ISA App Log File
The ISA App, once successfully installed and configured, generates Connection Logs that could be extremely helpful in troubleshooting issues that may crop up. Depending on the device OS, the Log File location is as follows:
Locating the ISA App Log File
Windows 64 Bit
C:\Program Files (x86)\InstaSafe\log
Windows 32 Bit
C:\ProgramFiles\InstaSafe\log
Linux OS
Navigate to the /var/log/ directory and locate the InstaSafe log file
macOS
/Library/Application\ Support/InstaSafe/
If you are an Admin of the organization's ISA Account and need assistance, contact
InstaSafe Support
Interpreting the ISA App Logs
| Message in Log File | Interpretation |
NOTE: --win-sys env is default from OpenVPN v2.3. This entry will now be ignored. Please remove this entry from your configuration file. | This message indicates that a specific configuration entry in the OpenVPN configuration file is no longer valid or supported starting from version 2.3 of the software. The "win-sys" environment variable is no longer used or needed in the current version of OpenVPN, and could be removed from the configuration file. The message is a warning message and the software will continue to function normally |
OpenVPN 2.3.18 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] | OpenVPN 2.3.18 is a version of the OpenVPN software that was built specifically for the i686-w64-mingw32 architecture, using the SSL library provided by OpenSSL, the LZO compression algorithm, the PKCS11 cryptographic token interface, and support for IPv6. The build date of this version is September 26, 2017. It is also a open-source software which can establish point-to-point or site-to-site connections in routed or bridged configurations. The following indicates libraries being used by OpenVPN:
|
Windows version 6.2 (Windows 8 or greater) 64bit | This message indicates that the version of Windows that the system is running on is version 6.2, which corresponds to Windows 8 or a later version, and it's a 64-bit version of the operating system |
Library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10 | This message provides information about the specific versions of the OpenSSL and LZO libraries that are being used by the system
|
Re-using SSL/TLS context | This message indicates that the OpenVPN client is reusing an existing SSL/TLS context for the VPN connection. In OpenVPN, the SSL/TLS context is a set of parameters and data structures that are used to establish a secure connection between the client and the server. These parameters include things like the encryption algorithm and the SSL/TLS certificate. When the OpenVPN client connects to a server, it creates an SSL/TLS context for the connection. If the client disconnects from the server and then reconnects later, it can reuse the existing SSL/TLS context instead of creating a new one. Reusing the context can save time and resources, and it can also improve the security of the connection. |
LZO compression initialized | This message indicates that the OpenVPN client has initialized the LZO compression algorithm for the VPN connection. OpenVPN uses the LZO compression algorithm to compress data before it is sent over the VPN tunnel. Compressing the data can save bandwidth and make the connection faster. LZO is a lossless compression algorithm which means the data can be restored to its original form after compression. The LZO compression algorithm is built-in to OpenVPN, so there is no need for any additional software or configuration |
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts | This message indicates that the current setting of the "script-security" option in the OpenVPN configuration file may allow the execution of user-defined scripts. The "script-security" option controls the level of security when running scripts, such as up/down scripts, that are defined in the OpenVPN configuration file. A higher setting (such as "2") will provide more security, but may also restrict the use of certain scripts. A lower setting (such as "1") will provide less security, but may also allow the use of more scripts |
Control Channel Authentication: tls-auth using INLINE static key file | Control Channel Authentication refers to the method used to authenticate the OpenVPN client and server to each other. The method specified in this statement is "tls-auth using INLINE static key file". "tls-auth" is a feature of OpenVPN (to protect the control channel of the VPN connection) that provides an additional layer of security to the SSL/TLS handshake process by requiring an additional authentication step before the SSL/TLS session can be established. "INLINE static key file" means that the key used for authentication is included directly in the OpenVPN configuration file, rather than being stored in a separate file. The key is considered as "static" because it does not change, it is set once and used for all the connections. This method of authentication can provide a high level of security, but it also has the drawback of making the key vulnerable to being intercepted or disclosed if the configuration file is compromised. It is important to keep the key file secure and to use different keys for different purposes, such as different keys for different client-server pairs. |
UDPv4 link local: [undef] | "UDPv4 link local" refers to the use of the User Datagram Protocol (UDP) version 4 over a local network link. UDP is a connectionless transport-layer protocol that is often used to send short packets of data, called datagrams, from one host to another and for real-time, low-latency applications such as video and voice over IP, online gaming, and DNS lookups. It is connectionless, meaning that it does not establish a reliable connection before sending data. UDPv4 is the version of UDP that uses IPv4 addresses for addressing. The value is "[undef]" which means that this feature is not defined or not enabled in this specific configuration. It means that there is no specific link-local address that is being used for the UDPv4 connection. The link-local address is an IP address that is used for communication on the same network segment (i.e., link) as the host. Link-local addressing is a way for devices on a local network to communicate without the need for a global IP address. It's worth noting that UDP can be blocked by some firewalls, so if you are using UDPv4 link-local and finding that you are unable to connect, it may be because your firewall is blocking the traffic |
UDPv4 link remote: [AF_INET]205.68.132.56:1323 | This message indicates the status of the remote link for the UDPv4 protocol. UDP (User Datagram Protocol) is a transport-layer protocol that is used to send short packets of data, called datagrams, from one host to another. It is connectionless, meaning that it does not establish a reliable connection before sending data. UDPv4 is the version of UDP that uses IPv4 addresses for addressing. The message indicates that the "UDPv4 link remote" is using the "AF_INET" address family and the specific IP address 205.68.132.56 and port 1323. AF_INET is the address family for IPv4 addresses, it means that the remote endpoint of the connection is using an IPv4 address. The IP address 205.68.132.56 is the remote endpoint's IP address, and the port number 1323 is the port that the remote endpoint is listening on. This message indicates that the connection has been established with a specific remote endpoint. The remote endpoint is a public IP address which means that it is reachable over the internet. If the client is behind a NAT, it must have a port forwarding rules set on the router to forward the incoming traffic on port 1323 to the client |
Peer Connection Initiated with [AF_INET]205.68.132.56:1323 | "Peer Connection Initiated" means that the OpenVPN client has successfully connected to the remote endpoint specified in the "UDPv4 link remote" configuration. The message confirms that the client has established a connection with the IP address 205.68.132.56 on port 1323 using the IPv4 address family. The client has successfully negotiated a connection with the remote endpoint, and is now able to send and receive data over the VPN tunnel |
env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem | "env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem" is a line in the OpenVPN configuration file that modifies the environment variable PATH for the OpenVPN process. The PATH environment variable is a system variable on Windows that tells the operating system where to look for executable files. When a user types a command in the command prompt, the operating system looks for the executable file in the directories specified in the PATH variable. By adding these directories to the PATH variable, the system will now be able to find and execute files located in these directories without needing to specify the full path to the file. The directories specified in the PATH variable are searched in the order they are listed, and the first program that matches the name of the command is executed. This specific configuration line is adding the directories C:\WINDOWS\System32, C:\WINDOWS, and C:\WINDOWS\System32\Wbem to the PATH variable. This means that OpenVPN will look for executable files in these directories first. This allows OpenVPN to find the executables that it needs in order to run correctly. It is a best practice to specify the PATH variable in the OpenVPN configuration so that the executables needed by OpenVPN are always found in the same location, regardless of the current working directory of the process |
do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 | ifconfig is a command-line tool used to configure a network interface on a Unix-like operating system. It is used to configure the IP address, netmask, and other parameters of the network interface. "do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0" is a line in the OpenVPN log file that gives information about the configuration of the virtual network interface. "do_ifconfig" refers to the command that OpenVPN uses to configure the virtual network interface on the client machine. The variable "tt->ipv6=0" indicates that IPv6 is not enabled on the virtual network interface. It means that this specific connection is only using IPv4 protocol. The variable "tt->did_ifconfig_ipv6_setup=0" indicates that the virtual network interface has not been configured for IPv6, this confirms the previous variable tt->ipv6=0. This is important because some VPN clients and servers may only support IPv4, or may prefer IPv4 over IPv6 |
