OpenVPN Stops working



  • Hi all!

    I have a strange problem with OpenVPN.
    After a while (can't say how long) it just stops to connect.

    Can someone help, please?

    Here's my logfile if this is to any help.

    Jul 25 20:34:22 openvpn[418]: Exiting
    Jul 25 20:34:22 openvpn[418]: FreeBSD ifconfig failed: shell command exited with error status: 1
    Jul 25 20:34:22 openvpn[418]: /sbin/ifconfig tun0 xx.xx.xx.xx xx.xx.xx.xx mtu 1500 netmask 255.255.255.255 up
    Jul 25 20:34:22 openvpn[418]: TUN/TAP device /dev/tun0 opened
    Jul 25 20:34:22 openvpn[418]: gw xx.xx.xx.xx
    Jul 25 20:34:22 openvpn[418]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
    Jul 25 20:34:21 openvpn[418]: OpenVPN 2.0.6 i386-portbld-freebsd6.2 [SSL] [LZO] built on Sep 13 2007
    Jul 25 20:34:21 openvpn[418]: SIGHUP[hard,] received, process restarting
    Jul 25 20:34:21 openvpn[418]: /etc/rc.filter_configure tun0 1500 1544 xx.xx.xx.xx xx.xx.xx.xx init
    Jul 25 18:42:52 openvpn[418]: Initialization Sequence Completed
    Jul 25 18:42:52 openvpn[418]: TCPv4_SERVER link remote: [undef]
    Jul 25 18:42:52 openvpn[418]: TCPv4_SERVER link local (bound): [undef]:1194
    Jul 25 18:42:52 openvpn[418]: Listening for incoming TCP connection on [undef]:1194
    Jul 25 18:42:52 openvpn[418]: /etc/rc.filter_configure tun0 1500 1544 xx.xx.xx.xx xx.xx.xx.xx init
    Jul 25 18:42:52 openvpn[418]: /sbin/ifconfig tun0 xx.xx.xx.xx xx.xx.xx.xx mtu 1500 netmask 255.255.255.255 up
    Jul 25 18:42:52 openvpn[418]: TUN/TAP device /dev/tun0 opened
    Jul 25 18:42:52 openvpn[418]: gw xx.xx.xx.xx
    Jul 25 18:42:52 openvpn[418]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
    Jul 25 18:42:51 openvpn[418]: OpenVPN 2.0.6 i386-portbld-freebsd6.2 [SSL] [LZO] built on Sep 13 2007
    Jul 25 18:42:51 openvpn[418]: SIGHUP[hard,] received, process restarting
    Jul 25 18:42:50 openvpn[418]: /etc/rc.filter_configure tun1 1500 1544 xx.xx.xx.xx xx.xx.xx.xx init
    Jul 25 02:02:53 openvpn[418]: Initialization Sequence Completed
    Jul 25 02:02:53 openvpn[418]: TCPv4_SERVER link remote: [undef]
    Jul 25 02:02:53 openvpn[418]: TCPv4_SERVER link local (bound): [undef]:1194
    Jul 25 02:02:53 openvpn[418]: Listening for incoming TCP connection on [undef]:1194
    Jul 25 02:02:52 openvpn[418]: /etc/rc.filter_configure tun1 1500 1544 xx.xx.xx.xx xx.xx.xx.xx init
    Jul 25 02:02:52 openvpn[431]: Exiting
    Jul 25 02:02:52 openvpn[431]: FreeBSD ifconfig failed: shell command exited with error status: 1
    Jul 25 02:02:52 openvpn[418]: /sbin/ifconfig tun1 xx.xx.xx.xx xx.xx.xx.xx mtu 1500 netmask 255.255.255.255 up
    Jul 25 02:02:52 openvpn[418]: TUN/TAP device /dev/tun1 opened
    Jul 25 02:02:52 openvpn[418]: gw xx.xx.xx.xx
    Jul 25 02:02:52 openvpn[418]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
    Jul 25 02:02:52 openvpn[431]: /sbin/ifconfig tun0 xx.xx.xx.xx xx.xx.xx.xx mtu 1500 netmask 255.255.255.255 up
    Jul 25 02:02:52 openvpn[431]: TUN/TAP device /dev/tun0 opened
    Jul 25 02:02:52 openvpn[431]: gw xx.xx.xx.xx 
    Jul 25 02:02:52 openvpn[431]: WARNING: file '/var/etc/openvpn_server1.key' is group or others accessible
    Jul 25 02:02:51 openvpn[418]: OpenVPN 2.0.6 i386-portbld-freebsd6.2 [SSL] [LZO] built on Sep 13 2007
    Jul 25 02:02:51 openvpn[418]: SIGHUP[hard,] received, process restarting
    Jul 25 02:02:51 openvpn[431]: OpenVPN 2.0.6 i386-portbld-freebsd6.2 [SSL] [LZO] built on Sep 13 2007
    Jul 25 02:02:51 openvpn[431]: SIGHUP[hard,] received, process restarting
    Jul 25 02:02:51 openvpn[418]: /etc/rc.filter_configure tun0 1500 1544 xx.xx.xx.xx xx.xx.xx.xx init
    Jul 25 02:02:51 openvpn[431]: /etc/rc.filter_configure tun1 1500 1544 xx.xx.xx.xx xx.xx.xx.xx init
    Jul 25 00:14:12 openvpn[431]: Initialization Sequence Completed
    Jul 25 00:14:12 openvpn[431]: TCPv4_SERVER link remote: [undef]
    Jul 25 00:14:12 openvpn[431]: TCPv4_SERVER link local (bound): [undef]:1195
    Jul 25 00:14:12 openvpn[431]: Listening for incoming TCP connection on [undef]:1195
    Jul 25 00:14:12 openvpn[418]: Initialization Sequence Completed
    Jul 25 00:14:12 openvpn[418]: TCPv4_SERVER link remote: [undef]
    Jul 25 00:14:12 openvpn[418]: TCPv4_SERVER link local (bound): [undef]:1194
    Jul 25 00:14:12 openvpn[418]: Listening for incoming TCP connection on [undef]:1194

