[SOLVED] UDP Server No Local Access

manjotsc

Update changed to AES-256-CBC and packet errors are gone but still no local access.

http://matthewcasperson.blogspot.com/2015/03/fixing-openvpn-authenticatedecrypt.html

Hi,

I have a two openvpn servers running on pfsense, UDP and TCP, both servers connect successfully to client. But I am not access local network or local ip address on UDP Server. On TCP server it's all working fine. Help Needed

Note : In the logs it says client disconnect, but on client side connection get shows as still connected.

Thanks,

Jan 2 14:49:57	openvpn	54774	me/45.74.75.24:59671 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Jan 2 14:49:57	openvpn	54774	me/45.74.75.24:59671 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Jan 2 14:49:57	openvpn	54774	me/45.74.75.24:59671 Data Channel: using negotiated cipher 'AES-128-GCM'
Jan 2 14:49:57	openvpn	54774	me/45.74.75.24:59671 SENT CONTROL [me]: 'PUSH_REPLY,route 192.168.40.0 255.255.255.0,route 192.168.80.0 255.255.255.0,route 192.168.39.0 255.255.255.0,route 192.168.75.0 255.255.255.0,route 192.168.20.0 255.255.255.0,dhcp-option DOMAIN manjot.net,dhcp-option DNS 192.168.40.4,dhcp-option DNS 192.168.40.1,dhcp-option DNS 1.1.1.1,dhcp-option DNS 8.8.8.8,route-gateway 172.16.20.1,topology subnet,ping 10,ping-restart 60,ifconfig 172.16.20.2 255.255.255.0,peer-id 0,cipher AES-128-GCM' (status=1)
Jan 2 14:49:57	openvpn	54774	me/45.74.75.24:59671 PUSH: Received control message: 'PUSH_REQUEST'
Jan 2 14:49:57	openvpn	54774	me/45.74.75.24:59671 MULTI: primary virtual IP for me/45.74.75.24:59671: 172.16.20.2
Jan 2 14:49:57	openvpn	54774	me/45.74.75.24:59671 MULTI: Learn: 172.16.20.2 -> me/45.74.75.24:59671
Jan 2 14:49:57	openvpn	54774	me/45.74.75.24:59671 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_603c0cc0da0e82762242fd9667155385.tmp
Jan 2 14:49:57	openvpn	54774	me/45.74.75.24:59671 MULTI_sva: pool returned IPv4=172.16.20.2, IPv6=(Not enabled)
Jan 2 14:49:57	openvpn	54774	45.74.75.24:59671 [me] Peer Connection Initiated with [AF_INET]45.74.75.24:59671
Jan 2 14:49:57	openvpn	54774	45.74.75.24:59671 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384
Jan 2 14:49:57	openvpn		user 'me' authenticated
Jan 2 14:49:57	openvpn	54774	45.74.75.24:59671 WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'
Jan 2 14:49:57	openvpn	54774	45.74.75.24:59671 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1553'
Jan 2 14:49:57	openvpn	54774	45.74.75.24:59671 TLS: Username/Password authentication deferred for username 'me' [CN SET]
Jan 2 14:49:57	openvpn	54774	45.74.75.24:59671 PLUGIN_CALL: POST /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
Jan 2 14:49:57	openvpn	54774	45.74.75.24:59671 peer info: IV_BS64DL=1
Jan 2 14:49:57	openvpn	54774	45.74.75.24:59671 peer info: IV_SSO=openurl
Jan 2 14:49:57	openvpn	54774	45.74.75.24:59671 peer info: IV_GUI_VER=net.openvpn.connect.android_3.2.4-5891
Jan 2 14:49:57	openvpn	54774	45.74.75.24:59671 peer info: IV_IPv6=0
Jan 2 14:49:57	openvpn	54774	45.74.75.24:59671 peer info: IV_PROTO=2
Jan 2 14:49:57	openvpn	54774	45.74.75.24:59671 peer info: IV_TCPNL=1
Jan 2 14:49:57	openvpn	54774	45.74.75.24:59671 peer info: IV_NCP=2
Jan 2 14:49:57	openvpn	54774	45.74.75.24:59671 peer info: IV_PLAT=android
Jan 2 14:49:57	openvpn	54774	45.74.75.24:59671 peer info: IV_VER=3.git:released:662eae9a:Release
Jan 2 14:49:57	openvpn	54774	45.74.75.24:59671 TLS: Initial packet from [AF_INET]45.74.75.24:59671, sid=f2781aee 7f125235

Dec 28 19:04:42 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:42 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:42 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:41 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:40 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:38 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:38 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:38 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:38 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:36 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:36 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:36 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:35 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:35 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:35 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:34 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:32 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:32 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:32 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:32 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:32 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:32 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:31 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:31 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:31 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:31 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:31 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:31 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:31 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:24 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:22 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:19 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:18 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:17 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:14 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:13 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:13 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:12 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:11 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:11 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:10 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:08 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:08 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:07 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:07 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:06 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:06 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:06 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:06 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed
Dec 28 19:04:06 	openvpn 	41654 	me/204.48.79.204:38197 Authenticate/Decrypt packet error: cipher final failed

Screenshot_2020-12-28 firewall manjot net - VPN OpenVPN Servers Edit.png

manjotsc

Solved : I change the IPV4 Tunnel Network CIDR to 172.16.40.0/24 and everything is working again.