CLIENT AND SERVER SIDE LOGS. NO ERRORS THAT I SEE. ONLY THING I SEE WHICH I DON'T UNDERSTAND IS ON CLIENT I SET "Legacy/fallback cipher" AS AES 256 CBC" BUT ON SERVER LOG IT SAYS "Cipher 'AES-128-GCM' initialized with 128 bit key". I would expect that to be AES 256....maybe not though.
CLIENT LOG
Jul 19 22:43:18 rc_service: httpd 287:notify_rc start_vpnclient2
Jul 19 22:43:20 ovpn-client2[7195]: OpenVPN 2.4.6 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 12 2018
Jul 19 22:43:20 ovpn-client2[7195]: library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.08
Jul 19 22:43:20 ovpn-client2[7196]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jul 19 22:43:20 ovpn-client2[7196]: TCP/UDP: Preserving recently used remote address: [AF_INET]73.XXX.XXX.158:443
Jul 19 22:43:20 ovpn-client2[7196]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Jul 19 22:43:20 ovpn-client2[7196]: UDP link local: (not bound)
Jul 19 22:43:20 ovpn-client2[7196]: UDP link remote: [AF_INET]73.XXX.XXX.158:443
Jul 19 22:43:20 ovpn-client2[7196]: TLS: Initial packet from [AF_INET]73.XXX.XXX.158:443, sid=51c55cb4 a1141dc0
Jul 19 22:43:21 ovpn-client2[7196]: VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
Jul 19 22:43:21 ovpn-client2[7196]: VERIFY KU OK
Jul 19 22:43:21 ovpn-client2[7196]: Validating certificate extended key usage
Jul 19 22:43:21 ovpn-client2[7196]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Jul 19 22:43:21 ovpn-client2[7196]: VERIFY EKU OK
Jul 19 22:43:21 ovpn-client2[7196]: VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
Jul 19 22:43:21 ovpn-client2[7196]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Jul 19 22:43:21 ovpn-client2[7196]: [RT-AC68U] Peer Connection Initiated with [AF_INET]73.XXX.XXX.158:443
Jul 19 22:43:22 ovpn-client2[7196]: SENT CONTROL [RT-AC68U]: 'PUSH_REQUEST' (status=1)
Jul 19 22:43:22 ovpn-client2[7196]: PUSH: Received control message: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0 vpn_gateway 500,dhcp-option DNS 192.168.2.1,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.3 255.255.255.0,peer-id 1,cipher AES-128-GCM'
Jul 19 22:43:22 ovpn-client2[7196]: OPTIONS IMPORT: timers and/or timeouts modified
Jul 19 22:43:22 ovpn-client2[7196]: OPTIONS IMPORT: --ifconfig/up options modified
Jul 19 22:43:22 ovpn-client2[7196]: OPTIONS IMPORT: route options modified
Jul 19 22:43:22 ovpn-client2[7196]: OPTIONS IMPORT: route-related options modified
Jul 19 22:43:22 ovpn-client2[7196]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jul 19 22:43:22 ovpn-client2[7196]: OPTIONS IMPORT: peer-id set
Jul 19 22:43:22 ovpn-client2[7196]: OPTIONS IMPORT: adjusting link_mtu to 1625
Jul 19 22:43:22 ovpn-client2[7196]: OPTIONS IMPORT: data channel crypto options modified
Jul 19 22:43:22 ovpn-client2[7196]: Data Channel: using negotiated cipher 'AES-128-GCM'
Jul 19 22:43:22 ovpn-client2[7196]: Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Jul 19 22:43:22 ovpn-client2[7196]: Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Jul 19 22:43:22 ovpn-client2[7196]: TUN/TAP device tun12 opened
Jul 19 22:43:22 ovpn-client2[7196]: TUN/TAP TX queue length set to 100
Jul 19 22:43:22 ovpn-client2[7196]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jul 19 22:43:22 ovpn-client2[7196]: /usr/sbin/ip link set dev tun12 up mtu 1500
Jul 19 22:43:22 ovpn-client2[7196]: /usr/sbin/ip addr add dev tun12 10.8.0.3/24 broadcast 10.8.0.255
