Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    (Solved) OpenVPN lost connectivity

    Scheduled Pinned Locked Moved 2.3-RC Snapshot Feedback and Issues - ARCHIVED
    12 Posts 2 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chpalmerC
      chpalmer
      last edited by

      Some logs-

      | Dec 1 23:15:32[/t][/t] openvpn[633]: OpenVPN ROUTE: OpenVPN needs a gateway parameter for a –route option and no default was specified by either --route-gateway or --ifconfig options

      | Dec 1 23:15:32[/t] openvpn[633]: OpenVPN ROUTE: failed to parse/resolve route for host/network: 172.31.125.0

      | Dec 1 23:15:32[/t] openvpn[633]: OpenVPN ROUTE: OpenVPN needs a gateway parameter for a –route option and no default was specified by either --route-gateway or --ifconfig options

      | Dec 1 23:15:32[/t] openvpn[633]: OpenVPN ROUTE: failed to parse/resolve route for host/network: 172.30.15.0 |

      |

      |

      |

      Triggering snowflakes one by one..
      Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Is this an SSL/TLS remote access setup with client-specific overrides?

        If so, what options do you have specified in the overrides, and what do the contents of /var/etc/openvpn-csc/<server id="">/ <common name="">look like?</common></server>

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • chpalmerC
          chpalmer
          last edited by

          Hi JimP

          Its a peer to peer shared key setup.

          Triggering snowflakes one by one..
          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            Hmm, nothing should have changed for shared key. Are those log messages found on both sides? Are both sides 2.3?
            Can you share the contents of the /var/etc/openvpn/*.conf files? Or at least the lines inside with ifconfig and route (No need to see keys or anything secret)

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • chpalmerC
              chpalmer
              last edited by

              ~~Actually might be a bigger issue somewhere else.

              I cant get to anything behind the firewall with port forward rules Ive had for years. (Outside of the VPN.)

              I simply disable firewall rules when Im not using them as I use the VPN instead.~~  Im letting one of the sites update to the latest snap and will report back.

              Axe that- loose nut behind the wheel!

              Working on your requests now.

              One side is 2.2.5 and the two test sites are 2.3

              All 2.2.5 sites working fine.

              Triggering snowflakes one by one..
              Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

              1 Reply Last reply Reply Quote 0
              • chpalmerC
                chpalmer
                last edited by

                dev ovpnc1
                verb 1
                dev-type tun
                tun-ipv6
                dev-node /dev/tun1
                writepid /var/run/openvpn_client1.pid
                #user nobody
                #group nobody
                script-security 3
                daemon
                keepalive 10 60
                ping-timer-rem
                persist-tun
                persist-key
                proto udp
                cipher AES-256-CBC
                auth SHA1
                up /usr/local/sbin/ovpn-linkup
                down /usr/local/sbin/ovpn-linkdown
                local 173.xxx.xxx.26
                lport 1194
                management /var/etc/openvpn/client1.sock unix
                remote Box.MyIP.com 1194
                ifconfig 10.10.1.2 10.10.1.1
                route 172.31.125.0 255.255.255.0
                route 172.30.15.0 255.255.255.248
                route 192.168.25.0 255.255.255.0
                secret /var/etc/openvpn/client1.secret 
                comp-lzo adaptive
                topology subnet
                
                

                Triggering snowflakes one by one..
                Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  Hmm it's adding topology there when it shouldn't be added for shared key. I'll take a look in the code and find a fix.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • chpalmerC
                    chpalmer
                    last edited by

                    This is from the 2.2.5 side in case it helps.  :)

                    Dec 2 10:30:42     openvpn[16323]: Inactivity timeout (--ping-restart), restarting
                    Dec 2 10:30:42     openvpn[16323]: SIGUSR1[soft,ping-restart] received, process restarting
                    Dec 2 10:30:44     openvpn[16323]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
                    Dec 2 10:30:44     openvpn[16323]: Re-using pre-shared static key
                    Dec 2 10:30:44     openvpn[16323]: Preserving previous TUN/TAP instance: ovpns1
                    Dec 2 10:30:44     openvpn[16323]: UDPv4 link local (bound): [AF_INET]xx.1xx.xxx.1x8:1194
                    Dec 2 10:30:44     openvpn[16323]: UDPv4 link remote: [undef]
                    Dec 2 10:31:17     openvpn[16323]: Peer Connection Initiated with [AF_INET]1xx.xxx.xxx.x6:1194
                    Dec 2 10:31:18     openvpn[16323]: Initialization Sequence Completed
                    Dec 2 10:31:25     openvpn[16323]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 10.10.1.1 10.10.1.2', remote='ifconfig 10.10.1.0 10.10.1.1'
                    
                    

                    Triggering snowflakes one by one..
                    Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                    1 Reply Last reply Reply Quote 0
                    • chpalmerC
                      chpalmer
                      last edited by

                      I was able to modify my config files on both affected machines and everything came back fine. So no other underlying issues. (But you knew that already.)  :)

                      Triggering snowflakes one by one..
                      Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                      1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        OK I just pushed a fix, you can gitsync to pick it up in a few minutes, or wait until the next snapshot build and upgrade that way.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • chpalmerC
                          chpalmer
                          last edited by

                          Thanks JimP

                          Triggering snowflakes one by one..
                          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.