Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN unexplained failure

    OpenVPN
    1
    1
    396
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      qctech
      last edited by

      Hey Boys and Girls.

      I have a site running pfSense as a VM on top of XCP-Ng. For the past 3 years it's been providing an OpenVPN dial in for users and has with a few exceptions not missed a beat. Was on 2.5.something but updated to 2.6.0 last night to see if that helped with my problem... it didn't.

      About a 2 weeks ago I had a call to say no one could log on, restarted the service and all was good. A couple of days later, the same call, the same fix. This has happened about 5 or 6 times now so I need to work out what the root cause is.

      The openvpn server logs (included below) don't seem to be showing anything obvious as a cause but I do see that at May 18 23:40:12 there was no route to the wan IP and that a few seconds later the service restarted. This appears to restart sucessfully but after that restart no one is able to connect. The logs show me manually restarting at May 19 09:57:03 at which point it all kicks back in again.

      Would anyone be able to suggest where I should look next to work out what the problem is and to move close to finding a solution? I susspect that whilst I see the issue in OpenVPN that the problem is actually occuring elsewehre

      The WAN side is a pppoe connection with an 8 ip block that I'm accessing using virtual IP's. pfSense picks up the highest usable IP in the block and the VPN tunnel comes in on that IP too on port 443

      Logs Below, my public IP has been replaced with ww.xx.yy.zz and my actual username replaced with "myUserName"

      May 19 09:57:03	openvpn	83010	OpenVPN 2.5.4 amd64-portbld-freebsd12.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jan 12 2022
May 19 09:57:03	openvpn	26450	SIGTERM[hard,] received, process exiting
May 19 09:57:03	openvpn	26450	/usr/local/sbin/ovpn-linkdown ovpns1 1500 1621 192.168.144.1 255.255.255.0 init
May 19 09:57:03	openvpn	26450	event_wait : Interrupted system call (code=4)
May 18 23:40:35	openvpn	26450	Initialization Sequence Completed
May 18 23:40:35	openvpn	26450	UDPv4 link remote: [AF_UNSPEC]
May 18 23:40:35	openvpn	26450	UDPv4 link local (bound): [AF_INET]82.68.113.25:443
May 18 23:40:35	openvpn	26450	/usr/local/sbin/ovpn-linkup ovpns1 1500 1621 192.168.144.1 255.255.255.0 init
May 18 23:40:35	openvpn	26450	/sbin/ifconfig ovpns1 192.168.144.1 192.168.144.2 mtu 1500 netmask 255.255.255.0 up
May 18 23:40:35	openvpn	26450	TUN/TAP device /dev/tun1 opened
May 18 23:40:35	openvpn	26450	TUN/TAP device ovpns1 exists previously, keep at program end
May 18 23:40:35	openvpn	26450	WARNING: experimental option --capath /var/etc/openvpn/server1/ca
May 18 23:40:35	openvpn	26450	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 18 23:40:35	openvpn	26421	library versions: OpenSSL 1.1.1l-freebsd 24 Aug 2021, LZO 2.10
May 18 23:40:35	openvpn	26421	OpenVPN 2.5.4 amd64-portbld-freebsd12.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jan 12 2022
May 18 23:40:35	openvpn	8846	SIGTERM[hard,] received, process exiting
May 18 23:40:35	openvpn	8846	/usr/local/sbin/ovpn-linkdown ovpns1 1500 1621 192.168.144.1 255.255.255.0 init
May 18 23:40:35	openvpn	11734	openvpn server 'ovpns1' user 'myUserName' address 'ww.xx.yy.zz' - disconnected
May 18 23:40:35	openvpn	8846	event_wait : Interrupted system call (code=4)
May 18 23:40:22	openvpn	8846	myUserName/ww.xx.yy.zz:42424 write UDPv4: No route to host (code=65)
May 18 23:40:12	openvpn	8846	myUserName/ww.xx.yy.zz:42424 write UDPv4: No route to host (code=65)
May 18 23:09:48	openvpn	72574	user 'myUserName' authenticated
May 18 23:09:47	openvpn	8846	myUserName/ww.xx.yy.zz:42424 peer info: IV_GUI_VER=OpenVPN_GUI_11
May 18 23:09:47	openvpn	8846	myUserName/ww.xx.yy.zz:42424 peer info: IV_TCPNL=1
May 18 23:09:47	openvpn	8846	myUserName/ww.xx.yy.zz:42424 peer info: IV_COMP_STUBv2=1
May 18 23:09:47	openvpn	8846	myUserName/ww.xx.yy.zz:42424 peer info: IV_COMP_STUB=1
May 18 23:09:47	openvpn	8846	myUserName/ww.xx.yy.zz:42424 peer info: IV_LZO=1
May 18 23:09:47	openvpn	8846	myUserName/ww.xx.yy.zz:42424 peer info: IV_LZ4v2=1
May 18 23:09:47	openvpn	8846	myUserName/ww.xx.yy.zz:42424 peer info: IV_LZ4=1
May 18 23:09:47	openvpn	8846	myUserName/ww.xx.yy.zz:42424 peer info: IV_CIPHERS=AES-128-GCM:AES-256-CBC
May 18 23:09:47	openvpn	8846	myUserName/ww.xx.yy.zz:42424 peer info: IV_PROTO=6
May 18 23:09:47	openvpn	8846	myUserName/ww.xx.yy.zz:42424 peer info: IV_PLAT=win
May 18 23:09:47	openvpn	8846	myUserName/ww.xx.yy.zz:42424 peer info: IV_VER=2.5.1
May 18 22:12:00	newsyslog	44340	logfile turned over due to size>500K
May 18 22:12:00	newsyslog	44340	logfile turned over due to size>500K
May 18 22:11:45	openvpn	44034	user 'myUserName' authenticated
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.