Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    openvpn client not connecting and not shows why!

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 695 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DepressedAdmin
      last edited by DepressedAdmin

      HI
      i have problem with one of my open site to site profile
      other profiles works just fine but this profile that belong to some vpn provider and therefore i can't check server side log
      here is the log :

      Mar 12 03:10:18 pfSense openvpn[97831]: Restart pause, 10 second(s)
Mar 12 03:10:18 pfSense openvpn[97831]: SIGUSR1[soft,ping-restart] received, process restarting
Mar 12 03:10:18 pfSense openvpn[97831]: [UNDEF] Inactivity timeout (--ping-restart), restarting
Mar 12 03:09:52 pfSense openvpn[97831]: MANAGEMENT: Client disconnected
Mar 12 03:09:52 pfSense openvpn[97831]: MANAGEMENT: CMD 'state 1'
Mar 12 03:09:52 pfSense openvpn[97831]: MANAGEMENT: Client connected from /var/etc/openvpn/client1/sock
Mar 12 03:09:23 pfSense openvpn[97831]: MANAGEMENT: Client disconnected
Mar 12 03:09:23 pfSense openvpn[97831]: MANAGEMENT: CMD 'state 1'
Mar 12 03:09:23 pfSense openvpn[97831]: MANAGEMENT: Client connected from /var/etc/openvpn/client1/sock
Mar 12 03:09:18 pfSense openvpn[97831]: UDPv4 link remote: [AF_INET]xx.x.x.x:443
Mar 12 03:09:18 pfSense openvpn[97831]: UDPv4 link local (bound): [AF_INET]x.x.x.x:54341
Mar 12 03:09:18 pfSense openvpn[97831]: Socket Buffers: R=[42080->42080] S=[57344->57344]
Mar 12 03:09:18 pfSense openvpn[97831]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:443
Mar 12 03:09:18 pfSense openvpn[97831]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA3-512' for HMAC authentication
Mar 12 03:09:18 pfSense openvpn[97831]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA3-512' for HMAC authentication
Mar 12 03:09:18 pfSense openvpn[97831]: WARNING: experimental option --capath /var/etc/openvpn/client1/ca
Mar 12 03:09:18 pfSense openvpn[97831]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 12 03:09:18 pfSense openvpn[97831]: WARNING: No server certificate verification method has been enabled. See hl#mitm for more info.
Mar 12 03:09:18 pfSense openvpn[97831]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1/sock
Mar 12 03:09:18 pfSense openvpn[97799]: library versions: OpenSSL 1.1.1i-freebsd 8 Dec 2020, LZO 2.10
Mar 12 03:09:18 pfSense openvpn[97799]: OpenVPN 2.5.0 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Feb 5 2021
Mar 12 03:09:18 pfSense openvpn[97799]: WARNING: file '/var/etc/openvpn/client1/up' is group or others accessible
Mar 12 03:09:18 pfSense openvpn[97799]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Mar 12 03:09:18 pfSense openvpn[97799]: DEPRECATED OPTION: ncp-disable. Disabling cipher negotiation is a deprecated debug feature that will be removed in OpenVPN 2.6

      Untitled.png
      the thing is i can connect with this profile from desktop and even with pfsense cli itself but from web this happens and log shows nothing but some informal warnings

      GertjanG 1 Reply Last reply Reply Quote 0
      • D
        DepressedAdmin
        last edited by

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @DepressedAdmin
          last edited by

          The option "if no ping replies over the tunnel then restart" tells you :

          @depressedadmin said in openvpn client not connecting and not shows why!:

          [UNDEF] Inactivity timeout (--ping-restart), restarting

          Push the log details higher : to see it negotiate the connection.
          Now I only see the

          UDPv4 link remote: [AF_INET]xx.x.x.x:443

          but it's then when all the magic stuff happens - like cipher checks etc.

          Check the man pages of the version 2.5.0 OpenVPN and add your own open your own option too stop the ping test ?!

          The OpenVPN server in front is using also the 2.5.x OpenVPN version ?
          If not, Again, read @ OpenVPN FAQ what needs to be taken care of.
          Small nuances might exist if you use a the config (of an older version) with a new version.

          Btw :

          These :

          Mar 12 03:09:52 pfSense openvpn[97831]: MANAGEMENT: Client disconnected
Mar 12 03:09:52 pfSense openvpn[97831]: MANAGEMENT: CMD 'state 1'
Mar 12 03:09:52 pfSense openvpn[97831]: MANAGEMENT: Client connected from /var/etc/openvpn/client1/sock
Mar 12 03:09:23 pfSense openvpn[97831]: MANAGEMENT: Client disconnected
Mar 12 03:09:23 pfSense openvpn[97831]: MANAGEMENT: CMD 'state 1'

          are coming from the GUI OpenVPN dashbouard widget, and check the VPN status every 5 seconds or so.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • D
            DepressedAdmin
            last edited by

            cgv

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.