Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Server not working

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    5 Posts 2 Posters 4.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      ggzengel
      last edited by

      2.1-BETA1 (amd64)
      built on Tue Jan 29 09:31:46 EST 2013

      I create an openvpn tun device with shared key.
      The only thing i see is:
      Jan 30 02:36:24 openvpn[19911]: Peer Connection Initiated with [AF_INET]5.6.7.8:28683
      Jan 30 02:35:22 openvpn[19911]: Peer Connection Initiated with [AF_INET]5.6.7.8:65182
      Jan 30 02:35:12 openvpn[19911]: Initialization Sequence Completed
      Jan 30 02:35:11 openvpn[19911]: Peer Connection Initiated with [AF_INET]5.6.7.8:40890
      Jan 30 02:35:11 openvpn[19911]: UDPv4 link remote: [undef]
      Jan 30 02:35:11 openvpn[19911]: UDPv4 link local (bound): [AF_INET]1.2.3.4:1194
      Jan 30 02:35:11 openvpn[18921]: /usr/local/sbin/ovpn-linkup ovpns2 1500 1561 10.255.255.129 10.255.255.130 init
      Jan 30 02:35:11 openvpn[18921]: /sbin/ifconfig ovpns2 10.255.255.129 10.255.255.130 mtu 1500 netmask 255.255.255.255 up
      Jan 30 02:35:11 openvpn[18921]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
      Jan 30 02:35:11 openvpn[18921]: TUN/TAP device /dev/tun2 opened
      Jan 30 02:35:11 openvpn[18921]: TUN/TAP device ovpns2 exists previously, keep at program end
      Jan 30 02:35:11 openvpn[18921]: Initializing OpenSSL support for engine 'cryptodev'
      Jan 30 02:35:11 openvpn[18921]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      Jan 30 02:35:11 openvpn[18921]: OpenVPN 2.3.0 amd64-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jan 27 2013
      Jan 30 02:35:10 openvpn[19907]: SIGTERM[hard,] received, process exiting

      The client says:
      Jan 30 02:39:30 openvpn[94901]: UDPv4 link remote: [AF_INET]1.2.3.4:1194
      Jan 30 02:39:30 openvpn[94901]: UDPv4 link local (bound): [AF_INET]5.6.7.8
      Jan 30 02:39:30 openvpn[94901]: Preserving previous TUN/TAP instance: ovpnc2
      Jan 30 02:39:30 openvpn[94901]: Re-using pre-shared static key
      Jan 30 02:39:30 openvpn[94901]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      Jan 30 02:39:28 openvpn[94901]: SIGUSR1[soft,ping-restart] received, process restarting
      Jan 30 02:39:28 openvpn[94901]: Inactivity timeout (–ping-restart), restarting
      Jan 30 02:38:28 openvpn[94901]: UDPv4 link remote: [AF_INET]1.2.3.4:1194
      Jan 30 02:38:28 openvpn[94901]: UDPv4 link local (bound): [AF_INET]5.6.7.8
      Jan 30 02:38:28 openvpn[94901]: Preserving previous TUN/TAP instance: ovpnc2
      Jan 30 02:38:28 openvpn[94901]: Re-using pre-shared static key
      Jan 30 02:38:28 openvpn[94901]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      Jan 30 02:38:26 openvpn[94901]: SIGUSR1[soft,ping-restart] received, process restarting

      2.0.2-RELEASE (i386) as OVPN server is working with 2.1 client.

      If I look at the server config I will see (for Device Mode=tun):
      Bridge DHCP
      Bridge Interface
      Server Bridge DHCP Start
      Server Bridge DHCP End

      If I change Device Mode to tap the options will greyed out and if I change back to tun the options disappear.

