Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Site to site OpenVPN stopped working

    OpenVPN
    1
    1
    185
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kcorb80 last edited by

      We have a remote site (site A) that connects to our main office (site B) with OpenVPN. Site A lost connection yesterday, reviewing System logs around that time showed - /rc.linkup: Hotplug event detected for WAN - for several minutes. This lasted for a few minutes, after which the System and Gateway logs were clean. Following this event, OpenVPN will attempt reconnection every minute but continue restarting the process and never connect. This site to site connection worked previously and no configuration changes were made, no change in status after the router and OpenVPN service were restarted.

      Site A OpenVPN logs

      Jun 5 10:00:23 openvpn 39077 UDPv4 link remote: [AF_INET]Site B IP:1198
      Jun 5 10:00:23 openvpn 39077 UDPv4 link local (bound): [AF_INET]Site A IP
      Jun 5 10:00:23 openvpn 39077 Preserving previous TUN/TAP instance: ovpnc1
      Jun 5 10:00:23 openvpn 39077 Re-using pre-shared static key
      Jun 5 10:00:23 openvpn 39077 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Jun 5 10:00:21 openvpn 39077 SIGUSR1[soft,ping-restart] received, process restarting
      Jun 5 10:00:21 openvpn 39077 Inactivity timeout (--ping-restart), restarting
      Jun 5 09:59:21 openvpn 39077 UDPv4 link remote: [AF_INET]Site B IP:1198
      Jun 5 09:59:21 openvpn 39077 UDPv4 link local (bound): [AF_INET]Site A IP
      Jun 5 09:59:21 openvpn 39077 Preserving previous TUN/TAP instance: ovpnc1
      Jun 5 09:59:21 openvpn 39077 Re-using pre-shared static key
      Jun 5 09:59:21 openvpn 39077 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Jun 5 09:59:19 openvpn 39077 SIGUSR1[soft,ping-restart] received, process restarting
      Jun 5 09:59:19 openvpn 39077 Inactivity timeout (--ping-restart), restarting

      Site B OpenVPN logs
      Jun 5 10:01:01 openvpn 62164 UDPv4 link remote: [AF_UNSPEC]
      Jun 5 10:01:01 openvpn 62164 UDPv4 link local (bound): [AF_INET]127.0.0.1:1198
      Jun 5 10:01:01 openvpn 62164 /usr/local/sbin/ovpn-linkup ovpns5 1500 1560 2.1.1.17 2.1.1.18 init
      Jun 5 10:01:01 openvpn 62164 /sbin/ifconfig ovpns5 2.1.1.17 2.1.1.18 mtu 1500 netmask 255.255.255.255 up
      Jun 5 10:01:01 openvpn 62164 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
      Jun 5 10:01:01 openvpn 62164 TUN/TAP device /dev/tun5 opened
      Jun 5 10:01:01 openvpn 62164 TUN/TAP device ovpns5 exists previously, keep at program end
      Jun 5 10:01:01 openvpn 62164 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Jun 5 10:01:01 openvpn 62107 library versions: OpenSSL 1.0.2m-freebsd 2 Nov 2017, LZO 2.10
      Jun 5 10:01:01 openvpn 62107 OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Nov 16 2017
      Jun 5 10:01:01 openvpn 62107 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
      Jun 5 10:01:01 openvpn 21380 SIGTERM[hard,] received, process exiting
      Jun 5 10:01:01 openvpn 21380 /usr/local/sbin/ovpn-linkdown ovpns5 1500 1560 2.1.1.17 2.1.1.18 init
      Jun 5 10:01:01 openvpn 21380 event_wait : Interrupted system call (code=4)
      Jun 5 09:58:02 openvpn 21380 UDPv4 link remote: [AF_UNSPEC]
      Jun 5 09:58:02 openvpn 21380 UDPv4 link local (bound): [AF_INET]127.0.0.1:1198
      Jun 5 09:58:02 openvpn 21380 /usr/local/sbin/ovpn-linkup ovpns5 1500 1560 2.1.1.17 2.1.1.18 init
      Jun 5 09:58:02 openvpn 21380 /sbin/ifconfig ovpns5 2.1.1.17 2.1.1.18 mtu 1500 netmask 255.255.255.255 up
      Jun 5 09:58:02 openvpn 21380 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
      Jun 5 09:58:02 openvpn 21380 TUN/TAP device /dev/tun5 opened
      Jun 5 09:58:02 openvpn 21380 TUN/TAP device ovpns5 exists previously, keep at program end
      Jun 5 09:58:02 openvpn 21380 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Jun 5 09:58:02 openvpn 21095 library versions: OpenSSL 1.0.2m-freebsd 2 Nov 2017, LZO 2.10
      Jun 5 09:58:02 openvpn 21095 OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Nov 16 2017
      Jun 5 09:58:02 openvpn 21095 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
      Jun 5 09:58:02 openvpn 29662 SIGTERM[hard,] received, process exiting
      Jun 5 09:58:02 openvpn 29662 /usr/local/sbin/ovpn-linkdown ovpns5 1500 1560 2.1.1.17 2.1.1.18 init
      Jun 5 09:58:02 openvpn 29662 event_wait : Interrupted system call (code=4)

      At this point I have set up a IPSec connection between Site A and Site B as a workaround until I can get OpenVPN working, but am having trouble getting Site A to connect to the Internet - they are however able to connect to internal server resources/PBX in Site B.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense Plus
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy