Problems with clients



  • Hi, i having a trouble for a couple of days, my vpn clients are working for 3 or 4 days, after this, we can't connect using installed client and need to download the same client again, and i am in this loop. On pfsense we have a dynamic public ip and dyndns configured.Someone have or has this kind of problem?
    Thanks


  • LAYER 8 Rebel Alliance

    Whats in the OpenVPN Server and Client Logs when the connection stops working?

    -Rico



  • Client:
    Wed Oct 09 11:28:44 2019 TCP/UDP: Incoming packet rejected from [AF_INET]XXX.XXX.XXX.XX:1194[2], expected peer address: [AF_INET]XXX.XXX.XXX.XX:1199 (allow this incoming source address/port by removing --remote or adding --float)
    Wed Oct 09 11:28:53 2019 TCP/UDP: Incoming packet rejected from [AF_INET]XXX.XXX.XXX.XX:1194[2], expected peer address: [AF_INET]XXX.XXX.XXX.XX:1199 (allow this incoming source address/port by removing --remote or adding --float)
    Wed Oct 09 11:29:03 2019 TCP/UDP: Incoming packet rejected from [AF_INET]XXX.XXX.XXX.XX:1194[2], expected peer address: [AF_INET]XXX.XXX.XXX.XX:1199 (allow this incoming source address/port by removing --remote or adding --float)
    Wed Oct 09 11:29:14 2019 TCP/UDP: Incoming packet rejected from [AF_INET]XXX.XXX.XXX.XX:1194[2], expected peer address: [AF_INET]XXX.XXX.XXX.XX:1199 (allow this incoming source address/port by removing --remote or adding --float)
    Wed Oct 09 11:29:23 2019 TCP/UDP: Incoming packet rejected from [AF_INET]XXX.XXX.XXX.XX:1194[2], expected peer address: [AF_INET]XXX.XXX.XXX.XX:1199 (allow this incoming source address/port by removing --remote or adding --float)
    Wed Oct 09 11:29:43 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
    Wed Oct 09 11:29:43 2019 TLS Error: TLS handshake failed
    Wed Oct 09 11:29:43 2019 SIGUSR1[soft,tls-error] received, process restarting
    Wed Oct 09 11:29:48 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XX:1199
    Wed Oct 09 11:29:48 2019 UDP link local (bound): [AF_INET][undef]:1194
    Wed Oct 09 11:29:48 2019 UDP link remote: [AF_INET]XXX.XXX.XXX.XX:1199

    Openvpn Server:
    Oct 9 11:17:04 openvpn 54762 XXX.XXX.XX.XXX:1194 [another.user] Peer Connection Initiated with [AF_INET]XXX.XXX.XX.XXX:1194
    Oct 9 11:17:04 openvpn user 'another.user' could not authenticate.
    Oct 9 11:25:24 openvpn 54762 another.user/XXX.XXX.XX.XXX:6502 peer info: IV_VER=2.4.5
    Oct 9 11:25:24 openvpn 54762 another.user/XXX.XXX.XX.XXX:6502 peer info: IV_PLAT=win
    Oct 9 11:25:24 openvpn 54762 another.user/XXX.XXX.XX.XXX:6502 peer info: IV_PROTO=2
    Oct 9 11:25:24 openvpn 54762 another.user/XXX.XXX.XX.XXX:6502 peer info: IV_LZ4=1
    Oct 9 11:25:24 openvpn 54762 another.user/XXX.XXX.XX.XXX:6502 peer info: IV_LZ4v2=1
    Oct 9 11:25:24 openvpn 54762 another.user/XXX.XXX.XX.XXX:6502 peer info: IV_LZO=1
    Oct 9 11:25:24 openvpn 54762 another.user/XXX.XXX.XX.XXX:6502 peer info: IV_COMP_STUB=1
    Oct 9 11:25:24 openvpn 54762 another.user/XXX.XXX.XX.XXX:6502 peer info: IV_COMP_STUBv2=1
    Oct 9 11:25:24 openvpn 54762 another.user/XXX.XXX.XX.XXX:6502 peer info: IV_TCPNL=1
    Oct 9 11:25:24 openvpn 54762 another.user/XXX.XXX.XX.XXX:6502 peer info: IV_GUI_VER=OpenVPN_GUI_11
    Oct 9 11:25:24 openvpn user 'another.user' authenticated
    Oct 9 11:29:26 openvpn 54762 my.user/XXX.XXX.XX.XXX:1378 [my.user] Inactivity timeout (--ping-restart), restarting

    The user that i tried to connect doesn't appear in server logs.



  • No access to pfS at the moment but on client side add

    float
    

    to the config.
    Could be a checkbox too in CSO.
    See --float in manual 2.4:
    https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage


Log in to reply