      1 Reply Last reply Reply Quote 0
      • G
        ggzengel
        last edited by

        The problem still exists:
        2.1-BETA1 (amd64)
        built on Fri Feb 1 01:33:53 EST 2013

        1 Reply Last reply Reply Quote 0
        • G
          ggzengel
          last edited by

          I still have this problem with
          2.1-BETA1 (amd64)
          built on Sat Feb 9 23:46:16 EST 2013

          Server (A) is responding to the client (B). The status page shows bytes going in and out.
          The client (B) shows down in the openvpn status page.
          I cann't ping to the other side.
          The firewall log on both sides shows nothing.

          I have disabled compression. Changed from AES-256-CBC to AES-128-CBC. Disabled cryptodev in config. Nothing changed.
          The client (B) connect to an 3rd pfsense (C with 2.1-BETA1 (amd64) built on Fri Feb 1 01:33:53 EST 20) without errors.
          The server (A) has a openvpn client connection to the 3rd pfsense (C) without errors.

          In short:
          client (A) connect to server (C) without error.
          client (B) connect to server (C) without error.
          client (B) didn't connect to server (A). server (A) thinks client (B) is connected and shows bytes flowing, but client (B) didn't know.

          If I change the pre shared key on one side I get a cipher error as expected.

          The server logs:

          Feb 10 15:35:02 pfsense-er openvpn[48104]: Peer Connection Initiated with [AF_INET]78.42.74.173:33261
Feb 10 15:36:04 pfsense-er openvpn[48104]: Peer Connection Initiated with [AF_INET]78.42.74.173:40740
Feb 10 15:37:06 pfsense-er openvpn[48104]: Peer Connection Initiated with [AF_INET]78.42.74.173:62003
Feb 10 15:38:08 pfsense-er openvpn[48104]: Peer Connection Initiated with [AF_INET]78.42.74.173:21661
Feb 10 15:39:11 pfsense-er openvpn[48104]: Peer Connection Initiated with [AF_INET]78.42.74.173:51052
Feb 10 15:40:13 pfsense-er openvpn[48104]: Peer Connection Initiated with [AF_INET]78.42.74.173:38258
Feb 10 15:41:15 pfsense-er openvpn[48104]: Peer Connection Initiated with [AF_INET]78.42.74.173:63405
Feb 10 15:42:17 pfsense-er openvpn[48104]: Peer Connection Initiated with [AF_INET]78.42.74.173:64002
Feb 10 15:43:19 pfsense-er openvpn[48104]: Peer Connection Initiated with [AF_INET]78.42.74.173:11384
Feb 10 15:44:21 pfsense-er openvpn[48104]: Peer Connection Initiated with [AF_INET]78.42.74.173:12656
Feb 10 15:45:24 pfsense-er openvpn[48104]: Peer Connection Initiated with [AF_INET]78.42.74.173:7876
Feb 10 15:46:26 pfsense-er openvpn[48104]: Peer Connection Initiated with [AF_INET]78.42.74.173:58109

          The client logs:

          
Feb 10 15:43:19 pfsense-hd openvpn[89112]: Re-using pre-shared static key
Feb 10 15:43:19 pfsense-hd openvpn[89112]: Preserving previous TUN/TAP instance: ovpnc2
Feb 10 15:43:19 pfsense-hd openvpn[89112]: UDPv4 link local (bound): [AF_INET]78.42.74.173
Feb 10 15:43:19 pfsense-hd openvpn[89112]: UDPv4 link remote: [AF_INET]213.188.120.106:1194
Feb 10 15:44:19 pfsense-hd openvpn[89112]: Inactivity timeout (--ping-restart), restarting
Feb 10 15:44:19 pfsense-hd openvpn[89112]: SIGUSR1[soft,ping-restart] received, process restarting
Feb 10 15:44:21 pfsense-hd openvpn[89112]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 10 15:44:21 pfsense-hd openvpn[89112]: Re-using pre-shared static key
Feb 10 15:44:21 pfsense-hd openvpn[89112]: Preserving previous TUN/TAP instance: ovpnc2
Feb 10 15:44:21 pfsense-hd openvpn[89112]: UDPv4 link local (bound): [AF_INET]78.42.74.173
Feb 10 15:44:21 pfsense-hd openvpn[89112]: UDPv4 link remote: [AF_INET]213.188.120.106:1194
Feb 10 15:45:22 pfsense-hd openvpn[89112]: Inactivity timeout (--ping-restart), restarting
Feb 10 15:45:22 pfsense-hd openvpn[89112]: SIGUSR1[soft,ping-restart] received, process restarting
Feb 10 15:45:24 pfsense-hd openvpn[89112]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 10 15:45:24 pfsense-hd openvpn[89112]: Re-using pre-shared static key
Feb 10 15:45:24 pfsense-hd openvpn[89112]: Preserving previous TUN/TAP instance: ovpnc2
Feb 10 15:45:24 pfsense-hd openvpn[89112]: UDPv4 link local (bound): [AF_INET]78.42.74.173
Feb 10 15:45:24 pfsense-hd openvpn[89112]: UDPv4 link remote: [AF_INET]213.188.120.106:1194
Feb 10 15:46:24 pfsense-hd openvpn[89112]: Inactivity timeout (--ping-restart), restarting
Feb 10 15:46:24 pfsense-hd openvpn[89112]: SIGUSR1[soft,ping-restart] received, process restarting
Feb 10 15:46:26 pfsense-hd openvpn[89112]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 10 15:46:26 pfsense-hd openvpn[89112]: Re-using pre-shared static key
Feb 10 15:46:26 pfsense-hd openvpn[89112]: Preserving previous TUN/TAP instance: ovpnc2
Feb 10 15:46:26 pfsense-hd openvpn[89112]: UDPv4 link local (bound): [AF_INET]78.42.74.173
Feb 10 15:46:26 pfsense-hd openvpn[89112]: UDPv4 link remote: [AF_INET]213.188.120.106:1194
Feb 10 15:47:26 pfsense-hd openvpn[89112]: Inactivity timeout (--ping-restart), restarting
Feb 10 15:47:26 pfsense-hd openvpn[89112]: SIGUSR1[soft,ping-restart] received, process restarting
Feb 10 15:47:28 pfsense-hd openvpn[89112]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 10 15:47:28 pfsense-hd openvpn[89112]: Re-using pre-shared static key
Feb 10 15:47:28 pfsense-hd openvpn[89112]: Preserving previous TUN/TAP instance: ovpnc2
Feb 10 15:47:28 pfsense-hd openvpn[89112]: UDPv4 link local (bound): [AF_INET]78.42.74.173
Feb 10 15:47:28 pfsense-hd openvpn[89112]: UDPv4 link remote: [AF_INET]213.188.120.106:1194
          1 Reply Last reply Reply Quote 0
          • X
            xayumi
            last edited by

            Same issue on 2.1-Beta1 Feb 17, 2013.

            1 Reply Last reply Reply Quote 0
            • X
              xayumi
              last edited by

              Please kindly find the error as below, using android mobile client, it seems that when the throughput is over 3-4Mbps, then the connection start to drop.

              Feb 21 17:35:28 openvpn[99575]: calvin/182.239.65.158:47055 Connection reset, restarting [0]
              Feb 21 17:35:30 openvpn[99575]: TCP connection established with [AF_INET]182.239.65.158:36451
              Feb 21 17:35:34 openvpn: user 'xxxx' authenticated
              Feb 21 17:35:35 openvpn[99575]: 182.239.65.158:36451 [xxxx] Peer Connection Initiated with [AF_INET]182.239.65.158:36451
              Feb 21 17:35:35 openvpn[99575]: xxxx/182.239.65.158:36451 MULTI_sva: pool returned IPv4=10.10.111.10, IPv6=(Not enabled)
              Feb 21 17:35:36 openvpn[99575]: xxxx/182.239.65.158:36451 send_push_reply(): safe_cap=940

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.