4. Site to site OpenVPN stopped working

Site to site OpenVPN stopped working

  • K

    We have a remote site (site A) that connects to our main office (site B) with OpenVPN. Site A lost connection yesterday, reviewing System logs around that time showed - /rc.linkup: Hotplug event detected for WAN - for several minutes. This lasted for a few minutes, after which the System and Gateway logs were clean. Following this event, OpenVPN will attempt reconnection every minute but continue restarting the process and never connect. This site to site connection worked previously and no configuration changes were made, no change in status after the router and OpenVPN service were restarted.

    Site A OpenVPN logs

    Jun 5 10:00:23 openvpn 39077 UDPv4 link remote: [AF_INET]Site B IP:1198
    Jun 5 10:00:23 openvpn 39077 UDPv4 link local (bound): [AF_INET]Site A IP
    Jun 5 10:00:23 openvpn 39077 Preserving previous TUN/TAP instance: ovpnc1
    Jun 5 10:00:23 openvpn 39077 Re-using pre-shared static key
    Jun 5 10:00:23 openvpn 39077 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jun 5 10:00:21 openvpn 39077 SIGUSR1[soft,ping-restart] received, process restarting
    Jun 5 10:00:21 openvpn 39077 Inactivity timeout (--ping-restart), restarting
    Jun 5 09:59:21 openvpn 39077 UDPv4 link remote: [AF_INET]Site B IP:1198
    Jun 5 09:59:21 openvpn 39077 UDPv4 link local (bound): [AF_INET]Site A IP
    Jun 5 09:59:21 openvpn 39077 Preserving previous TUN/TAP instance: ovpnc1
    Jun 5 09:59:21 openvpn 39077 Re-using pre-shared static key
    Jun 5 09:59:21 openvpn 39077 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jun 5 09:59:19 openvpn 39077 SIGUSR1[soft,ping-restart] received, process restarting
    Jun 5 09:59:19 openvpn 39077 Inactivity timeout (--ping-restart), restarting

    Site B OpenVPN logs
    Jun 5 10:01:01 openvpn 62164 UDPv4 link remote: [AF_UNSPEC]
    Jun 5 10:01:01 openvpn 62164 UDPv4 link local (bound): [AF_INET]127.0.0.1:1198
    Jun 5 10:01:01 openvpn 62164 /usr/local/sbin/ovpn-linkup ovpns5 1500 1560 2.1.1.17 2.1.1.18 init
    Jun 5 10:01:01 openvpn 62164 /sbin/ifconfig ovpns5 2.1.1.17 2.1.1.18 mtu 1500 netmask 255.255.255.255 up
    Jun 5 10:01:01 openvpn 62164 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Jun 5 10:01:01 openvpn 62164 TUN/TAP device /dev/tun5 opened
    Jun 5 10:01:01 openvpn 62164 TUN/TAP device ovpns5 exists previously, keep at program end
    Jun 5 10:01:01 openvpn 62164 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jun 5 10:01:01 openvpn 62107 library versions: OpenSSL 1.0.2m-freebsd 2 Nov 2017, LZO 2.10
    Jun 5 10:01:01 openvpn 62107 OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Nov 16 2017
    Jun 5 10:01:01 openvpn 62107 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
    Jun 5 10:01:01 openvpn 21380 SIGTERM[hard,] received, process exiting
    Jun 5 10:01:01 openvpn 21380 /usr/local/sbin/ovpn-linkdown ovpns5 1500 1560 2.1.1.17 2.1.1.18 init
    Jun 5 10:01:01 openvpn 21380 event_wait : Interrupted system call (code=4)
    Jun 5 09:58:02 openvpn 21380 UDPv4 link remote: [AF_UNSPEC]
    Jun 5 09:58:02 openvpn 21380 UDPv4 link local (bound): [AF_INET]127.0.0.1:1198
    Jun 5 09:58:02 openvpn 21380 /usr/local/sbin/ovpn-linkup ovpns5 1500 1560 2.1.1.17 2.1.1.18 init
    Jun 5 09:58:02 openvpn 21380 /sbin/ifconfig ovpns5 2.1.1.17 2.1.1.18 mtu 1500 netmask 255.255.255.255 up
    Jun 5 09:58:02 openvpn 21380 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Jun 5 09:58:02 openvpn 21380 TUN/TAP device /dev/tun5 opened
    Jun 5 09:58:02 openvpn 21380 TUN/TAP device ovpns5 exists previously, keep at program end
    Jun 5 09:58:02 openvpn 21380 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jun 5 09:58:02 openvpn 21095 library versions: OpenSSL 1.0.2m-freebsd 2 Nov 2017, LZO 2.10
    Jun 5 09:58:02 openvpn 21095 OpenVPN 2.4.4 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Nov 16 2017
    Jun 5 09:58:02 openvpn 21095 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
    Jun 5 09:58:02 openvpn 29662 SIGTERM[hard,] received, process exiting
    Jun 5 09:58:02 openvpn 29662 /usr/local/sbin/ovpn-linkdown ovpns5 1500 1560 2.1.1.17 2.1.1.18 init
    Jun 5 09:58:02 openvpn 29662 event_wait : Interrupted system call (code=4)

    At this point I have set up a IPSec connection between Site A and Site B as a workaround until I can get OpenVPN working, but am having trouble getting Site A to connect to the Internet - they are however able to connect to internal server resources/PBX in Site B.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy