ELF0@4Љ 4 (44@4@@@tt@t@ p@@@@t t H HJHJd@@@@ RtdH HJHJe(/lib/ld.so.1GNU pKBBBBB @ LH@ld@<#@ C pJJppp@ ppp&p o@oo@b]pBR e/D;]2 * <w9,E#?~RB` )/0i3l4Qnp2.Hfy<DxrdCC&}=P'%N  'Taq~ 7n[/&0G'*)pOLKhJIgk!$} 5.qjY<\It@a.:]ItX["K"u\v98ZA+5_VP2?4Mh^6i _5)S @ZO[4w"(3sl=w;JhZ%w-j-Qp&Mg lQNPk04#XnYt` Bo 6 CTZ|uMi x?(\6{FKvs?_}TG-3 Ne 7>b>AyY^UkgaXYu [~{mVyB:WzyN1L `0E"ncRs(+=#:#b1JoAPUcxu) qoWR18 FSG r{'mfjHo,+zxd:<*7~aD  $FLeC%c%!Lr@sV3,d mf-= ;kIH,57bD|EU9Sr H/zl+91;>Q .@e_|!T|]m\($6fWWj&^O8}gGOdMh>^cqEvV$*U!`2XFtA8KJSv{iz PC KBLH BJB0MH9CpK2CJDC K+C0@ &CKBJ=C K A $C HDD *xKG ԗF` :LH.;DX +jB, rLH {LH H fB@ .:pLH$DD| G  @ HK5dF `LH85Hx =PLH@LH ;0LH@ 8A| $A  hE, { LH/vF LHeUB *2?F  $PCt }A H'F| /JDX 3xeB =LH?KH3KH(}1|KA  G$иC w@C r?F Ed )F *`F G  3C "C KH8HX@ E "KH8,KHD) PI]BKH`hF .H @ 6KH5}Fp )@( |A  I66KH5pKH( )EX i QF "C0 :T@ PF 9`KHH2,G$ 6DC 5XFp 1F R"C( 0OD F&L D ,@iB n`B v(0H8 9PKH+6@KH'E ;vF @T $H C 90KH 0A C KH!KH&XC q B 30cD KHX,JHZJH)@hC N'Dx  yA@ /`hD 5JH(#4tEL .9A r| BT #pNA [8JH,JH8JHpv-d Bd #]C )D JH@#-C -JHG8Kh@ E` -,B  JA  CHJl`-CP SX@  ApJHT'pBh DbB u5oB 2`JH(u>PJH@JH0JH #\#C 7 JH#C( +;JH(H ;JHIH(,E ?,G( DDp IHDIH:IH3D @ ?DX +4kC =GL uFp c2IH(-IH IHi.B` PE #nC 33HD wE w!Cp 8IH/E< pIH(<{A, >(C$ q&0F  8@, ) AG XXB "0C4 $0C 1FT tA  \B@ F$ D@  %аF C FT '$F< K>`IH#PIHb9@IHX4@0 &0IH5F 94K! IH?DX  Fx 1PGL .h~F -,JA` @DVF 09K n;IHw9IH8LBx ;/@ A E )CF\ NBHH64@ H"HH84HH\C %1OA  GP El N lvB  H A, :HH-HHp6dC El @_FD &-D` HHhE [ (@, /H <HH$@\ -E( 3@ G\ b&B ?|B QD@X 5F| @ /F< H`;C jB`H@ HHCHJF( pHH`HHxE  ~PHH!@HHd4(E H  9HH @ d:CP 8`@ AlED ?Gl 20HH: HH  :RG 0I`i)HX HHx, F (C  { HH42@h Z F` UA >GHG:GHjGH@ 7GHeD QEt UH 4A 11ZA /`A  ;GH>GHp `A ,GH6XF0 pA f*@.C =GHF@ :C )BpGH80K$ XzA@ ]/@\ El *=`GH$C  CF !PGH DG ((C g4@  QtB -LB 'pC @ c H @GH 3HC x)A t)C Y70GH# GHD*mC  ?A 2XE, {A, ]LFp <GH> Ft \ C4 h[CL }@bC  v=GH@P F$ 3C q-FH$9FHO)C *FHD6dF  E PgBt A TFT 9FH3p FX 8@X <FH8FHD&E| ['F F A@A0 A F K<FHPFHpFHx &G A `FH@ x,GP C)(C< SBPFH(i#LCH %C 3A  =<@FHl!0FH dA wB ,@EH/AX @ b(DE *C 4%G ;EH4@UF !EH H = G 6!GH aEH U )G` 10@X B5uF d\A| 0 @ Rh@4 $\5Cp H +|G Jf `B 0C( 2@@C EH(+mC 0hA  DD  ,3EHDDt ',F #\C &G /C( *&hD  "&C =@@  {@gF\ Z=G ,KE4 !FH pEH(H1JA ]2`EH<PEHP)"@EH(.d_C !Cl %Cx 0EH S EH ]TPDd W(`E $ C C `A  }A UEHX+~C` :H F p$D C ?toF AEH$wBTH y"DH(DH($F< FDF *8DHll8DH W6DH 7&ĵCP 8,@d #DHJA  DH:DH @$ v*|~C  1F >pDHH7 G ,@  -CH@#C  /C` A` CH 6غF| xPK!p@ 8FT pA @ EAl CHAT _:pCH8`CHp`cC O E KAl D@ =@ ;PCH(=@CHx"0CH CH$h Bx zAx ȉBH 3JA 6șC  B @ -)\E yFx @ Kj6CHY@LfF 6F >!@$ -?CH4 WA< 9pnBH 'C  0B8 \.4ED N#\C X F8 (.C m0BH C< Z3pA !C0 hF ~BH c7 BH (Ex R-A` 5E< (hB w zC BHx).fD <BH C 0'}C0 d@X E 1lSG 4ĀF AxF8 B@HHdAT BF  tF@ #@B (F -{A m(pB| B< 6C v'lC$ 8@H\"B BL %t Dl @p S+l=C / B .tA @ R!@HaC| 3C  1 F D6hjFh ;>JC 2?Hd4@NF P-Al  N?]Fl LD@ .G, ?H(t% UB -?H)9?H@-B %C 'PkC W*@/C AnBd  F\ ?H]7?H G lB A EB aF +cDd 0A` h8C 8?HD?HD%<p?H: HT ATF j`?HP,!0Ch YDBT @@0 P?H#@?Hh3A\ 1+B i0BDD cB0?H`-D ( \H 3|A0  ?Hw.TC ?H?H`aB V>H43>H(!>H(@ F ]XA <>H 5F P,$hC  K=>Hx">H8$4!H DA  hCG$ xF( ;>H @9>HXw4A$ |}BL !"1C AD  &T@ \BH eB 3@ "5@F0 0B r,hCd _>p>HXcPB@ 9`>HaAYF -B b0A4 /H n(D  <P>H`!C $ G =JA, @bF Z KC *HG %C :=@>H$A;0>H0B 3"Z,0Fl  >H8>H 2G$ >H!=H=H||A =H(l4C e$F  k._B G8 ./F  A r=H H!C % C\ $B ;:=H=H=H=HxnD =p=H&@C( | A ,`=HKA  0E A"̶@8 *Ct 1@ET *CT P=H`OHF ,F E % Dl >@=HE 0Fd E ԌE $F@ UP%Gh 0F Z0=H =H<E }?=H9B=HlE )E qNG 9!#b)@B( @,($ 0'D ! R$!#"#b@*B@"\!b#R!(!  !0@@!@D ! R$D ! R$!D ! R$ <ܩ'!'($ <'<!!!8@! !@!0@($ !`0' @ M$ S$!( !6j@!6 P\$ a$aŽ@(' Ǝ0!  '@bN@< !6G@!6 P]$ a$> ŽB00@Ž6@<@BB4+g@('HL@D! @' $u@b@< !6@!6 P ^$ a$ !( M$ I$R!( M$ J$<F< 4q@3!@!Y$ ' ' xc$!(@! P$ $F< P4]$ !0@J34 !  <`C'!p'|xtplh(0@!{@D (D| !@C0$(*bb$B,d@ M$ }$@'(`"%$ #! !e! #B0! *D;@ M$ $( B0@b B,@F<D$`!( !0(s@DЎ ( !@@!@! @,($ 0'⌍!D B@'D@$&8#@4&ԉ! !0!(@ !8!@셙!(,($  0'aL C$b ,!0! `Hi$ !80 $ehB$$< !6@!6 P&h$⌈$D(E,F C# ! !(@S!@ $eiB$$< !6@!6 P$i$!0`,($  0', &$ $PiB$q !6N@!6 Ph$ !0`F <'!'@<840,( @!Q&C&b\@$T&DD !( ȍ HF&@D `P& $T&@D`P&ȃ`P&!(  !0 b܌efg ! C C`"@b C$`P&b&@t   @D !(  "%P& "#$% @<840,(H'C<bЃQ&0e4f8g !  C`t& !(  !  `c C  < '!' ?!@".@D0$@"@! Ć! <%& $@!  ('H%&  ('%& H&&@0!  !(D0"hE4& H$& th$ $ <'!@!(@  <'!'40,($ @!D$!!! ! d!(` F$!@2F+E! T%< `@ !@40,($ 8' @!(@$ !0@ P! di$ !8`!@ <'!'($ !Ć$! <& $,@5@B$@@%@!@D $܋!0 !8&D$db !   ($ 0'8! !( !0  b$ /B!D!*@#d*e@!(` K*@#d*e@!(`  9!<"*b@<#@ 40,(8'  "ic$CD'x%& &&!@$b$ !  ! @B !!( <'!'TPLHD@<8 ؈('!!!0!  @$ $D!0 $ $D!0$ !@ $H!0$ !@ $H!0$ !@ <$&Ј!( !@ !  i$!0 !84 `! 0@,! bTPLHD@<8!X' <<'!'<840!@B(@<840@'h{9' l$@'؈'!(@! !0@ @T !( .@ ! (n$j@ ! X$0$ !8!   i$!@!  i$ !  @!  !( CE` <@ ! @ !(  i$ ! @!  !( C` < !4@("$@ !0 P @0 ! 7!*e@@<D}Ć!(@ $@t ! ؆ !  !  !  H$  efb!( ^0 l$ $ r&K#G# c$B$ BE! `!(E! !0 !q*b `$$$0C%D$ b BCDE 6 @6 PF( m$ F< d6 /@d6(F 0Pn$ !8 !3 <'!' $! B,!T$@n$  oB$!bde! (' <4'!'$ ! *!n$ @e$ #Qc$`C g$ n$0!&*@*P`! !$ ('  <`'!' !P  'B, < '!'0,($ CÌ!0&`Q0$F¬@Dd b*C@ B1@B0,($ 8'B5@$ oB$o$!0f,!bdŌ|9' !@bB,?@<b!B oc$,!CDP9' @bB,@F<! oB$o$!0f,!bdŌ|9' !@$ 6@6 P $o$! 4@B@(F$ P<4n$ !8 nF$ <c8b!0`Hd!(@Pc4 Lb4c,0dTc9' !(`! `!(@ 4, |Q$0e8f4g!  ,v&8e<f4g!  ,v&0e<f4g!  ,v&,b)$ 4@$,9'  '!0@ Ps$ 4$ 4@ Ps$ 4$b(@b8&$+c, u`8u$!( p$ $؈('$!0` !  ! !  t$ !0@4 0@,!(! ` 4r$ Pr$ 4< PPs$ 4H fe'0%0$$HpLePf 4 4@$,9'  '!0@ Pt$ 4 4@$%b( Pu$ 4s$ Pu$ 4t PPv$ 4K$ Ps$ 4$b( 4d@$`b8d$ !0` db!( !0`$cc0``b bd,Tb$9' !(`! `!(@ 4Pd$!( !0`db$!( !0`$cc0O`b,p q ! `! !(r !0`! !(!0` !@!0@؁! @!( !8b,@!(d!0`$,l9' ,$9'  '!0@ PPt$ 4$b8 fe'0%0$$HuLePf 4d e!0` fe'0%0#0$HuLePf 4!(!(!@!H $$B00F$WC$ B,@)%$$*%0F$WC$ B,@B00F$WC$ B,@)%$$*% <'! '<\'!! @! !D( ! ! @D!( !0@e&D$ ! @D ! ! @D!(  !0@!  d tv$@Ȍ'!  !(@8',!( `V$! ! < ! @! @D!(  $e&D$ ! @D ! ! @D!( !0@! @De& $7`D ! ! @D!( !0@e&D$ ! @D D! @ !0@e&D$ ! @D ! ! @D!( !0@! @De& $D!( ! @  $('Ȍ!(@ ! ! ! 'D$! @ e&D! @  $l <@'!P'<('!! !! !D( ! !(D!  !0@&D$ ! ! D '! D!(  !0@&D$ ! D ! @! D!(@ !0@! Ȍ !(! ` d`v$ <@! ,`9' ! ' ! D!( $&D$ ! D ! ! D!( !0@&D$ ! D ! ! D!( !0@! Ȍ !( <}'!'@<840 '!! ! ! !8$!@<840H' |v$v$@!  !( L $!  !(`v$ @$@!@L ! !@<840H'C`$ !0@ Pv$@$ $B,#bD<` B4< B4 <|'!'!C0+b@!  ' !  P@w$  ' <{'!$!( p$ @!tp@+ $4$ b$;b`$7$B0@!܆ $)C@ $.`*#@!`,9' ! @  (', ! 9' ('\ $bB, @!@2@@x $@x x C$b,,@9' X&@$b<&,&, @@@<``` ```$b& @@@,! 9' !(D@& !0\  & @$ p&&$ ! $R ! Rw@DX D$D @hlo@$Dt,p9' ! 1@&$  ('b$+b&$D%& $@ Py$ $&,i@&d0[@<&L,&48@0Dt̃ ! l x 脙 $ b0 lD$h,`9' ! $C$ ċ  胙 V 6"*BJ h%@%H&%D%e䎴%iȀ%HJ- 0$&`! @!( H&$0*`⮨`"䎴h $0C!@!  0@!(!0@!8  ! `0@! ⎴厰䎸č 0⎜Dh 0g@ d,48'$!0 v$` !!@0$D!0  $0h$ ̈wB$@!"@! $b @c$$*@,($ $0'< H4@B2&@(G$*@$B$(P<H4 $,($ !0' XZG$($ $ XZB$ < '!'!(l$ !$ ' <'!'!x@! @   ' E!H0'!(h9' ! b$@! bq4m&^$!R t@*Q`*2@* *! @R&##(!( !(b*B@09' ! ` $b cdeD@<840,(H'!($ 5 $ <ɜ'!' !($  $ $D @!@0!( h9' ! ! ('   @t"B0h@C`<(@h$ $@ 'HD@<8P' ! @("!8x%& $!@09' ! HD@<8P'"@ ($$J$bB,@(<(@h$ $ @  '(0! 9' $ȏ C`< !d6@'!(< t'!' !@$ @!  ('0ж9' !@@!  !  ('!D ! B,6@ 'X! !( !8 =!@`d!  !8@<`! 3@0!(@ "9' !0! `, !(@ @ ! D@<840,(H'(ȩ$ $ 'X! !( !8 !@!! ` !(0!(@ "9' !0! @ !@@!  @$@!0 (P|$ @$0&d9' $! 0&!(9' !8'!'X! $@t$  ' $(P$@!0 <>'!'І! $@@$ 'C`$ $(P@8$  ' @$(P@$ '<0='! <='!'@!@ (P$ !0@ @$ ' $(P@T$  '` T" $&! H!(   $+`$\f`be|dŒ@$茙Xb& !8`H! !(`  $!   $!   $(P $ $B,! @hF< 6@0|9' ! @6(PT$!0@ !8` B.@$!PLHD@<840X'!`(P$$ !0@*B$B$p7`<$$$@@!@p!@$!$(Pش$ !0@r! P $p$P!  $h$v $P!  $Y$i$P!  $U$($ $($ $(& $& $($ $($ $: $6@0|9' ! @$6(P$!0@ !8`$ 6@6(P $<'!'$       臙$ ( (  $( bC `0'$       ( '(( $$ ! ( 4$ ! D ! (  $'@ $' !  !(@ ! 0Db$(( #b$a# <@BB4!b`$p (@ $H0@(BP@H@,E $"S!  $ $030SD!($ '&0& ' ! ! !@ ! @ 0bd@#C ! "H"s@!"!be,v@$cb0@b0c@$b@"s&*b@ b)@D%!@4̆P$! b@D @ !(@! $@$b$@H ! @ ! $􁙏 !  !  ! (  ! 4̆9' !8$'$/$B@b! $d u($ $cb0~@b0d@$! !(@! 4 !(x@!@8^$  ! !@$!C! !(!0 !8x@!@PB,@Dl!(!  !0U^$lB,@F<@ ' 4@!(! w$ ! @ ! !(@$ $0$(B! !_! 4!( $̆9' !8@ Yd ! @Q@{ $! !(H$($ $!(B,@F< 6@6(P |$ $#@!@TÎB$ CҮU^($ ]$D/($ n$E D T 6j@!  '6(P\$ !0@\&< 6E@6(P $=#C!0<֜'!'( $$ !( $  '@@$(0' @$(P@$ (0'<5 <ޱ)5''0! +8!(!Er%pn4dF!(@z%`l%@hN BR&S<$C@'($0$`$(T'$!0P&' TX\`'! !($ !0@(4 b c$h$ '$!89& D ! 1&!0@!(!8$$!  D ! !0@!($!8!   $0 HM @L !     '4 T$!( !Ȁ t''!  !('䂙!0$!(@4' ! `!( !Ȁ {''!  !(!0䂙$<'! ` '!( !Ȁ ''!  !(!0䂙$! ` ''! !( $!(@(4 b c$h$ '$$!89& w'$(DŽ$ $4Q&!  \$o@\'!( !  $x(DŽ$ $RC`' $@(Pǥ$ $'(a*@`$,`!(' !00&!,c$(&T! @@!$EC$!D*b7@$!$! 1C(b B,$@F< 6 @6(P 0̥$  F$(D$EC$!D*b @$!$! C(,c$d*@!,b#bP$ $!@C&G  FG0 (DEC$!D*b@!b B,@F< 6 @! @4&9',q$p,r # $(P6x̥$!0@ $  F$(D$EC$!D*b@$!$! C(,c Fb0%b(D$EC$!D*b@$!$! C() B,r@F< 6 k@6(P \̥$ c Fd(Da$EC$!D*bZ@$!$! TC(b B,G@F< 6 @@6(P  ̥$ 8 6 1@6(P  ̥$ )$b!!( &!( W$ "$D "E$$ 8''H<8(@D H& $ DХ$$! @!$(' !  '$8'Q&DE! ` ! @!(` !0@! $ \$6@!0@ $!H $ $!0@b! @$b!  ! @D !@B$B(D@! @ QÓ!BCD $+(LЄ$ E $4'0#@,! !(! ̊ !@ ! ! @!( $H0  8$! <%'!' H B, '! '@(dF$(P2<4 8ܥ$B,&@2< 6 @(PHܥ$ 6bB,@ 6@(F$(P6 Tܥ$B,@2< 6@(F$(P6 lܥ$B,@2< 6 @(P掌ܥ$ 6bB,@ 6@@(dF$(P2<4 ܥ$B,@2< 6@(P掼ܥ$ 6"B,@ 6@(Pܥ$ 6"B,@ 6@@(dF$(P2<4 ܥ$B,n@2< 4@u@(dF$(P2<4 ݥ$B,T@2< 4@:@(dF$(P2<4 ݥ$B,:@2< 6 @(P<ݥ$ 6bB,$@ 6@@(dF$(P2<4 Pݥ$ 2< 6@(Pե$ 6B,@ 6@(F$(P6 ե$B,@2< 6 @(P ե$ 6bB,@ 6@@(dF$(P2<4 ե$B,@2< 6 @(P֥$ 6bB,u@ 6@ @(dF$(P2<4 ֥$B,[@2< 4@$q@(dF$(P2<4 (֥$B,A@2< 4@(r@(dF$(P2<4 <֥$B,'@2< 4@0[@(dF$(P2<4 P֥$B, @2< 6@(F$(P6 `֥$B,@2< 4@,+@(dF$(P2<4 x֥$B,@2< 6@6(P ֥$2< 6@(F$(P6 hݥ$B,@2< 6 @(P掄ݥ$ 6bB,@ 6@(F$(P6 ݥ$B,@2< 6@(P掼ݥ$ 6"B,@ 6@(Pݥ$ 6"B,@ 6@(F$(P6 ޥ$B,y@2< 6@(F$(P6 0ޥ$B,`@2< 6@ (F$(P6 Pޥ$B,G@2< 6@@6(P tޥ$8 4@H@(dF$(P2<4 $B,g@2< 6 @!(L '!0@(P0$ 6"B,O@ 6 @!(P '!0@(PL$ 6"B,7@ 6 @!(T '!0@(Ph$ 6"B,@ 6@X(F$(P6 $B,@2< 6@(P\掰$ 6"B,@ 6@(P$ 6"B,@ 6@(P$ 6"B,@ 6@(P`$ 6"B,@ 6@(Pd $ 6"B,@ 6@h(F$(P6 <$B,@2< 6@p(F$(P6 \$B,u@2< 6@l(F$(P6 |$B,\@2< 6@x(F$(P6 $B,C@2< 4@|@(dF$(P2<4 $B,)@2< 6@t(F$(P6 $B,@2< 4@@(dF$(P2<4 $B,@2< 6@!( '!0@(P$ 6"B,@ 6@!( '!0@(P$$ 6"B,@ 6@A@(dF$(P2<4 H$B,@2< 4@*@(dF$(P2<4 \$B,@2< 6@(Pp$ 6"B,}@ 6@(P掀$ 6"B,j@ 6@(P掐$ 6"B,W@ 6@(P掤$ 6"B,D@ 6@(F$(P6 $B,+@2< 4@@(dF$(P2<4 $B,@2< 6 @(P$ 6bB,@ 6@(F$(P6 0$B,@2< 6 @(PL$ 6bB,@ 6@R@(dF$(P2<4 d$B,@2< 4@;@(dF$(P2<4 t$B,@2< 6@(F$(P6 $( lF$(HlF$(xlF$(lF$(lF$(TlF$(lF$(lF$(lF$(lF$(MlF$(zlF$(lF$(lF$(lF$(lF$(tlF$(lF$(9lF$(vlF$(lF$(lF$(lF$(lF$("lF$(lF$(+lF$(lF$(lF$(FlF$(lF$(lF$(lF$(9lF$(PlF$(glF$(~lF$(vlF$(lF$(lF$(lF$(@lF$(mlF$(lF$(FlF$(lF$(lF$(lF$(lF$(lF$(lF$(lF$(lF$<'!@@ @cb0 4+@cb0 4@cub0 4)@cib0 4o@(P$ 4g(P$ 4`cb(PH$ 4pb@(P $ 4b"@(P $ 4@(P $4 $ 4@{u 4 @(Pl$ 4 46@(P$ 4. 47@(P$ 4/xb@ 4@(P$ 4 4@cb0 4@cb0 4}@cb0(Pl$ 4hba@f(P$ 4lba@f(P$ 4tba@f(P$ 4xba@ 4@(PD$ 4@(P$4 !( 4@(P!($ 4(P|$4 !((Pl$4 !((P`$4 !((PX$4 !((PP$4 !((PH$4 !((PX$4 !((P$4 !(L(P$4 !((P$4 !((P$4 !((Pp$ 4(P$ 4 4@ 4@(P<$ 4(P$4 !((P$4 !((P$4 !((P,$4 !((P$4 !((P$4 !((P$4 !((Pd$4 !((PL$4 !((P<$4 !((P$4 !((Pp$4 !((P$ 4cXb0(P,$ 4cQb0(P`$ 4cJb0(P$ 4c;b0bCb-@b)P0b@$ bx@{ 4@$^@ 4W@(P8$ 4Ob@b@ 4D@(Pp$ 4<(P $8d@(P$ 4<R(P$ 4(P$ 4(P$ 4 (PT$ 4@@b@;LcPb++!b`$Bb 4;@(P$ 43(PL$ 4(P,$ 4>(Pp$ 4A 4@(P$ 4 4@(P$ 4 4 @(P$ 4 4 @(P$ 4 44@(P$ 4, 4_@(P$ 4W 4;@(Pt$ 43 4@(P$ 4x 4@(P$ 4b @(P $$y(P$ 4(P4$ 4bs@ 4h@(P,$ 4`(PT$ 4^$(P$ 4(P  $$Db@ 4@(P$ 4(P$ 4A 4I@|p$(P0$ 4d(P4 $(ЏLd $Pd(Џ $(P$ 4l 4J@|c$mb$c|Qb(P$ 4J(P|$ 4|p9$((P$$ 4c,b0((P$$ 4c%b0((Px$$ 4cb0(P4 `$v(P$ 4<'!h'|xtp !l ! Ԅ ! $% ! @<"@"w@|#$xb$"@$"R@$$S3X`"r@!@B@4!BR$!CE!@ ! #&b*@"O@ !  ! #`b@!8&'4&h'P!0!8ŒÌČ Ō$ $Œ2`l!( ! ! 4HR9' 4@!@!0!8 $¬ìĬ Ŭ$&ìb*@R&"H@!@(LD$ $!0(LD$ $8! <9' 4%&h"@$ b(LЄ$ $sle 4$&l< '!'@<840''!!0 !( ! @!(p!0  $! @!0@$ $ !@!  !(`!@@!  !@<840H'<,'!x'|xtplhd` p('T048<!($$ !0 !@893^$0'\X,'@'PX!(!0 $ P@@!  !(`DHL!@ , $p!(!0` !@ !@! !(!0@ $ ! @B@!(`B@!  ! H!(@ !@ !(H @!   @P@,@ ! ` X!(!0 $ @(@T  |xtplhd`'Pb+G@  @!  !(` ! !(` !@ (Pt$!0 !8` \b+G@  @!  !(` ! !(` !@ ! @!(` !@ (P<$ !0  @! (P$ @$(6$"3@4&l @'(,2d+%@ ! (@! (P  $(d+@ ! (@! (P t$((H$ ! (7@3@! 4!0 !8@$HK9' (@(H($ ! (@;<B4Dp!0  $!(@(!pB$eDH@4lW9' ! (D(H4$ ! (@@<4! 4!0 !8@HK9' (@4lW9' ($`\(HD$ ! (@@<4! 4!0 !8@HK9' (@4lW9' ($lh(HT$ ! (@@<4! 4!0 !8@HK9' (h@4lW9' (`d(Hh$ ! (!@@! 4!0 !8@$HK9' (J@! 4!($,V9' $(A@,$4 $|U9' !8(8(Ht$ ! (@<4! 4!0 !8@HK9' (%@$#P(H|$ ! (@@! 4!0 !8@$HK9' ( @4lW9' ((H$ ! (@@! 4!0 !8@$HK9' (@T(CD$#CbC@! 4!0 !8@$HK9' (@䍙 (@X(H$ ! ("@@! 4!0 !8@$HK9' (@\ $(@(PX$ $($@! 4!0 !8@@@`!0l (<R@ ! (K(H$ ! (@ @! 4!0 !8@@CT F@$4 0 0X(' $$C$X ! !!'(b0D  @$@$Px$ @$p !($p $$p $$p $$p $ $p $$ e$4 0 ! &􈙏4 ! !(4<! @&9' $x@$ c,x`$ ' !( Y! @$ $('8'''@'P'p'$'Y $@$8 < ! `6!.@ю  C$2(,"2@'$$$(   "!0  Y! @ !8 $E$,  B !0 y! ` !8@ P&&Ў$$ $LT(ptx|`PH@!D!b`XH `!D!b@#b}@<\$$y$x | ! @@ B,c@!`$4$$345 0 @$P!@"S"T"U 3"B,~@F<B*A@ $(b $gbx  `$$$ <$$P$ ! ؂ $$CB$` %$"#$$' $ ! @!0$D؋ $40,(8'<?9' ! @!0$` @!0b<*'!`'|x @!@<`8@F<$(!`T44'('$! @!( @$ !(@$ & @4 (H  $ @@@$(@ ! ` |x'8!0 ,'< ?!@!0$ 0'!0@, @0@Î` $$c`b$d$ B,# @!((bB,@"< 6 @6$P ,$ $E$<,('!'@<840|!$ !>'D !  E$,E@'؈'!  !0`! $ $! ( X$ !0(2$.@ !( "@ !( "` c$!$3@BD0Ib(+@$!<FF$0>6%0%G%0 *$.@b(@  ! @䘅&1&H!$c$@( ! @ $4`!0@!,!bXTPLHD@<8`'b(@ (c$F$!  $!(  '! @$ ϥ$ !0@$c$c$F$c$B$%g%E%C$(!@ )í#b( @$J%!ds`*`M$c$$@#@! '@<840!H'!@<840H'H#b(@X`"c$D$!(b#$dp$'$(! @ $@! @d!(  $$@bB,@F< d6@'!  !(! @!( !@d6$P$!0  !8@@ '$$c$#$c$D$!"c$B$#"@%26d0F$8~%0*"% %(: %%g%d&$"p@! bB,@ &&F< d6@d6$P H$ !8 &$Pp$ @$V! @$N@$P$ @$G!$Pt$ @$!bB,e@ &&F< $6\@$6$Pܝ$ !0U & @$@$P$ @$!bB,A@ &&F< $68@$6$P$$ !01 &|<@DH'4 !0@>'CBCC$X墨F< 6'@6$PН$ !0 @$A@!0$P$ @$:!<'!'HD@<840؈''!!$! !!0@ !! $ $!0`+!8 (`!$@ !b! !( !0@! l!0@ !(@! @ HD@<840P'$! Ğ$ !0`<'!8't !! !bH$ $@D & !(@$@ $! 9' $bB,@HB0@(@&$! &bB,@$B1&*"@&(@ ('<}9' ! $@$"7@<}W$$'H'!&1'!!( D$0"&0,! ! @!(<! z9' 4'@%$$1@! @$!@!,&b*@1& @X  '!'$P&<$ @$!0 ! @$ 08! ! @Ž@!Ž0<@D ! @@Žb@$HZ@,4HL!L'h08<@D,\B`CdHhDlEpFtGR&4H&*@s&T*"@9'@@$ $$P$@@$$T %$ !0f4bB, @ $@$P장$ $@Y<ŽDH@$@,!($$ !08$:@! 0 ! r@<!(! z9' <'R@%$$&@!0@D ! j@! !(  $DN@$@H$d@,!0%$!( &!0@ @ @$,@!0!"@ @$@$Ph$ @$$@! Л$9' $$ % !0<$P,$ @$! @$@$P&'$ @$ $X@ ' !(!0@$PО$ $J !(T@(' !8@P!0 $  &G<ݜ'!$!@! $fЛ$9' $BB4+C` $! 4$  '@ @$@$P p$ @$<$>BB4+C` $! 4$  '@ @$@$P H$ @$ 6@LY& ! ! и& !@$P6$!0` !8<'!!8!@$`$b! `@d`9' `<ԡ'!' $D@!@! !( $$!  ' %8%8'%GBC0>1%H%g)- $ %C"<'!'$ !D B,@! !0.$$b$( B,`$@$ !('g!0$b$( B,`$!  'B8$ B,('<̛'!' ! !@$ !D !  B$<B,􇙏! 4@!0! !`(' + !`('< '!!0$b! `!@L9' pŬ<̚'!' !$Q! @ ('  ('`2tf$!8!@ < $!IC$b !@$ JC0."%D%e%C¬$tG$¯2 b$b$G$$dG$$ĪG$$ i@< @  'd $c&*P@$hL`$t Ž@BB*@ b` ! @$d\ $@ $ @@@p`9' $!@," @,;`Q`! @!($ @$^S &#'!T"@$C`!< !6@!6$P ,$! !6@!6$P d$!C`!< !6w@!6$P $p!Cj`!< !6b@!6$P ȳ$[!CU`!< !6M@!6$P $F!'!' $@ B$d09'  ('<='!'($ 0!! !$$+$! B(&!0@!8`@!(l! #@$X! @!(@ !0`0 ! ($ 0'@t29' B8Q,  <<'!',($ !!g!@P$fЀ  $fF$"@!"! @(G@! $@! $"!T*C@,($ !0' $$$ C $"!T*C@`'! !(` !0@'`!(r!  !0! ``!( !0! t`!(  !0@,($ $0'! $$$ ' $$$ * $!<:'!'$ !!@$!0xD &!0x! $  ('$ ('<$:'!' $! (' `!@!b@409' ! ! !0@ !( ('y& 4܈-$ _$`t $!@$`$ D$!@t!@!0 ! @ !(A$*"! @, !( #@ ! @@!(@  '@@$\ t' !  D!  !@!  @.X@t' Ǝ<4>y& ! X.`@XÏ`!#@!#bDEDC&hdf gEEDD FFG GHH`X(@ PÏ*d@Pï$䋙X4'P$!  @$lĎ !(`䎬 h ! @X$䋙! \$@$ !@ĎH!( !0 @>9' ! XÎ`X@`(B0@4$bi@bB,,@< 6%@@XĎ(,9' $P6$ !8@ !@!(@ '$  D@!  @U$ ! D@!@$䋙!(8$!  ! X$0$ _$ X_$0$ $ l !(x !  r"B,@< 6@@XĎ(,9' 6$Pl$ !0@\Ž@ŎXz@PЎ @X@ĄĎ $=@LŽ0@ (lĎx$ $$|XLƎ $$ЌF<$ 4tŎ $! @ !@X@"B,@TŽ,@P  ! @8@!@\Tǎ! @l$ $>@! !(!0 !8@!@B`P ! ԋ !(@@ @$F@ ! 􎙏 ! `"B,@@ 'bB,P@ D6I@ ' xB$! !(!0$ D6$P¥$ !0@5 6@ ' xB$ !0$ 6$P(¥$ !0@ xB$! `!( !0$ !0@$P$ D6<'!'840,(!!B,@ 840,(@'F< d6@ 'B,!@ @  ' xB$! 0$!0$ !8@$P<¥$d6 !0@ d6"@ 'B,@ d6@ ' xB$P$& $!0$ d6$P`¥$!0@ !8@ xB$0$& $!0$ !8@$PP¥$d6 !0@<'!'0,($ !!!T@$!F! $!CbB(@$b @b@L b*I@! $p"&`B!0 CF$b CD,%e C$4@0,($ 8'L&&bB,@F< $6,@@ '` B@$C B@@0,($ 8'!`!`F< 6@6$P& p¥$@! .9' '$6$P¥$ !0@<`'!'LHD@ ! C!!`(@ ,' ! @!( 39' $ .@8|,04 !  6`  @` b(@c$ B$(@ (' LHD@$P'C2`<((@! (' LHD@!P'C`< !6 @! @ (' !6$På$ !0@ LHD@P' !6 @! @ (' !6$P¥$ !0@ <'!'XTPLHnj!!*! Ì`!Œ!b F$ˆ%"bB,@F<0  @!  'XTPLH!`'!XTPLH`'0M $B*G)@$'$!( ! BCGH B4!0`! 4'48<P9' @!@ !  @  '$bB,@F< $6@! `  '$C$P$6å$!0 !8@bB,@F< 6@! `  '6$Ptå$!0  !8@x 6q@! `  '6$P<å$!0@ !8 b<ߜ'!',($ 0! !MB(@&!0 !,($ 0'@l&40Y& ! @ !@40Y&!40Y& !  '!0@$ 9' 4DX$0$ _$`$x  9' ! ``"$SĄ $c@8@('H! @ $ bB0@<@ $dlx$ $$bl@$苙d<$ $'!@Ȅ$!8!($! @ L$@! @\& !@D@!  \&x ! /@(lDT 4¥$@>9' ! (|FH!8@ ¥$tEH $! @ !@o@$b@(Ld ,$BH@LH $.@ $' B0@8 $"b@<!( $T@LHP0 T@H! @ !(@X5X@!!C!d$! `B`&/@!(@ *@@$Tx!( !0 !@$H!  $@LC"`<,@̊ ! `L@@& @ ! $ !$6@$P!$6`ƥ$ !0pw2jomT%L@H ! @@b@ ! QCW`< !6P@$P!6 ƥ$H B0@<"@$l!0@ ȥ&lD(D ,E$(lDT 4¥$! @>9' &@$@79' ! @$'$苙!0@ǥ$ @! @ !($lB!0@ ǥ$$@@ xCD$!0 !888$b@@79' ! @LD( ,E$lDL ȥ&)$ $&@&\9' @!(C`< !6@$P!6 ̥$ĄD  $@ $xCD!0 !8@LЂ ! @pE !  bB0@C`LDL @B,c@c@< !6\@!6$Pȥ$ @$T B0@<bG@$l& !0@(lDD ,&(lDT 4¥$@>9' !  GXF LD ,&lDL &j$$ldL ȥ$(DlD ,$ XZR$C`< !6@$P!6 4ǥ$Ąd $@$`@$L ! @b4@ !XZR$b B$b d ! @!$Ќ0 Ҍ@!Œ!BC$¨c0rt&B,/@! C` !6 @!6$P Pե$ RL' !6 |@!6$P ե$ tn@< !6 a@!6$P ԥ$ YF< 6 @@6$P `ӥ$ $ 6 ,@6$P ץ$ %$ $6 @$P$6 ,ץ$  !6 @!6$P ե$ b$9b$=b(TG$$Pإ$!0` @$$0! `$ $$ $ $ $!( $D f$G$$G$$G$<\'!' !B0$@!( '  !(@& b@$؄$@$`` '  '<\'!'0,($ !!@B0@$  "@ !&"` `f$!cB$$b $b $b ' $&#$!D*b;@!$H@FDJz!(B!#0b<X <@!@ $!x =$!x <$!x 4$!x 2$!x ,$!x +$!x *$!x ($!x "$!x $!x $!x $!x $<#'!'<#'!б9'  '[NULL]buffer.c fatal buffer size error, size=%luattemped allocation of excessively large arrayWrite error on file '%s'[%s]%02x[more...]crypto.c[null-digest]Key file '%s' used in --%s contains insufficient key material [keys found=%d required=%d] -- try generating a new key file with 'openvpn --genkey --secret [file]', or use the existing key file in bidirectional mode by specifying --%s without a key direction parameterMessage hash algorithm '%s' not foundMessage hash algorithm '%s' uses a default hash size (%d bytes) which is larger than OpenVPN's current maximum hash size (%d bytes)Unknown key direction '%s' -- must be '0' or '1'autoInitializing OpenSSL auto engine supportSO_PATHLOADOpenSSL error: cannot load engine '%s'OpenSSL error: ENGINE_set_default failed on engine '%s'Initializing OpenSSL support for engine '%s'OpenSSL Crypto Engines %s [%s] The following message digests are available for use with OpenVPN. A message digest is used in conjunction with the HMAC function, to authenticate received packets. You can specify a message digest as parameter to the --auth option. %s %d bit digest size --no-replay or --no-iv cannot be used with a CFB or OFB mode cipherThe following ciphers and cipher modes are available for use with OpenVPN. Each cipher shown below may be used as a parameter to the --cipher option. The default key size is shown as well as whether or not it can be changed with the --keysize directive. Using a CBC mode is recommended. variablefixed%s %d bit default key (%s) Cannot open passphrase file: '%s'Read error on passphrase file: '%s'Passphrase file '%s' is too small (must have at least %d characters)[null-cipher]Cipher algorithm '%s' not foundCipher algorithm '%s' uses a default key size (%d bytes) which is larger than OpenVPN's current maximum key size (%d bytes)Cipher '%s' uses a mode not supported by OpenVPN in your current configuration. CBC mode is always supported, while CFB and OFB modes are supported only when using SSL/TLS authentication and key exchange mode, and when OpenVPN has been built with ALLOW_NON_CBC_CIPHERS.******* WARNING *******: null cipher specified, no encryption will be used******* WARNING *******: null MAC specified, no authentication will be usedDES-DESX-CRYPTO INFO: n_DES_cblocks=%dCRYPTO INFO: WARNING: zero key detectedCRYPTO INFO: check_key_DES: insufficient key materialCRYPTO INFO: check_key_DES: weak key detectedCRYPTO INFO: check_key_DES: bad parity detectedPRNG init md=%s size=%dERROR: Random number generator cannot obtain entropy for PRNG[[INLINE]]Cannot open file key file '%s'Read error on key file ('%s')Key file ('%s') can be a maximum of %d bytes%xInsufficient key material or header text not found in file '%s' (%d/%d/%d bytes found/min/max)Footer text not found in file '%s' (%d/%d/%d bytes found/min/max)%s (cipher): %s%s (hmac): %sCRYPTO INFO: fixup_key_DES: insufficient key materialCRYPTO INFO: fixup_key: before=%s after=%sKey #%d in '%s' is bad. Try making a new key with --genkey.ERROR: Random number generator cannot obtain entropy for key generationCipher source entropy: %sHMAC source entropy: %sCannot open shared secret file '%s' for write%s # # %d bit OpenVPN static key # Close error on shared secret file %sEVP cipher init #1EVP set key sizeEVP cipher init #2%s: Cipher '%s' initialized with %d bit key%s: CIPHER KEY: %s%s: CIPHER block_size=%d iv_size=%d%s: Using %d bit message hash '%s' for HMAC authentication%s: HMAC KEY: %s%s: HMAC size=%d block_size=%dControl Channel Authentication: tls-auth using INLINE static key fileINLINE tls-auth file lacks the requisite 2 keysControl Channel Authentication: using '%s' as a OpenVPN static key fileControl Channel Authentication: using '%s' as a free-form passphrase filetls-authOutgoing Control Channel AuthenticationIncoming Control Channel Authentication%s: missing authentication info%s: packet HMAC authentication failed%s: missing IV infoDECRYPT IV: %s%s: missing payload%s: cipher init failed%s: buffer overflow%s: cipher update failed%s: cipher final failedDECRYPT TO: %s%s: error reading CBC packet-id%s: error reading CFB/OFB packet-id%s: error reading packet-id%s: bad packet ID (may be a replay): %s -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warningspacket_id.hENCRYPT IV: %sENCRYPT FROM: %sENCRYPT: buffer size error, bc=%d bo=%d bl=%d wc=%d wo=%d wl=%d cbs=%dENCRYPT TO: %sEntering OpenVPN crypto self-test mode.TESTING ENCRYPT/DECRYPT of packet length=%dSELF TEST FAILED, src.len=%d buf.len=%dSELF TEST FAILED, pos=%d in=%d out=%dOpenVPN crypto self-test mode SUCCEEDED.TLS Error: error reading key from remoteTLS Error: key length mismatch, local cipher/hmac %d/%d, remote cipher/hmac %d/%d-----BEGIN OpenVPN Static key V1----------END OpenVPN Static key V1-----Non-Hex character ('%c') found at line %d in key file '%s' (%d/%d/%d bytes found/min/max)Non-Hex, unprintable character (0x%02x) found at line %d in key file '%s' (%d/%d/%d bytes found/min/max)Authenticate/Decrypt packet errorExtracted DHCP router address: %s%s%s%s%s%s%s%s%s %s%s%s%sExitingINWopenvpnOpenVPN: Out of Memory %s: %s (errno=%d)%s (OpenSSL)Options error: %sNOTE: --mute triggered...%d variation(s) on previous %d message(s) suppressed by --mute%s %s returned %d%s %s [%s]: %s (code=%d)%s %s: %s (code=%d)Warning: Error redirecting stdout/stderr to --log file: %s--log file redirection error on stdout--log file redirection error on stderrAssertion failed at %s:%d[scalable]PO_WAIT[%d,%d] fd=%d rev=0x%08x rwflags=0x%04x arg=0x%08lx %sError: poll: unknown revents=0x%04xevent.cSE_WAIT[%d,%d] rwflags=0x%04x arg=0x%08lxSE_CTL rwflags=0x%04x ev=%d fast=%d cap=%d maxfd=%d arg=0x%08lxError: select: too many I/O wait events, fd=%d cap=%dSE_DEL ev=%dError: select/se_del: too many I/O wait eventsSE_RESETPO_DEL ev=%dSE_WAIT_SCALEABLE maxfd=%d tv=%d/%dSE_WAIT_FAST maxfd=%d tv=%d/%dEP_WAIT[%d] rwflags=0x%04x ev=0x%08x arg=0x%08lxEP_DEL ev=%dEP_CTL fd=%d rwflags=0x%04x ev=0x%08x arg=0x%08lxEVENT: epoll_ctl EPOLL_CTL_ADD failedEVENT: epoll_ctl EPOLL_CTL_MOD failedPO_CTL rwflags=0x%04x ev=%d arg=0x%08lxError: poll: too many I/O wait eventsPO_INIT maxevents=%d flags=0x%08xEP_INIT maxevents=%d flags=0x%08xNote: sys_epoll API is unavailable, falling back to poll/select APISet FD_CLOEXEC flag on file descriptor failedSet socket to non-blocking mode failedtls-errordelayed-exitServer poll timeout, restartingserver_pollInactivity timeout (--inactive), exitinginactiveFatal TLS error (check_tls_errors_co), restartingforward.csocket.hconnection-reset-inetdConnection reset, inetd/xinetd exit [%d]Connection reset during exit notification period, ignoring [%d]connection-resetConnection reset, restarting [%d]readport-share-redirectSENT CONTROL [%s]: '%s' (status=%d)auth-control-exitI/O WAIT %s|%s|%s|%s %sAUTH_FAILEDPUSH_RESTARTWARNING: Received unknown control message: %sWARNING: Receive control message failed%s READ [%d] from %s: %sdecryption-errorFatal decryption error (process_incoming_link), restartingRECEIVED PING PACKETTUN READ [%d]TUN WRITE [%d]write to TUN/TAPTUN/TAP packet was destructively fragmented on write to %s (tried=%d,actual=%d)tun packet too large on write (tried=%d,max=%d)shaper.h%s WRITE [%d] to %s: %sTCP/UDP packet was truncated/expanded on write to %s (tried=%d,actual=%d)TCP/UDP packet too large on write to %s (tried=%d,max=%d)read from TUN/TAPevent_waitI/O WAIT status=0x%04xDelayed exit in %d secondsTIMER: coarse timer wakeup %d secondsRANDOM USEC=%dFRAG TTL expired i=%dFRAG_OUT len=%d type=%d seq_id=%d frag_id=%d frag_size=%d flags=0x%08xfragment.cFRAG: outgoing buffer is not empty, len=[%d,%d]integer.hFRAG_OUT error, len=%d frag_size=%d MAX_FRAGS=%d: %stoo many fragments would be required to send datagramFRAG_IN buf->len=%d type=FRAG_WHOLE flags=0x%08xspurrious FRAG_WHOLE flagsFRAG_IN len=%d type=%d seq_id=%d frag_id=%d size=%d flags=0x%08xbad fragment sizeFRAG_TEST not implementedunknown fragment typeflags not found in packetfragment buffer overflowFRAG_IN error flags=0x%08x: %sgremlin.cDOWNGREMLIN: CONNECTION GOING %s FOR %d SECONDSGREMLIN: Random packet dropGREMLIN: Packet Corruption, method=%de 0the second parameter to --keepalive (restart timeout=%d) must be at least twice the value of the first parameter (ping interval=%d). A ratio of 1:5 or 1:6 would be even better. Recommended setting is --keepalive 10 60.--keepalive conflicts with --ping, --ping-exit, or --ping-restart. If you use --keepalive, you don't need any of the other --ping directives.pingping-restartroute %s %sroute %sroute-gateway %s%s (/%d)%s IP addresses %s and %s are not in the same %s subnet--server and --client cannot be used together--server and --server-bridge cannot be used together--server and --secret cannot be used together (you must use SSL/TLS keys)--server already defines an ifconfig-pool, so you can't also specify --ifconfig-pool explicitly--server directive only makes sense with --dev tun or --dev tap--server directive network/netmask combination is invalid--server directive netmask is invalid--server directive netmask allows for too many host addresses (subnet must be %s or higher)--server directive when used with --dev tun must define a subnet of %s or lowertopology %s--server directive when used with --dev tap must define a subnet of %s or lower--server-bridge and --client cannot be used together--server-bridge already defines an ifconfig-pool, so you can't also specify --ifconfig-pool explicitly--server-bridge and --secret cannot be used together (you must use SSL/TLS keys)--server-bridge directive only makes sense with --dev tap--server-bridgeroute-gateway dhcp--client requires --key-method 2auth-intmd5-sess%s %s hw ether %s/sbin/ifconfigERROR: Unable to set link layer address.TUN/TAP link layer address set to %sERROR: Sorry, this command is currently only implemented on Windowsinit.csecretStatic EncryptStatic DecryptRe-using pre-shared static keyClosing TUN/TAP interfaceinitdownrestartdaemon() failedRestart pause, %d second(s)NOTE: chroot %sNOTE: UID/GID downgrade %sSignal received from management interface, exitingWARNING: route-up plugin call failedscript_typeroute-up%scRoute script failed%s With ErrorsERRORSUCCESS[%s] TUN/TAP device (--dev)options --mktun or --rmtun should only be used together with --devshared secret output file (--secret)Randomly generated %d bit key written to %sOpenVPN started by inetd/xinetd cannot restart... Exiting.Local Options String: '%s'Expected Remote Options String: '%s'Local Options hash (VER=%s): '%s'Expected Remote Options hash (VER=%s): '%s'Preserving previous TUN/TAP instance: %sNo usable connection profiles are presentNEED_LATERNEED_NOWIMPORTANT: OpenVPN's default port number is now %d, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.WARNING: --ping should normally be used with --ping-restart or --ping-exitWARNING: you are using user/group/chroot/setcon without persist-tun -- this may cause restarts to failWARNING: you are using user/group/chroot/setcon without persist-key -- this may cause restarts to failWARNING: you are using chroot without specifying user and group -- this may cause the chroot jail to be insecureWARNING: using --pull/--client and --ifconfig together is probably not what you wantNOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set toWARNING: using --duplicate-cn and --client-config-dir together is probably not what you wantWARNING: --ifconfig-pool-persist will not work with --duplicate-cnWARNING: --keepalive option is missing from server configWARNING: You have disabled Replay Protection (--no-replay) which may make OpenVPN less secureWARNING: You have disabled Crypto IVs (--no-iv) which may make OpenVPN less secureWARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).NOTE: the current --script-security setting may allow this configuration to call user-defined scriptsNOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executablesNOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansionNOTE: --fast-io is disabled since we are not using UDPNOTE: --fast-io is disabled since we are using --shaperError: private key password verification failedprivate-key-password-failureRe-using SSL/TLS context******* WARNING *******: all encryption and authentication features disabled -- all data will be tunnelled as cleartextWARNING: using --fragment and --mtu-test together may produce an inaccurate MTU test resultWARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu %d (currently it is %d)Control Channel MTU parmsTLS-Auth MTU parmsData Channel MTU parmsFragmentation MTU parmsFatal error: Port sharing failedinit_instanceOPTIONS IMPORT: --verb and/or --mute level changedOPTIONS IMPORT: timers and/or timeouts modifiedOPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udpOPTIONS IMPORT: explicit notify parm(s) modifiedOPTIONS IMPORT: LZO parms modifiedOPTIONS IMPORT: traffic shaper enabledOPTIONS IMPORT: --sndbuf/--rcvbuf options modifiedOPTIONS IMPORT: --socket-flags option modifiedOPTIONS IMPORT: --persist options modifiedOPTIONS IMPORT: --ifconfig/up options modifiedOPTIONS IMPORT: route options modifiedOPTIONS IMPORT: route-related options modifiedOPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modifiedOPTIONS IMPORT: environment modifiedNOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.@.Awill be delayed because of --client, --pull, or --up-delayInitialization Sequence Completedp`P@0 list.clzo.cpre-compress bytes,%llupost-compress bytes,%llupre-decompress bytes,%llupost-decompress bytes,%lluCannot initialize LZO compression libraryLZO compression initializedLZO decompression error: %ddecompress %d -> %dBad LZO decompression header byte: %dlzo_adaptive_compress_test: comp=%d total=%dOFFONAdaptive compression state %sLZO compression buffer overflowLZO compression error: %dcompress %d -> %dERROR: the '%s' command requires %s%d parameter%s>PROXY:%s,%s>PROXY:%s>PASSWORD:Verification Failed: '%s' ['%s']>PASSWORD:Verification Failed: '%s'SUCCESS: proxy-fallback command succeededERROR: proxy-fallback command failedERROR: The proxy-fallback command is not supported by the current daemon mode>INFO:OpenVPN Management Interface Version %d -- type 'help' for more infomanage.cat least >FATAL:>LOG:>ECHO:>STATE:%u,%s,TCP_CONNECTINITIALCONNECTINGWAITAUTHGET_CONFIGASSIGN_IPADD_ROUTESCONNECTEDRECONNECTINGEXITINGRESOLVE%d,,%sMANAGEMENT: %s%s UID of socket peer (%d) doesn't match required value (%d) as given by --management-client-user%s GID of socket peer (%d) doesn't match required value (%d) as given by --management-client-group%s cannot get UID/GID of socket peerSUCCESS: client-auth command succeededERROR: client-auth command failedERROR: The client-auth command is not supported by the current daemon modeSUCCESS: client-pf command succeededERROR: client-pf command failedERROR: The client-pf command is not supported by the current daemon modeSUCCESS: '%s' %s entered, but not yet verifiedERROR: %s of type '%s' entered, but we need one of type '%s'ERROR: no %s is currently needed at this timeERROR: cannot parse KIDERROR: cannot parse CID>CLIENT:ADDRESS,%lu,%s,%d>CLIENT:ENV,%s>CLIENT:ENV,END>CLIENT:DISCONNECT,%lu>BYTECOUNT_CLI:%lu,%s,%s>BYTECOUNT:%s,%sMANAGEMENTMANAGEMENT: listen() failedNULLMANAGEMENT: unix domain socket listening on %sMANAGEMENT: TCP Socket listening on %sMANAGEMENT: Client disconnectedMANAGEMENT: Triggering management signalmanagement-disconnectMANAGEMENT: Triggering management exitmanagement-exitn_clients>CLIENT:ESTABLISHED,%luREAUTH>CLIENT:%s,%lu,%uvalidation failed on peer_info line received from clientMANAGEMENT: TCP %s error: %sSUCCESS: real-time %s notification set to ONoffSUCCESS: real-time %s notification set to OFFallERROR: %s parameter must be 'on' or 'off' or some number n or 'all'stateechologquithelpManagement Interface for %sCommands:auth-retry t : Auth failure retry mode (none,interact,nointeract).bytecount n : Show bytes in/out, update every n secs (0=off).echo [on|off] [N|all] : Like log, but only show messages in echo buffer.exit|quit : Close management session.forget-passwords : Forget passwords entered so far.help : Print this message.hold [on|off|release] : Set/show hold flag to on/off state, or release current hold and start tunnel.kill cn : Kill the client instance(s) having common name cn.kill IP:port : Kill the client instance connecting from IP:port.load-stats : Show global server load stats.log [on|off] [N|all] : Turn on/off realtime log display + show last N lines or 'all' for entire history.mute [n] : Set log mute level to n, or show level if n is absent.needok type action : Enter confirmation for NEED-OK request of 'type', where action = 'ok' or 'cancel'.needstr type action : Enter confirmation for NEED-STR request of 'type', where action is reply string.net : (Windows only) Show network info and routing table.password type p : Enter password p for a queried OpenVPN password.pid : Show process ID of the current OpenVPN process.client-auth CID KID : Authenticate client-id/key-id CID/KID (MULTILINE)client-auth-nt CID KID : Authenticate client-id/key-id CID/KIDclient-deny CID KID R [CR] : Deny auth client-id/key-id CID/KID with log reason text R and optional client reason text CRclient-kill CID : Kill client instance CIDenv-filter [level] : Set env-var filter levelclient-pf CID : Define packet filter for client CID (MULTILINE)signal s : Send signal s to daemon, s = SIGHUP|SIGTERM|SIGUSR1|SIGUSR2.state [on|off] [N|all] : Like log, but show state history.status [n] : Show current daemon status info using format #n.test n : Produce n lines of output for testing/debugging.username type u : Enter username u for a queried OpenVPN username.verb [n] : Set log verbosity level to n, or show if n is absent.version : Show current version number.http-proxy-fallback [flags] : Enter dynamic HTTP proxy fallback info.http-proxy-fallback-disable : Disable HTTP proxy fallback.versionOpenVPN Version: %sManagement Version: %dpidSUCCESS: pid=%dnclientsSUCCESS: nclients=%dERROR: The nclients command is not supported by the current daemon modeenv-filterSUCCESS: env_filter_level=%dsignalSUCCESS: signal %s thrownERROR: signal '%s' is currently ignoredERROR: signal '%s' is not a known signal typeload-statsSUCCESS: nclients=%d,bytesin=%llu,bytesout=%lluERROR: The 'status' command is not supported by the current daemon modekillSUCCESS: %d client(s) at address %s:%d killedERROR: client at address %s:%d not foundERROR: port number is out of range: %sERROR: error parsing IP address: %sSUCCESS: common name '%s' found, %d client(s) killedERROR: common name '%s' not foundERROR: kill parseERROR: The 'kill' command is not supported by the current daemon modeverbSUCCESS: verb level changedERROR: verb level is out of rangeSUCCESS: verb=%dmuteSUCCESS: mute level changedERROR: mute level is out of rangeSUCCESS: mute=%dauth-retrySUCCESS: auth-retry parameter changedERROR: bad auth-retry parameterSUCCESS: auth-retry=%spasswordforget-passwordsSUCCESS: Passwords were forgottenneedokneedok-confirmationneedstrneedstr-stringERROR: The 'net' command is not supported by the current daemon modeholdSUCCESS: hold flag set to ONSUCCESS: hold flag set to OFFreleaseSUCCESS: hold release succeededERROR: bad hold command parameterSUCCESS: hold=%dbytecountSUCCESS: bytecount interval changedclient-killSUCCESS: client-kill command succeededERROR: client-kill command failedERROR: The client-kill command is not supported by the current daemon modeclient-denySUCCESS: client-deny command succeededERROR: client-deny command failedERROR: The client-deny command is not supported by the current daemon modeclient-auth-ntclient-authclient-pfhttp-proxy-fallbackhttp-proxy-fallback-disable[%d] The purpose of this command is to generate large amounts of output.ERROR: unknown command, enter 'help' for more optionsENTER PASSWORD:MANAGEMENT: %s %sMANAGEMENT: connect to unix socket %s failed: %sMANAGEMENT: connect to %s failed: %smanagement-connect-failed%s %d MANAGEMENT: failed to write peer info to file %sConnected to management server atManagementMANAGEMENT: client_uid=%dMANAGEMENT: client_gid=%dtunnelClient connected fromSUCCESS: password is correctERROR: bad passwordMAN: client connection rejected after %d failed password attemptsMANAGEMENT: CMD 'password [...]'MANAGEMENT: CMD '%s'recvsendTCPNeed password(s) from management interface, waiting...Need hold release from management interface, waiting...>HOLD:Waiting for hold releaseconfirmationNEED-OKNEED-STRPASSWORDusername/password>%s:Need '%s' %s MSG:%susername=password=X509_0_CN=tls_serial_0=untrusted_ip=ifconfig_local=ifconfig_netmask=daemon_start_time=daemon_pid=dev=ifconfig_pool_remote_ip=ifconfig_pool_netmask=time_duration=bytes_sent=bytes_received=Pth\T#####[[BLANK]]MANAGEMENT: unix domain socket client connection rejected --MBUF: dereferenced queued packetmbuf.cMBUF: mbuf packet droppedmisc.cWARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent thismake_arg_arrayENV [%d] '%s'%s_%d%s=%sexternal program fork failedexternal program did not exit normallyexternal program exited normallycould not execute external programexternal program exited with error status: %d/dev/ttyOpen error on pid file %sUNDEFTEST FILE '%s' [%d]%u.%u.%u.%uputenv('%s') failedWARNING: cannot stat file '%s'WARNING: file '%s' is group or others accessible/dev/nullINETD_SOCKET_DESCRIPTOR dup(%d) failedWARNING: mlockall call failedmlockall call succeeded%u Close error on pid file %sWARNING: nice %d failednice %d succeededsetgid('%s') failedGID set to %ssetgroups('%s') failedfailed to find GID for group %ssetuid('%s') failedUID set to %sfailed to find UID for user %schroot to '%s' failed/cd to '%s' failedchroot to '%s' and cd to '%s' succeeded%s-0x%s.%sopenvpn_%s_%s.tmpOPENVPN_%ssetenv_str_safe: name overflowstdinNote: previous '%s' credentials failedmanagementprevious auth credentials failedERROR: could not read %s username/password/ok/string from management interfaceNEED-OK|%s|%s:ERROR: could not read %s ok-confirmation from stdinEnter %s Username:Enter %s Password:ERROR: could not read %s username from stdinERROR: %s username is emptyERROR: could not not read %s password from stdinSorry, '%s' password cannot be read from a fileError opening '%s' auth file: %sError reading password from %s authfile: %sError reading username and password (must be on two consecutive lines) from %s authfile: %sERROR: username from %s authfile '%s' is emptySCRIPT-ARGV%s/%d%s%scSYSTEM[%u] '%s'SYSTEM return=%uopenvpn_execve: external program may not be called unless '--script-security 2' or higher is enabled. Use '--script-security 3 system' for backward compatibility with 2.1_rc8 and earlier. See --help text or man page for detailed info.openvpn_execve: called with empty argvscript_contexttun_mtulink_mtudevERROR: up/down plugin call failed%sc %s %d %d %s %s %sscript failedmroute.cMROUTE CIDR netlen: /%dNeed IPv6 code in mroute_extract_addr_from_packetARP/IPV6UNKNOWNmss.cMSS: %d -> %dTA_TUN_WRITE_TIMEOUTTA_UNDEFTA_SOCKET_READTA_SOCKET_READ_RESIDUALTA_SOCKET_WRITETA_SOCKET_WRITE_READYTA_SOCKET_WRITE_DEFERREDTA_TUN_READTA_TUN_WRITETA_INITIALTA_TIMEOUTmtcp.cMULTI TCP: TCP client address is undefinedMULTI: TCP INIT maxclients=%d maxevents=%dMULTI TCP: multi_tcp_post bad state, mi=%s flags=%dMULTI TCP: multi_tcp_post %s -> %sMULTI TCP: queuing deferred packetMULTI TCP: multi_tcp_action a=%s p=%dMULTI TCP: multi_tcp_wait_lite a=%s mi=0x%08lxMULTI TCP: multi_tcp_wait_lite, unhandled action=%dMULTI TCP: I/O wait required blocking in multi_tcp_action, action=%dMULTI TCP: multi_tcp_dispatch a=%s mi=0x%08lxmulti.hMULTI TCP: transmitting previously deferred packetMULTI TCP: multi_tcp_dispatch, unhandled action=%dMULTI TCP: new incoming client address matches existing client address -- new client takes precedenceMULTI TCP: instance added: %sMULTI TCP: new client instance failedX d p | dhtxNote: enable extended error passing on TCP/UDP socket failed (IP_RECVERR)Error setting IP_MTU_DISCOVER type=%d on TCP/UDP socketCMSG=%d|NO-INFO|ETIMEDOUT|EMSGSIZE Path-MTU=%d|ECONNREFUSED|EPROTO|EHOSTUNREACH|ENETUNREACH|EACCES|UNKNOWN|yesmaybenoinvalid --mtu-disc type: '%s' -- valid types are 'yes', 'maybe', or 'no'%s [ L:%d D:%d EF:%d EB:%d ET:%d EL:%d AF:%u/%d ]mtu.cMTU DYNAMIC mtu=%d, flags=%u, %d -> %dTUN MTU value (%d) must be at least %dMTU is too smallmudp.cMULTI: Connection from %s would exceed new connection frequency limit as controlled by --connect-freq[succeeded][created][failed]GET INST BY REAL: %s %sMULTI: Learn%s: %s -> %supdateaddUNDEF_Imulti.cifconfig_pool_local_ipifconfig_pool_remote_ipifconfig_pool_netmaskMULTI: packet dropped due to output saturation (multi_add_mbuf)%s/MULTI: multi_init called, r=%d v=%dMULTI: C2C/MCAST/BCASTMULTI ROUTE: route quota (%d) exceeded for %s (see --max-routes-per-client option)bcast_c2cPF: client[%s] -> client[%s] packet dropped by BCAST packet filterbcast_src_addrPF: addr[%s] -> client[%s] packet dropped by BCAST packet filterOpenVPN CLIENT LISTUpdated,%sCommon Name,Real Address,Bytes Received,Bytes Sent,Connected Since%s,%s,%llu,%llu,%sROUTING TABLEVirtual Address,Common Name,Real Address,Last Ref%s%s,%s,%s,%sGLOBAL STATSMax bcast/mcast queue length,%dTITLE%c%sTIME%c%s%c%uHEADER%cCLIENT_LIST%cCommon Name%cReal Address%cVirtual Address%cBytes Received%cBytes Sent%cConnected Since%cConnected Since (time_t)CLIENT_LIST%c%s%c%s%c%s%c%llu%c%llu%c%s%c%uHEADER%cROUTING_TABLE%cVirtual Address%cCommon Name%cReal Address%cLast Ref%cLast Ref (time_t)ROUTING_TABLE%c%s%s%c%s%c%s%c%s%c%uGLOBAL_STATS%cMax bcast/mcast queue length%c%dERROR: bad status format version numberWARNING: learn-address plugin call failedlearn-address%sc %s %sWARNING: learn-address command failedMULTI: no --ifconfig-pool netmask parameter is available to push to %sMULTI: no free --ifconfig-pool addresses are availableMULTI: problem deleting temporary file: %sMULTI: REAP range %d -> %dMULTI: REAP DEL %sdeleteGREMLIN_FLOOD_CLIENTS: flooding clients with %d packets of size %dGET INST BY VIRT: %s -> %s via %sGET INST BY VIRT: %s [failed]MULTI: connection rejected: %s, CLI:%sMULTI: multi_close_instance calledbytes_receivedbytes_senttime_durationWARNING: client-disconnect plugin call failedclient-disconnectclient-disconnect command failedclient-instanceMULTI: new connection by client '%s' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.common_nametime_asciitime_unixccWARNING: client-connect plugin call failedWARNING: client-connect-v2 plugin call failedclient-connect%sc %sclient-connect command failedMULTI: client has been rejected due to 'disable' directiveMULTI: no dynamic or static remote --ifconfig address is available for %sMULTI ERROR: primary virtual IP for %s (%s) violates tunnel network/netmask constraint (%s/%s)MULTI: primary virtual IP for %s: %sMULTI: internal route %s/%d -> %sMULTI: internal route %s -> %sMULTI: --iroute options rejected for %s -- iroute only works with tun-style tunnelsMULTI: Outgoing TUN queue full, dropped packet len=%dtun_tap_src_addrPF: addr[%s] -> client packet dropped by packet filterMULTI: packet dropped due to output saturation (multi_process_incoming_tun)MULTI: multi_create_instance calledMULTI: new incoming connection would exceed maximum number of clients (%d)MULTI: unable to add real address [%s] to iterator hash tableMULTI: signal occurred during client instance initializationMULTI: bad source address from client [%s], packet droppedtun_c2cPF: client -> client[%s] packet dropped by TUN packet filtertun_dest_addrPF: client -> addr[%s] packet dropped by TUN packet filtertap_c2cPF: client -> client[%s] packet dropped by TAP packet filtertap_dest_addrPF: client -> addr[%s] packet dropped by TAP packet filterTlRMTVNTUAABAAAAAgIAAA==ntlm.cWarning: Username or domain too longNTLMSSPNOTE: Beginning empirical MTU test -- results should be available in 3 to 4 minutes.NOTE: failed to empirically measure MTU (requires OpenVPN 1.5 or higher at other end of connection).NOTE: failed to obtain options consistency info from peer -- this could occur if the remote peer is running a version of OpenVPN before 1.5-beta8 or if there is a network connectivity problem, and will not necessarily prevent OpenVPN from running (%llu bytes received from peer, %llu bytes authenticated data channel traffic) -- you can disable the options consistency check with --disable-occ.occ.cRECEIVED OCC_REQUESTRECEIVED OCC_MTU_REQUESTRECEIVED OCC_MTU_LOAD_REQUESTRECEIVED OCC_REPLYRECEIVED OCC_MTU_REPLYNOTE: Empirical MTU test completed [Tried,Actual] local->remote=[%d,%d] remote->local=[%d,%d]NOTE: This connection is unable to accomodate a UDP packet size of %d. Consider using --fragment or --mssfix options as a workaround.RECEIVED OCC_EXITremote-exitSENT OCC_REQUESTSENT OCC_REPLYSENT OCC_MTU_REQUESTSENT OCC_MTU_REPLYSENT OCC_MTU_LOAD_REQUESTSENT OCC_MTU_LOAD min_int(%d-%d-%d-%d,%d) size=%dSENT OCC_EXIT0PԹoptions.coption '%s' cannot be used in this contextYou must define %s--auth-retry method must be 'interact', 'nointeract', or 'none'--topology must be net30, p2p, or subnetNote: option %s ignored because no TCP-based connection profiles are definedhttp-proxy-overrideUse --help for more information.Maximum number of 'connection' options (%d) exceeded1.0Bad http-proxy port number: %snctOpenVPN-Autoproxy/1.0 proto = %s[UNDEF] local = '%s' local_port = %d remote = '%s' remote_port = %dENABLEDDISABLED remote_float = %s bind_defined = %s bind_local = %s connect_retry_seconds = %d connect_timeout = %d connect_retry_max = %dBEGIN http_proxy server = '%s' port = %d auth_method_string = '%s' auth_file = '%s' retry = %s timeout = %d http_version = '%s' user_agent = '%s'END http_proxy socks_proxy_server = '%s' socks_proxy_port = %d socks_proxy_retry = %sprotolocal_portremote_porthttp_proxy_serverhttp_proxy_portsocks_proxy_serversocks_proxy_portdaemondaemon_log_redirectdaemon_start_timedaemon_pidV4,dev-type %s,link-mtu %d,tun-mtu %d,proto %s,tun-ipv6,ifconfig %s,comp-lzo,mtu-dynamic,keydir %s,cipher %s,auth %s,keysize %d,secret,no-replay,no-iv,tls-auth,key-method %d,tls-server,tls-clientCurrent Parameter Settings: config = '%s' mode = %d persist_config = %s persist_mode = %d show_ciphers = %s show_digests = %s show_engines = %s genkey = %s key_pass_file = '%s' show_tls_ciphers = %sConnection profiles [default]:Connection profiles [%d]:Connection profiles END remote_random = %s ipchange = '%s' dev = '%s' dev_type = '%s' dev_node = '%s' lladdr = '%s' topology = %d tun_ipv6 = %s ifconfig_local = '%s' ifconfig_remote_netmask = '%s' ifconfig_noexec = %s ifconfig_nowarn = %s shaper = %d tun_mtu = %d tun_mtu_defined = %s link_mtu = %d link_mtu_defined = %s tun_mtu_extra = %d tun_mtu_extra_defined = %s fragment = %d mtu_discover_type = %d mtu_test = %d mlock = %s keepalive_ping = %d keepalive_timeout = %d inactivity_timeout = %d ping_send_timeout = %d ping_rec_timeout = %d ping_rec_timeout_action = %d ping_timer_remote = %s remap_sigusr1 = %d explicit_exit_notification = %d persist_tun = %s persist_local_ip = %s persist_remote_ip = %s persist_key = %s mssfix = %d passtos = %s resolve_retry_seconds = %d username = '%s' groupname = '%s' chroot_dir = '%s' cd_dir = '%s' writepid = '%s' up_script = '%s' down_script = '%s' down_pre = %s up_restart = %s up_delay = %s daemon = %s inetd = %d log = %s suppress_timestamps = %s nice = %d verbosity = %d mute = %d gremlin = %d status_file = '%s' status_file_version = %d status_file_update_freq = %d occ = %s rcvbuf = %d sndbuf = %d sockflags = %d fast_io = %s lzo = %d route_script = '%s' route_default_gateway = '%s' route_default_metric = %d route_noexec = %s route_delay = %d route_delay_window = %d route_delay_defined = %s route_nopull = %s route_gateway_via_dhcp = %s max_routes = %d allow_pull_fqdn = %s management_addr = '%s' management_port = %d management_user_pass = '%s' management_log_history_cache = %d management_echo_buffer_size = %d management_write_peer_info_file = '%s' management_client_user = '%s' management_client_group = '%s' management_flags = %d shared_secret_file = '%s' key_direction = %d ciphername_defined = %s ciphername = '%s' authname_defined = %s authname = '%s' prng_hash = '%s' prng_nonce_secret_len = %d keysize = %d engine = %s replay = %s mute_replay_warnings = %s replay_window = %d replay_time = %d packet_id_file = '%s' use_iv = %s test_crypto = %s tls_server = %s tls_client = %s key_method = %d ca_file = '%s' ca_path = '%s' dh_file = '%s' cert_file = '%s' priv_key_file = '%s' pkcs12_file = '%s' cipher_list = '%s' tls_verify = '%s' tls_remote = '%s' crl_file = '%s' ns_cert_type = %d remote_cert_ku[i] = %d remote_cert_eku = '%s' tls_timeout = %d renegotiate_bytes = %d renegotiate_packets = %d renegotiate_seconds = %d handshake_window = %d transition_window = %d single_session = %s push_peer_info = %s tls_exit = %s tls_auth_file = '%s' server_network = %s server_netmask = %s server_bridge_ip = %s server_bridge_netmask = %s server_bridge_pool_start = %s server_bridge_pool_end = %s push_entry = '%s' ifconfig_pool_defined = %s ifconfig_pool_start = %s ifconfig_pool_end = %s ifconfig_pool_netmask = %s ifconfig_pool_persist_filename = '%s' ifconfig_pool_persist_refresh_freq = %d n_bcast_buf = %d tcp_queue_limit = %d real_hash_size = %d virtual_hash_size = %d client_connect_script = '%s' learn_address_script = '%s' client_disconnect_script = '%s' client_config_dir = '%s' ccd_exclusive = %s tmp_dir = '%s' push_ifconfig_defined = %s push_ifconfig_local = %s push_ifconfig_remote_netmask = %s enable_c2c = %s duplicate_cn = %s cf_max = %d cf_per = %d max_clients = %d max_routes_per_client = %d auth_user_pass_verify_script = '%s' auth_user_pass_verify_script_via_file = %s ssl_flags = %d port_share_host = '%s' port_share_port = %d client = %s pull = %s auth_user_pass_file = '%s'key file (--secret)--proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-clientonly one of --daemon or --inetd may be specified--local or --remote cannot be used with --inetd--proto tcp-client cannot be used with --inetd--inetd nowait can only be used with --proto tcp-server--inetd nowait can only be used in TLS mode--inetd nowait only makes sense in --dev tap mode--lladdr can only be used in --dev tap mode--connect-retry doesn't make sense unless also used with --proto tcp-client--connect-timeout doesn't make sense unless also used with --proto tcp-clientonly one of --tun-mtu or --link-mtu may be defined (note that --ifconfig implies --link-mtu %d)--mtu-test only makes sense with --proto udp--remote and --local addresses are the same--local and --remote addresses must be distinct from --ifconfig addresses--local addresses must be distinct from --ifconfig addresseslocal and remote/netmask --ifconfig addresses must be different--bind and --nobind can't be used together--local and --nobind don't make sense when used together--lport and --nobind don't make sense when used together--nobind doesn't make sense unless used with --remote--management is not specified, however one or more options which modify the behavior of --management were specified--management-client-(user|group) can only be used on unix domain sockets--fragment can only be used with --proto udp--remote MUST be used in TCP Client mode--http-proxy or --auto-proxy MUST be used in TCP Client mode (i.e. --proto tcp-client)--http-proxy can not be used together with --socks-proxy--socks-proxy can not be used in TCP Server modeTCP server mode allows at most one --remote address--mode server only works with --dev tun or --dev tap--pull cannot be used with --mode server--mode server currently only supports --proto udp or --proto tcp-server--port-share only works in TCP server mode (--proto tcp-server)--mode server requires --tls-server--remote cannot be used with --mode server--nobind cannot be used with --mode server--http-proxy cannot be used with --mode server--socks-proxy cannot be used with --mode server cannot be used with --mode server--tun-ipv6 cannot be used with --mode server--shaper cannot be used with --mode server--inetd cannot be used with --mode server--ipchange cannot be used with --mode server (use --client-connect instead)--connect-freq only works with --mode server --proto udp. Try --max-clients instead.The third parameter to --ifconfig-pool (netmask) is only valid in --dev tap mode--explicit-exit-notify cannot be used with --mode server--redirect-gateway cannot be used with --mode server (however --push "redirect-gateway" is fine)--route-delay cannot be used with --mode server--up-delay cannot be used with --mode server--ifconfig-pool-persist must be used with --ifconfig-pool--auth-user-pass cannot be used with --mode server (it should be used on the client side only)--ccd-exclusive must be used with --client-config-dir--mode server requires --key-method 2--client-cert-not-required %smust be used with --management-client-auth, an --auth-user-pass-verify script, or plugin--username-as-common-name %s--auth-user-pass-optional %s--script-security method='system' cannot be combined with --no-name-remapping--ifconfig-pool/--ifconfig-pool-persist requires --mode server--hash-size requires --mode server--learn-address requires --mode server--client-connect requires --mode server--client-disconnect requires --mode server--tmp-dir requires --mode server--client-config-dir/--ccd-exclusive requires --mode server--client-to-client requires --mode server--duplicate-cn requires --mode server--connect-freq requires --mode server--client-cert-not-required requires --mode server--username-as-common-name requires --mode server--auth-user-pass-optional requires --mode server--no-name-remapping requires --mode server--opt-verify requires --mode server--tcp-nodelay requires --mode server--auth-user-pass-verify requires --mode server--port-share requires TCP server mode (--mode server --proto tcp-server)--replay-window only makes sense with --proto udp--replay-window doesn't make sense when replay protection is disabled with --no-replayspecify only one of --tls-server, --tls-client, or --secretDH file (--dh)Parameter --capath cannot be used when --pkcs12 is also specified.Parameter --cert cannot be used when --pkcs12 is also specified.Parameter --key cannot be used when --pkcs12 is also specified.You must define CA file (--ca) or CA path (--capath)No client-side authentication method is specified. You must use either --cert/--key, --pkcs12, or --auth-user-passIf you use one of --cert or --key, you must use them bothcertificate file (--cert) or PKCS#12 file (--pkcs12)private key file (--key) or PKCS#12 file (--pkcs12)ca_fileca_pathdh_filecert_filepriv_key_filepkcs12_filecipher_listtls_verifytls_remotetls_timeoutrenegotiate_bytesrenegotiate_packetsrenegotiate_secondshandshake_windowtransition_windowtls_auth_filesingle_sessionpush_peer_infotls_exitcrl_filekey_methodns_cert_typeremote_cert_ku[0]remote_cert_eku--pull--auth-user-pass requires --pullParameter %s can only be specified in TLS-mode, i.e. where --tls-server or --tls-client is also specified.WARNING: '%s' is used inconsistently, %s='%s', %s='%s'WARNING: '%s' is present in %s config but missing in %s config, %s='%s'version %sNOTE: Options consistency check may be skewed by version differencesERROR: %sOptions warning: Bad backslash ('\') usage in %s:%d: remember that backslashes are treated as shell-escapes and if you need to pass backslash characters as part of a Windows filename, you should use double backslashes such as "c:\\openvpn\\static.key"%sOptions error: Parameter at %s:%d is too long (%d chars max): %s%sOptions error: No closing quotation (") in %s:%d%sOptions error: No closing single quotation (') in %s:%d%sOptions error: Residual parse state (%d) in %s:%dIn %s:%d: Error opening configuration file: %sIn %s:%d: Maximum recursive include levels exceeded in include attempt of file %s -- probably you have a configuration file that tries to include itself.[CMD-LINE]Originally developed by James YonanCopyright (C) 2002-2010 OpenVPN Technologies, Inc. ECHO-PULLECHO%s:%secho/parameter option overflowunixport number associated with --management directive is out of rangemanagement-client-usermanagement-client-groupmanagement-query-passwordsmanagement-holdmanagement-signalmanagement-forget-disconnectmanagement-clientmanagement-client-authmanagement-client-pfmanagement-log-cache--management-log-cache parameter is out of rangepluginplugin add failed: %sBad --mode parameter: %sdev-typedev-nodelladdrlladdr parm '%s' must be a MAC addresstopologytun-ipv6ifconfigifconfig parms '%s' and '%s' must be valid addressesifconfig-noexecifconfig-nowarnremote-randomconnection[CONNECTION-OPTIONS]Each 'connection' block must contain exactly one 'remote' directiveremote-ip-hintremote: port number associated with host %s is out of rangeremote: bad protocol associated with host %s: '%s'Maximum number of 'remote' options (%d) exceededresolv-retryinfiniteconnect-retryconnect-timeoutconnect-retry-maxipchangefloatgremlinchrootcdwritepiddown-preup-delayup-restartsyslogWARNING: Multiple --daemon directives specified, ignoring --daemon %s. (Note that initscripts sometimes add their own --daemon directive.)inetdwaitwhen --inetd is used with two parameters, one of them must be 'wait' or 'nowait' and the other must be a daemon name to use for system loggingnowaitsuppress-timestampslog-appendmlockmultihomeerrors-to-stderrstatus-version--status-version must be 1 to 3remap-usr1SIGHUPSIGTERM--remap-usr1 parm must be 'SIGHUP' or 'SIGTERM'link-mtuudp-mtutun-mtutun-mtu-extramtu-dynamic--mtu-dynamic has been replaced by --fragmentfragmentmtu-discmtu-testnicercvbufsndbufsocket-flagsTCP_NODELAYunknown socket flag: %stxqueuelenshaperBad shaper value, must be between %d and %dBad port number: %slportBad local port number: %srportBad remote port number: %sbindnobindfast-ioBad protocol: '%s'. Allowed protocols with --proto option: %sauto-proxyPROXY: %sshow-proxy-settingsHTTP Server: %sHTTP Port: %dSOCKS Server: %sSOCKS Port: %dProxy error: %shttp-proxyhttp-proxy port number not definedauto-nctbasichttp-proxy-retryhttp-proxy-timeouthttp-proxy-optionVERSIONAGENTBad http-proxy-option or missing parameter: '%s'socks-proxyBad socks-proxy port number: %ssocks-proxy-retrykeepaliveping-exitping-timer-remexplicit-exit-notifypersist-tunpersist-keypersist-local-ippersist-remote-iprouteroute parameter network/IP '%s' must be a valid addressroute parameter netmask '%s' must be an IP addressroute parameter gateway '%s' must be a valid addressmax-routes--max-routes parameter is out of rangeroute-gatewaydhcproute-gateway parm '%s' must be a valid addressroute-metricroute-delayroute-noexecroute-nopullallow-pull-fqdnredirect-gatewayredirect-privateautolocaldef1bypass-dhcpbypass-dnsunknown --%s flag: %sremote-random-hostnamesetenvREMOTE_RANDOM_HOSTNAMEGENERIC_CONFIGthis is a generic configuration and cannot directly be usedSERVER_POLL_TIMEOUTFORWARD_COMPATIBLEsetenv-safescript-securityexecveunknown --script-security method: %smssfixdisable-occerror parsing --server parametersnopoolerror parsing --server: %s is not a recognized flagserver-bridgeerror parsing --server-bridge parametersnogwpushpush-reseterror parsing --ifconfig-pool parametersifconfig-pool-persistifconfig-pool-linearhash-size--hash-size sizes must be >= 1 (preferably a power of 2)connect-freq--connect-freq parms must be > 0max-clients--max-clients must be at least 1max-routes-per-clientclient-cert-not-requiredusername-as-common-nameauth-user-pass-optionalopt-verifyauth-user-pass-verifyvia-envvia-filesecond parm to --auth-user-pass-verify must be 'via-env' or 'via-file'--auth-user-pass-verify requires a second parameter ('via-env' or 'via-file')tmp-dirccd-exclusivebcast-buffers--bcast-buffers parameter must be > 0tcp-queue-limit--tcp-queue-limit parameter must be > 0port-shareport number associated with --port-share directive is out of rangeclient-to-clientduplicate-cniroutein --iroute %s %s : Bad network/subnet specificationifconfig-pushcannot parse --ifconfig-push addressesifconfig-push-constraintcannot parse --ifconfig-push-constraint addressestcp-nodelaypush-continuationserver-poll-timeoutauth-user-passusergroupdhcp-optionforeign_option_%dforeign_option: name/value overflowroute-methodpasstoscomp-lzoadaptivebad comp-lzo option: %s -- must be 'yes', 'no', or 'adaptive'comp-noadaptshow-ciphersshow-digestsshow-engineskey-directiongenkeyprngprng parameter nonce_secret_len must be between %d and %dno-replayreplay-windowreplay-window window size parameter (%d) must be between %d and %dreplay-window time window parameter (%d) must be between %d and %dreplay-window option is missing window size parametermute-replay-warningsno-ivreplay-persisttest-cryptoenginekeysizeBad keysize: %sshow-tlstls-servertls-clientcacapathcertpkcs12askpassauth-nocachesingle-sessionpush-peer-infotls-exittls-ciphercrl-verifytls-verifytls-remotens-cert-type--ns-cert-type must be 'client' or 'server'remote-cert-kuremote-cert-ekuremote-cert-tlsTLS Web Server AuthenticationTLS Web Client Authentication--remote-cert-tls must be 'client' or 'server'tls-timeoutreneg-bytesreneg-pktsreneg-sechand-windowtran-windowkey-methodkey_method parameter (%d) must be >= %d and <= %drmtunmktunUnrecognized option or missing parameter(s) in %s:%d: %s (%s)2.1.4[PUSH-OPTIONS]I'm trying to parse "%s" as an --option parameter but I don't see a leading '--'[CONFIG-STRING]OPTIONS IMPORT: reading client specific options from: %sOpenVPN 2.1.4 mipsel-unknown-linux-gnu [SSL] [LZO2] [EPOLL] built on Jan 5 2012 by GoseiKnight%s General Options: --config file : Read configuration options from file. --help : Show options. --version : Show copyright and version information. Tunnel Options: --local host : Local host name or ip address. Implies --bind. --remote host [port] : Remote host name or ip address. --remote-random : If multiple --remote options specified, choose one randomly. --remote-random-hostname : Add a random string to remote DNS name. --mode m : Major mode, m = 'p2p' (default, point-to-point) or 'server'. --proto p : Use protocol p for communicating with peer. p = udp (default), tcp-server, or tcp-client --connect-retry n : For --proto tcp-client, number of seconds to wait between connection retries (default=%d). --connect-timeout n : For --proto tcp-client, connection timeout (in seconds). --connect-retry-max n : Maximum connection attempt retries, default infinite. --auto-proxy : Try to sense proxy settings (or lack thereof) automatically. --http-proxy s p [up] [auth] : Connect to remote host through an HTTP proxy at address s and port p. If proxy authentication is required, up is a file containing username/password on 2 lines, or 'stdin' to prompt from console. Add auth='ntlm' if the proxy requires NTLM authentication. --http-proxy s p 'auto[-nct]' : Like the above directive, but automatically determine auth method and query for username/password if needed. auto-nct disables weak proxy auth methods. --http-proxy-retry : Retry indefinitely on HTTP proxy errors. --http-proxy-timeout n : Proxy timeout in seconds, default=5. --http-proxy-option type [parm] : Set extended HTTP proxy options. Repeat to set multiple options. VERSION version (default=1.0) AGENT user-agent --socks-proxy s [p]: Connect to remote host through a Socks5 proxy at address s and port p (default port = 1080). --socks-proxy-retry : Retry indefinitely on Socks proxy errors. --resolv-retry n: If hostname resolve fails for --remote, retry resolve for n seconds before failing (disabled by default). Set n="infinite" to retry indefinitely. --float : Allow remote to change its IP address/port, such as through DHCP (this is the default if --remote is not used). --ipchange cmd : Execute shell command cmd on remote ip address initial setting or change -- execute as: cmd ip-address port# --port port : TCP/UDP port # for both local and remote. --lport port : TCP/UDP port # for local (default=%d). Implies --bind. --rport port : TCP/UDP port # for remote (default=%d). --bind : Bind to local address and port. (This is the default unless --proto tcp-client or --http-proxy or --socks-proxy is used). --nobind : Do not bind to local address and port. --dev tunX|tapX : tun/tap device (X can be omitted for dynamic device. --dev-type dt : Which device type are we using? (dt = tun or tap) Use this option only if the tun/tap device used with --dev does not begin with "tun" or "tap". --dev-node node : Explicitly set the device node rather than using /dev/net/tun, /dev/tun, /dev/tap, etc. --lladdr hw : Set the link layer address of the tap device. --topology t : Set --dev tun topology: 'net30', 'p2p', or 'subnet'. --tun-ipv6 : Build tun link capable of forwarding IPv6 traffic. --ifconfig l rn : TUN: configure device to use IP address l as a local endpoint and rn as a remote endpoint. l & rn should be swapped on the other peer. l & rn must be private addresses outside of the subnets used by either peer. TAP: configure device to use IP address l as a local endpoint and rn as a subnet mask. --ifconfig-noexec : Don't actually execute ifconfig/netsh command, instead pass --ifconfig parms by environment to scripts. --ifconfig-nowarn : Don't warn if the --ifconfig option on this side of the connection doesn't match the remote side. --route network [netmask] [gateway] [metric] : Add route to routing table after connection is established. Multiple routes can be specified. netmask default: 255.255.255.255 gateway default: taken from --route-gateway or --ifconfig Specify default by leaving blank or setting to "nil". --max-routes n : Specify the maximum number of routes that may be defined or pulled from a server. --route-gateway gw|'dhcp' : Specify a default gateway for use with --route. --route-metric m : Specify a default metric for use with --route. --route-delay n [w] : Delay n seconds after connection initiation before adding routes (may be 0). If not specified, routes will be added immediately after tun/tap open. On Windows, wait up to w seconds for TUN/TAP adapter to come up. --route-up cmd : Execute shell cmd after routes are added. --route-noexec : Don't add routes automatically. Instead pass routes to --route-up script using environmental variables. --route-nopull : When used with --client or --pull, accept options pushed by server EXCEPT for routes. --allow-pull-fqdn : Allow client to pull DNS names from server for --ifconfig, --route, and --route-gateway. --redirect-gateway [flags]: Automatically execute routing commands to redirect all outgoing IP traffic through the VPN. Add 'local' flag if both OpenVPN servers are directly connected via a common subnet, such as with WiFi. Add 'def1' flag to set default route using using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. Add 'bypass-dhcp' flag to add a direct route to DHCP server, bypassing tunnel. Add 'bypass-dns' flag to similarly bypass tunnel for DNS. --redirect-private [flags]: Like --redirect-gateway, but omit actually changing the default gateway. Useful when pushing private subnets. --push-peer-info : (client only) push client info to server. --setenv name value : Set a custom environmental variable to pass to script. --setenv FORWARD_COMPATIBLE 1 : Relax config file syntax checking to allow directives for future OpenVPN versions to be ignored. --script-security level mode : mode='execve' (default) or 'system', level= 0 -- strictly no calling of external programs 1 -- (default) only call built-ins such as ifconfig 2 -- allow calling of built-ins and scripts 3 -- allow password to be passed to scripts via env --shaper n : Restrict output to peer to n bytes per second. --keepalive n m : Helper option for setting timeouts in server mode. Send ping once every n seconds, restart if ping not received for m seconds. --inactive n [bytes] : Exit after n seconds of activity on tun/tap device produces a combined in/out byte count < bytes. --ping-exit n : Exit if n seconds pass without reception of remote ping. --ping-restart n: Restart if n seconds pass without reception of remote ping. --ping-timer-rem: Run the --ping-exit/--ping-restart timer only if we have a remote address. --ping n : Ping remote once every n seconds over TCP/UDP port. --multihome : Configure a multi-homed UDP server. --fast-io : (experimental) Optimize TUN/TAP/UDP writes. --remap-usr1 s : On SIGUSR1 signals, remap signal (s='SIGHUP' or 'SIGTERM'). --persist-tun : Keep tun/tap device open across SIGUSR1 or --ping-restart. --persist-remote-ip : Keep remote IP address across SIGUSR1 or --ping-restart. --persist-local-ip : Keep local IP address across SIGUSR1 or --ping-restart. --persist-key : Don't re-read key files across SIGUSR1 or --ping-restart. --passtos : TOS passthrough (applies to IPv4 only). --tun-mtu n : Take the tun/tap device MTU to be n and derive the TCP/UDP MTU from it (default=%d). --tun-mtu-extra n : Assume that tun/tap device might return as many as n bytes more than the tun-mtu size on read (default TUN=0 TAP=%d). --link-mtu n : Take the TCP/UDP device MTU to be n and derive the tun MTU from it. --mtu-disc type : Should we do Path MTU discovery on TCP/UDP channel? 'no' -- Never send DF (Don't Fragment) frames 'maybe' -- Use per-route hints 'yes' -- Always DF (Don't Fragment) --mtu-test : Empirically measure and report MTU. --fragment max : Enable internal datagram fragmentation so that no UDP datagrams are sent which are larger than max bytes. Adds 4 bytes of overhead per datagram. --mssfix [n] : Set upper bound on TCP MSS, default = tun-mtu size or --fragment max value, whichever is lower. --sndbuf size : Set the TCP/UDP send buffer size. --rcvbuf size : Set the TCP/UDP receive buffer size. --txqueuelen n : Set the tun/tap TX queue length to n (Linux only). --mlock : Disable Paging -- ensures key material and tunnel data will never be written to disk. --up cmd : Shell cmd to execute after successful tun device open. Execute as: cmd tun/tap-dev tun-mtu link-mtu \ ifconfig-local-ip ifconfig-remote-ip (pre --user or --group UID/GID change) --up-delay : Delay tun/tap open and possible --up script execution until after TCP/UDP connection establishment with peer. --down cmd : Shell cmd to run after tun device close. (post --user/--group UID/GID change and/or --chroot) (script parameters are same as --up option) --down-pre : Call --down cmd/script before TUN/TAP close. --up-restart : Run up/down scripts for all restarts including those caused by --ping-restart or SIGUSR1 --user user : Set UID to user after initialization. --group group : Set GID to group after initialization. --chroot dir : Chroot to this directory after initialization. --cd dir : Change to this directory before initialization. --daemon [name] : Become a daemon after initialization. The optional 'name' parameter will be passed as the program name to the system logger. --syslog [name] : Output to syslog, but do not become a daemon. See --daemon above for a description of the 'name' parm. --inetd [name] ['wait'|'nowait'] : Run as an inetd or xinetd server. See --daemon above for a description of the 'name' parm. --log file : Output log to file which is created/truncated on open. --log-append file : Append log to file, or create file if nonexistent. --suppress-timestamps : Don't log timestamps to stdout/stderr. --writepid file : Write main process ID to file. --nice n : Change process priority (>0 = lower, <0 = higher). --echo [parms ...] : Echo parameters to log output. --verb n : Set output verbosity to n (default=%d): (Level 3 is recommended if you want a good summary of what's happening without being swamped by output). : 0 -- no output except fatal errors : 1 -- startup info + connection initiated messages + non-fatal encryption & net errors : 2,3 -- show TLS negotiations & route info : 4 -- show parameters : 5 -- show 'RrWw' chars on console for each packet sent and received from TCP/UDP (caps) or tun/tap (lc) : 6 to 11 -- debug messages of increasing verbosity --mute n : Log at most n consecutive messages in the same category. --status file n : Write operational status to file every n seconds. --status-version [n] : Choose the status file format version number. Currently, n can be 1, 2, or 3 (default=1). --disable-occ : Disable options consistency check between peers. --gremlin mask : Special stress testing mode (for debugging only). --comp-lzo : Use fast LZO compression -- may add up to 1 byte per packet for uncompressible data. --comp-noadapt : Don't use adaptive compression when --comp-lzo is specified. --management ip port [pass] : Enable a TCP server on ip:port to handle management functions. pass is a password file or 'stdin' to prompt from console. To listen on a unix domain socket, specific the pathname in place of ip and use 'unix' as the port number. --management-client : Management interface will connect as a TCP client to ip/port rather than listen as a TCP server. --management-query-passwords : Query management channel for private key and auth-user-pass passwords. --management-hold : Start OpenVPN in a hibernating state, until a client of the management interface explicitly starts it. --management-signal : Issue SIGUSR1 when management disconnect event occurs. --management-forget-disconnect : Forget passwords when management disconnect event occurs. --management-log-cache n : Cache n lines of log file history for usage by the management channel. --management-client-user u : When management interface is a unix socket, only allow connections from user u. --management-client-group g : When management interface is a unix socket, only allow connections from group g. --management-client-auth : gives management interface client the responsibility to authenticate clients after their client certificate has been verified. --management-client-pf : management interface clients must specify a packet filter file for each connecting client. --plugin m [str]: Load plug-in module m passing str as an argument to its initialization function. Multi-Client Server options (when --mode server is used): --server network netmask : Helper option to easily configure server mode. --server-bridge [IP netmask pool-start-IP pool-end-IP] : Helper option to easily configure ethernet bridging server mode. --push "option" : Push a config file option back to the peer for remote execution. Peer must specify --pull in its config file. --push-reset : Don't inherit global push list for specific client instance. --ifconfig-pool start-IP end-IP [netmask] : Set aside a pool of subnets to be dynamically allocated to connecting clients. --ifconfig-pool-linear : Use individual addresses rather than /30 subnets in tun mode. Not compatible with Windows clients. --ifconfig-pool-persist file [seconds] : Persist/unpersist ifconfig-pool data to file, at seconds intervals (default=600). If seconds=0, file will be treated as read-only. --ifconfig-push local remote-netmask : Push an ifconfig option to remote, overrides --ifconfig-pool dynamic allocation. Only valid in a client-specific config file. --iroute network [netmask] : Route subnet to client. Sets up internal routes only. Only valid in a client-specific config file. --disable : Client is disabled. Only valid in a client-specific config file. --client-cert-not-required : Don't require client certificate, client will authenticate using username/password. --username-as-common-name : For auth-user-pass authentication, use the authenticated username as the common name, rather than the common name from the client cert. --auth-user-pass-verify cmd method: Query client for username/password and run script cmd to verify. If method='via-env', pass user/pass via environment, if method='via-file', pass user/pass via temporary file. --opt-verify : Clients that connect with options that are incompatible with those of the server will be disconnected. --auth-user-pass-optional : Allow connections by clients that don't specify a username/password. --no-name-remapping : Allow Common Name and X509 Subject to include any printable character. --client-to-client : Internally route client-to-client traffic. --duplicate-cn : Allow multiple clients with the same common name to concurrently connect. --client-connect cmd : Run script cmd on client connection. --client-disconnect cmd : Run script cmd on client disconnection. --client-config-dir dir : Directory for custom client config files. --ccd-exclusive : Refuse connection unless custom client config is found. --tmp-dir dir : Temporary directory, used for --client-connect return file. --hash-size r v : Set the size of the real address hash table to r and the virtual address table to v. --bcast-buffers n : Allocate n broadcast buffers. --tcp-queue-limit n : Maximum number of queued TCP output packets. --tcp-nodelay : Macro that sets TCP_NODELAY socket flag on the server as well as pushes it to connecting clients. --learn-address cmd : Run script cmd to validate client virtual addresses. --connect-freq n s : Allow a maximum of n new connections per s seconds. --max-clients n : Allow a maximum of n simultaneously connected clients. --max-routes-per-client n : Allow a maximum of n internal routes per client. --port-share host port : When run in TCP mode, proxy incoming HTTPS sessions to a web server at host:port. Client options (when connecting to a multi-client server): --client : Helper option to easily configure client mode. --auth-user-pass [up] : Authenticate with server using username/password. up is a file containing username/password on 2 lines, or omit to prompt from console. --pull : Accept certain config file options from the peer as if they were part of the local config file. Must be specified when connecting to a '--mode server' remote host. --auth-retry t : How to handle auth failures. Set t to none (default), interact, or nointeract. --server-poll-timeout n : when polling possible remote servers to connect to in a round-robin fashion, spend no more than n seconds waiting for a response before trying the next server. --explicit-exit-notify [n] : On exit/restart, send exit signal to server/remote. n = # of retries, default=1. Data Channel Encryption Options (must be compatible between peers): (These options are meaningful for both Static Key & TLS-mode) --secret f [d] : Enable Static Key encryption mode (non-TLS). Use shared secret file f, generate with --genkey. The optional d parameter controls key directionality. If d is specified, use separate keys for each direction, set d=0 on one side of the connection, and d=1 on the other side. --auth alg : Authenticate packets with HMAC using message digest algorithm alg (default=%s). (usually adds 16 or 20 bytes per packet) Set alg=none to disable authentication. --cipher alg : Encrypt packets with cipher algorithm alg (default=%s). Set alg=none to disable encryption. --prng alg [nsl] : For PRNG, use digest algorithm alg, and nonce_secret_len=nsl. Set alg=none to disable PRNG. --keysize n : Size of cipher key in bits (optional). If unspecified, defaults to cipher-specific default. --engine [name] : Enable OpenSSL hardware crypto engine functionality. --no-replay : Disable replay protection. --mute-replay-warnings : Silence the output of replay warnings to log file. --replay-window n [t] : Use a replay protection sliding window of size n and a time window of t seconds. Default n=%d t=%d --no-iv : Disable cipher IV -- only allowed with CBC mode ciphers. --replay-persist file : Persist replay-protection state across sessions using file. --test-crypto : Run a self-test of crypto features enabled. For debugging only. TLS Key Negotiation Options: (These options are meaningful only for TLS-mode) --tls-server : Enable TLS and assume server role during TLS handshake. --tls-client : Enable TLS and assume client role during TLS handshake. --key-method m : Data channel key exchange method. m should be a method number, such as 1 (default), 2, etc. --ca file : Certificate authority file in .pem format containing root certificate. --capath dir : A directory of trusted certificates (CAs and CRLs). --dh file : File containing Diffie Hellman parameters in .pem format (for --tls-server only). Use "openssl dhparam -out dh1024.pem 1024" to generate. --cert file : Local certificate in .pem format -- must be signed by a Certificate Authority in --ca file. --key file : Local private key in .pem format. --pkcs12 file : PKCS#12 file containing local private key, local certificate and optionally the root CA certificate. --tls-cipher l : A list l of allowable TLS ciphers separated by : (optional). : Use --show-tls to see a list of supported TLS ciphers. --tls-timeout n : Packet retransmit timeout on TLS control channel if no ACK from remote within n seconds (default=%d). --reneg-bytes n : Renegotiate data chan. key after n bytes sent and recvd. --reneg-pkts n : Renegotiate data chan. key after n packets sent and recvd. --reneg-sec n : Renegotiate data chan. key after n seconds (default=%d). --hand-window n : Data channel key exchange must finalize within n seconds of handshake initiation by any peer (default=%d). --tran-window n : Transition window -- old key can live this many seconds after new key renegotiation begins (default=%d). --single-session: Allow only one session (reset state on restart). --tls-exit : Exit on TLS negotiation failure. --tls-auth f [d]: Add an additional layer of authentication on top of the TLS control channel to protect against DoS attacks. f (required) is a shared-secret passphrase file. The optional d parameter controls key directionality, see --secret option for more info. --askpass [file]: Get PEM password from controlling tty before we daemonize. --auth-nocache : Don't cache --askpass or --auth-user-pass passwords. --crl-verify crl: Check peer certificate against a CRL. --tls-verify cmd: Execute shell command cmd to verify the X509 name of a pending TLS connection that has otherwise passed all other tests of certification. cmd should return 0 to allow TLS handshake to proceed, or 1 to fail. (cmd is executed as 'cmd certificate_depth X509_NAME_oneline') --tls-remote x509name: Accept connections only from a host with X509 name x509name. The remote host must also pass all other tests of verification. --ns-cert-type t: Require that peer certificate was signed with an explicit nsCertType designation t = 'client' | 'server'. --remote-cert-ku v ... : Require that the peer certificate was signed with explicit key usage, you can specify more than one value. value should be given in hex format. --remote-cert-eku oid : Require that the peer certificate was signed with explicit extended key usage. Extended key usage can be encoded as an object identifier or OpenSSL string representation. --remote-cert-tls t: Require that peer certificate was signed with explicit key usage and extended key usage based on RFC3280 TLS rules. t = 'client' | 'server'. SSL Library information: --show-ciphers : Show cipher algorithms to use with --cipher option. --show-digests : Show message digest algorithms to use with --auth option. --show-engines : Show hardware crypto accelerator engines (if available). --show-tls : Show all TLS ciphers (TLS used only as a control channel). Generate a random key (only for non-TLS static key encryption mode): --genkey : Generate a random key to be used as a shared secret, for use with the --secret option. --secret file : Write key to file. Tun/tap config mode (available with linux 2.4+): --mktun : Create a persistent tunnel. --rmtun : Remove a persistent tunnel. --dev tunX|tapX : tun/tap device --dev-type dt : Device type. See tunnel options above for details. --user user : User to set privilege to. --group group : Group to set privilege to. otime.c us=%d[%d/%d] #%u / time = (%u) %s[ #%uCannot open --replay-persist file %s for read/writeCannot obtain exclusive lock on --replay-persist file %sPID Persist Read from %s: %sRead error on --replay-persist file %sPID packet_id_freePID packet_id_init seq_backtrack=%d time_backtrack=%dpacket_id.cClose error on --replay-persist file %sPID Persist Write to %s: %sCannot write to --replay-persist file %sCannot seek to beginning of --replay-persist file %sAssertion Failed: Array index=%d out of bounds for array size=%d in %s:%dPID TEST %lu:%u %lu:%uReplay-window backtrack occurred [%d]ACCEPTDROPDESTSRCPF: %s/%s/%s %s %s rule=[%s %s]PF: %s/%s/%s %s %sPF: %s/%s %s %s %s rule=[%s/%s %s]PF: %s/%s %s %s %sPF_ADDR_MATCHPF_ADDR_DEFAULTPF_ADDR_FAULTPF_CN_MATCHPF_CN_DEFAULTPF_CN_FAULT----- %s : struct pf_context -----enabled=%dfilename='%s'file_last_mod=%un_check_reload=%ureload=[%d,%u,%u] ----- struct pf_set ----- kill=%d ----- struct pf_subnet_set ----- default_allow=%s %s/%s %s ----- struct pf_cn_set ----- %s %s ---------- %s LOOKUP FAILED--------------------pfpf_filepf_init_context#1WARNING: OPENVPN_PLUGIN_ENABLE_PF disabledpf_init_context#2 PF: %s/%d: no data after +/-: '%s'PF: %s/%d: bad '/n' subnet specifier: '%s'PF: %s/%d: bad '/n' subnet specifier: must be between 0 and 32: '%s'PF: %s/%d: bad network address: '%s'pf.c[clients accept][clients drop][subnets accept][subnets drop][kill]PF: %s/%d unknown tag: '%s'PF: %s/%d line must begin with '+', '-', or '[' : '%s'PF: %s: missing [end]PF: %s: cannot openPF: %s: duplicate common name in [clients] section: '%s'PF: %s rejected due to %d error(s)[SERVER-PF]pf-killpf_check_reloadping.cSENT PING%sInactivity timeout (--ping-exit), exiting%sInactivity timeout (--ping-restart), restarting*{d- HPLUGIN_INIT: POST %s '%s' intercepted=%s %sPLUGIN_INIT: plugin %s expressed interest in unsupported plugin types: [want=0x%08x, have=0x%08x]PLUGIN_INIT: plugin initialization function failed: %sOPENVPN_PLUGIN_ENABLE_PFPLUGIN_???PLUGIN_UPPLUGIN_DOWNPLUGIN_ROUTE_UPPLUGIN_IPCHANGEPLUGIN_TLS_VERIFYPLUGIN_AUTH_USER_PASS_VERIFYPLUGIN_CLIENT_CONNECTPLUGIN_CLIENT_DISCONNECTPLUGIN_LEARN_ADDRESSPLUGIN_TLS_FINALPLUGIN_RETURN_PRINT %sPLUGIN #%d (%s)[%d] '%s' -> '%s' PLUGIN_CLOSE: %sPLUGIN_CLOSE: dlclose() failed on plugin: %s%s[%d] = '%s'ARGVENVPPLUGIN: could not find required symbol '%s' in plugin shared object %s: %s plugin[%d] %s '%s'plugin.cPLUGIN_CALL: PRE type=%sPLUGIN_CALL: POST %s/%s status=%dPLUGIN_CALL: plugin function %s failed with status %d: %sPLUGIN_INIT: PRE[RETLIST]PLUGIN_INIT: could not load plugin shared object %s: %sopenvpn_plugin_open_v1openvpn_plugin_open_v2openvpn_plugin_func_v1openvpn_plugin_func_v2openvpn_plugin_close_v1openvpn_plugin_abort_v1openvpn_plugin_client_constructor_v1openvpn_plugin_client_destructor_v1openvpn_plugin_min_version_required_v1openvpn_plugin_select_initialization_point_v1PLUGIN: symbol openvpn_plugin_open_vX is undefined in plugin: %sPLUGIN: symbol openvpn_plugin_func_vX is undefined in plugin: %sPLUGIN_INIT: plugin needs interface version %d, but this version of OpenVPN only supports version %d: %sWARNING: plugin '%s' specified by a relative pathname -- using an absolute pathname would be more secure]x]]]]]H]]T]H]`]l]pool.cIFCONFIG POOL: base=%s size=%d--ifconfig-pool start IP [%s] is greater than end IP [%s]--ifconfig-pool address range is too large [%s -> %s]. Current maximum is %d addresses, as defined by IFCONFIG_POOL_MAX variable.IFCONFIG POOL LISTPROXY: automatic detection not supported on this OSHTTP Proxyproxy.crecv_line: TCP port read timeout expiredrecv_line: TCP port read failed on select()recv_line: TCP port read failed on recv()recv_line: Non-ASCII character (%d) read on recv()HTTP_PROXY: server not specifiedntlmntlm2ERROR: unknown HTTP authentication method: '%s'send_line: TCP port write failed on send()CONNECT %s:%d HTTP/%sSend to HTTP proxy: '%s'User-Agent: %sProxy-Authorization: Basic %sAttempting Basic Proxy-AuthorizationProxy-Connection: Keep-AliveProxy-Authorization: NTLM %sAttempting NTLM Proxy-Authorization phase 1HTTP proxy returned: '%s'%*s %dProxy requires authentication%%*s NTLM %%%dsauth string: '%s'Received NTLM Proxy-Authorization phase 2 responseHost: %sAttempting NTLM Proxy-Authorization phase 3NTLM Proxy-Authorization phase 3 failed: received corrupted data from proxy serverrealmnoncealgorithmopaque, opaque="%s"00000001%s %s HTTP/%sProxy-Authorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", qop=%s, nc=%s, cnonce="%s", response="%s"%sProxy-Authenticate: Basic PROXY AUTH BASIC: '%s'Digest PROXY AUTH DIGEST: '%s'NTLMPROXY AUTH HTLM: '%s'HTTP proxy authenticate '%s'HTTP proxy: support for basic auth and other cleartext proxy auth methods is disabledHTTP proxy: do not recognize the authentication method required by proxyHTTP proxy: no support for proxy authentication methodHTTP proxy returned bad statusPORT SHARE PROXY: unexpected status=%dPORT SHARE PROXY: delete sd=%dPORT SHARE PROXY: partial write[%d], tried=%d got=%dPORT SHARE: sendmsg sd=%d len=%dPORT SHARE: sendmsg failed (unable to communicate with background process)PORT SHARE: waiting for background process to exitPORT SHARE: background process exitedPORT SHARE: socketpair call failedPORT SHARE PROXY: proxy startingPORT SHARE PROXY: RECEIVED sd=%dPORT SHARE PROXY: connect to port-share server failedPORT SHARE PROXY: connect to port-share server succeededPORT SHARE PROXY: NEW CONNECTION [c=%d s=%d]PORT SHARE PROXY: RECEIVED COMMAND_EXITPORT SHARE PROXY: event_wait failedPORT SHARE PROXY: proxy exitingConnection reset command was pushed by serverserver-pushed-connection-resetPUSH OPTION FAILED (illegal comma (',') in string): '%s'push.cPUSH_REQUESTAUTH: Received AUTH_FAILED control messageauth-failureAUTH_FAILED,Auth[PUSH_ROUTE_REMOVE]255.255.255.255REMOVE PUSH ROUTE: '%s',push-continuation 2--push option is too long,ifconfig %s %s,push-continuation 1PUSH_REPLYPUSH: Received control message: '%s'WARNING: Received bad push/pull message: %sAUTH_FAILEDreliable.cACK reliable_schedule_nowACK received for pid %u, deleting from send bufferACK acknowledge ID %u (ack->len=%d)ACK acknowledge ID %u FAILED (ack->len=%d)ACK mark active outgoing ID %u[%u] %uACK reliable_send_timeout %d %sACK mark active incoming ID %uACK reliable_send ID %u (size=%d to=%d)ACK reliable_can_send active=%d current=%d : %sACK output sequence broken: %sACK %u breaks sequentiality: %sACK RWBS rel->size=%d rel->packet_id=%08x id=%08x ret=%d ACK %u is a replay: %sACK no free receive buffer available: %sACK write ID %u (ack->len=%d, n=%d)ACK read ID %u (buf->len=%d)ACK read ID FAILED (buf->len=%d)ACK read BAD SESSION-ID FROM REMOTE, local=%s, remote=%snilOpenVPN ROUTE: cannot add more than %d routes -- please increase the max-routes option in the client configuration file [redirect_default_gateway local=%d] route %s/%s/%s/%sROUTE network %s netmask %s gateway %s metric %dvpn_gatewayOpenVPN ROUTE: vpn_gateway undefinednet_gatewayOpenVPN ROUTE: net_gateway undefined -- unable to get default gateway from systemremote_hostOpenVPN ROUTE: remote_host undefineddefaultOpenVPN ROUTE: (copy) number of route options in src (%d) is greater than route list capacity in dest (%d)/proc/net/route%*s %x %x %*s %*s %*s %d %xGDG: route[%d] %s/%s/%s m=%uGDG: best=%s[%d] lm=%uGDGMA: get_default_gateway failedGDGMA: socket() failedGDGMA: ioctl(SIOCGIFCONF) failedGDGMA: %sGDGMA: SIOCGIFFLAGS(%s) failedGDGMA: interface %s is down or loopbackGDGMA: SIOCGIFNETMASK(%s) failedGDGMA: gwip=0x%08x ina=0x%08x mask=0x%08xGDGMA: couldn't find gw interfaceGDGMA: SIOCGIFHWADDR(%s) failedroute_%s_%droute_%sROUTE default_gateway=%sROUTE: default_gateway=UNDEFROUTE: bypass_host_route[%d]=%sOpenVPN ROUTE: failed to parse/resolve default gateway: %sOpenVPN ROUTE: OpenVPN needs a gateway parameter for a --route option and no default was specified by either --route-gateway or --ifconfig optionsOpenVPN ROUTE: route metric for network %s (%s) must be >= 0OpenVPN ROUTE: failed to parse/resolve route for host/network: %sOpenVPN ROUTE: routes dropped because number of expanded routes is greater than route list capacity (%d)%s del -net %s netmask %s/sbin/routemetric %dERROR: Linux route delete command failedOpenVPN ROUTE: omitted no-op route: %s/%s -> %s%s add -net %s netmask %s gw %sERROR: Linux route add command failed%s VPN gateway parameter (--route-gateway or --ifconfig) is missing%s Cannot read current default gateway from system%s Cannot obtain current remote host addressROUTE remote_host is NOT LOCALROUTE remote_host is LOCALNOTE: unable to redirect default gateway --networknetmaskroute_metric_%dSCHEDULE: %s wakeup=[%s] pri=%uSCHEDULE: %s NULLschedule_find_leastschedule.cschedule_add_modifyOutput Traffic Shaping initialized at %d bytes per secondprocess%s[%s,%s] received, %s exiting%s[%s,%s] received, %s restartingUnknown signal %d [%s,%s] received by %sUnknown signal receivedhardsoftsig.cexit-with-notificationOpenVPN STATISTICSTUN/TAP read bytes,%lluTUN/TAP write bytes,%lluTCP/UDP read bytes,%lluTCP/UDP write bytes,%lluAuth read bytes,%lluSIGTERM received, sending exit notification to peerSIGINTsigintsigtermsighupSIGUSR1sigusr1SIGUSR2sigusr2[unknown protocol]ERROR: received strange incoming packet with an address length of %d -- we only accept address lengths of %d.Cannot create unix domain socketsocket.cTCP/UDP: No outgoing address to send packetSTREAM: WRITE %d offset=%d[undef] (via %s)%s_ip%s_portSTREAM: RESETSTREAM: INIT maxlen=%dCannot create TCP socketTCP: Cannot setsockopt SO_REUSEADDR on TCP socketNOTE: setsockopt TCP_NODELAY=%d failedSocket flags: TCP_NODELAY=%d succeededNOTE: setsockopt SO_SNDBUF=%d failedNOTE: setsockopt SO_RCVBUF=%d failedSocket Buffers: R=[%d->%d] S=[%d->%d]TCP: getpeername() failedTCP: accept(%d) failedTCP: Received strange incoming connection with unknown address length=%dTCP/UDP: Closing socketTCP/UDP: Close Socket failedTCP/UDP: Close Socket (ctrl_sd) failedS%sS?%s: Socket bind failed on local address %s: %sTCP connection established with %sListening for incoming TCP connection on %sTCP: listen() failedRESOLVE: Cannot resolve host address: %s: %sRESOLVE: Cannot resolve host address: %s: %s (I would have retried this name query if you had specified the --resolv-retry option.)RESOLVE: Cannot parse IP address: %sRESOLVE: Ignored SIGUSR1 signal received during DNS resolution attempt[TRY_AGAIN] A temporary error occurred on an authoritative name server.[unknown h_errno value][HOST_NOT_FOUND] The specified host is unknown.[NO_DATA] The requested name is valid but does not have an IP address.[NO_RECOVERY] A non-recoverable name server error occurred.RESOLVE: Sorry, but we only accept IPv4 DNS names: %sRESOLVE: NOTE: %s resolves to %d addressesRESOLVE: signal received during DNS resolution attemptAttempting to establish TCP connection with %s [nonblock]TCP: connect to %s failed, will try again in %d seconds: %sTCP ClientTCP: select() failedTCP NOTE: Rejected connection attempt from %s due to --remote settingTCP: close socket failed (new_sd)TCP: close socket failed (sd)Peer Connection Initiated with %sWARNING: ipchange plugin call failedip-change command failed%s: Socket bind[%d] failed on unix domain socket %s: %sTCP/UDP: Incoming packet rejected from %s[%d], expected peer address: %s (allow this incoming source address/port by removing --remote or adding --float)RESOLVE_REMOTE flags=0x%04x phase=%d rrs=%d sig=%d status=%dTCP/UDP: Preserving recently used remote address: %sTCP/UDP: Dynamic remote address changed during TCP connection establishment%s link local: [inetd] (bound)%s link local%s: %s%s link remote: %sUDP: Cannot create UDP socketSOCKSSTREAM: ADD length_added=%dNon-OpenVPN client protocol detectedWARNING: Bad encapsulated packet length from peer (%d), which must be > 0 and <= %d -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attemping restart...]STREAM: ADD returned TRUE, buf_len=%d, residual_len=%dSTREAM: ADD returned FALSE (have=%d need=%d)STREAM: SET NEXT, buf=[%d,%d] next=[%d,%d] len=%d maxlen=%dSTREAM: GET NEXT len=%dSTREAM: GET FINAL len=%dYESNOSTREAM: RESIDUAL FULLY FORMED [%s], len=%dudpUDPv4tcp-serverTCPv4_SERVERTCPv4_CLIENTtcpTCPv4(((recv_socks_reply: TCP port read timeout expiredrecv_socks_reply: TCP port read failed on select()recv_socks_reply: TCP port read failed on recv()recv_socks_reply: Socks proxy returned bad address typerecv_socks_reply: Socks proxy returned bad replysocks_handshake: TCP port write failed on send()socks_handshake: TCP port read timeout expiredsocks_handshake: TCP port read failed on select()socks_handshake: TCP port read failed on recv()socks_handshake: Socks proxy returned bad statusestablish_socks_proxy_passthru: TCP port write failed on send()socks.cError parsing PKCS#12 file %sCannot use certificateCannot use private keyPrivate key does not match the certificateCannot add certificate to certificate chain (X509_STORE_add_cert)Cannot add certificate to client CA list (SSL_CTX_add_client_CA)Cannot load inline certificate fileCannot load certificate file %sCannot load private key file %sCannot load CA certificate file %s path %s (SSL_CTX_load_verify_locations)WARNING: experimental option --capath %sCannot get certificate store (SSL_CTX_get_cert_store)Cannot load CA certificate file %s (SSL_load_client_CA_file)Cannot load certificate chain file %s (SSL_use_certificate_chain_file)WARNING: POTENTIALLY DANGEROUS OPTION --client-cert-not-required may accept clients which do not present a certificateProblem with cipher list: %sCLIENTSERVERS_ERRORS_???S_UNDEFS_INITIALS_PRE_STARTS_STARTS_SENT_KEYS_GOT_KEYS_ACTIVES_NORMAL_OPP_DATA_V1P_???P_CONTROL_HARD_RESET_CLIENT_V1P_CONTROL_HARD_RESET_SERVER_V1P_CONTROL_HARD_RESET_CLIENT_V2P_CONTROL_HARD_RESET_SERVER_V2P_CONTROL_SOFT_RESET_V1P_CONTROL_V1P_ACK_V1TM_LAME_DUCKTM_???TM_ACTIVETM_UNTRUSTED [key#%d state=%s id=%d sid=%s]ssl.cTLS ERROR: BIO write %s errorTLS ERROR: BIO write %s incomplete %d/%dBIO write %s %d bytestls_write_plaintext_constError creating %s BIOTLS_ERROR: BIO read %s errorBIO read %s %d bytesuntrustedCannot create SSL_CTX objectCannot create SSL objectAvailable TLS Ciphers,listed in order of preference: connectacceptundefinedSSL state (%s): %sSSL alert (%s): %s: %sGenerating temp (%d bit) RSA keyCertificate does not have key usage extensionValidating certificate key usage++ Certificate has key usage %04x, expects %04xCertificate does not have extended key usage extensionValidating certificate extended key usage++ Certificate has EKU (str) %s, expects %s++ Certificate has EKU (oid) %s, expects %sPrivate Keystruct session *SSL_CTX_new TLSv1_server_methodCannot open memory BIO for inline DH parametersCannot open %s for DH parametersCannot load DH parameters from %sSSL_CTX_set_tmp_dhDiffie-Hellman initialized with %d bit keySSL_CTX_new TLSv1_client_methodrbError opening file %sError reading PKCS#12 file %sVERIFY ERROR: depth=%d, could not extract X509 subject string from certificateX509_%d_%sCNVERIFY ERROR: could not extract Common Name from X509 subject string ('%s') -- note that the Common Name length is limited to %d charactersVERIFY ERROR: depth=%d, error=%s: %sTLS Error: Convoluted certificate chain detected with depth [%d] greater than %dtls_id_%dtls_serial_%dVERIFY OK: nsCertType=%sVERIFY nsCertType ERROR: %s, require nsCertType=%sVERIFY KU OKVERIFY KU ERRORVERIFY EKU OKVERIFY EKU ERRORVERIFY X509NAME OK: %sVERIFY X509NAME ERROR: %s, must be %sVERIFY PLUGIN OK: depth=%d, %sVERIFY PLUGIN ERROR: depth=%d, %s%sc %d %sTLS: executing verify commandVERIFY SCRIPT OK: depth=%d, %sVerify command failed to executeVERIFY SCRIPT ERROR: depth=%d, %sCRL: BIO errCRL: cannot read: %sCRL: cannot read CRL from file %sCRL: CRL %s is from a different issuer than the issuer of certificate %sCRL CHECK FAILED: %s is REVOKEDCRL CHECK OK: %sVERIFY OK: depth=%d, %stls1_P_hash sec: %stls1_P_hash seed: %stls1_P_hash out: %s%s pre_master: %s%s random1: %s%s random2: %sTLS: tls_pre_encrypt: key_id=%dTLS Warning: no data channel send key available: %sTLS Error: cannot locate HMAC in incoming packet from %sTLS Error: incoming packet authentication failed from %sTLS State Error: No TLS state for client %s, opcode=%dTLS State Error: Unknown key ID (%d) received from %s -- 0 was expectedTLS State Error: Large packet (size %d) received from %s -- a packet no larger than %d bytes was expectedSSL_new failedssl_bioct_inct_outTLS: tls_session_init: entryTLS: tls_session_init: new session object, sid=%sTLS: move_session: dest=%s src=%s reinit_src=%dTLS: move_session: exitDATA UNDEF len=%d%s kid=%d tls_hmac=%s pid=%s pid=%u DATA %s DATA len=%dERROR: Random number generator cannot obtain entropy for key generation [SSL]tls1_PRF out[%d]: %sServerOpenVPN master secretOpenVPN key expansionMaster EncryptMaster DecryptTLS Error: Bad dynamic key generatedData Channel EncryptData Channel DecryptTLS ERROR: Unknown key_method/flags=%d received from remote hostTLS Error: Error reading remote data channel key source entropy from plaintext bufferTLS Error: Failed to read required OCC options stringTLS Error: Auth Username/Password was not provided by peerTLS Auth Error (verify_user_pass_management): peer provided a blank usernameacfauth_control_fileTLS Auth Error (verify_user_pass_plugin): peer provided a blank usernameuser-pass-verifyTLS Auth Error: could not write username/password to file: %sTLS Auth Error: user-pass-verify script failed to executeTLS Auth Error: peer provided a blank usernameTLS Auth Error: --username-as-common name specified and username is longer than the maximum permitted Common Name length of %d charactersTLS Auth Error: username attempted to change from '%s' to '%s' -- tunnel disableddeferred[CN SET]TLS: Username/Password authentication %s for username '%s' %sTLS Auth Error: Auth Username/Password verification failed for peerTLS Error: Certificate verification failed (key-method 2)TLS Auth Error: TLS object CN attempted to change from '%s' to '%s' -- tunnel disabledTLS Auth Error: TLS object CN=%s client-provided SSL certs unexpectedly changed during mid-session reauthTLS Auth Error: --client-config-dir authentication failed for common name '%s' file='%s'Option inconsistency warnings triggering disconnect due to --opt-verifyTLS Error: client generate_key_expansion failedTLS: tls_pre_decrypt, key_id=%d, IP=%sTLS Error: local/remote TLS keys are out of sync: %s [%d]TLS Error: unknown opcode received from %s op=%dTLS Error: client->client or server->server connection attempted from %sTLS: control channel, op=%s, IP=%sTLS Error: session-id not found in packet from %sTLS: initial packet test, i=%d state=%s, mysid=%s, rec-sid=%s, rec-ip=%s, stored-sid=%s, stored-ip=%sTLS ERROR: received control packet with stale session-id=%sTLS: found match, session[%d], sid=%sTLS ERROR: initial packet local/remote key_method mismatch, local key_method=%d, op=%sTLS Error: Cannot accept new session request from %s due to session context expire or --single-session [1]TLS: Initial packet from %s, sid=%sTLS Error: Cannot accept new session request from %s due to session context expire or --single-session [2]TLS ERROR: new session local/remote key_method mismatch, local key_method=%d, op=%sTLS: new session incoming connection from %sTLS Error: Unroutable control packet received from %s (si=%d op=%s)TLS Error: Received control packet from unexpected IP addr: %sTLS: received P_CONTROL_SOFT_RESET_V1 s=%d sid=%sTLS: received control channel packet s#=%d sid=%sTLS Error: Existing session control channel packet from unknown IP address: %sTLS ERROR: local/remote key IDs out of sync (%d/%d) ID: %sTLS Error: reading acknowledgement record from packetTLS: soft reset sec=%d bytes=%d/%d pkts=%d/%dTLS: tls_process: killed expiring keyTLS: tls_process: chg=%d ks=%s lame=%s to_link->len=%d wakeup=%dTLS: Initial Handshake, sid=%sTLS Error: TLS key negotiation failed to occur within %d seconds (check your network connectivity)STATE S_NORMAL_OPSTATE S_STARTSTATE S_ACTIVE%s %s, cipher %s %sControl Channel:, %d bit RSA, %d bit DSAReliable -> TCP/UDPtls_write_ciphertextTLS Error: Incoming Ciphertext -> TLS object write errorIncoming Ciphertext -> TLStls_read_plaintextTLS Error: TLS object -> incoming plaintext read errorTLS -> Incoming PlaintextTLS Error: Bad encrypting key generatedTLS Error: write_key failedTLS Error: KM1 write options failedIV_VER=%s IV_PLAT=linux IV_HWADDR=%s UV_TLS Error: server generate_key_expansion failedTLS Error: Key Method #2 write failedSTATE S_SENT_KEYTLS Error: Certificate verification failed (key-method 1)TLS Error: Error reading data channel key from plaintext bufferTLS Error: Bad decrypting key received from peerTLS Error: Missing options stringSTATE S_GOT_KEYtls_write_plaintextTLS ERROR: Outgoing Plaintext -> TLS object write errorOutgoing Plaintext -> TLStls_read_ciphertextTLS Error: Ciphertext -> reliable TCP/UDP transport read errorOutgoing Ciphertext -> ReliableDedicated ACK -> TCP/UDPTLS: tls_process: timeout set to %dTLS Error: TLS handshake failedTLS: tls_multi_process: i=%d state=%s, mysid=%s, stored-sid=%s, stored-ip=%sTLS: tls_multi_process: killed expiring keysemi-TLS: tls_multi_process: untrusted session promoted to %strustedԼȼ4@|pdXLstatus.cREAD/WRITEWRITEREADNote: cannot open %s for %sError: problem with tun vs. tap settingNOTE: explicit support for IPv6 tun devices is not provided for this OSnulltun.c[unknown-dev-type]NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.T%sT?/dev/net/tunNote: Cannot open TUN/TAP dev %sI don't recognize device %s as a tun or tap deviceNote: Cannot ioctl TUNSETIFF %sTUN/TAP device %s openedTUN/TAP TX queue length set to %dNote: Cannot set tx queue length on %sNote: Cannot open control socket on %sNote: Attempting fallback to kernel 2.2 TUN/TAP interface/dev/%s/dev/%s%d%s%dTried opening %s (failed)Cannot allocate TUN/TAP dev dynamicallyCannot open TUN/TAP dev %sWARNING: potential %s subnet conflict between local LAN [%s/%s] and remote VPN [%s/%s]WARNING: --%s address [%s] conflicts with --ifconfig address pair [%s, %s]. %sWARNING: potential conflict between --%s address [%s] and --ifconfig address pair [%s, %s] -- this is a warning only that is triggered when local/remote addresses exist within the same /24 subnet as --ifconfig endpoints. %sWARNING: --%s address [%s] conflicts with --ifconfig subnet [%s, %s] -- local and remote addresses cannot be inside of the --ifconfig subnet. %s%s %s 0.0.0.0Linux ip addr del failedCannot ioctl TUNSETPERSIST(%d) %sCannot get user entry for %sCannot ioctl TUNSETOWNER(%s) %sCannot get group entry for %sPersist state set to: %s%s %s %s pointopoint %s mtu %d%s %s %s netmask %s mtu %d broadcast %sLinux ifconfig failedWARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You are using something (%s) that looks more like a netmask. %sWARNING: Since you are using --dev tap, the second argument to --ifconfig must be a netmask, for example something like 255.255.255.0. %sTUN/TAP adapterifconfig_localifconfig_remoteifconfig_netmaskifconfig_broadcast(silence this warning with --ifconfig-nowarn)H HH$H4HDHTHhH|HHHHĨHԨHH I(II0II8I@IHIPIXIIIII H,IC}Cd@ElSGĀFxF@HdABFtF@BF{A(pBB6ClC@HBBt D@l=CBtA@@HCC FH>H>H@FXA>HF$hC K>H>H4!HDACGxF>H>HA|}B1CAT@\BeB@@F0BhCp>HPB`>HYFB0A/H(DP>HC GJAbFKCHGC@>H0>H,0F >H>H2G>H=H=H||A=Hl4C$F_BGF A=HC C$B=H=H=H=HxnDp=H@CA`=HKAE̶@C@ECP=HHFFE D@=HE0FԌE$FP%GF0=H =HE=H=HEECx?C8@@CXCC0EC(FC(GC?HHCHJC0JC0KChSCl[C([C(\C@\C@]C?8d_C0`C?@@bC0`cCpfC0gC$hC@hC((iCXiC?P4kCPkC(kChlC lCmC(mC(nC0pC?H tChwCxC0xC@zC?H|C}C}C}C |~C~C C pC(PC?HĄC@̆CXC( CșC0dC(CC( CH@C8C(DC@C@C hCXаCܰCCCHCTC(CCXC(G>G?G(?G?8 AG(AG hBG(8CGlCG CGDG(EGEG0GG(HGHxKG@NG8PG$QGhQG QG(RG(lSGXfG0\hG|G8~G( G( G?XGG@G8PGPG`G0LG@G(DG8G(@GHGG0ХG ,G0XG(Gp\GGxGG0GtG\H` H84H(0HhHH(H?HH H8HHH8H8TH H `HH H@H(H(H H0H84!H)HX@+HX.H@/HX 3Hh85HP9H:H?8:H.shstrtab.interp.note.ABI-tag.reginfo.dynamic.hash.dynsym.dynstr.gnu.version.gnu.version_r.init.text.MIPS.stubs.fini.rodata.eh_frame.ctors.dtors.jcr.data.rel.ro.data.rld_map.got.sbss.bss.comment.gnu.attributes.mdebug.abi32.pdr t@t @ !p@*@3@p 9 <#@<#0AAld@ldCIo@&Vo@e@k0@0q0;H0;}LHLX0MH0M@pIp HJH PJP XJX \J\ J J J ` K  <`K  L  o @  ~Ј