Jul 19 22:43:24 ovpn-client2[7196]: /usr/sbin/ip route add 73.XXX.XXX.158/32 via 73.202.166.1
Jul 19 22:43:24 ovpn-client2[7196]: /usr/sbin/ip route add 0.0.0.0/1 via 10.8.0.1
Jul 19 22:43:24 ovpn-client2[7196]: /usr/sbin/ip route add 128.0.0.0/1 via 10.8.0.1
Jul 19 22:43:24 ovpn-client2[7196]: /usr/sbin/ip route add 192.168.2.0/24 metric 500 via 10.8.0.1
Jul 19 22:43:24 openvpn-routing: Configuring policy rules for client 2
Jul 19 22:43:25 ovpn-client2[7196]: Initialization Sequence Completed
SERVER LOG
Jul 19 22:43:06 ovpn-server1[6586]: client/73.XXX.XXX.147 [client] Inactivity timeout (--ping-restart), restarting
Jul 19 22:43:06 ovpn-server1[6586]: client/73.XXX.XXX.147 SIGUSR1[soft,ping-restart] received, client-instance restarting
Jul 19 22:43:20 ovpn-server1[6586]: 73.XXX.XXX.147 TLS: Initial packet from [AF_INET6]::ffff:73.XXX.XXX.147:56159, sid=f4450c46 f3e53733
Jul 19 22:43:21 ovpn-server1[6586]: 73.XXX.XXX.147 VERIFY OK: depth=1, C=TW, ST=TW, L=Taipei, O=ASUS, CN=RT-AC68U, emailAddress=me@myhost.mydomain
Jul 19 22:43:21 ovpn-server1[6586]: 73.XXX.XXX.147 VERIFY OK: depth=0, C=TW, ST=TW, L=Taipei, O=ASUS, CN=client, emailAddress=me@myhost.mydomain
Jul 19 22:43:21 ovpn-server1[6586]: 73.XXX.XXX.147 peer info: IV_VER=2.4.6
Jul 19 22:43:21 ovpn-server1[6586]: 73.XXX.XXX.147 peer info: IV_PLAT=linux
Jul 19 22:43:21 ovpn-server1[6586]: 73.XXX.XXX.147 peer info: IV_PROTO=2
Jul 19 22:43:21 ovpn-server1[6586]: 73.XXX.XXX.147 peer info: IV_NCP=2
Jul 19 22:43:21 ovpn-server1[6586]: 73.XXX.XXX.147 peer info: IV_LZ4=1
Jul 19 22:43:21 ovpn-server1[6586]: 73.XXX.XXX.147 peer info: IV_LZ4v2=1
Jul 19 22:43:21 ovpn-server1[6586]: 73.XXX.XXX.147 peer info: IV_LZO=1
Jul 19 22:43:21 ovpn-server1[6586]: 73.XXX.XXX.147 peer info: IV_COMP_STUB=1
Jul 19 22:43:21 ovpn-server1[6586]: 73.XXX.XXX.147 peer info: IV_COMP_STUBv2=1
Jul 19 22:43:21 ovpn-server1[6586]: 73.XXX.XXX.147 peer info: IV_TCPNL=1
Jul 19 22:43:21 ovpn-server1[6586]: 73.XXX.XXX.147 PLUGIN_CALL: POST /usr/lib/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=0
Jul 19 22:43:21 ovpn-server1[6586]: 73.XXX.XXX.147 TLS: Username/Password authentication succeeded for username 'jXXX_TV'
Jul 19 22:43:21 ovpn-server1[6586]: 73.XXX.XXX.147 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Jul 19 22:43:21 ovpn-server1[6586]: 73.XXX.XXX.147 [client] Peer Connection Initiated with [AF_INET6]::ffff:73.XXX.XXX.147:56159
Jul 19 22:43:21 ovpn-server1[6586]: client/73.XXX.XXX.147 MULTI_sva: pool returned IPv4=10.8.0.3, IPv6=(Not enabled)
Jul 19 22:43:21 ovpn-server1[6586]: client/73.XXX.XXX.147 MULTI: Learn: 10.8.0.3 -> client/73.XXX.XXX.147
Jul 19 22:43:21 ovpn-server1[6586]: client/73.XXX.XXX.147 MULTI: primary virtual IP for client/73.XXX.XXX.147: 10.8.0.3
Jul 19 22:43:22 ovpn-server1[6586]: client/73.XXX.XXX.147 PUSH: Received control message: 'PUSH_REQUEST'
Jul 19 22:43:22 ovpn-server1[6586]: client/73.XXX.XXX.147 SENT CONTROL [client]: 'PUSH_REPLY,route 192.168.2.0 255.255.255.0 vpn_gateway 500,dhcp-option DNS 192.168.2.1,redirect-gateway def1,route-gateway 10.8.0.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.8.0.3 255.255.255.0,peer-id 1,cipher AES-128-GCM' (status=1)
Jul 19 22:43:22 ovpn-server1[6586]: client/73.XXX.XXX.147 Data Channel: using negotiated cipher 'AES-128-GCM'
Jul 19 22:43:22 ovpn-server1[6586]: client/73.XXX.XXX.147 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Jul 19 22:43:22 ovpn-server1[6586]: client/73.XXX.XXX.147 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key