s' client_disconnect_script = '%s' client_config_dir = '%s' ccd_exclusive = %s tmp_dir = '%s' push_ifconfig_defined = %s push_ifconfig_local = %s push_ifconfig_remote_netmask = %s enable_c2c = %s duplicate_cn = %s cf_max = %d cf_per = %d max_clients = %d max_routes_per_client = %d client_cert_not_required = %s username_as_common_name = %s auth_user_pass_verify_script = '%s' auth_user_pass_verify_script_via_file = %s client = %s pull = %s auth_user_pass_file = '%s'in --iroute %s %s : Bad network/subnet specification remote_list[%d] = {'%s', %d} remote_list = NULLBEGIN http_proxy server = '%s' port = %d auth_method_string = '%s' auth_file = '%s' retry = %s timeout = %d http_version = '%s' user_agent = '%s'END http_proxyCurrent Parameter Settings: config = '%s' mode = %d persist_config = %s persist_mode = %d show_ciphers = %s show_digests = %s show_engines = %s genkey = %s key_pass_file = '%s' show_tls_ciphers = %s proto = %d local = '%s' remote_random = %s local_port = %d remote_port = %d remote_float = %s ipchange = '%s' bind_local = %s dev = '%s' dev_type = '%s' dev_node = '%s' tun_ipv6 = %s ifconfig_local = '%s' ifconfig_remote_netmask = '%s' ifconfig_noexec = %s ifconfig_nowarn = %s shaper = %d tun_mtu = %d tun_mtu_defined = %s link_mtu = %d link_mtu_defined = %s tun_mtu_extra = %d tun_mtu_extra_defined = %s fragment = %d mtu_discover_type = %d mtu_test = %d mlock = %s keepalive_ping = %d keepalive_timeout = %d inactivity_timeout = %d ping_send_timeout = %d ping_rec_timeout = %d ping_rec_timeout_action = %d ping_timer_remote = %s remap_sigusr1 = %d explicit_exit_notification = %d persist_tun = %s persist_local_ip = %s persist_remote_ip = %s persist_key = %s mssfix = %d passtos = %s resolve_retry_seconds = %d connect_retry_seconds = %d username = '%s' groupname = '%s' chroot_dir = '%s' cd_dir = '%s' writepid = '%s' up_script = '%s' down_script = '%s' down_pre = %s up_restart = %s up_delay = %s daemon = %s inetd = %d log = %s suppress_timestamps = %s nice = %d verbosity = %d mute = %d gremlin = %d status_file = '%s' status_file_version = %d status_file_update_freq = %d occ = %s rcvbuf = %d sndbuf = %d socks_proxy_server = '%s' socks_proxy_port = %d socks_proxy_retry = %s fast_io = %s route_script = '%s' route_default_gateway = '%s' route_noexec = %s route_delay = %d route_delay_window = %d route_delay_defined = %s management_addr = '%s' management_port = %d management_user_pass = '%s' management_log_history_cache = %d management_echo_buffer_size = %d management_query_passwords = %s management_hold = %s shared_secret_file = '%s' key_direction = %d ciphername_defined = %s ciphername = '%s' authname_defined = %s authname = '%s' keysize = %d engine = %s replay = %s mute_replay_warnings = %s replay_window = %d replay_time = %d packet_id_file = '%s' use_iv = %s test_crypto = %s tls_server = %s tls_client = %s key_method = %d ca_file = '%s' dh_file = '%s' cert_file = '%s' priv_key_file = '%s' pkcs12_file = '%s' cipher_list = '%s' tls_verify = '%s' tls_remote = '%s' crl_file = '%s' ns_cert_type = %d tls_timeout = %d renegotiate_bytes = %d renegotiate_packets = %d renegotiate_seconds = %d handshake_window = %d transition_window = %d single_session = %s tls_exit = %s tls_auth_file = '%s'1.0key file (--secret)TUN/TAP device (--dev)only one of --daemon or --inetd may be specified--local or --remote cannot be used with --inetd--proto tcp-client cannot be used with --inetd--inetd nowait can only be used with --proto tcp-server--inetd nowait can only be used in TLS mode--inetd nowait only makes sense in --dev tap mode--connect-retry doesn't make sense unless also used with --proto tcp-clientonly one of --tun-mtu or --link-mtu may be defined (note that --ifconfig implies --link-mtu %d)--mtu-test only makes sense with --proto udp--remote and --local addresses are the same--local and --remote addresses must be distinct from --ifconfig addresses--local addresses must be distinct from --ifconfig addresseslocal and remote/netmask --ifconfig addresses must be different--lport and --nobind don't make sense when used together--nobind doesn't make sense unless used with --remote--management is not specified, however one or more options which modify the behavior of --management were specified--fragment can only be used with --proto udp--explicit-exit-notify can only be used with --proto udp--remote MUST be used in TCP Client mode--http-proxy MUST be used in TCP Client mode (i.e. --proto tcp-client)--http-proxy can not be used together with --socks-proxy--socks-proxy can not be used in TCP Server modeTCP server mode allows at most one --remote address--mode server only works with --dev tun or --dev tap--pull cannot be used with --mode server--mode server currently only supports --proto udp or --proto tcp-server--mode server requires --tls-server--remote cannot be used with --mode server--nobind cannot be used with --mode server--http-proxy cannot be used with --mode server--socks-proxy cannot be used with --mode server--tun-ipv6 cannot be used with --mode server--shaper cannot be used with --mode server--inetd cannot be used with --mode server--ipchange cannot be used with --mode server (use --client-connect instead)--connect-freq only works with --mode server --proto udp. Try --max-clients instead.The third parameter to --ifconfig-pool (netmask) is only valid in --dev tap mode--explicit-exit-notify cannot be used with --mode server--redirect-gateway cannot be used with --mode server (however --push "redirect-gateway" is fine)--route-delay cannot be used with --mode server--up-delay cannot be used with --mode server--ifconfig-pool-persist must be used with --ifconfig-pool--auth-user-pass cannot be used with --mode server (it should be used on the client side only)--ccd-exclusive must be used with --client-config-dir--mode server requires --key-method 2--client-cert-not-required must be used with an --auth-user-pass-verify script--username-as-common-name must be used with an --auth-user-pass-verify script--ifconfig-pool/--ifconfig-pool-persist requires --mode server--hash-size requires --mode server--learn-address requires --mode server--client-connect requires --mode server--client-disconnect requires --mode server--tmp-dir requires --mode server--client-config-dir/--ccd-exclusive requires --mode server--client-to-client requires --mode server--duplicate-cn requires --mode server--connect-freq requires --mode server--client-cert-not-required requires --mode server--username-as-common-name requires --mode server--auth-user-pass-verify requires --mode server--ifconfig-pool-linear requires --mode server--replay-window only makes sense with --proto udp--replay-window doesn't make sense when replay protection is disabled with --no-replayspecify only one of --tls-server, --tls-client, or --secretDH file (--dh)Parameter --ca cannot be used when --pkcs12 is also specified.Parameter --cert cannot be used when --pkcs12 is also specified.Parameter --key cannot be used when --pkcs12 is also specified.CA file (--ca) or PKCS#12 file (--pkcs12)No client-side authentication method is specified. You must use either --cert/--key, --pkcs12, or --auth-user-passIf you use one of --cert or --key, you must use them bothcertificate file (--cert) or PKCS#12 file (--pkcs12)private key file (--key) or PKCS#12 file (--pkcs12)Parameter %s can only be specified in TLS-mode, i.e. where --tls-server or --tls-client is also specified.ca_filedh_filecert_filepriv_key_filepkcs12_filecipher_listtls_verifytls_remotetls_timeoutrenegotiate_bytesrenegotiate_packetsrenegotiate_secondshandshake_windowtransition_windowtls_auth_filesingle_sessiontls_exitcrl_filekey_methodns_cert_type--pull--auth-user-pass requires --pullV4,dev-type %s,link-mtu %d,tun-mtu %d,proto %s,tun-ipv6,ifconfig %s,mtu-dynamic,keydir %soptions.c,cipher %s,auth %s,keysize %d,secret,no-replay,no-iv,tls-auth,key-method %d,tls-client,tls-serverWARNING: '%s' is used inconsistently, %s='%s', %s='%s'WARNING: '%s' is present in %s config but missing in %s config, %s='%s'remoteversion %sNOTE: Options consistency check may be skewed by version differencesforeign_option_%d %sinteractnointeractnone--auth-retry method must be 'interact', 'nointeract', or 'none'???Use --help for more information.Developed by James YonanCopyright (C) 2002-2005 OpenVPN Solutions LLC You must define %sERROR: %sOptions warning: Bad backslash ('\') usage in %s:%d: remember that backslashes are treated as shell-escapes and if you need to pass backslash characters as part of a Windows filename, you should use double backslashes such as "c:\\openvpn\\static.key"%sOptions error: Parameter at %s:%d is too long (%d chars max): %s%sOptions error: No closing quotation (") in %s:%d%sOptions error: Residual parse state (%d) in %s:%dr--In %s:%d: Error opening configuration file: %sIn %s:%d: Maximum recursive include levels exceeded in include attempt of file %s -- probably you have a configuration file that tries to include itself.I'm trying to parse "%s" as an --option parameter but I don't see a leading '--'[PUSH-OPTIONS]OPTIONS IMPORT: reading client specific options from: %soption '%s' cannot be used in this contexts To pass a list of arguments as one of the parameters, try enclosing them in double quotes ("").the --%s directive should have at most %d parameter%s.%s[CMD-LINE]helpversionechoECHO:%smanagementport number associated with --management directive is out of rangemanagement-query-passwordsmanagement-holdmanagement-log-cache--management-log-cache parameter is out of rangepluginplugin add failed: %smodep2pserverBad --mode parameter: %sdevdev-typedev-nodetun-ipv6ifconfigifconfig-noexecifconfig-nowarnremote-randomMaximum number of --remote options (%d) exceededport number associated with host %s is out of rangeresolv-retryinfiniteconnect-retryipchangefloatgremlinchrootcdcd to '%s' failedwritepidupdowndown-preup-delayup-restartsyslogWARNING: Multiple --daemon directives specified, ignoring --daemon %s. (Note that initscripts sometimes add their own --daemon directive.)inetdwaitnowaitwhen --inetd is used with two parameters, one of them must be 'wait' or 'nowait' and the other must be a daemon name to use for system logginglogsuppress-timestampslog-appendmlockmutestatusstatus-version--status-version must be 1 or 2remap-usr1SIGHUPSIGTERM--remap-usr1 parm must be 'SIGHUP' or 'SIGTERM'link-mtuudp-mtutun-mtutun-mtu-extramtu-dynamic--mtu-dynamic has been replaced by --fragmentfragmentmtu-discmtu-testnicercvbufsndbuftxqueuelenshaperBad shaper value, must be between %d and %dportBad port number: %slportBad local port number: %srportBad remote port number: %snobindfast-ioinactiveBad protocol: '%s'. Allowed protocols with --proto option: %shttp-proxyBad http-proxy port number: %sbasichttp-proxy-retryhttp-proxy-timeouthttp-proxy-optionVERSIONAGENTBad http-proxy-option or missing parameter: '%s'socks-proxyBad socks-proxy port number: %ssocks-proxy-retrykeepalivepingping-exitping-restartping-timer-remexplicit-exit-notifypersist-tunpersist-keypersist-local-ippersist-remote-iprouteroute-gatewayroute-delayroute-uproute-noexecredirect-gatewaydef1unknown --redirect-gateway flag: %ssetenvmssfixdisable-occerror parsing --server parametersserver-bridgeerror parsing --server-bridge parameterspushpush-resetifconfig-poolerror parsing --ifconfig-pool parametersifconfig-pool-persistifconfig-pool-linearhash-size--hash-size sizes must be >= 1 (preferably a power of 2)connect-freq--connect-freq parms must be > 0max-clients--max-clients must be at least 1max-routes-per-clientclient-cert-not-requiredusername-as-common-nameauth-user-pass-verifyvia-envvia-filesecond parm to --auth-user-pass-verify must be 'via-env' or 'via-file'--auth-user-pass-verify requires a second parameter ('via-env' or 'via-file')client-connectclient-disconnectlearn-addresstmp-dirclient-config-dirccd-exclusivebcast-buffers--bcast-buffers parameter must be > 0tcp-queue-limit--tcp-queue-limit parameter must be > 0client-to-clientduplicate-cnirouteifconfig-pushcannot parse --ifconfig-push addressesdisableclientpullauth-user-passstdinauth-retryusergroupdhcp-optionroute-methodpasstosshow-ciphersshow-digestsshow-enginessecretgenkeyauthcipherno-replayreplay-windowreplay-window window size parameter (%d) must be between %d and %dreplay-window time window parameter (%d) must be between %d and %dreplay-window option is missing window size parametermute-replay-warningsno-ivreplay-persisttest-cryptoengineautokeysizeBad keysize: %sshow-tlstls-servertls-clientcadhcertkeypkcs12askpassauth-nocachesingle-sessiontls-exittls-ciphercrl-verifytls-verifytls-remotens-cert-type--ns-cert-type must be 'client' or 'server'tls-timeoutreneg-bytesreneg-pktsreneg-sechand-windowtran-windowtls-authkey-methodkey_method parameter (%d) must be >= %d and <= %drmtunmktun2.0.9Unrecognized option or missing parameter(s) in %s:%d: %s (%s)Unrecognized option or missing parameter(s): --%s (%s)[%d/%d]%s us=%dotime.cPID packet_id_init seq_backtrack=%d time_backtrack=%dpacket_id.cPID packet_id_freeinteger.hAssertion Failed: Array index=%d out of bounds for array size=%d in %s:%dPID TEST %lu:%u %lu:%uReplay-window backtrack occurred [%d][ #%u / time = (%u) %s ]Close error on --replay-persist file %sCannot open --replay-persist file %s for read/writeCannot obtain exclusive lock on --replay-persist file %sPID Persist Read from %s: %sRead error on --replay-persist file %sPID Persist Write to %s: %sCannot write to --replay-persist file %sCannot seek to beginning of --replay-persist file %s[ #%u((*{d- H%sInactivity timeout (--ping-exit), exitingping-exit%sInactivity timeout (--ping-restart), restartingping-restartping.cSENT PING%s[%d] = '%s'ARGVENVPPLUGIN_???PLUGIN_UPPLUGIN_DOWNPLUGIN_ROUTE_UPPLUGIN_IPCHANGEPLUGIN_TLS_VERIFYPLUGIN_AUTH_USER_PASS_VERIFYPLUGIN_CLIENT_CONNECTPLUGIN_CLIENT_DISCONNECTPLUGIN_LEARN_ADDRESSXdDldDdDdDdDdDdDdDdD|%s plugin[%d] %s '%s'PLUGIN: could not find required symbol '%s' in plugin shared object %s: %sPLUGIN_INIT: could not load plugin shared object %s: %sopenvpn_plugin_open_v1openvpn_plugin_func_v1openvpn_plugin_close_v1openvpn_plugin_abort_v1PLUGIN_INIT: PRE[NULL]PLUGIN_INIT: POST %s '%s' intercepted=%sPLUGIN_INIT: plugin %s expressed interest in unsupported plugin types: [want=0x%08x, have=0x%08x]PLUGIN_INIT: plugin initialization function failed: %sPLUGIN_CALL: PRE type=%sPLUGIN_CALL: POST %s/%s status=%dPLUGIN_CALL: plugin function %s failed with status %d: %sPLUGIN_CLOSE: %sPLUGIN_CLOSE: dlclose() failed on plugin: %sscript_type((--ifconfig-pool start IP [%s] is greater than end IP [%s]--ifconfig-pool address range is too large [%s -> %s]. Current maximum is %d addresses, as defined by IFCONFIG_POOL_MAX variable.pool.cIFCONFIG POOL: base=%s size=%d%s,%sIFCONFIG POOL LIST((proxy.crecv_line: TCP port read timeout expiredrecv_line: TCP port read failed on select()recv_line: TCP port read failed on recv()recv_line: Non-ASCII character (%d) read on recv()send_line: TCP port write failed on send() %s:%sHTTP_PROXY: server not specifiednonebasicntlmERROR: unknown HTTP authentication method: '%s' -- only the 'none', 'basic', or 'ntlm' methods are currently supportedHTTP ProxyCONNECT %s:%d HTTP/%sSend to HTTP proxy: '%s'User-Agent: %sProxy-Authorization: Basic %sAttempting Basic Proxy-AuthorizationProxy-Authorization: NTLM %sAttempting NTLM Proxy-Authorization phase 1HTTP proxy returned: '%s'%*s %dProxy requires authentication%%*s NTLM %%%dsauth string: '%s'Received NTLM Proxy-Authorization phase 2 responseHost: %sAttempting NTLM Proxy-Authorization phase 3HTTP proxy returned bad status((AUTH: Received AUTH_FAILED control messagepush.cauth-failureAuthAUTH_FAILEDPUSH: Received control message: '%s'WARNING: Received bad push/pull message: %sPUSH_REQUESTPUSH_REPLY,%s,ifconfig %s %sMaximum length of --push buffer (%d) has been exceededPUSH OPTION FAILED (illegal comma (',') in string): '%s',[PUSH_ROUTE_REMOVE]route%sREMOVE PUSH ROUTE: '%s'ACK read ID %u (buf->len=%d)ACK read ID FAILED (buf->len=%d)ACK acknowledge ID %u (ack->len=%d)ACK acknowledge ID %u FAILED (ack->len=%d)ACK read BAD SESSION-ID FROM REMOTE, local=%s, remote=%sreliable.cACK write ID %u (ack->len=%d, n=%d)[ %u sid=%s ]ACK received for pid %u, deleting from send buffer[%u]ACK no free receive buffer available: %sACK %u is a replay: %sACK %u breaks sequentiality: %sACK output sequence broken: %sACK reliable_can_send active=%d current=%d : %sACK reliable_send ID %u (size=%d to=%d)ACK reliable_schedule_nowACK reliable_send_timeout %d %sACK mark active incoming ID %uACK mark active outgoing ID %u((ROUTE network %s netmask %s gateway %s metric %ddefaultroute_%s_%droute_%svpn_gatewayOpenVPN ROUTE: vpn_gateway undefinednet_gatewayOpenVPN ROUTE: net_gateway undefined -- unable to get default gateway from systemremote_hostOpenVPN ROUTE: remote_host undefinedOpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig optionsOpenVPN ROUTE: route metric for network %s (%s) must be >= 0OpenVPN ROUTE: failed to parse/resolve route for host/network: %sOpenVPN ROUTE: cannot add more than %d routesROUTE: default_gateway=%sROUTE: default_gateway=UNDEFOpenVPN ROUTE: failed to parse/resolve default gateway: %sroute.cNOTE: unable to redirect default gateway --%s VPN gateway parameter (--route-gateway or --ifconfig) is missing%s Cannot read current default gateway from system%s Cannot obtain current remote host addressnil route %s/%s/%s/%s [redirect_default_gateway local=%d]%snetworknetmaskgatewayroute_metric_%dOpenVPN ROUTE: omitted no-op route: %s/%s -> %s/sbin/route add -net %s netmask %s gw %sERROR: Linux route add command failed/sbin/route del -net %s netmask %sERROR: Linux route delete command failedr/proc/net/route%*s %x %x %*s %*s %*s %d %xGDG: route[%d] %s/%s/%s m=%uGDG: best=%s[%d] lm=%uSCHEDULE: %s wakeup=[%s] pri=%uSCHEDULE: %s NULLschedule.cschedule_add_modifyschedule_find_least Output Traffic Shaping initialized at %d bytes per second((SIGINTsigintSIGTERMsigtermSIGHUPsighupSIGUSR1sigusr1SIGUSR2sigusr2UNKNOWNhardsoftprocess%s[%s,%s] received, %s exiting%s[%s,%s] received, %s restartingUnknown signal %d [%s,%s] received by %sUnknown signal receivedSignal %d (%s) received during initialization, exitingOpenVPN STATISTICSUpdated,%sTUN/TAP read bytes,%lluTUN/TAP write bytes,%lluTCP/UDP read bytes,%lluTCP/UDP write bytes,%lluAuth read bytes,%lluENDSIGTERM received, sending exit notification to peersig.cexit-with-notification(([TRY_AGAIN] A temporary error occurred on an authoritative name server.[HOST_NOT_FOUND] The specified host is unknown.[NO_RECOVERY] A non-recoverable name server error occurred.[NO_DATA] The requested name is valid but does not have an IP address.[unknown h_errno value]RESOLVE: Cannot resolve host address: %s: %sRESOLVE: Cannot resolve host address: %s: %s (I would have retried this name query if you had specified the --resolv-retry option.)RESOLVE: Cannot parse IP address: %sRESOLVE: Ignored SIGUSR1 signal received during DNS resolution attemptRESOLVE: Sorry, but we only accept IPv4 DNS names: %ssocket.cRESOLVE: NOTE: %s resolves to %d addresses, choosing one by randomRESOLVE: signal received during DNS resolution attempt%u.%u.%u.%uNOTE: setsockopt SO_SNDBUF=%d failedNOTE: setsockopt SO_RCVBUF=%d failedSocket Buffers: R=[%d->%d] S=[%d->%d]REMOTE_LIST len=%d current=%d[%d] %s:%dCannot create TCP socketTCP: Cannot setsockopt SO_REUSEADDR on TCP socketUDP: Cannot create UDP socketListening for incoming TCP connection on %sTCP: listen() failedTCP: getpeername() failedTCP: accept(%d) failedTCP: Received strange incoming connection with unknown address length=%dTCP connection established with %sTCP: select() failedTCP NOTE: Rejected connection attempt from %s due to --remote settingTCP: close socket failed (new_sd)TCP: close socket failed (sd)Attempting to establish TCP connection with %sTCP: connect to %s failed, will try again in %d secondssocket.hTCP/UDP: Socket bind failed on local address %s: %sRESOLVE_REMOTE flags=0x%04x phase=%d rrs=%d sig=%d status=%dTCP/UDP: Preserving recently used remote address: %sTCP/UDP: Dynamic remote address changed during TCP connection establishment%s link local: [inetd]: (bound)%s link local%s: %s%s link remote: %sTCP/UDP: Closing socketTCP/UDP: Close Socket failedTCP/UDP: Close Socket (ctrl_sd) failedtrusted[%s] Peer Connection Initiated with %s%scommon_name WARNING: ipchange plugin call failedscript_typeipchange%s %sip-change command failedTCP/UDP: Incoming packet rejected from %s[%d], expected peer address: %s (allow this incoming source address/port by removing --remote or adding --float)TCP/UDP: No outgoing address to send packetRrS%sWwS?STREAM: RESETSTREAM: INIT maxlen=%dYESNOSTREAM: RESIDUAL FULLY FORMED [%s], len=%dSTREAM: SET NEXT, buf=[%d,%d] next=[%d,%d] len=%d maxlen=%dSTREAM: ADD length_added=%dWARNING: Bad encapsulated packet length from peer (%d), which must be > 0 and <= %d -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attemping restart...]STREAM: ADD returned TRUE, buf_len=%d, residual_len=%dSTREAM: ADD returned FALSE (have=%d need=%d)[undef]%d%s_ip%s_portudpUDPv4tcp-serverTCPv4_SERVERtcp-clientTCPv4_CLIENTtcpTCPv4[unknown protocol][%s]ERROR: received strange incoming packet with an address length of %d -- we only accept address lengths of %d.STREAM: GET NEXT len=%dSTREAM: GET FINAL len=%dSTREAM: WRITE %d offset=%d((socks.csocks_handshake: TCP port write failed on send()socks_handshake: TCP port read timeout expiredsocks_handshake: TCP port read failed on select()socks_handshake: TCP port read failed on recv()socks_handshake: Socks proxy returned bad statusrecv_socks_reply: TCP port read timeout expiredrecv_socks_reply: TCP port read failed on select()recv_socks_reply: TCP port read failed on recv()recv_socks_reply: Socks proxy returned bad address typerecv_socks_reply: Socks proxy returned bad replyestablish_socks_proxy_passthru: TCP port write failed on send()((struct session *ssl.cPrivate KeyAuthGenerating temp (%d bit) RSA keyuntrustedSERVERCLIENT?CNVERIFY ERROR: depth=%d, error=%s: %sTLS Warning: Convoluted certificate chain detected with depth [%d] greater than %dtls_id_%dtls_serial_%dVERIFY OK: nsCertType=%sVERIFY nsCertType ERROR: %s, require nsCertType=%sVERIFY X509NAME OK: %sVERIFY X509NAME ERROR: %s, must be %s%d %sVERIFY PLUGIN OK: depth=%d, %sVERIFY PLUGIN ERROR: depth=%d, %sscript_typetls-verify%s %d %sTLS: executing verify command: %sVERIFY SCRIPT OK: depth=%d, %sVerify command failed to execute: %sVERIFY SCRIPT ERROR: depth=%d, %sCRL: BIO errCRL: cannot read: %sCRL: cannot read CRL from file %sCRL: CRL %s is from a different issuer than the issuer of certificate %sCRL CHECK FAILED: %s is REVOKEDCRL CHECK OK: %sVERIFY OK: depth=%d, %sUNDEFconnectacceptundefinedSSL state (%s): %sreadwriteSSL alert (%s): %s: %sSSL_CTX_new TLSv1_server_methodrCannot open %s for DH parametersCannot load DH parameters from %sSSL_CTX_set_tmp_dhDiffie-Hellman initialized with %d bit keySSL_CTX_new TLSv1_client_methodrbError opening file %sError reading PKCS#12 file %sError parsing PKCS#12 file %sCannot use certificateCannot use private keyPrivate key does not match the certificateCannot add certificate to certificate chain (X509_STORE_add_cert)Cannot add certificate to client CA list (SSL_CTX_add_client_CA)Cannot load certificate file %sCannot load private key file %sCannot load CA certificate file %s (SSL_CTX_load_verify_locations)Cannot load CA certificate file %s (SSL_load_client_CA_file)Cannot load certificate chain file %s (SSL_use_certificate_chain_file)WARNING: This configuration may accept clients which do not present a certificateProblem with cipher list: %s%s %s, cipher %s %s, %d bit RSA, %d bit DSA%s%sCannot create SSL_CTX objectCannot create SSL objectAvailable TLS Ciphers,listed in order of preference: S_???S_UNDEFS_INITIALS_PRE_STARTS_STARTS_SENT_KEYS_GOT_KEYS_ACTIVES_NORMALS_ERROR`EEԣEEEE$E8ELEP_???P_CONTROL_HARD_RESET_CLIENT_V1P_CONTROL_HARD_RESET_SERVER_V1P_CONTROL_HARD_RESET_CLIENT_V2P_CONTROL_HARD_RESET_SERVER_V2P_CONTROL_SOFT_RESET_V1P_CONTROL_V1P_ACK_V1P_DATA_V1̤EEE0EDEXEEETM_UNTRUSTEDTM_LAME_DUCKTM_ACTIVETM_??? [key#%d state=%s id=%d sid=%s]Error creating %s BIOTLS ERROR: BIO write %s errorTLS ERROR: BIO write %s incomplete %d/%dBIO write %s %d bytesTLS_ERROR: BIO read %s errorBIO read %s %d bytestls_write_plaintexttls_write_plaintext_consttls_write_ciphertexttls_read_plaintexttls_read_ciphertextSSL_new failedssl_bioct_inct_outTLS: tls_session_init: entryTLS: tls_session_init: new session object, sid=%sTLS: move_session: dest=%s src=%s reinit_src=%dTLS: move_session: exitTLS Error: cannot locate HMAC in incoming packet from %sTLS Error: incoming packet authentication failed from %s %s pre_master: %s%s random1: %s%s random2: %sClientServertls1_P_hash sec: %stls1_P_hash seed: %stls1_P_hash out: %stls1_PRF out[%d]: %sOpenVPN master secretOpenVPN key expansionMaster EncryptMaster DecryptTLS Error: Bad dynamic key generatedData Channel EncryptData Channel DecryptERROR: Random number generator cannot obtain entropy for key generation [SSL]user-pass-verify%sTLS Auth Error: could not write username/password to file: %susernamepasswordcommon_name%s %sTLS Auth Error: user-pass-verify script failed to execute: %sTLS Auth Error: peer provided a blank usernameTLS Error: Bad encrypting key generatedTLS Error: write_key failedTLS Error: KM1 write options failedTLS Error: server generate_key_expansion failedTLS Error: Key Method #2 write failedTLS Error: Certificate verification failed (key-method 1)TLS Error: Error reading data channel key from plaintext bufferTLS Error: Bad decrypting key received from peerTLS Error: Missing options stringTLS ERROR: Unknown key_method/flags=%d received from remote hostTLS Error: Error reading remote data channel key source entropy from plaintext bufferTLS Error: Failed to read required OCC options stringTLS Error: Auth Username/Password was not provided by peer[CN SET]TLS: Username/Password authentication succeeded for username '%s' %sTLS Auth Error: Auth Username/Password verification failed for peerTLS Error: Certificate verification failed (key-method 2)TLS Auth Error: TLS object CN attempted to change from '%s' to '%s' -- tunnel disabledDEFAULTTLS Auth Error: --client-config-dir authentication failed for common name '%s' file='%s'TLS Error: client generate_key_expansion failedTLS: soft reset sec=%d bytes=%d/%d pkts=%d/%dTLS: tls_process: killed expiring keyTLS: tls_process: chg=%d ks=%s lame=%s to_link->len=%d wakeup=%dTLS: Initial Handshake, sid=%sTLS Error: TLS key negotiation failed to occur within %d seconds (check your network connectivity)STATE S_NORMALSTATE S_STARTSTATE S_ACTIVEControl Channel:Reliable -> TCP/UDPTLS Error: Incoming Ciphertext -> TLS object write errorIncoming Ciphertext -> TLSTLS Error: TLS object -> incoming plaintext read errorTLS -> Incoming PlaintextSTATE S_SENT_KEYSTATE S_GOT_KEYTLS ERROR: Outgoing Plaintext -> TLS object write errorOutgoing Plaintext -> TLSTLS Error: Ciphertext -> reliable TCP/UDP transport read errorOutgoing Ciphertext -> ReliableDedicated ACK -> TCP/UDPTLS: tls_process: timeout set to %dTLS Error: TLS handshake failedTLS: tls_multi_process: i=%d state=%s, mysid=%s, stored-sid=%s, stored-ip=%sTLS: tls_multi_process: killed expiring keysemi-TLS: tls_multi_process: untrusted session promoted to %strustedTLS: data channel, key_id=%d, IP=%sTLS Error: local/remote TLS keys are out of sync: %s [%d]TLS Error: unknown opcode received from %s op=%dTLS Error: client->client or server->server connection attempted from %sTLS: control channel, op=%s, IP=%sTLS Error: session-id not found in packet from %sTLS: initial packet test, i=%d state=%s, mysid=%s, rec-sid=%s, rec-ip=%s, stored-sid=%s, stored-ip=%sTLS ERROR: received control packet with stale session-id=%sTLS: found match, session[%d], sid=%sTLS ERROR: initial packet local/remote key_method mismatch, local key_method=%d, op=%sTLS Error: Cannot accept new session request from %s due to session context expire or --single-session [1]TLS: Initial packet from %s, sid=%sTLS Error: Cannot accept new session request from %s due to session context expire or --single-session [2]TLS ERROR: new session local/remote key_method mismatch, local key_method=%d, op=%sTLS: new session incoming connection from %sTLS Error: Unroutable control packet received from %s (si=%d op=%s)TLS Error: Received control packet from unexpected IP addr: %sTLS: received P_CONTROL_SOFT_RESET_V1 s=%d sid=%sTLS: received control channel packet s#=%d sid=%sTLS Error: Existing session control channel packet from unknown IP address: %sTLS ERROR: local/remote key IDs out of sync (%d/%d) ID: %sTLS Error: reading acknowledgement record from packetTLS State Error: No TLS state for client %s, opcode=%dTLS State Error: Unknown key ID (%d) received from %s -- 0 was expectedTLS State Error: Large packet (size %d) received from %s -- a packet no larger than %d bytes was expectedTLS: tls_pre_encrypt: key_id=%dTLS Warning: no data channel send key available: %sDATA UNDEF len=%d%s kid=%d sid=%s tls_hmac=%s pid=%s %s pid=%u DATA %s DATA len=%dWRITEREAD/WRITEREADUNDEFstatus.cNote: cannot open %s for %s%s ((tun.ctuntapnull[unknown-dev-type]NOTE: explicit support for IPv6 tun devices is not provided for this OS(silence this warning with --ifconfig-nowarn)WARNING: Since you are using --dev tun, the second argument to --ifconfig must be an IP address. You are using something (%s) that looks more like a netmask. %sWARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. %sWARNING: --%s address [%s] conflicts with --ifconfig address pair [%s, %s]. %sWARNING: potential conflict between --%s address [%s] and --ifconfig address pair [%s, %s] -- this is a warning only that is triggered when local/remote addresses exist within the same /24 subnet as --ifconfig endpoints. %sWARNING: --%s address [%s] conflicts with --ifconfig subnet [%s, %s] -- local and remote addresses cannot be inside of the --ifconfig subnet. %sSorry but you cannot use --dev tap and --ifconfig together on this OS because I have not yet been programmed to understand the appropriate ifconfig syntax to use for TAP-style devices on this OS. Your best alternative is to use an --up script and do the ifconfig command manually.%s %s[undef]RrT%sWwT?'%s' is not a TUN/TAP device. The --ifconfig option works only for TUN/TAP devices.localremoteifconfig_localifconfig_remoteifconfig_netmaskifconfig_broadcast/sbin/ifconfig %s %s pointopoint %s mtu %d/sbin/ifconfig %s %s netmask %s mtu %d broadcast %s%sLinux ifconfig failed/dev/%s%d%s%dTried opening %s (failed)Cannot allocate TUN/TAP dev dynamically/dev/%sCannot open TUN/TAP dev %sTUN/TAP device %s opened/dev/net/tunNote: Cannot open TUN/TAP dev %sI don't recognize device %s as a tun or tap deviceNote: Cannot ioctl TUNSETIFF %sTUN/TAP TX queue length set to %dNote: Cannot set tx queue length on %sNote: Cannot open control socket on %sNote: Attempting fallback to kernel 2.2 TUN/TAP interfaceCannot ioctl TUNSETPERSIST(%d) %sONOFFPersist state set to: %s ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/,H4H<HDHLHTH\HdHlHtHHHHH H,H<H@HHAGBCDEFF[GFFF\B4APBB