Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN - only one user has issues

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 3 Posters 832 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      albgen
      last edited by

      Hello everybody,

      A very strange problem is affecting only one user. We have changed also the desktop pc but the problem still exists. Other users on the same network does not have issues. Different installations of versions of openvpn clients did not solved.

      The problem is that randomly, the connection drops and he cannot connect anymore. The only way to make it work again is either to restart the openvpn server on pfsense or to connect with the same configuration from another machine.

      This is really weird stuff.
      Any thought?

      Thank you

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @albgen
        last edited by

        @albgen
        Some more details?

        Cient and server log, client and server config, clients routing table when he is connected?

        A 1 Reply Last reply Reply Quote 0
        • C
          cswroe
          last edited by

          Actually had this happen with a couple users recently. I ended up removing them and adding them back as users, then downloaded are reinstalled the new certs. They have been fine since then.

          Good Luck.

          A 1 Reply Last reply Reply Quote 0
          • A
            albgen @viragomann
            last edited by albgen

            @viragomann said in OpenVPN - only one user has issues:

            @albgen
            Some more details?

            Cient and server log, client and server config, clients routing table when he is connected?

            The problem starts at 08:17:59
            The user tries to reconnect at 08:19:27 and it seems ok but, he cannot reach the servers.
            Routes on the client are ok.

            Apr  9 08:16:15 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: Client connected from /var/etc/openvpn/server1/sock
Apr  9 08:16:15 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: CMD 'status 2'
Apr  9 08:16:15 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: CMD 'quit'
Apr  9 08:16:15 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: Client disconnected
Apr  9 08:16:15 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: Client connected from /var/etc/openvpn/server2/sock
Apr  9 08:16:15 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: CMD 'status 2'
Apr  9 08:16:16 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: CMD 'quit'
Apr  9 08:16:16 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: Client disconnected
Apr  9 08:17:17 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: Client connected from /var/etc/openvpn/server1/sock
Apr  9 08:17:17 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: CMD 'status 2'
Apr  9 08:17:17 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: CMD 'quit'
Apr  9 08:17:17 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: Client disconnected
Apr  9 08:17:17 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: Client connected from /var/etc/openvpn/server2/sock
Apr  9 08:17:17 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: CMD 'status 2'
Apr  9 08:17:18 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: CMD 'quit'
Apr  9 08:17:18 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: Client disconnected
Apr  9 08:17:59 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 TLS: soft reset sec=3543/3543 bytes=10281210/-1 pkts=41587/0
Apr  9 08:18:19 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: Client connected from /var/etc/openvpn/server1/sock
Apr  9 08:18:19 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: CMD 'status 2'
Apr  9 08:18:19 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: CMD 'quit'
Apr  9 08:18:19 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: Client disconnected
Apr  9 08:18:19 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: Client connected from /var/etc/openvpn/server2/sock
Apr  9 08:18:19 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: CMD 'status 2'
Apr  9 08:18:20 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: CMD 'quit'
Apr  9 08:18:20 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: Client disconnected
Apr  9 08:19:00 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr  9 08:19:00 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 TLS Error: TLS handshake failed
Apr  9 08:19:00 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 TLS: move_session: dest=TM_LAME_DUCK src=TM_ACTIVE reinit_src=1
Apr  9 08:19:21 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: Client connected from /var/etc/openvpn/server1/sock
Apr  9 08:19:21 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: CMD 'status 2'
Apr  9 08:19:21 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: CMD 'quit'
Apr  9 08:19:21 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: Client disconnected
Apr  9 08:19:21 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: Client connected from /var/etc/openvpn/server2/sock
Apr  9 08:19:22 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: CMD 'status 2'
Apr  9 08:19:22 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: CMD 'quit'
Apr  9 08:19:22 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: Client disconnected
Apr  9 08:19:27 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 TLS: Initial packet from [AF_INET6]::ffff:94.XXX.XX.XX:1194 (via ::ffff:5.XXX.XXX.XXX%hn0), sid=d29beb9c 49d9fa78
Apr  9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 VERIFY SCRIPT OK: depth=1, C=AL, ST=TR, L=CityName, O=CustomerName, emailAddress=myemail@gmail.com, CN=CustomerNameOpenVPN
Apr  9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 VERIFY OK: depth=1, C=AL, ST=TR, L=CityName, O=CustomerName, emailAddress=myemail@gmail.com, CN=CustomerNameOpenVPN
Apr  9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 VERIFY SCRIPT OK: depth=0, C=AL, ST=TR, L=CityName, O=CustomerName, emailAddress=myemail@gmail.com, CN=Depo.Gast.Prizrn
Apr  9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 VERIFY OK: depth=0, C=AL, ST=TR, L=CityName, O=CustomerName, emailAddress=myemail@gmail.com, CN=Depo.Gast.Prizrn
Apr  9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_VER=2.5.0
Apr  9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_PLAT=win
Apr  9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_PROTO=6
Apr  9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_NCP=2
Apr  9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:AES-256-CBC
Apr  9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_LZ4=1
Apr  9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_LZ4v2=1
Apr  9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_LZO=1
Apr  9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_COMP_STUB=1
Apr  9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_COMP_STUBv2=1
Apr  9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_TCPNL=1
Apr  9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_GUI_VER=OpenVPN_GUI_11
Apr  9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Apr  9 08:19:29 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 PUSH: Received control message: 'PUSH_REQUEST'
Apr  9 08:19:29 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 SENT CONTROL [Depo.Gast.Prizrn]: 'PUSH_REPLY,route 172.20.14.0 255.255.255.0,register-dns,route 172.30.14.1,topology net30,ping 10,ping-restart 600,ifconfig 172.30.14.6 172.30.14.5,peer-id 0,cipher AES-256-GCM' (status=1)
Apr  9 08:20:23 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: Client connected from /var/etc/openvpn/server1/sock
Apr  9 08:20:23 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: CMD 'status 2'
Apr  9 08:20:23 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: CMD 'quit'
Apr  9 08:20:23 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: Client disconnected
Apr  9 08:20:23 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: Client connected from /var/etc/openvpn/server2/sock
Apr  9 08:20:24 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: CMD 'status 2'
Apr  9 08:20:24 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: CMD 'quit'
            1 Reply Last reply Reply Quote 0
            • A
              albgen @cswroe
              last edited by

              @cswroe said in OpenVPN - only one user has issues:

              Actually had this happen with a couple users recently. I ended up removing them and adding them back as users, then downloaded are reinstalled the new certs. They have been fine since then.

              Good Luck.

              well at least you had a solution. Will try giving another user :)

              A 1 Reply Last reply Reply Quote 0
              • A
                albgen @albgen
                last edited by

                @albgen said in OpenVPN - only one user has issues:

                @cswroe said in OpenVPN - only one user has issues:

                Actually had this happen with a couple users recently. I ended up removing them and adding them back as users, then downloaded are reinstalled the new certs. They have been fine since then.

                Good Luck.

                well at least you had a solution. Will try giving another user :)

                hi,

                just to update that giving the user another/new openvpn configuration, did not recieved any other compain. Pretty wierd stuff

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.