OpenVPN - only one user has issues
-
Hello everybody,
A very strange problem is affecting only one user. We have changed also the desktop pc but the problem still exists. Other users on the same network does not have issues. Different installations of versions of openvpn clients did not solved.
The problem is that randomly, the connection drops and he cannot connect anymore. The only way to make it work again is either to restart the openvpn server on pfsense or to connect with the same configuration from another machine.
This is really weird stuff.
Any thought?Thank you
-
@albgen
Some more details?Cient and server log, client and server config, clients routing table when he is connected?
-
Actually had this happen with a couple users recently. I ended up removing them and adding them back as users, then downloaded are reinstalled the new certs. They have been fine since then.
Good Luck.
-
@viragomann said in OpenVPN - only one user has issues:
@albgen
Some more details?Cient and server log, client and server config, clients routing table when he is connected?
The problem starts at 08:17:59
The user tries to reconnect at 08:19:27 and it seems ok but, he cannot reach the servers.
Routes on the client are ok.Apr 9 08:16:15 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: Client connected from /var/etc/openvpn/server1/sock Apr 9 08:16:15 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: CMD 'status 2' Apr 9 08:16:15 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: CMD 'quit' Apr 9 08:16:15 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: Client disconnected Apr 9 08:16:15 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: Client connected from /var/etc/openvpn/server2/sock Apr 9 08:16:15 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: CMD 'status 2' Apr 9 08:16:16 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: CMD 'quit' Apr 9 08:16:16 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: Client disconnected Apr 9 08:17:17 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: Client connected from /var/etc/openvpn/server1/sock Apr 9 08:17:17 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: CMD 'status 2' Apr 9 08:17:17 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: CMD 'quit' Apr 9 08:17:17 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: Client disconnected Apr 9 08:17:17 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: Client connected from /var/etc/openvpn/server2/sock Apr 9 08:17:17 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: CMD 'status 2' Apr 9 08:17:18 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: CMD 'quit' Apr 9 08:17:18 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: Client disconnected Apr 9 08:17:59 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 TLS: soft reset sec=3543/3543 bytes=10281210/-1 pkts=41587/0 Apr 9 08:18:19 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: Client connected from /var/etc/openvpn/server1/sock Apr 9 08:18:19 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: CMD 'status 2' Apr 9 08:18:19 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: CMD 'quit' Apr 9 08:18:19 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: Client disconnected Apr 9 08:18:19 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: Client connected from /var/etc/openvpn/server2/sock Apr 9 08:18:19 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: CMD 'status 2' Apr 9 08:18:20 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: CMD 'quit' Apr 9 08:18:20 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: Client disconnected Apr 9 08:19:00 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Apr 9 08:19:00 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 TLS Error: TLS handshake failed Apr 9 08:19:00 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 TLS: move_session: dest=TM_LAME_DUCK src=TM_ACTIVE reinit_src=1 Apr 9 08:19:21 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: Client connected from /var/etc/openvpn/server1/sock Apr 9 08:19:21 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: CMD 'status 2' Apr 9 08:19:21 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: CMD 'quit' Apr 9 08:19:21 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: Client disconnected Apr 9 08:19:21 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: Client connected from /var/etc/openvpn/server2/sock Apr 9 08:19:22 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: CMD 'status 2' Apr 9 08:19:22 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: CMD 'quit' Apr 9 08:19:22 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: Client disconnected Apr 9 08:19:27 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 TLS: Initial packet from [AF_INET6]::ffff:94.XXX.XX.XX:1194 (via ::ffff:5.XXX.XXX.XXX%hn0), sid=d29beb9c 49d9fa78 Apr 9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 VERIFY SCRIPT OK: depth=1, C=AL, ST=TR, L=CityName, O=CustomerName, emailAddress=myemail@gmail.com, CN=CustomerNameOpenVPN Apr 9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 VERIFY OK: depth=1, C=AL, ST=TR, L=CityName, O=CustomerName, emailAddress=myemail@gmail.com, CN=CustomerNameOpenVPN Apr 9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 VERIFY SCRIPT OK: depth=0, C=AL, ST=TR, L=CityName, O=CustomerName, emailAddress=myemail@gmail.com, CN=Depo.Gast.Prizrn Apr 9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 VERIFY OK: depth=0, C=AL, ST=TR, L=CityName, O=CustomerName, emailAddress=myemail@gmail.com, CN=Depo.Gast.Prizrn Apr 9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_VER=2.5.0 Apr 9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_PLAT=win Apr 9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_PROTO=6 Apr 9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_NCP=2 Apr 9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:AES-256-CBC Apr 9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_LZ4=1 Apr 9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_LZ4v2=1 Apr 9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_LZO=1 Apr 9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_COMP_STUB=1 Apr 9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_COMP_STUBv2=1 Apr 9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_TCPNL=1 Apr 9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 peer info: IV_GUI_VER=OpenVPN_GUI_11 Apr 9 08:19:28 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA Apr 9 08:19:29 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 PUSH: Received control message: 'PUSH_REQUEST' Apr 9 08:19:29 pfSenseEdgeRouter openvpn[15233]: Depo.Gast.Prizrn/94.XXX.XX.XX:1194 SENT CONTROL [Depo.Gast.Prizrn]: 'PUSH_REPLY,route 172.20.14.0 255.255.255.0,register-dns,route 172.30.14.1,topology net30,ping 10,ping-restart 600,ifconfig 172.30.14.6 172.30.14.5,peer-id 0,cipher AES-256-GCM' (status=1) Apr 9 08:20:23 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: Client connected from /var/etc/openvpn/server1/sock Apr 9 08:20:23 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: CMD 'status 2' Apr 9 08:20:23 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: CMD 'quit' Apr 9 08:20:23 pfSenseEdgeRouter openvpn[15233]: MANAGEMENT: Client disconnected Apr 9 08:20:23 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: Client connected from /var/etc/openvpn/server2/sock Apr 9 08:20:24 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: CMD 'status 2' Apr 9 08:20:24 pfSenseEdgeRouter openvpn[23597]: MANAGEMENT: CMD 'quit'
-
@cswroe said in OpenVPN - only one user has issues:
Actually had this happen with a couple users recently. I ended up removing them and adding them back as users, then downloaded are reinstalled the new certs. They have been fine since then.
Good Luck.
well at least you had a solution. Will try giving another user :)
-
@albgen said in OpenVPN - only one user has issues:
@cswroe said in OpenVPN - only one user has issues:
Actually had this happen with a couple users recently. I ended up removing them and adding them back as users, then downloaded are reinstalled the new certs. They have been fine since then.
Good Luck.
well at least you had a solution. Will try giving another user :)
hi,
just to update that giving the user another/new openvpn configuration, did not recieved any other compain. Pretty wierd stuff