The use of ROUTE or -r may no longer be needed, try it without!
WARNING: ip6tables disabled!
Run 'sudo modprobe ip6table_filter' on your host
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
ip6tables v1.8.6 (legacy): can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
modprobe: can't change directory to '/lib/modules': No such file or directory
modprobe: can't change directory to '/lib/modules': No such file or directory
ip6tables v1.8.6 (legacy): can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
The use of ROUTE or -r may no longer be needed, try it without!
Dump terminated
+ exec sg vpn -c 'openvpn --cd /vpn --config /vpn/HotspotShield_ES_v4.ovpn --script-security 2 --redirect-gateway def1 --route-up '\''/bin/sh -c " iptables -A OUTPUT -d 127.0.0.11 -j ACCEPT"'\'' --route-pre-down '\''/bin/sh -c " iptables -D OUTPUT -d 127.0.0.11 -j ACCEPT"'\'' --auth-user-pass /vpn/vpn.auth                 '
2022-11-03 16:52:33 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2022-11-03 16:52:33 WARNING: file '/vpn/vpn.auth' is group or others accessible
2022-11-03 16:52:33 OpenVPN 2.5.0 aarch64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
2022-11-03 16:52:33 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
2022-11-03 16:52:33 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2022-11-03 16:52:33 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2022-11-03 16:52:33 TCP/UDP: Preserving recently used remote address: [AF_INET]82.102.26.165:8041
2022-11-03 16:52:33 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-11-03 16:52:33 UDP link local: (not bound)
2022-11-03 16:52:33 UDP link remote: [AF_INET]82.102.26.165:8041
2022-11-03 16:52:33 TLS: Initial packet from [AF_INET]82.102.26.165:8041, sid=2d410d6a eebf17ff
2022-11-03 16:52:33 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2022-11-03 16:52:33 VERIFY OK: depth=2, C=US, O=Internet Security Research Group, CN=ISRG Root X1
2022-11-03 16:52:33 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=R3
2022-11-03 16:52:33 VERIFY KU OK
2022-11-03 16:52:33 Validating certificate extended key usage
2022-11-03 16:52:33 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-11-03 16:52:33 VERIFY EKU OK
2022-11-03 16:52:33 VERIFY X509NAME OK: CN=gold-holdings.us
2022-11-03 16:52:33 VERIFY OK: depth=0, CN=gold-holdings.us
2022-11-03 16:52:33 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1569'
2022-11-03 16:52:33 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
2022-11-03 16:52:33 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
2022-11-03 16:52:33 [gold-holdings.us] Peer Connection Initiated with [AF_INET]82.102.26.165:8041
2022-11-03 16:52:35 SENT CONTROL [gold-holdings.us]: 'PUSH_REQUEST' (status=1)
2022-11-03 16:52:35 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,explicit-exit-notify,sndbuf 16384,rcvbuf 262144,dhcp-option DISABLE-NBT,redirect-gateway def1 bypass-dhcp,route-delay 5,inactive 172800 2048,route-gateway 10.254.128.1,topology subnet,ping 10,ping-restart 120,compress lz4-v2,ifconfig 10.254.128.3 255.255.128.0,peer-id 2,cipher AES-256-GCM'
2022-11-03 16:52:35 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
2022-11-03 16:52:35 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-11-03 16:52:35 OPTIONS IMPORT: timers and/or timeouts modified
2022-11-03 16:52:35 OPTIONS IMPORT: explicit notify parm(s) modified
2022-11-03 16:52:35 OPTIONS IMPORT: compression parms modified
2022-11-03 16:52:35 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2022-11-03 16:52:35 Socket Buffers: R=[212992->425984] S=[212992->32768]
2022-11-03 16:52:35 OPTIONS IMPORT: --ifconfig/up options modified
2022-11-03 16:52:35 OPTIONS IMPORT: route options modified
2022-11-03 16:52:35 OPTIONS IMPORT: route-related options modified
2022-11-03 16:52:35 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2022-11-03 16:52:35 OPTIONS IMPORT: peer-id set
2022-11-03 16:52:35 OPTIONS IMPORT: adjusting link_mtu to 1656
2022-11-03 16:52:35 OPTIONS IMPORT: data channel crypto options modified
2022-11-03 16:52:35 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-11-03 16:52:35 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-03 16:52:35 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-11-03 16:52:35 ROUTE_GATEWAY 172.23.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:17:00:02
2022-11-03 16:52:35 TUN/TAP device tun0 opened
2022-11-03 16:52:35 /sbin/ip link set dev tun0 up mtu 1500
2022-11-03 16:52:35 /sbin/ip link set dev tun0 up
2022-11-03 16:52:35 /sbin/ip addr add dev tun0 10.254.128.3/17
2022-11-03 16:52:40 /sbin/ip route add 82.102.26.165/32 via 172.23.0.1
2022-11-03 16:52:40 /sbin/ip route add 0.0.0.0/1 via 10.254.128.1
2022-11-03 16:52:40 /sbin/ip route add 128.0.0.0/1 via 10.254.128.1
2022-11-03 16:52:40 Initialization Sequence Completed