    I tried to find answers in the forum, but if there is I didn't understand it….....

    Regards
    Beach



  • Please, isn’t there anyone who knows anything about this?

    Just want to add that on my other 1.2 it works great.
    The setups on both are same, of course with different certificates and so on…....

    It looks like that ifconfig crashes.



  • You seem to be using 2 server/clients at the same time.

    Can you post the config-files for both?

    Also a diagramm of which subnet where, what connected to what, the ultimate goal with this setup, generally more infos than just this log, would be nice :)



  • No no, I just wanted to tell you that my home PfSense works perfect with road warriors.
    I never stops, just runs fine.

    It’s my PfSense for the company witch stops frequently, and the log is from this machine.
    It looks like ifconfig wont work for OpenVPN and then no road warriors can connect.
    The error is in the top of the log.
    It has worked to connect now for two days since last reboot.

    Could it be that I have 2 OpenVPN instances running on 2 different ports 1194 and 1195?
    So I will gladly give you more information but I’m not sure that config-files for both will help.
    Please let me know what you need more.



  • What i mean is the logoutput from the machine where the error occurs tells me that you're running 2 instances of OpenVPN runneing (You have tun0 and tun1)

    This line
    Jul 25 20:34:22 openvpn[418]: /sbin/ifconfig tun0 xx.xx.xx.xx xx.xx.xx.xx mtu 1500 netmask 255.255.255.255 up
    Seems a bit strange.
    I'm not sure, but maybe a /32 ifconfig could lead to the problem you describe.
    What do you have in the config file of the tun0 interface?



  • Ifconfig (for the moment when it works):
    tun0: flags=8051 <up,pointopoint,running,multicast>mtu 1500
    inet6 fe80::215:17ff:fe62:a3e4%tun0 prefixlen 64 scopeid 0xb
    inet xxx.xxx.x5x.1 –> xxx.xxx.x5x.2 netmask 0xffffffff
    Opened by PID 418
    tun1: flags=8051 <up,pointopoint,running,multicast>mtu 1500
    inet6 fe80::215:17ff:fe62:a3e4%tun1 prefixlen 64 scopeid 0xc
    inet xxx.xxx.x6x.1 --> xxx.xxx.x6x.2 netmask 0xffffffff
    Opened by PID 431

    OpemVPN log
    Aug 21 10:22:56 openvpn[431]: Initialization Sequence Completed
    Aug 21 10:22:56 openvpn[431]: TCPv4_SERVER link remote: [undef]
    Aug 21 10:22:56 openvpn[431]: TCPv4_SERVER link local (bound): [undef]:1195
    Aug 21 10:22:56 openvpn[431]: Listening for incoming TCP connection on [undef]:1195
    Aug 21 10:22:56 openvpn[418]: Initialization Sequence Completed
    Aug 21 10:22:56 openvpn[418]: TCPv4_SERVER link remote: [undef]
    Aug 21 10:22:56 openvpn[418]: TCPv4_SERVER link local (bound): [undef]:1194
    Aug 21 10:22:56 openvpn[418]: Listening for incoming TCP connection on [undef]:1194
    Aug 21 10:22:56 openvpn[431]: /etc/rc.filter_configure tun1 1500 1544 xxx.xxx.x6x.1 xxx.xxx.x6x.2 init
    Aug 21 10:22:56 openvpn[431]: /sbin/ifconfig tun1 xxx.xxx.x6x.1 xxx.xxx.x6x.2 mtu 1500 netmask 255.255.255.255 up
    Aug 21 10:22:56 openvpn[431]: TUN/TAP device /dev/tun1 opened
    Aug 21 10:22:56 openvpn[431]: gw xxx.xxx.xxx.xxx
    Aug 21 10:22:56 openvpn[431]: WARNING: file '/var/etc/openvpn_server1.key' is group or others accessible
    Aug 21 10:22:56 openvpn[418]: /etc/rc.filter_configure tun0 1500 1544 xxx.xxx.x5x.1 xxx.xxx.x5x.2 init
    Aug 21 10:22:56 openvpn[418]: /sbin/ifconfig tun0 xxx.xxx.x5x.1 xxx.xxx.x5x.2 mtu 1500 netmask 255.255.255.255 up
    Aug 21 10:22:56 openvpn[418]: TUN/TAP device /dev/tun0 opened
    Aug 21 10:22:56 openvpn[418]: gw xxx.xxx.xxx.xxx
    Aug 21 10:22:56 openvpn[418]: WARNING: file '/var/etc/openvpn_server0.key' is group or others accessible
    Aug 21 10:22:55 openvpn[431]: OpenVPN 2.0.6 i386-portbld-freebsd6.2 [SSL] [LZO] built on Sep 13 2007
    Aug 21 10:22:55 openvpn[431]: SIGHUP[hard,] received, process restarting

    Thanks in advance




    </up,pointopoint,running,multicast></up,pointopoint,running,multicast>



  • You're using the same network for local network and address pool, that is not going to work (or may work until something breaks because of conflicts in address spaces). Make up some private address space networks for the address pools (for example 10.10.5.0/24 and 10.10.6.0/24) that do not overlap with the LAN address spaces.



  • Hi!

    Nope it's not the same fx. 10.11.150.0/24 and 10.11.15.0/24



  • Ok sorry, you were just masking the addresses in a way that it looked like they were the same  8) Btw, no need to mask private addresses in screenshots, nobody will be able to use them anyway since they are private to your own network.



  • Ok, no problem!
    I'll keep that in mind.



  • One thing came to my mind, have you tried with UDP instead of TCP? UDP is potentially more secure (with tls-auth key) and faster.



  • Thanks!
    No I haven't tried that, and I'm not so sure that it's the problem with ipconfig.
    Do you think that I should try it?



  • Ok I forgot about those ifconfig errors… I would redo the tunnels from scratch, first delete both of them and then reboot the firewall to make sure nothing is left dangling behind and then recreate them with the same details and then see if it starts working.



  • Thanks m8!

    I will try this, but I can't do it until tomorrow (it's 19:11 here and I'm not a work)
    I suppose that it will take some days to see any results, but I'll be back!



  • Hi again!

    After I deleted the settings and rebooted, I configurerd it again with the same settings.
    It's still working after nearly 3 weeks, so I hope that this was the solution.

    Thanks to kpa and GruensFroeschli for helping me!!!

    Regards
    Beach



  • Hi folks!

    Same problem again, I haven't done anything with the FW since my last post.
    So my solution now is to remove one instance of OpenVPN and only use one.

    I have another PfSense with OpenVPN at home that has been working with one instance since march this year.

    So it could be a limit in OpenVPN, and hopefully it will be solved in 1.2.1 or 1.3.

    Regards
    Beach


Log in to reply