open_tun, tt->ipv6=0 | This message is related to the process of opening a virtual network interface, also known as a TUN (network Tunnel) device. The TUN device is a virtual network interface that is used by OpenVPN to create a secure, point-to-point connection between two hosts. "open_tun, tt->ipv6=0" is a line in the OpenVPN log file that gives information about the configuration of the virtual network interface (TUN). "open_tun" refers to the command that OpenVPN uses to create the virtual TUN interface on the client machine. The variable "tt->ipv6=0" indicates that IPv6 is not enabled on the virtual TUN interface. It means that this specific connection is only using IPv4 protocol. This is important because some VPN clients and servers may only support IPv4, or may prefer IPv4 over IPv6 |
TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{70877430-989F-4987-BE52-1A6325536A4D}.tap | This line in the OpenVPN log file gives information about the configuration of the virtual network interface (TAP). "TAP-WIN32" is the Windows version of the TAP (network TAP) interface driver. TAP is a virtual network kernel driver that creates a virtual network interface. The message indicates that the TAP-WIN32 device with the name "Ethernet 2" has been opened and the device is located at the path "\.\Global{70877430-989F-4987-BE52-1A6325536A4D}.tap". The device name "Ethernet 2" is just a name given to the TAP-WIN32 device and it can be anything, it does not necessarily reflect the actual name of the physical network interface. The path is the unique identifier for the TAP-WIN32 device, it's not a file path but it's the identifier of the device. The message indicates that the OpenVPN client has successfully created a virtual TAP interface on the client machine and it is ready to start sending and receiving data via the VPN tunnel. It's also worth noting that TAP interfaces are typically used to create a virtual LAN (Local Area Network) between multiple computers on a private network. They can also be used to connect a virtual machine to a physical network. |
Set TAP-Windows TUN subnet mode network/local/netmask = 10.96.224.0/10.96.224.34/255.255.252.0 [SUCCEEDED] | This line in the OpenVPN log file gives information about the configuration of the virtual network interface (TAP). It indicates that OpenVPN client has successfully set the subnet mode, network address, local address, and netmask for the TAP-Windows interface. "network/local/netmask" refer to the network address, the local address of the virtual TAP interface, and the netmask that are used to define the subnet of the virtual network. In this case, the network address is set to 10.96.224.0, the local address is set to 10.96.224.34, and the netmask is set to 255.255.252.0. This means that the subnet for the virtual network interface is 10.96.224.0/22. The "[SUCCEEDED]" at the end of the line means that the configuration of the TAP-Windows interface was successful and the TUN interface is ready to use |
Notified TAP-Windows driver to set a DHCP IP/netmask of 10.96.224.34/255.255.252.0 on interface {70877430-989F-4987-BE52-1A6325536A4D} [DHCP-serv: 10.96.227.254, lease-time: 31536000] | This line in the OpenVPN log file gives information about the DHCP configuration of the virtual network interface. The message indicates that OpenVPN client has notified the TAP-Windows driver to set a DHCP IP address and netmask of 10.96.224.34 and 255.255.252.0 respectively on the interface with the GUID {70877430-989F-4987-BE52-1A6325536A4D}. DHCP is a network protocol used to automatically assign IP addresses and other network settings to devices on a network. It is used to configure the IP address, netmask, default gateway, DNS server, and other network settings for the TAP-Windows device automatically. The DHCP server used is 10.96.227.254 and the DHCP lease time is 31536000 seconds (1 year). DHCP lease time is the amount of time that the DHCP server will keep the IP address assignment for the TAP-Windows device before it expires and the device needs to request a new IP address. This configuration allows the virtual network interface to obtain an IP address dynamically from the DHCP server, rather than having a static IP address assigned. DHCP is a client-server protocol, the DHCP client is the OpenVPN client and the DHCP server is the device with IP address 10.96.227.254 |
Successful ARP Flush on interface [64] {70877430-989F-4987-BE52-1A6325536A4D} | This line in the OpenVPN log file gives information about the operation of the Address Resolution Protocol (ARP) on the virtual network interface. ARP is a protocol used to map a network address (such as an IP address) to a physical (MAC) address on a local network. It is used to resolve IP addresses to physical addresses on the same network segment. This message indicates that the OpenVPN client has successfully performed an ARP flush on the virtual network interface with the index of 64 and the GUID of {70877430-989F-4987-BE52-1A6325536A4D}. The ARP flush command is used to clear the ARP cache on the client machine. This is done to ensure that the client has the most up-to-date information about the network and to prevent any potential issues caused by stale ARP entries. The ARP cache is a table that stores the mapping of IP addresses to MAC addresses. This table is used to reduce the number of ARP broadcasts that are sent on a network. When the ARP cache is flushed, the device must send out new ARP broadcasts to discover the new mapping. It is sometimes necessary to flush the ARP cache when there are changes in the network such as IP address changes, new devices added, or devices removed from the network |
../bin/clientconfig.exe --verify Ethernet 2 1500 1561 10.96.224.34 255.255.252.0 init | This message indicates that the clientconfig.exe is being executed and it is being passed a set of parameters for network configuration. clientconfig.exe is a command-line tool that is used to configure network settings on a Windows machine i.e. the client side of the OpenVPN connection. The "--verify" flag tells the clientconfig.exe to check the current configuration of the virtual network interface (TAP) named "Ethernet 2" and ensure that it is set up correctly. The "1500" and "1561" are the MTU (Maximum Transmission Unit) and MRU (Maximum Receive Unit) values for the virtual TAP interface, these values determines the maximum size of the packet that can be transmitted or received by the interface. The "10.96.224.34" and "255.255.252.0" are the IP address and netmask of the virtual TAP interface. The "init" is the last parameter, it tells the clientconfig.exe to perform the initial setup of the virtual TAP interface. This command is used to verify and configure the TAP interface on the client machine, it is usually executed when the client connects to the server |
Initialization Sequence Completed | This line indicates that the OpenVPN client has successfully completed the process of connecting to the server and initializing the virtual network interface. This message confirms that the client has completed all the necessary steps to establish a secure VPN connection, such as authenticating with the server, negotiating the VPN parameters, creating and configuring the virtual interface, obtaining an IP address from the DHCP server and configuring the routing and firewall rules. It means that the client is now ready to send and receive data over the VPN tunnel, and that the VPN connection is now established and fully functional |
Start net commands... | This message indicates that the net commands are being executed. "net" is a command-line tool that is used to manage network settings and resources on a Windows machine. The net command provides a variety of subcommands that can be used to perform various network-related tasks such as adding or removing network connections, configuring network settings, and managing network resources such as shared folders and printers |
C:\WINDOWS\system32\net.exe stop dnscache | This message indicates that the net command is being used to stop the DNS Cache service. The DNS Cache service is a Windows service that stores the DNS name resolution information in memory. This service is responsible for caching the DNS lookups to improve the performance of name resolution. The command being executed is "net stop dnscache" which stops the service. This command is executed from the path "C:\WINDOWS\system32\net.exe". Stopping the DNS Cache service will cause the DNS lookups to be slower since the system will not be able to use the cached information. It can be useful when updating the DNS server settings |
ERROR: Windows ipconfig command failed: returned error code 2 | This message indicates that the ipconfig command has failed to execute and returned an error code of 2. ipconfig is a command-line tool that is used to display the current IP configuration of a Windows machine, including the IP address, subnet mask, and default gateway of each network interface. The tool can also be used to release and renew DHCP leases, display the DHCP and DNS server addresses, and flush the DNS resolver cache. The error code 2 means that the command was not found. This error can occur if the command is not recognized by the command prompt, the command is not located in the system's PATH, or the command is not compatible with the version of Windows that is running |
C:\WINDOWS\system32\net.exe start dnscache | This message indicates that the "net" command is being used to start the DNS Cache service. The DNS Cache service is a Windows service that stores the DNS name resolution information in memory. This service is responsible for caching the DNS lookups to improve the performance of name resolution. The command being executed is "net start dnscache" which starts the service. This command is executed from the path "C:\WINDOWS\system32\net.exe". Starting the DNS Cache service will enable the caching of DNS lookups and improve the performance of name resolution on the local machine. It's important to ensure that the DNS Cache service is running before starting any application that relies on DNS resolution |
C:\WINDOWS\system32\ipconfig.exe /flushdns | This message indicates that the ipconfig command is being used to flush the DNS resolver cache. ipconfig is a command-line tool that is used to display the current IP configuration of a Windows machine, including the IP address, subnet mask, and default gateway of each network interface. The tool can also be used to release and renew DHCP leases, display the DHCP and DNS server addresses, and flush the DNS resolver cache. The command being executed is "ipconfig /flushdns" which flushes the DNS resolver cache. This command is executed from the path "C:\WINDOWS\system32\ipconfig.exe". Flushing the DNS resolver cache clears all the DNS name resolution information that is stored on the local machine. This can be useful when troubleshooting DNS issues or when updating the DNS server settings. It's important to ensure that the DNS service is running and that the DNS server is reachable before flushing the cache |
C:\WINDOWS\system32\ipconfig.exe /registerdns | This message indicates that the ipconfig command is being used to register the DNS settings with the DHCP server. ipconfig is a command-line tool that is used to display the current IP configuration of a Windows machine, including the IP address, subnet mask, and default gateway of each network interface. The tool can also be used to release and renew DHCP leases, display the DHCP and DNS server addresses, and flush the DNS resolver cache. The command being executed is "ipconfig /registerdns" which forces a registration of the client's DNS settings with the DHCP server. This command is executed from the path "C:\WINDOWS\system32\ipconfig.exe". This command is useful when troubleshooting DHCP and DNS issues or when the DHCP and DNS settings have been manually configured and need to be registered with the DHCP server. It is also important to ensure that the DNS service is running and that the DNS server is reachable before registering the DNS settings with the DHCP server |
End net commands... | This message indicates that the execution of the net commands has been completed and that the network-related tasks (such as starting or stopping services, configuring network settings, or managing network resources) have been successfully executed |
Server poll timeout, restarting | This message indicates that the OpenVPN client has encountered a timeout while trying to poll the server for a response. OpenVPN uses a keepalive mechanism to ensure that the VPN connection is still active. The client sends a message to the server, called a "poll", at regular intervals. The server is expected to respond to these polls within a certain time period. If the server does not respond within the time period, the client assumes that the connection has been lost and takes appropriate action, such as restarting the connection. The root cause of this error could be a problem with the server, such as a network issue or a server configuration problem. |
SIGUSR1[soft,server_poll] received, process restarting | This message indicates that the OpenVPN client has received a signal to restart the process due to a server poll timeout. OpenVPN uses a keepalive mechanism to ensure that the VPN connection is still active. The client sends a message to the server, called a "poll", at regular intervals. The server is expected to respond to these polls within a certain time period. If the server does not respond within the time period, the client assumes that the connection has been lost and takes appropriate action, such as restarting the connection. The signal is a "soft" signal, which means that the client is not forced to exit, but it is asking the client to restart the process. The reason for the restart is "server_poll" which indicates that the client is restarting because of a server poll timeout. The root cause of this error could be a problem with the server, such as a network issue or a server configuration problem. |
SIGHUP[hard,] received, process restarting | This message indicates that the SIGHUP signal has been received by the process and the process is restarting. In Unix-like operating systems, a SIGHUP signal is used to tell a process to perform a specific action, typically to reload configuration files or to restart. When a process receives a SIGHUP signal, it should re-read its configuration files and/or restart itself. It is expected to clean up and terminate gracefully. SIGHUP signal, hard, means that it was sent to the process directly from the ISA App (OpenVPN Client) and not through a terminal. It could also happen if the terminal or terminal emulator that the process is running in has been closed or disconnected |
SIGHUP[hard,init_instance] received, process restarting | This message indicates that the OpenVPN process has received a SIGHUP signal and is restarting as a result, but this time the signal contains an additional parameter "init_instance". The SIGHUP signal is a signal that is sent to a process to indicate that the terminal or terminal emulator that the process is running in has been closed or disconnected. When a process receives the SIGHUP signal, it is expected to clean up and terminate gracefully. The word "hard" indicates that the process is doing a hard reset, which means that the process is restarting immediately, without saving any state or doing any cleanup. The word "init_instance" tells the process to reset itself to its initial state and release any resources that it has acquired, but unlike a hard reset, it will also release and re-initialize any shared resources such as singleton objects |
[company] Inactivity timeout (--ping-restart), restarting | This message indicates that the OpenVPN client has disconnected from the server due to a ping inactivity timeout. OpenVPN has a feature called "ping-restart" which is used to detect when a connection has become inactive. The client sends a "ping" message to the remote server at regular intervals (as specified by the --ping-restart option). If the remote server doesn't respond to the ping message within a certain amount of time (the "inactivity timeout" which is also specified by the --ping-restart option), then the client assumes that the connection has become inactive and disconnects. It will then automatically attempt to restart the connection |
SIGUSR1[soft,ping-restart] received, process restarting | This message indicates that the OpenVPN process has received a SIGUSR1 signal and is restarting as a result. In Unix-like operating systems, a SIGUSR1 signal is a user-defined signal that can be used by applications to perform specific actions. In OpenVPN, it can be used to perform a "ping-restart" (process that sends a "ping" packet to the remote server at regular intervals) which is a way to detect when a connection has become inactive. The "ping-restart" parameter indicates that the process has received a ping-restart signal, which is a signal sent by the OpenVPN client to the server to check if the connection is still alive. If the server doesn't respond to the ping message within a certain amount of time (also specified by the --ping-restart option), then the client assumes that the connection has become inactive and disconnects. OpenVPN will send the SIGUSR1 signal to itself. The "soft" parameter indicates that the process is doing a soft reset, which means that the process will try to terminate gracefully and perform any cleanup that is necessary before restarting. This inactivity timeout could have been caused by an issue with the remote server, a problem with the network connection, or a problem with the OpenVPN configuration |
AUTH: Received AUTH_FAILED control message | This message indicates that the OpenVPN client has received an AUTH_FAILED control message from the server (the server has rejected the client's authentication attempt). OpenVPN uses a combination of username and password authentication and public key authentication to authenticate clients connecting to the server. The remote server sends an AUTH_FAILED control message when the client's provided credentials (username and password or public key) are not valid or do not match the credentials on the server. This could happen for various reasons, such as:
|
SIGUSR1[soft,auth-failure] received, process restarting | This message indicates that the OpenVPN process has received a SIGUSR1 signal and is restarting as a result. The SIGUSR1 signal is a signal that is sent to a process to indicate that the process should perform a specific action. In OpenVPN, it can be used to perform an "auth-failure" which is a way to detect when the client's authentication has failed. The "soft" parameter indicates that the process is doing a soft reset, which means that the process will try to terminate gracefully and perform any cleanup that is necessary before restarting. The "auth-failure" parameter indicates that the process has received an auth-failure signal, which is a signal sent by the OpenVPN server to the client indicating that the client's authentication attempt has failed |
read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054) | This message indicates an error occurred when trying to read data from a UDP socket on a Windows system. This error message occurs when the peer (the server or another client) unexpectedly closes the connection. It could be caused by a problem with the network connection, the server may be down or the client may be blocked by a firewall. It could also happen if the client is trying to connect to the wrong IP address or port. This error will cause the VPN connection to fail and it could be an indication of a problem with the network connection or the server configuration. It is recommended to check the network connectivity, ensure that the server is reachable, and check the firewall configuration. |
Attempting to establish TCP connection with 205.68.132.56 | This message indicates that the OpenVPN client is trying to establish a TCP (Transmission Control Protocol) connection with a remote server or VPN gateway at IP address 205.68.132.56. TCP is a connection-oriented protocol, which means that a connection must be established before data can be exchanged between the client and the server. The client sends a request to the server and the server responds with an acknowledgement. Once the connection is established, the client and the server can exchange data. If the connection is successful, the client will be able to exchange data with the server over the established TCP connection. If the connection fails, the client will retry to connect or show an error message. |
