OpenVPN Stops working
-
Ifconfig (for the moment when it works):
tun0: flags=8051 <up,pointopoint,running,multicast>mtu 1500
inet6 fe80::215:17ff:fe62:a3e4%tun0 prefixlen 64 scopeid 0xb
inet xxx.xxx.x5x.1 –> xxx.xxx.x5x.2 netmask 0xffffffff
Opened by PID 418
tun1: flags=8051 <up,pointopoint,running,multicast>mtu 1500
inet6 fe80::215:17ff:fe62:a3e4%tun1 prefixlen 64 scopeid 0xc
inet xxx.xxx.x6x.1 --> xxx.xxx.x6x.2 netmask 0xffffffff
Opened by PID 431OpemVPN log
Aug 21 10:22:56 openvpn[431]: Initialization Sequence Completed
Aug 21 10:22:56 openvpn[431]: TCPv4_SERVER link remote: [undef]
Aug 21 10:22:56 openvpn[431]: TCPv4_SERVER link local (bound): [undef]:1195
Aug 21 10:22:56 openvpn[431]: Listening for incoming TCP connection on [undef]:1195
Aug 21 10:22:56 openvpn[418]: Initialization Sequence Completed
Aug 21 10:22:56 openvpn[418]: TCPv4_SERVER link remote: [undef]
Aug 21 10:22:56 openvpn[418]: TCPv4_SERVER link local (bound): [undef]:1194
Aug 21 10:22:56 openvpn[418]: Listening for incoming TCP connection on [undef]:1194
Aug 21 10:22:56 openvpn[431]: /etc/rc.filter_configure tun1 1500 1544 xxx.xxx.x6x.1 xxx.xxx.x6x.2 init
Aug 21 10:22:56 openvpn[431]: /sbin/ifconfig tun1 xxx.xxx.x6x.1 xxx.xxx.x6x.2 mtu 1500 netmask 255.255.255.255 up
Aug 21 10:22:56 openvpn[431]: TUN/TAP device /dev/tun1 opened
Aug 21 10:22:56 openvpn[431]: gw xxx.xxx.xxx.xxx
Aug 21 10:22:56 openvpn[431]: WARNING: file '/var/etc/openvpn_server1.key' is group or others accessible
Aug 21 10:22:56 openvpn[418]: /etc/rc.filter_configure tun0 1500 1544 xxx.xxx.x5x.1 xxx.xxx.x5x.2 init
Aug 21 10:22:56 openvpn[418]: /sbin/ifconfig tun0 xxx.xxx.x5x.1 xxx.xxx.x5x.2 mtu 1500 netmask 255.255.255.255 up
Aug 21 10:22:56 openvpn[418]: TUN/TAP device /dev/tun0 opened
Aug 21 10:22:56 openvpn[418]: gw xxx.xxx.xxx.xxx
Aug 21 10:22:56 openvpn[418]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
Aug 21 10:22:55 openvpn[431]: OpenVPN 2.0.6 i386-portbld-freebsd6.2 [SSL] [LZO] built on Sep 13 2007
Aug 21 10:22:55 openvpn[431]: SIGHUP[hard,] received, process restartingThanks in advance
</up,pointopoint,running,multicast></up,pointopoint,running,multicast>
-
You're using the same network for local network and address pool, that is not going to work (or may work until something breaks because of conflicts in address spaces). Make up some private address space networks for the address pools (for example 10.10.5.0/24 and 10.10.6.0/24) that do not overlap with the LAN address spaces.
-
Hi!
Nope it's not the same fx. 10.11.150.0/24 and 10.11.15.0/24
-
Ok sorry, you were just masking the addresses in a way that it looked like they were the same 8) Btw, no need to mask private addresses in screenshots, nobody will be able to use them anyway since they are private to your own network.
-
Ok, no problem!
I'll keep that in mind. -
One thing came to my mind, have you tried with UDP instead of TCP? UDP is potentially more secure (with tls-auth key) and faster.
-
Thanks!
No I haven't tried that, and I'm not so sure that it's the problem with ipconfig.
Do you think that I should try it? -
Ok I forgot about those ifconfig errors… I would redo the tunnels from scratch, first delete both of them and then reboot the firewall to make sure nothing is left dangling behind and then recreate them with the same details and then see if it starts working.
-
Thanks m8!
I will try this, but I can't do it until tomorrow (it's 19:11 here and I'm not a work)
I suppose that it will take some days to see any results, but I'll be back! -
Hi again!
After I deleted the settings and rebooted, I configurerd it again with the same settings.
It's still working after nearly 3 weeks, so I hope that this was the solution.Thanks to kpa and GruensFroeschli for helping me!!!
Regards
Beach -
Hi folks!
Same problem again, I haven't done anything with the FW since my last post.
So my solution now is to remove one instance of OpenVPN and only use one.I have another PfSense with OpenVPN at home that has been working with one instance since march this year.
So it could be a limit in OpenVPN, and hopefully it will be solved in 1.2.1 or 1.3.
Regards
Beach