OpenVPN drops site-to-site connection after a few days..??
-
I have pfSense 1.0.1 installed on two machines at two different locations:
DSL Wan -> Machine 1 -> LAN (192.168.1.x/24)
Cable Net -> Machine 2 -> LAN (192.168.2.x/24)I have OpenVPN set up as site to site with Machine 1 as server and Machine 2 as a client. The link runs on port 1192. I also have Machine 1 acting as an OpenVPN server on port 1193 to a laptop that occasionally connects (no correlation to dropped link though).
There are no issues with the traffic when the link is running. I can ping, do HTTP, etc… I have VoIP and other traffic running over the VPN. However, the VPN link will go down from time to time for no reason. I restart Machine 1 (server) and the two machines automatically reconnect and start working again. Before restarting Machine 1, I see an entry in the log that says something along the lines of [undef]:1192 is already in use, exiting.
Any ideas on why the VPN will just crash after a few days?
-
Could you post a copy of the logs on both machines from the point of time when the link goes down and never comes back up?
-
Sure! I would have posted these yesterday but the link was still up ;-)
OpenVPN logs:
Machine 1 (server):
Last 50 OpenVPN log entries
Oct 19 05:50:22 openvpn[297]: OpenVPN 2.0.6 i386-portbld-freebsd6.1 [SSL] [LZO] built on Apr 6 2006
Oct 19 05:50:22 openvpn[297]: WARNING: file '/var/etc/openvpn_server0.secret' is group or others accessible
Oct 19 05:50:22 openvpn[297]: LZO compression initialized
Oct 19 05:50:22 openvpn[297]: gw 66.159.x.x
Oct 19 05:50:22 openvpn[297]: TUN/TAP device /dev/tun0 opened
Oct 19 05:50:22 openvpn[297]: /sbin/ifconfig tun0 192.168.252.1 192.168.252.2 mtu 1500 netmask 255.255.255.255 up
Oct 19 05:50:22 openvpn[297]: /etc/rc.filter_configure tun0 1500 1547 192.168.252.1 192.168.252.2 init
Oct 19 05:50:23 openvpn[314]: Listening for incoming TCP connection on [undef]:1192
Oct 19 05:50:24 openvpn[324]: OpenVPN 2.0.6 i386-portbld-freebsd6.1 [SSL] [LZO] built on Apr 6 2006
Oct 19 05:50:24 openvpn[324]: WARNING: file '/var/etc/openvpn_server1.key' is group or others accessible
Oct 19 05:50:24 openvpn[324]: gw 66.159.x.x
Oct 19 05:50:24 openvpn[324]: TUN/TAP device /dev/tun1 opened
Oct 19 05:50:24 openvpn[324]: /sbin/ifconfig tun1 192.168.253.1 192.168.253.2 mtu 1500 netmask 255.255.255.255 up
Oct 19 05:50:24 openvpn[324]: /etc/rc.filter_configure tun1 1500 1544 192.168.253.1 192.168.253.2 init
Oct 19 05:50:26 openvpn[314]: TCP connection established with 76.114.x.x:64805
Oct 19 05:50:26 openvpn[314]: TCPv4_SERVER link local (bound): [undef]:1192
Oct 19 05:50:26 openvpn[314]: TCPv4_SERVER link remote: 76.114.x.x:64805
Oct 19 05:50:26 openvpn[314]: Peer Connection Initiated with 76.114.x.x:64805
Oct 19 05:50:27 openvpn[314]: Initialization Sequence Completed
Oct 19 05:50:29 openvpn[412]: Listening for incoming TCP connection on [undef]:1193
Oct 19 05:50:29 openvpn[412]: TCPv4_SERVER link local (bound): [undef]:1193
Oct 19 05:50:29 openvpn[412]: TCPv4_SERVER link remote: [undef]
Oct 19 05:50:29 openvpn[412]: Initialization Sequence Completed
Oct 19 05:50:29 openvpn[412]: Need IPv6 code in mroute_extract_addr_from_packet
Oct 19 05:50:29 openvpn[412]: Need IPv6 code in mroute_extract_addr_from_packet
Oct 19 05:50:36 openvpn[314]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 192.168.252.1 192.168.252.2', remote='ifconfig 192.168.2.1 192.168.2.2'
Oct 20 01:44:59 openvpn[314]: read TCPv4_SERVER: Operation timed out (code=60)
Oct 20 01:44:59 openvpn[314]: Connection reset, restarting [0]
Oct 20 01:44:59 openvpn[314]: SIGUSR1[soft,connection-reset] received, process restarting
Oct 20 01:45:00 openvpn[314]: Re-using pre-shared static key
Oct 20 01:45:00 openvpn[314]: LZO compression initialized
Oct 20 01:45:00 openvpn[314]: TCP/UDP: Socket bind failed on local address [undef]:1192: Address already in use
Oct 20 01:45:00 openvpn[314]: ExitingMachine 2 (client):
Last 50 OpenVPN log entries
Oct 18 21:47:15 openvpn[357]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 192.168.2.2 192.168.2.1', remote='ifconfig 192.168.252.2 192.168.252.1'
