Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN stopped working after upgrade to version 21.05 (SG-3100)

    OpenVPN
    4
    10
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Rafael 3
      last edited by

      After update my SG-3100 to 21.05 version the OpenVPN stopped working. I've tried to restart the service, disable/enable the Firewall Rule, change the password client, remove and reinstall the openvpn client but the problem persists. Any ideas?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        What does "stopped working" mean here?

        Is it an OpenVPN client? A server? What mode?

        Any errors in the OpenVPN log?

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • R
          Rafael 3
          last edited by

          @jimp said in OpenVPN stopped working after upgrade to version 21.05 (SG-3100):

          What does "stopped working" mean here?
          Is it an OpenVPN client? A server? What mode?
          Any errors in the OpenVPN log?

          After the upgrade my OpenVPN stopped working, the clients can't connect anymore.

          Client side error: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

          During the attempt to connect I capture some packages in PFSense:

          d7a7b5b9-1eb1-4a4b-bf36-8d9ead1f61f7-image.png

          Looks like the requests are ok, but the rules are not, but the rules are ok, they weren't changed. I've tried stopped all rules and started again, the OpenVPN service too, but nothin solved.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            That's still not enough information.

            Do you see entries in the states table for these connections to port 1194? (Check Diagnostics > States, filter on :1194)

            What is in the OpenVPN log when a client attempts to connect?

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            R 1 Reply Last reply Reply Quote 0
            • R
              Rafael 3 @jimp
              last edited by

              @jimp

              36a8d4c9-bf91-4552-b986-8f2f3cf8916c-image.png

              Jun 24 11:23:44 openvpn 49741 event_wait : Interrupted system call (code=4)
              Jun 24 11:23:44 openvpn 49741 /usr/local/sbin/ovpn-linkdown ovpns1 1500 1621 192.168.168.1 255.255.255.0 init
              Jun 24 11:23:45 openvpn 49741 SIGTERM[hard,] received, process exiting
              Jun 24 11:23:56 openvpn 18629 DEPRECATED OPTION: ncp-disable. Disabling cipher negotiation is a deprecated debug feature that will be removed in OpenVPN 2.6
              Jun 24 11:23:56 openvpn 18629 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
              Jun 24 11:23:56 openvpn 18629 OpenVPN 2.5.2 armv7-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on May 4 2021
              Jun 24 11:23:56 openvpn 18629 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10
              Jun 24 11:23:56 openvpn 18654 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
              Jun 24 11:23:56 openvpn 18654 WARNING: experimental option --capath /var/etc/openvpn/server1/ca
              Jun 24 11:23:56 openvpn 18654 TUN/TAP device ovpns1 exists previously, keep at program end
              Jun 24 11:23:56 openvpn 18654 TUN/TAP device /dev/tun1 opened
              Jun 24 11:23:56 openvpn 18654 /sbin/ifconfig ovpns1 192.168.168.1 192.168.168.2 mtu 1500 netmask 255.255.255.0 up
              Jun 24 11:23:56 openvpn 18654 /usr/local/sbin/ovpn-linkup ovpns1 1500 1621 192.168.168.1 255.255.255.0 init
              Jun 24 11:23:56 openvpn 18654 UDPv4 link local (bound): [AF_INET]189.112.XXX.XXX:1194
              Jun 24 11:23:56 openvpn 18654 UDPv4 link remote: [AF_UNSPEC]
              Jun 24 11:23:56 openvpn 18654 Initialization Sequence Completed
              Jun 24 11:24:15 openvpn 18654 event_wait : Interrupted system call (code=4)
              Jun 24 11:24:15 openvpn 18654 /usr/local/sbin/ovpn-linkdown ovpns1 1500 1621 192.168.168.1 255.255.255.0 init
              Jun 24 11:24:15 openvpn 18654 SIGTERM[hard,] received, process exiting
              Jun 24 11:24:27 openvpn 26680 DEPRECATED OPTION: ncp-disable. Disabling cipher negotiation is a deprecated debug feature that will be removed in OpenVPN 2.6
              Jun 24 11:24:27 openvpn 26680 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
              Jun 24 11:24:27 openvpn 26680 OpenVPN 2.5.2 armv7-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on May 4 2021
              Jun 24 11:24:27 openvpn 26680 library versions: OpenSSL 1.1.1k-freebsd 25 Mar 2021, LZO 2.10
              Jun 24 11:24:27 openvpn 26968 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
              Jun 24 11:24:27 openvpn 26968 WARNING: experimental option --capath /var/etc/openvpn/server1/ca
              Jun 24 11:24:27 openvpn 26968 TUN/TAP device ovpns1 exists previously, keep at program end
              Jun 24 11:24:27 openvpn 26968 TUN/TAP device /dev/tun1 opened
              Jun 24 11:24:27 openvpn 26968 /sbin/ifconfig ovpns1 192.168.168.1 192.168.168.2 mtu 1500 netmask 255.255.255.0 up
              Jun 24 11:24:27 openvpn 26968 /usr/local/sbin/ovpn-linkup ovpns1 1500 1621 192.168.168.1 255.255.255.0 init
              Jun 24 11:24:27 openvpn 26968 UDPv4 link local (bound): [AF_INET]189.112.XXX.XXX:1194
              Jun 24 11:24:27 openvpn 26968 UDPv4 link remote: [AF_UNSPEC]
              Jun 24 11:24:27 openvpn 26968 Initialization Sequence Completed

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                I don't see any connection attempts from clients in the OpenVPN log just the startup entries.

                Are you certain the 189.112.x.x:1194 IP address in the log matches the one in the state table? You masked it out so I can't tell.

                Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • K
                  keknopp87
                  last edited by

                  I'm having a similar problem. My client, PIA VPN, is no longer active. I've bounced modem, pfsense, and mesh network. I've switch from TCP to UDP; neither make a difference. It was working fine prior to the upgrade. Any guidance is appreciated.

                  Jun 24 15:38:22 openvpn 9927 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
                  Jun 24 15:38:24 openvpn 9927 TCP/UDP: Preserving recently used remote address: [AF_INET]154.xx.xx.xx:1198
                  Jun 24 15:38:24 openvpn 9927 Attempting to establish TCP connection with [AF_INET]154.xx.xx.xx:1198 [nonblock]
                  Jun 24 15:38:24 openvpn 9927 TCP: connect to [AF_INET]154.xx.xx.xx:1198 failed: Connection refused
                  Jun 24 15:38:24 openvpn 9927 SIGUSR1[connection failed(soft),init_instance] received, process restarting

                  1 Reply Last reply Reply Quote 0
                  • G
                    gbitglenn
                    last edited by

                    Check if OpenVPN is running: On the PFSense dashboard, add the "Services Status" widget. OpenVPN Mobile will be on that list. Red X means not running. Click the "Play" button (arrow) next to it to try starting it. If it doesn't start, you need to find out why.

                    1 Reply Last reply Reply Quote 0
                    • R
                      Rafael 3
                      last edited by

                      Problem solved. In VPN\OpenVPN\Servers\ edit the configuration and "Device" option I select the all IP Adress receive the VPN connections.

                      K 1 Reply Last reply Reply Quote 0
                      • K
                        keknopp87 @Rafael 3
                        last edited by

                        @rafael-3 Thank you Rafael. I will give that a try.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.