Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Can't establish OpenVPN link to private cloud server

    OpenVPN
    1
    1
    168
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Rich W. last edited by Rich W.

      I am trying to set up an OpenVPN link between a pfSense firewall on my home LAN and a Linux cloud server which I run. For some reason, it's not working. Perhaps it's something very simple, but I would be grateful for any pointers.

      I'm running OpenVPN 2.5.1-RELEASE on the firewall, Ubuntu 18.04.5 LTS on the cloud server, with OpenVPN 2.4.4 on the cloud server.

      The VPN on the firewall uses peer-to-peer mode (shared key), UDP on IPv4, and "tun" device mode.

      The allowed data encryption algorithms on the firewall are AES-256-CBC, AES-256-GCM, and CHACHA20-POLY1305, with AES-256-CBC as the fallback algorithm. The digest algorithm is SHA256.

      I copied the shared key generated on the firewall and installed it on the cloud server.

      Here is my current OpenVPN configuration file on the cloud server:

      auth SHA256
      cd /etc/openvpn
      cipher AES-256-CBC
      dev tun0
      keepalive 8 24
      log-append /etc/openvpn/shield.log
      nobind
      persist-tun
      port 1194
      remote 96.82.71.11
      resolv-retry infinite
      secret /etc/openvpn/shield.key
      verb 4

      When I start OpenVPN, I'm not seeing any VPN connection being successfully established. Here is an excerpt from the log on the cloud server:

      Fri May 21 23:39:27 2021 us=688493 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 27 2021
      Fri May 21 23:39:27 2021 us=688514 library versions: OpenSSL 1.1.1 11 Sep 2018, LZO 2.08
      Fri May 21 23:39:27 2021 us=689857 Outgoing Static Key Encryption: Cipher 'AES-256-CBC' initialized with 256 bit key
      Fri May 21 23:39:27 2021 us=689907 Outgoing Static Key Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
      Fri May 21 23:39:27 2021 us=689922 Incoming Static Key Encryption: Cipher 'AES-256-CBC' initialized with 256 bit key
      Fri May 21 23:39:27 2021 us=689937 Incoming Static Key Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
      Fri May 21 23:39:27 2021 us=690262 TUN/TAP device tun0 opened
      Fri May 21 23:39:27 2021 us=690293 TUN/TAP TX queue length set to 100
      Fri May 21 23:39:27 2021 us=690333 Data Channel MTU parms [ L:1572 D:1450 EF:72 EB:398 ET:0 EL:3 ]
      Fri May 21 23:39:27 2021 us=690360 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,secret'
      Fri May 21 23:39:27 2021 us=690370 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA256,keysize 256,secret'
      Fri May 21 23:39:27 2021 us=690433 TCP/UDP: Preserving recently used remote address: [AF_INET]96.82.71.11:1194
      Fri May 21 23:39:27 2021 us=690450 Socket Buffers: R=[212992->212992] S=[212992->212992]
      Fri May 21 23:39:27 2021 us=690461 UDP link local: (not bound)
      Fri May 21 23:39:27 2021 us=690472 UDP link remote: [AF_INET]96.82.71.11:1194
      Fri May 21 23:39:51 2021 us=324249 Inactivity timeout (--ping-restart), restarting
      Fri May 21 23:39:51 2021 us=324728 TCP/UDP: Closing socket
      Fri May 21 23:39:51 2021 us=324894 SIGUSR1[soft,ping-restart] received, process restarting
      Fri May 21 23:39:51 2021 us=324996 Restart pause, 5 second(s)

      Any suggestions on what to look at next?

      Rich Wales, richw@richw.org

      1 Reply Last reply Reply Quote 0
      • First post
        Last post