TCP: connect to 205.68.132.56:1323 failed, will try again in 5 seconds: Connection timed out | This message indicates that the OpenVPN client is unable to establish a TCP (Transmission Control Protocol) connection with the server or VPN gateway at IP address 205.68.132.56 on port 1323. The connection timed out, which means that the client was not able to establish a connection with the server within a specific time frame. This message is usually displayed in the log of the OpenVPN client when the client is trying to establish a TCP connection with the server, but the server is not responding. It could be caused by a problem with the network connection, the server may be down, or the client may be blocked by a firewall. It could also happen if the client is trying to connect to the wrong IP address or port. The message also indicates that the client will retry to establish a connection with the server after 5 seconds. If the connection continues to fail, the client will continue to retry until the connection is established or it reaches the maximum number of retries. In case the problem persist, it is recommended to check the network connectivity, ensure that the server is reachable, and check the firewall configuration. |
ROOT\NET\0000 : Restarted 1 device(s) restarted. | This message indicates that a device with the name ROOT\NET\0000 has been restarted. It is usually displayed (by the Windows operating system) in the log file when a device driver is being installed, updated or uninstalled. The ROOT\NET\0000 is the name of a network adapter on the system. The message confirms that the device has been restarted and that the operation has been completed successfully. |
TUN/TAP I/O operation aborted, exiting | This message indicates that the OpenVPN process has encountered an error and is exiting as a result. An I/O (input/output) operation on the TUN/TAP interface has been interrupted or terminated prematurely, as a result, the OpenVPN process has been closed. This could happen due to various reasons such as, the connection to the server has been lost, the client's system has lost power, or the client has closed the ISA App (OpenVPN Client). |
Warning: route gateway is not reachable on any active network adapters: 205.68.132.56 | This message indicates that the OpenVPN client is unable to reach the specified gateway IP address (205.68.132.56) on any active network adapters. A gateway is a device or service that acts as an entry point to another network, in this case, the gateway IP address is 205.68.132.56. The message is warning that the client is unable to reach this gateway on any of the active network adapters which means that the client is unable to establish a connection to the ISA Controller (VPN server). This could happen due to various reasons such as, the network connection is down, the gateway is down, or the client's system is not configured correctly. |
The route deletion failed: Element not found | This message indicates that the OpenVPN client was unable to delete a route from the system's routing table because the specified route was not found. The client attempted to remove a route from the routing table but it was not able to find it. This could happen due to various reasons such as, the route was already removed, the route never existed, or the route has been modified since the client last accessed it. |
NOTE: Release of DHCP-assigned IP address lease on TAP-Win32 adapter failed: The system cannot find the file specified. (code=2) | This message indicates that the OpenVPN client was unable to release the DHCP-assigned IP address lease on the TAP-Win32 adapter because the system could not find the specified file. When the client was trying to release the DHCP-assigned IP address lease on the TAP-Win32 adapter, it was not able to find the required file. This could happen due to various reasons such as the file has been deleted, moved, or renamed, the client does not have the required permissions to access the file, or the file path is incorrect. |
SIGUSR1[soft,tun-abort] received, process restarting | This message indicates that the OpenVPN process has received a SIGUSR1 signal and is restarting as a result. The SIGUSR1 signal is a signal that is sent to a process to indicate that the process should perform a specific action. In OpenVPN, it can be used to perform a "tun-abort" which is a way to detect when a TUN/TAP interface operation has been interrupted or terminated prematurely. The "soft" parameter indicates that the process is doing a soft reset, which means that the process will try to terminate gracefully and perform any cleanup that is necessary before restarting. The "tun-abort" parameter indicates that the process has received a tun-abort signal, which is a signal sent by the OpenVPN client to indicate that the TUN/TAP interface operation has been interrupted or terminated prematurely |
Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #277086 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings | This message indicates that the OpenVPN client has detected a replay attack. A replay attack is when an attacker intercepts and resends valid authenticated packets to the VPN server in an attempt to bypass security controls. OpenVPN uses a packet ID to prevent replay attacks by discarding packets that have already been processed. This message means that the client has received a packet with the same packet ID as one that has already been processed, indicating a replay attack. The number in brackets, in this case, 277086, is the packet ID that has been replayed At times, this message may also be seen due to network congestion or other issues, that may lead to a packet retransmission attempt that OpenVPN flags as a replay attack |
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) | This message indicates that the OpenVPN client was unable to establish a secure connection with the server within the specified time period (60 seconds) due to a problem with the network connectivity. Transport Layer Security (TLS) is a security protocol that is used to establish a secure connection between two devices. OpenVPN uses TLS to establish a secure connection between the client and the server. The message indicates that the client was unable to establish a secure connection with the server within the specified time period (60 seconds) due to network connectivity issues. This could happen due to various reasons such as, the client's network connection is down/poor, the server is down or not responding, or there is a problem with the client's system configuration |
TLS Error: TLS handshake failed | This message indicates that the OpenVPN client was unable to establish a secure connection with the server due to a problem with the Transport Layer Security (TLS) handshake. The TLS handshake is the process by which two devices (in this case, the client and the server) establish a secure connection using the TLS protocol. The handshake involves a series of steps, such as the exchange of security information and the negotiation of encryption keys. The message indicates that the client was unable to complete the handshake and thus unable to establish a secure connection with the server. This could happen due to various reasons such as, the client and the server are using different versions of the TLS protocol, the client's certificate is not trusted by the server, the client's certificate has expired, the client's certificate has been revoked, or there is a problem with the client's system configuration. |
TLS Error: reading acknowledgement record from packet | This message indicates that the OpenVPN client was unable to read the acknowledgement record from a packet during the Transport Layer Security (TLS) handshake process. During the TLS handshake, the client and the server exchange packets to establish a secure connection. The acknowledgement record is a type of packet that is used to confirm the successful receipt of other packets. The message indicates that the client was unable to read the acknowledgement record from a packet, which means that the client is not able to confirm that the server has received the packets it has sent, and the handshake process cannot proceed. This could happen due to various reasons such as, a problem with the network connectivity, a problem with the client's system configuration, or a problem with the server's system configuration. |
TLS Error: Unroutable control packet received from 205.68.132.56:1323 (si=3 op=P_ACK_V1) | This message indicates that the OpenVPN client has received an unroutable control packet from the server IP address 205.68.132.56 on port 1323 during the Transport Layer Security (TLS) handshake process. During the TLS handshake, the client and the server exchange packets to establish a secure connection. The control packet is a type of packet that is used to exchange control information between the client and the server. The message indicates that the client has received a control packet from the server, but it is unroutable, which means that the client is unable to process it. The si=3 and op=P_ACK_V1 indicate that the packet is an acknowledgement packet and it's version is V1. This could happen due to various reasons such as, a problem with the network connectivity, a problem with the client's system configuration, or a problem with the server's system configuration. |
TLS Error: Unroutable control packet received from 205.68.132.56:1323 (si=3 op=P_CONTROL_V1) | This message indicates that the OpenVPN client has received an unroutable control packet from the server IP address 205.68.132.56 on port 1323 during the Transport Layer Security (TLS) connection process. During the TLS connection process, the client and the server exchange packets to maintain a secure connection. The control packet is a type of packet that is used to exchange control information between the client and the server. The message indicates that the client has received a control packet from the server, but it is unroutable, which means that the client is unable to process it. The si=3 and op=P_CONTROL_V1 indicate that the packet is a control packet and it's version is V1. This could happen due to various reasons such as, a problem with the network connectivity, a problem with the client's system configuration, or a problem with the server's system configuration. |
TLS Error: incoming packet authentication failed from 205.68.132.56:1323 | This message indicates that the OpenVPN client was unable to authenticate an incoming packet from the server IP address 205.68.132.56 on port 1323 during the Transport Layer Security (TLS) connection process. During the TLS connection process, the client and the server exchange packets to maintain a secure connection. The client uses authentication methods to ensure that the packets it receives are from the legitimate server and have not been tampered with by an attacker. This message indicates that the client was unable to authenticate an incoming packet from the specified IP address and port, which means that the client is unable to trust the packet and the connection may be compromised. This could happen due to various reasons such as, a problem with the network connectivity, a problem with the client's system configuration, or a problem with the server's system configuration. |
SIGUSR1[soft,tls-error] received, process restarting | This message indicates that the OpenVPN process has received a SIGUSR1 signal with the parameter "tls-error" and is restarting as a result. The SIGUSR1 signal is a signal that is sent to a process to indicate that the process should perform a specific action. In OpenVPN, it can be used to indicate that a problem has occurred with the Transport Layer Security (TLS) connection. The "soft" parameter indicates that the process is doing a soft reset, which means that the process will try to terminate gracefully and perform any cleanup that is necessary before restarting. The "tls-error" parameter indicates that the process has received a tls-error signal, which is a signal sent by the OpenVPN client to indicate that an error has occurred with the TLS connection |
Options error: Unrecognized option or missing parameter(s) in <company>1.conf:22: unable (2.2.2) Use --help for more information. | This message indicates that the OpenVPN client has encountered an error while reading the configuration file (in this case, <company>1.conf) on line 22. The OpenVPN client uses a configuration file to determine the settings for the VPN connection. This message indicates that there is a problem with the configuration file on line 22, specifically an unrecognized option or missing parameter. This could happen if the configuration file has been edited manually and a typo or mistake has been introduced, or if the option or parameter is not supported by the version of OpenVPN that the client is using. |
VERIFY ERROR: depth=0, error=certificate is not yet valid: /C=IN/ST=KA/L=Bangalore/O=company/CN=company/emailAddress=support@instasafe.com | This message indicates that the OpenVPN client has encountered an error while trying to verify the validity of a certificate during the Transport Layer Security (TLS) connection process. The certificate is a digital document that contains information about the identity of the certificate holder and the public key used to establish a secure connection. It's used to establish trust between the client and the server. The message indicates that the client has encountered an error while trying to verify the validity of a certificate and the error is that the certificate is not yet valid. This could happen if the client and the server are not using the same certificate, if the certificate has expired, or if the certificate's valid start date is in the future |
VERIFY ERROR: depth=1, error=certificate has expired: /C=IN/ST=KA/L=Bangalore/O=company/CN=company/emailAddress=support@instasafe.com | This message indicates that the OpenVPN client has encountered an error while trying to verify the SSL/TLS certificate of the VPN server. When a client connects to an OpenVPN server, the client verifies the server's SSL/TLS certificate to ensure that it is authentic and has not been tampered with. The message indicates that the client has encountered an error while trying to verify the server's certificate. The specific error message "error=certificate has expired" means that the server's certificate has expired and it is no longer valid. The root cause of this error is that the server's certificate has expired and is no longer valid, the administrator of the VPN server should renew the certificate. |
TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed | This message indicates that the OpenVPN client has encountered an error during the Transport Layer Security (TLS) connection process. The error is related to the SSL3_GET_SERVER_CERTIFICATE routine which is used for certificate verification. During the TLS connection process, the client and the server exchange packets to establish a secure connection. The client uses certificate verification to ensure that the server's certificate is valid and that the server is who it claims to be. This message indicates that the client was unable to verify the server's certificate, which means that the client is unable to trust the server and the connection may be compromised. This could happen if the server's certificate is invalid, if the certificate has expired, or if the certificate's valid start date is in the future. This error can also occur if the client and the server are not using the same certificate |
TLS Error: TLS object -> incoming plaintext read error | This message indicates that the OpenVPN client has encountered an error while trying to read plaintext data during the Transport Layer Security (TLS) connection process. During the TLS connection process, the client and the server exchange packets to establish a secure connection. The client uses encryption to ensure that the packets it receives are secure and can only be read by the intended recipient. This message indicates that the client has encountered an error while trying to read plaintext data, which means that the client is unable to read the data that it has received and the connection may be compromised. This could happen due to various reasons such as, a problem with the network connectivity, a problem with the client's system configuration, or a problem with the server's system configuration. |
Options error: --nobind doesn't make sense unless used with --remote | This message indicates that the OpenVPN client has encountered an error while reading the configuration file. The error is that the --nobind option is being used without the --remote option. The --nobind option is used to prevent the OpenVPN client from binding to a local IP address and port. This option is used to allow the client to connect to a server that is behind a NAT device. The --remote option is used to specify the IP address and port of the server that the client should connect to. The --nobind option is not useful without the --remote option, because it needs the --remote option to know which server to connect to. This could happen if the configuration file has been edited manually and a mistake has been introduced, or if the user has not specified the correct options in the configuration file. |
RESOLVE: Cannot resolve host address: dallas.instasafe.net: No such host is known | This message that indicates that the OpenVPN client is unable to resolve the hostname "isaawmum5.instasafe.net" to an IP address. When the OpenVPN client connects to a server, it uses the server's hostname to find the server's IP address. This message indicates that the client is unable to resolve the hostname "dallas.instasafe.net" to an IP address. This could happen if the hostname is typed incorrectly or if the hostname is not valid. It could also happen if the OpenVPN client is unable to reach the DNS server that would be able to resolve the domain name to an IP address, or if the domain name is not registered or it's not an existing domain. |
RESOLVE: Cannot resolve host address: dallas.instasafe.net:1319 (nodename nor servname provided, or not known) | This message indicates that the OpenVPN client is unable to resolve the hostname "dallas.instasafe.net" to an IP address and port number. When the OpenVPN client connects to a server, it uses the server's hostname and port number to find the server's IP address. This message indicates that the client is unable to resolve the hostname "dallas.instasafe.net" to an IP address and port number. This could happen if the hostname is typed incorrectly or if the hostname is not valid, or if the port number is not specified correctly or doesn't match the server's listening port. It could also happen if the OpenVPN client is unable to reach the DNS server that would be able to resolve the domain name to an IP address, or if the domain name is not registered or it's not an existing domain. |
WARNING: potential route subnet conflict between local LAN [192.7.0.0/255.255.0.0] and remote VPN [192.7.200.14/255.255.255.255] | This warning message indicates that there is a potential conflict between the subnet of the local LAN (Local Area Network) and the subnet of the routes pushed by the remote VPN (Virtual Private Network). Typically not a cause for concern. However, it can cause issues with network communication and routing. This conflict can occur when the subnets of the two networks overlap i.e. overlap of user's LAN Network and target corporate network for which routes are pushed via the ISA App (OpenVPN Client). This can be resolved by changing the subnet of one of the networks to avoid the conflict |
OpenVPN ROUTE: cannot add more than 1024 routes -- please increase the max-routes option in the client configuration file Exiting due to fatal error | This message indicates that the OpenVPN client has encountered an error while trying to add routes to the routing table. The error is that the client has reached the maximum number of routes that it is allowed to add. When the OpenVPN client connects to a server, it can add routes to the routing table to direct traffic through the VPN tunnel. The max-routes option in the client configuration file is used to set the maximum number of routes that the client is allowed to add. By default, the maximum number of routes that the client is allowed to add is 1024. This message indicates that the client has reached the maximum number of routes that it is allowed to add, and it is unable to add any more routes. This can happen if the client is trying to connect to a server that has a large number of routes, or if the client is trying to connect to multiple servers at the same time. It is recommended to increase the max-routes option in the ISA (OpenVPN) configuration file so that the ISA App (Open VPN Client) can add more routes to the routing table |
Insufficient key material or header text not found in file '[[INLINE]]' (0/128/256 bytes found/min/max) Exiting due to fatal error | This message indicates that the OpenVPN client has encountered an error with the key material used for the encryption of the VPN connection. OpenVPN uses a key material file to encrypt the data that is sent over the VPN connection. The key material file is specified using the --tls-auth option in the client configuration file. The key material file is typically a static pre-shared key (PSK) that is shared between the client and the server. This message indicates that the client is unable to find the key material file, or that the key material file is empty or does not contain the required number of bytes. The key material file is specified as [[INLINE]], this means that the key material is passed inline with the configuration file, but there's an issue with the key material, it could be missing, empty or does not contain the required number of bytes. |
WARNING: Failed running command (--up/--down): returned error code 2 Exiting due to fatal error | This message indicates that the OpenVPN client has encountered an error while running a command specified in the --up or --down options in the client configuration file. The --up and --down options in the client configuration file are used to specify commands that should be run before or after the VPN connection is established. These commands are typically used to configure the routing table or to start or stop other services. This message indicates that the client has encountered an error while running a command specified in the --up or --down options in the client configuration file. The error code 2 indicates that the command has failed to execute successfully. The reason for the failure could be due to a problem with the command, like the command is not found or not executable, or the command is not working as expected. Follow these steps: 1. Open Command Prompt as Administrator 2. Navigate to the InstaSafe > Bin directory cd C:\Program Files (x86)\InstaSafe\bin\ 3. Execute the command clientconfig.exe /verify This should throw an error message indicating why the InstaSafe Agent fails to connect. |
All TAP-Windows adapters on this system are currently in use. Exiting due to fatal error | This message indicates that the OpenVPN client has encountered an error while trying to create a new TAP-Windows adapter. A TAP-Windows adapter is a virtual network adapter that is used by the OpenVPN client to create a VPN connection. When the OpenVPN client connects to a server, it creates a new TAP-Windows adapter to create a VPN tunnel. This message indicates that all TAP-Windows adapters on the system are currently in use and the client is unable to create a new one. This could happen if there are multiple OpenVPN clients running on the system, or if other software on the system is using TAP-Windows adapters. |
Inactivity timeout (--inactive), exiting | This message indicates that the OpenVPN client has detected that there has been no activity on the VPN connection for a specified period of time and is exiting the connection. The --inactive option in the OpenVPN client configuration file is used to specify a timeout period for inactivity on the VPN connection. If there is no activity on the VPN connection (i.e no data is sent or received) for the specified period of time, the OpenVPN client will exit the connection. This message indicates that the OpenVPN client has detected that there has been no activity on the VPN connection for the specified period of time and is exiting the connection. This could be useful to disconnect the VPN automatically if the connection is idle for a certain time, to avoid unnecessary use of resources or to disconnect the VPN if the user is away from the computer |
GetAdaptersInfo #2 failed (status=111) : The file name is too long | This message indicates that the OpenVPN client has encountered an error while trying to retrieve information about network adapters on the system. The GetAdaptersInfo function is used by the OpenVPN client to retrieve information about the network adapters on the system. This information is used by the client to configure the virtual network adapter that is used to create the VPN connection. This message indicates that the GetAdaptersInfo function has failed to execute successfully with error code 111 which is related to the file name being too long. This could happen if the client is running on a system with a large number of network adapters or if the adapter's name/path is too long |
GetAdaptersInfo #2 failed (status=232) : The pipe is being closed | This message indicates that the OpenVPN client has encountered an error while trying to retrieve information about network adapters on the system. The GetAdaptersInfo function is used by the OpenVPN client to retrieve information about the network adapters on the system. This information is used by the client to configure the virtual network adapter that is used to create the VPN connection. This message indicates that the GetAdaptersInfo function has failed to execute successfully with error code 232 which related to the pipe is being closed. This could happen if the function is trying to read or write to a pipe that has been closed by the other end, or if the pipe is closed by the system due to some other error. This error could occur if the client is running on a system where the network interfaces are frequently changed or disconnected |
GetAdaptersInfo #2 failed (status=1818) : The remote procedure call was cancelled | This message indicates that the OpenVPN client has encountered an error while trying to retrieve information about network adapters on the system. The GetAdaptersInfo function is used by the OpenVPN client to retrieve information about the network adapters on the system. This information is used by the client to configure the virtual network adapter that is used to create the VPN connection. This message indicates that the GetAdaptersInfo function has failed to execute successfully with error code 1818 (corresponds to ERROR_CANCELLED), which means that the remote procedure call (RPC) was canceled. Here are some steps you can take to address this issue: - Restart OpenVPN with Administrator Privileges: Ensure that you are running the OpenVPN application with administrative privileges. Right-click on the OpenVPN executable and choose "Run as administrator." - Check for Network Connectivity Issues: Verify that your system has a stable and functioning network connection. If there are connectivity issues, resolving them may help. - Firewall and Antivirus Software: Check your firewall and antivirus software settings to make sure they are not blocking the RPC calls that OpenVPN requires. Temporarily disabling these security tools (if safe to do so) can help identify if they are the cause. - Reinstall OpenVPN: If the issue persists, consider uninstalling and reinstalling the OpenVPN client. Ensure you are using the latest version available. - Windows Update: Make sure your Windows operating system is up to date with the latest updates and patches. - Review System Logs: Check the Windows Event Viewer for any relevant system or application logs that might provide additional information about the issue. |
*InstaSafe: Obtained VPN username and password from the Keychain AUTH: Received control message: AUTH_FAILED | This message indicates that the OpenVPN client has successfully obtained the VPN username and password from the Keychain, but the authentication failed. The OpenVPN client is able to obtain the VPN username and password from the Keychain, which is a secure storage system for storing sensitive information like credentials. Once the client has the username and password, it attempts to authenticate with the VPN server. The message "AUTH: Received control message: AUTH_FAILED" indicates that the authentication process has failed. This could happen if the username or password stored in Keychain is incorrect, if the server is not configured to accept the client's credentials, or if the server is down or not reachable |
| library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10 | This message indicates the version of the OpenSSL and LZO libraries that the OpenVPN client is using. OpenVPN uses the OpenSSL library to implement the SSL and TLS protocols and the LZO library to perform data compression. These libraries must be compatible with the OpenVPN version that is being used. The message "library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10" indicates that the OpenVPN client is using version 3.0.2 of the OpenSSL library, which was released on March 15, 2022, and version 2.10 of the LZO library |
TCP/UDP: Preserving recently used remote address: [AF_INET]205.68.132.56:1323 | This message indicates that the OpenVPN client is preserving the IP address and port of the last remote server it connected to. When the OpenVPN client connects to a server, it establishes a connection with the server using either the TCP or UDP protocol. The client must know the IP address and port of the server in order to establish the connection. The message "TCP/UDP: Preserving recently used remote address: [AF_INET]205.68.132.56:1323" indicates that the OpenVPN client is preserving the IP address 205.68.132.56 and port 1323 which was the last remote server it connected to. This message can appear if the client was disconnected from the server and is trying to reconnect to the same server again, this way the client doesn't need to go through the process of resolving the server's address again. |
UDP link local: (not bound) | This message indicates that the OpenVPN client has not bound to a specific IP address for the local end of the UDP connection. OpenVPN is capable of running over both the TCP and UDP protocols, when running over UDP, the client and the server communicate by sending UDP packets to each other. These packets are sent to specific IP addresses and ports. The message means the client is not listening for incoming UDP packets on a specific IP address, instead, it's using the default IP address assigned to the machine. |
WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set. | This warning message indicates that the OpenVPN client is enabling compression for received packets, but it's not compressing packets it's sending. OpenVPN uses data compression to reduce the amount of data that needs to be sent over the network, thus increasing the efficiency of the VPN connection. However, the use of compression can also be used to break encryption. In the past, it has been shown that certain types of compression can be used to exploit weaknesses in encryption algorithms. The warning message is indicating that the OpenVPN client is enabling compression for received packets, but it's not compressing packets it's sending, unless "allow-compression yes" is also set. The message is warning that the use of compression has been used to break encryption in the past, and urges caution when enabling compression |
TUN/TAP device tun0 opened | This message indicates that the OpenVPN client has successfully opened a TUN/TAP device with the name "tun0" which is a virtual network interface. OpenVPN uses TUN/TAP devices to create virtual network interfaces that can be used to route data between the client and the server. TUN devices create virtual point-to-point connections, while TAP devices create virtual Ethernet connections. If the client is unable to open the TUN/TAP device, it's likely that there's a problem with the driver, the system's network configuration, or the client's configuration file. |
net_iface_mtu_set: mtu 1500 for tun0 | This message indicates that the OpenVPN client has set the Maximum Transmission Unit (MTU) for the virtual network interface tun0 to 1500. This value is the standard MTU size for Ethernet networks. Maximum Transmission Unit (MTU) is the size of the largest packet that a network can transmit. It is the maximum size of a packet that can be sent over a network without fragmentation. The MTU size is determined by the lower of the MTU size of the sender and the receiver. If the MTU size of the virtual network interface is set too low, it can cause packets to be fragmented, which can lead to reduced performance, increased overhead, and increased chances of packet loss. If the MTU size of the virtual network interface is set too high, it can cause packets to be dropped, which can lead to connectivity issues. |
net_iface_up: set tun0 up | This message indicates that the OpenVPN client has set the virtual network interface tun0 as "up". When a network interface is "up", it means that it is active and ready to transmit and receive data. The message "net_iface_up: set tun0 up" is indicating that the OpenVPN client has enabled the virtual network interface tun0 and made it active and ready for data transmission and reception. If the virtual network interface is not set up, it will not be able to transmit or receive data, and the VPN connection will not be established. |
net_addr_v4_add: 10.99.84.3/22 dev tun0 | This message indicates that the OpenVPN client has added an IPv4 address of 10.99.84.3 with a subnet mask of 255.255.252.0 (or /22) to the virtual network interface tun0. When a client connects to a VPN server, it is typically assigned an IP address from the server's network. The message "net_addr_v4_add: 10.99.84.3/22 dev tun0" is indicating that the OpenVPN client has been assigned an IPv4 address of 10.99.84.3 with a subnet mask of 255.255.252.0 (or /22) from the VPN server and it has been added to the virtual network interface tun0. If the client is unable to add the IP address, it may not be able to communicate with the VPN server or other devices on the VPN network, and the VPN connection will not be established. |
net_addr_v4_del: 10.99.84.3 dev tun0 | This message indicates that the OpenVPN client has deleted the IPv4 address of 10.99.84.3 from the virtual network interface tun0. This may happen when the VPN connection is closed or when the client is trying to reconnect to the VPN server. |
event_wait : Interrupted system call (code=4) | This message indicates that the OpenVPN client has been interrupted while waiting for an event. An "interrupted system call" error occurs when a process is waiting for an event to occur (such as waiting for data to be received from a network) and the process is abruptly stopped. This can happen due to a number of reasons, such as the process being killed, a system shutdown or reboot, or a network interruption. In the context of OpenVPN, this message could indicate that the client was disconnected from the VPN server or that the network connection was lost. It could be useful for troubleshooting and understanding the network configuration of the VPN connection. This error may not always cause the VPN connection to fail, but it could be an indication of a problem that needs attention. |
SIGTERM[hard,] received, process exiting | This message indicates that the OpenVPN client has received a SIGTERM signal and is exiting the process. A SIGTERM signal is a command sent to a process to terminate it. It is typically sent by the operating system or another process to request that a process exit gracefully. In the context of OpenVPN, this message could indicate that the client is being closed by a user or an administrator or it could be an indication of a problem with the VPN connection that requires the client to close. It's worth noting that this message is usually displayed in the log of the OpenVPN client, and it appears when the client is trying to establish or maintain a VPN connection and it received a SIGTERM signal. This error may not always cause the VPN connection to fail, but it could be an indication of a problem that needs attention. |
OpenSSL: error:04800064:PEM routines::bad base64 decode | This is an error message that indicates that the OpenSSL library encountered an error while trying to decode a base64 encoded PEM-formatted file. PEM (Privacy Enhanced Mail) is a file format for storing cryptographic keys and certificates, typically used for SSL/TLS. PEM files are base64 encoded and usually have the file extension .pem. The base64 decoding is the process of converting the encoded data back to the original format. This error message indicates that the PEM file that OpenSSL is trying to decode is not a valid base64 encoded file, which means it's not properly formatted and it cannot be decoded. This could be caused by a number of things, such as a corrupt file, a file that has been modified, or a file that has been transmitted with errors. This error may cause the VPN connection to fail, and it could be an indication of a problem that needs attention. |
OpenSSL: error:0A080009:SSL routines::PEM lib | This is an error message that indicates that the OpenSSL library encountered an error while trying to read a PEM-formatted file. PEM (Privacy Enhanced Mail) is a file format for storing cryptographic keys and certificates, typically used for SSL/TLS. PEM files are base64 encoded and usually have the file extension .pem. This error message indicates that the OpenSSL library is unable to read the PEM-formatted file correctly. This could be caused by a number of things, such as a missing or incorrect file, a file that has been modified, or a file that has been transmitted with errors. This error may cause the VPN connection to fail, and it could be an indication of a problem that needs attention. |
Cannot load inline certificate file | This is an error message that indicates that the OpenVPN client is unable to load a certificate file that is specified in the configuration file as "inline". In OpenVPN, an inline certificate file is a certificate file that is included directly in the configuration file, rather than being specified by a file path. When a certificate file is specified as inline, the contents of the certificate file are included within the configuration file itself. This error message indicates that the OpenVPN client is unable to find the inline certificate file that is specified in the configuration file, which means the certificate file is missing or has an incorrect format. This could be caused by an incorrect configuration file, a missing file, or a file that has been modified. This error may cause the VPN connection to fail, and it could be an indication of a problem that needs attention. |
Exiting due to fatal error | This is a message that indicates that the OpenVPN client has encountered an error that is severe enough to cause the client to exit. This message is displayed when the OpenVPN client is unable to continue running due to a critical error. The error could be related to the configuration file, the network connection, the certificate files, or any other critical component of the VPN connection. It's worth noting that this message is usually displayed in the log of the OpenVPN client, and it appears when the client is trying to establish or maintain a VPN connection and it has encountered a fatal error. This error will cause the VPN connection to fail and it could be an indication of a problem that needs attention. |
OpenSSL: error:1E08010C:DECODER routines::unsupported | Ths is an error message that indicates that the OpenSSL library encountered an error while trying to decode a specific data format that it does not support. OpenSSL provides a wide range of cryptographic functions, including support for various data formats, such as PEM, DER, ASN.1 and more. However, not all formats are supported by all functions. This error may cause the VPN connection to fail, and it could be an indication of a problem that needs attention. |
Cannot load private key file [[INLINE]] | This is an error message that indicates that the OpenVPN client is unable to load a private key file that is specified in the configuration file as "inline". In OpenVPN, an inline private key file is a private key file that is included directly in the configuration file, rather than being specified by a file path. When a private key file is specified as inline, the contents of the private key file are included within the configuration file itself. This error message indicates that the OpenVPN client is unable to find the inline private key file that is specified in the configuration file, which means the private key file is missing or has an incorrect format. This could be caused by an incorrect configuration file, a missing file, or a file that has been modified. This error may cause the VPN connection to fail, and it could be an indication of a problem that needs attention. |
SIGUSR1[soft,private-key-password-failure] received, process restarting | This is a message that indicates that the OpenVPN client has received a "SIGUSR1" signal, which is a soft signal indicating that the client has failed to authenticate a private key file that is protected by a password. In OpenVPN, private key files are used to authenticate the client to the server and can be protected by a password to add an additional layer of security. When a private key file is protected by a password, the client must enter the correct password to decrypt the private key file and use it for authentication. This message indicates that the OpenVPN client has failed to authenticate the private key file because the password provided was incorrect. This message may appear when the client is trying to establish or maintain a VPN connection. The client will then restart the process in an attempt to re-establish the VPN connection. This error will cause the VPN connection to fail and it could be an indication of a problem that needs attention. |
