Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Still issues with peer-to-peer network

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 78 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DominikHoffmann
      last edited by

      So, @viragomann suggested that I check the logs, if things aren’t behaving (Thread: Still no reliable peer-to-peer connection, but progress made). Immediately after his post it worked beautifully. Now, not so much.

      Here’s what I find in the logs:

      8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 Re-using SSL/TLS context
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 VERIFY WARNING: depth=0, unable to get certificate CRL: C=US, ST=Indiana, L=Fishers, O=Hoffmann Family, CN=client1
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 VERIFY WARNING: depth=1, unable to get certificate CRL: CN=pfSense-CA, C=US, ST=Indiana, L=Fishers, O=Hoffmann Family
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 VERIFY SCRIPT OK: depth=1, CN=pfSense-CA, C=US, ST=Indiana, L=Fishers, O=Hoffmann Family
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 VERIFY OK: depth=1, CN=pfSense-CA, C=US, ST=Indiana, L=Fishers, O=Hoffmann Family
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 VERIFY SCRIPT OK: depth=0, C=US, ST=Indiana, L=Fishers, O=Hoffmann Family, CN=client1
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 VERIFY OK: depth=0, C=US, ST=Indiana, L=Fishers, O=Hoffmann Family, CN=client1
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 peer info: IV_VER=2.6.8
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 peer info: IV_PLAT=freebsd
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 peer info: IV_TCPNL=1
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 peer info: IV_MTU=1600
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 peer info: IV_CIPHERS=AES-128-GCM:AES-256-CBC
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 peer info: IV_PROTO=990
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 peer info: IV_LZ4=1
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 peer info: IV_LZ4v2=1
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 peer info: IV_LZO=1
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 peer info: IV_COMP_STUB=1
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 peer info: IV_COMP_STUBv2=1
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 TLS: tls_multi_process: initial untrusted session promoted to trusted
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
8/23/24 0:01	openvpn	35116	xxx.xxx.xxx.xxx:7524 [client1] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:7524
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 MULTI_sva: pool returned IPv4=192.168.7.2, IPv6=(Not enabled)
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 OPTIONS IMPORT: reading client specific options from: /var/etc/openvpn/server2/csc/client1
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 MULTI: Learn: 192.168.7.2 -> client1/xxx.xxx.xxx.xxx:7524
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 MULTI: primary virtual IP for client1/xxx.xxx.xxx.xxx:7524: 192.168.7.2
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 MULTI: internal route 192.168.36.0/24 -> client1/xxx.xxx.xxx.xxx:7524
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 MULTI: Learn: 192.168.36.0/24 -> client1/xxx.xxx.xxx.xxx:7524
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 MULTI: internal route 192.168.35.0/24 -> client1/xxx.xxx.xxx.xxx:7524
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 MULTI: Learn: 192.168.35.0/24 -> client1/xxx.xxx.xxx.xxx:7524
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 MULTI: internal route 192.168.34.0/24 -> client1/xxx.xxx.xxx.xxx:7524
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 MULTI: Learn: 192.168.34.0/24 -> client1/xxx.xxx.xxx.xxx:7524
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 Data Channel MTU parms [ mss_fix:1400 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 Outgoing dynamic tls-crypt: Cipher 'AES-256-CTR' initialized with 256 bit key
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 Outgoing dynamic tls-crypt: Using 256 bit message hash 'SHA256' for HMAC authentication
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 Incoming dynamic tls-crypt: Cipher 'AES-256-CTR' initialized with 256 bit key
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 Incoming dynamic tls-crypt: Using 256 bit message hash 'SHA256' for HMAC authentication
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 SENT CONTROL [client1]: 'PUSH_REPLY,route 192.168.7.0 255.255.255.0,route-gateway 192.168.7.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.7.2 255.255.255.0,peer-id 1,cipher AES-128-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500' (status=1)
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 Data Channel: cipher 'AES-128-GCM', peer-id: 0
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 Timers: ping 10, ping-restart 120
8/23/24 0:01	openvpn	35116	client1/xxx.xxx.xxx.xxx:7524 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
8/23/24 0:01	openvpn	35116	MANAGEMENT: Client connected from /var/etc/openvpn/server2/sock
8/23/24 0:01	openvpn	35116	MANAGEMENT: CMD 'status 2'
8/23/24 0:01	openvpn	35116	MANAGEMENT: Client disconnected
8/23/24 0:01	openvpn	35116	MANAGEMENT: Client connected from /var/etc/openvpn/server2/sock
8/23/24 0:01	openvpn	35116	MANAGEMENT: CMD 'status 2'
8/23/24 0:01	openvpn	35116	MANAGEMENT: CMD 'quit'
8/23/24 0:01	openvpn	35116	MANAGEMENT: Client disconnected

      It looks pretty good, until the end. I have no idea, why the client disconnects. Any thoughts?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.