SIGTERM[hard,init_instance] received, process exiting | This is a message that indicates that the OpenVPN client has received a "SIGTERM" signal, which is a hard signal indicating that the client process should terminate immediately. This message indicates that the client process is exiting due to a "hard" termination signal. The "init_instance" refers to the fact that the signal was sent during the initialization sequence of the client process. This means that the process was trying to start up and it was terminated before it could complete the initialization process. This could be caused by an external event like a system shutdown or a manual termination of the process. This message is usually displayed in the log of the OpenVPN client, and it appears when the client process is receiving a hard termination signal, this error will cause the VPN connection to fail and it could be an indication of a problem that needs attention. |
RESOLVE: Cannot resolve host address: dallas.instasafe.net:1319 (Name or service not known) | This message indicates that the OpenVPN client is unable to resolve the hostname "dallas.instasafe.net" to an IP address. This message is displayed when the client is trying to establish or maintain a VPN connection, and it can't find the server's IP address. This error message may appear when the client is unable to find the hostname "dallas.instasafe.net" in the DNS server, or the hostname is misspelled or invalid. It could also be caused by a DNS server that is not reachable or by a network issue that prevents the client from reaching the DNS server. This error will cause the VPN connection to fail and it could be an indication of a problem that needs attention. |
RESOLVE: Cannot resolve host address: dallas.instasafe.net:1319 (Temporary failure in name resolution) | This message indicates that the OpenVPN client is unable to resolve the hostname "dallas.instasafe.net" to an IP address. This message is displayed when the client is trying to establish or maintain a VPN connection, and it can't find the server's IP address. This error message may appear when the client is unable to resolve the hostname "dallas.instasafe.net" to an IP address due to a temporary issue with the DNS resolution. It could be caused by a temporary issue with the DNS server or a network issue that prevents the client from reaching the DNS server. This error will cause the VPN connection to fail and it could be an indication of a problem that needs attention. It may be a temporary issue and the client can try to reconnect after some time. |
Could not determine IPv4/IPv6 protocol | This message indicates that the OpenVPN client is unable to determine whether the network protocol being used is IPv4 or IPv6. This message is displayed when the client is trying to establish or maintain a VPN connection and can't determine the protocol being used. This error message may appear when the client is unable to find the protocol information in the system or the client is unable to determine the protocol being used due to a network issue. It could also be caused by a configuration error in the client or server. This error will cause the VPN connection to fail and it could be an indication of a problem that needs attention. |
SIGUSR1[soft,init_instance] received, process restarting | This message indicates that the OpenVPN client has received a "SIGUSR1" signal, which is a soft signal indicating that the client process should restart. This message indicates that the client process is restarting due to a "soft" signal, which is a signal that can be sent to the client process to request a restart. The "init_instance" refers to the fact that the signal was sent during the initialization sequence of the client process. This means that the process was trying to start up and it was restarted before it could complete the initialization process. This could be caused by an external event like a system restart or a manual request to restart the process. It's worth noting that this message is usually displayed in the log of the OpenVPN client, and it appears when the client process is receiving a soft signal to restart, this could be a result of a software update, configuration change, or network failure. |
OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line | This message indicates an error occurred when trying to read a PEM encoded certificate or private key using the OpenSSL library. This error message occurs when the PEM file is missing the "-----BEGIN CERTIFICATE-----" or "-----BEGIN RSA PRIVATE KEY-----" line at the beginning of the file. It could be caused by a problem with the file format or the file may be corrupted. This error may also occur if the file is not in the PEM format and is not recognized as a valid certificate or private key by the OpenSSL library. This error will cause the VPN connection to fail and it could be an indication of a problem with the certificate or private key file. |
OpenSSL: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib | This message indicates an error occurred when trying to use a certificate file in the OpenSSL library. This error message occurs when the OpenSSL library is unable to parse the certificate file. It could be caused by a problem with the file format, the file may be corrupted or the file may not be in the format expected by the OpenSSL library. It may also be caused by an issue with the certificate itself, such as an expired or self-signed certificate. This error will cause the VPN connection to fail and it could be an indication of a problem with the certificate file or certificate itself. It is recommended to check the certificate file and ensure it's in the correct format, or check the certificate's expiration date and ensure it's still valid. |
DEPRECATED OPTION: --cipher set to 'aes-256-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-256-cbc' to --data-ciphers or change --cipher 'aes-256-cbc' to --data-ciphers-fallback 'aes-256-cbc' to silence this warning | This message indicates that the OpenVPN client is using an option that is no longer recommended and could be removed in future versions of OpenVPN. This message is displayed because the OpenVPN client is using the --cipher option, which is used to set the cipher algorithm used for encrypting the data traffic, but it is not included in the --data-ciphers option, which is used to specify the list of ciphers that the client will use during the cipher negotiation process. The warning is telling that the --cipher option is deprecated and that it will be ignored in future versions of OpenVPN for cipher negotiation. The recommended way to silence this warning is to add 'aes-256-cbc' to the --data-ciphers option or change the --cipher option to --data-ciphers-fallback 'aes-256-cbc' It is recommended to check the configuration file and update it accordingly to avoid any future compatibility issues. |
DEPRECATED OPTION: --cipher set to 'aes-128-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-128-cbc' to --data-ciphers or change --cipher 'aes-128-cbc' to --data-ciphers-fallback 'aes-128-cbc' to silence this warning. | This message indicates that the OpenVPN client is using an option that is no longer recommended and could be removed in future versions of OpenVPN. This message is displayed because the OpenVPN client is using the --cipher option, which is used to set the cipher algorithm used for encrypting the data traffic, but it is not included in the --data-ciphers option, which is used to specify the list of ciphers that the client will use during the cipher negotiation process. The warning is telling that the --cipher option is deprecated and that it will be ignored in future versions of OpenVPN for cipher negotiation. The recommended way to silence this warning is to add 'aes-128-cbc' to the --data-ciphers option or change the --cipher option to --data-ciphers-fallback 'aes-128-cbc' It is recommended to check the configuration file and update it accordingly to avoid any future compatibility issues. |
NOTE: Release of DHCP-assigned IP address lease on TAP-Windows adapter failed: The RPC server is unavailable. (code=1722) SIGTERM[hard,] received, process exiting | This message points to an issue with the Remote Procedure Call (RPC) service, which is crucial for various Windows networking functions. Here are some steps you can try to resolve the issue: - Check RPC Service: Ensure that the Remote Procedure Call (RPC) service is running on your Windows system. You can check this in the "Services" application. - Firewall Settings: Make sure that the Windows Firewall or any third-party firewall is not blocking the RPC communication. - Network Connectivity: Ensure that your system has a stable network connection. - Administrative Privileges: Run the OpenVPN client or related commands with administrative privileges. Right-click on the application and choose "Run as administrator." - Restart OpenVPN: Try restarting the OpenVPN service or application. - Reinstall OpenVPN: If the issue persists, you might consider uninstalling and reinstalling the OpenVPN client. |
Related Articles
ISA App Connection Error "Certificate Verify Failed"
This Article highlights the steps to be taken in case users are unable to connect their ISA Apps and the Error "Certificate Verify Failed" is observed in the ISA Log File. Issue The ISA App fails to connect and might continuously prompt for ...Windows ISA App Connection Issue Wi-Fi Adapter Disconnects Automatically
On Microsoft Windows devices, it might be noticed in extremely rare scenarios that the Wi-Fi Adapter disconnects from the internet immediately after the ISA App connects. The issue is most likely being caused due to one of the reasons mentioned ...MacOS ISA App Connection Error "This computer is not approved for use with InstaSafe Secure Access"
This Article highlights the steps to be taken in case users are unable to connect the ISA App on macOS and the error message received is "This computer is not approved for use with InstaSafe Secure Access" Issue The ISA App on MacOS doesn't connect ...Windows ISA App Connection Error "Host Compliance Failed"
This Article highlights the steps to be taken in case users are unable to connect the ISA App on Microsoft Windows devices and the error message is "Host Compliance Failed". Issue The ISA App is unable to connect on Microsoft Windows devices, an the ...Windows ISA App Connection Issue where the status of the InstaSafe service is stuck on 'Paused'
This Article highlights the steps to be taken in case the ISA App on Windows is unable to connect and on checking Windows Services (services.msc), it is noticed that the status of the InstaSafe service is stuck on 'Paused'. The ISA App Log File ...