Oct 19 17:43:24 openvpn[357]: read TCPv4_CLIENT: Operation timed out (code=60)
Oct 19 17:43:24 openvpn[357]: Connection reset, restarting [0]
Oct 19 17:43:24 openvpn[357]: SIGUSR1[soft,connection-reset] received, process restarting
Oct 19 17:43:29 openvpn[357]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Oct 19 17:43:29 openvpn[357]: Re-using pre-shared static key
Oct 19 17:43:29 openvpn[357]: LZO compression initialized
Oct 19 17:43:29 openvpn[357]: Preserving previous TUN/TAP instance: tun0
Oct 19 17:43:29 openvpn[357]: Attempting to establish TCP connection with 66.159.x.x:1192
Oct 19 17:43:51 openvpn[357]: TCP connection established with 66.159.x.x:1192
Oct 19 17:43:51 openvpn[357]: TCPv4_CLIENT link local: [undef]
Oct 19 17:43:51 openvpn[357]: TCPv4_CLIENT link remote: 66.159.x.x:1192
Oct 19 17:44:51 openvpn[357]: Inactivity timeout (–ping-restart), restarting
Oct 19 17:44:51 openvpn[357]: SIGUSR1[soft,ping-restart] received, process restarting
Oct 19 17:44:56 openvpn[357]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Oct 19 17:44:56 openvpn[357]: Re-using pre-shared static key
Oct 19 17:44:56 openvpn[357]: LZO compression initialized
Oct 19 17:44:56 openvpn[357]: Preserving previous TUN/TAP instance: tun0
Oct 19 17:44:56 openvpn[357]: Attempting to establish TCP connection with 66.159.x.x:1192
Oct 19 17:44:56 openvpn[357]: TCP connection established with 66.159.x.x:1192
Oct 19 17:44:56 openvpn[357]: TCPv4_CLIENT link local: [undef]
Oct 19 17:44:56 openvpn[357]: TCPv4_CLIENT link remote: 66.159.x.x:1192
Oct 19 17:45:56 openvpn[357]: Inactivity timeout (–ping-restart), restarting
Oct 19 17:45:56 openvpn[357]: SIGUSR1[soft,ping-restart] received, process restarting
Oct 19 17:46:01 openvpn[357]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Oct 19 17:46:01 openvpn[357]: Re-using pre-shared static key
Oct 19 17:46:01 openvpn[357]: LZO compression initialized
Oct 19 17:46:01 openvpn[357]: Preserving previous TUN/TAP instance: tun0
Oct 19 17:46:01 openvpn[357]: Attempting to establish TCP connection with 66.159.x.x:1192
Oct 19 17:47:16 openvpn[357]: TCP: connect to 66.159.x.x:1192 failed, will try again in 5 seconds: Operation timed out (errno=60)
Oct 19 17:48:36 openvpn[357]: TCP: connect to 66.159.x.x:1192 failed, will try again in 5 seconds: Operation timed out (errno=60)
Oct 19 17:49:56 openvpn[357]: TCP: connect to 66.159.x.x:1192 failed, will try again in 5 seconds: Operation timed out (errno=60)
Oct 19 18:00:36 last message repeated 8 times
Oct 19 18:09:56 last message repeated 7 times
Oct 19 18:20:36 last message repeated 8 times
Oct 19 18:29:56 last message repeated 7 times
Oct 19 18:40:36 last message repeated 8 times
Oct 19 18:51:16 last message repeated 8 times
Oct 19 19:00:36 last message repeated 7 times
Oct 19 19:11:16 last message repeated 8 times
Oct 19 19:20:36 last message repeated 7 times
Oct 19 19:31:15 last message repeated 8 times
Oct 19 19:40:35 last message repeated 7 times
Oct 19 19:51:15 last message repeated 8 times
Oct 19 20:00:35 last message repeated 7 times
Oct 19 20:11:15 last message repeated 8 times
Oct 19 20:20:35 last message repeated 7 times
Oct 19 20:31:15 last message repeated 8 times
Oct 19 20:40:35 last message repeated 7 times
Oct 19 20:51:15 last message repeated 8 timesThanks!
-
Do you have a client configured on your server?
I once had something similar and the probelm was that a configured client used the port i wanted to run the server on.Also i think you might have mixed the configs between your 2 servers:
–>
Oct 19 05:50:36 openvpn[314]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 192.168.252.1 192.168.252.2', remote='ifconfig 192.168.2.1 192.168.2.2'
-
Machine 1 (server) acts only as a server. It has two different entries (on different ports). One is for the site-site VPN (1192), and the other is for a laptop (1193). No client software on Machine 1 (server).
Oct 19 05:50:36 openvpn[314]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 192.168.252.1 192.168.252.2', remote='ifconfig 192.168.2.1 192.168.2.2'
I'm not sure how to interpret this warning. FYI 192.168.252.x is the tunnel IP between the two sites, and 192.168.2.x is the LAN at the remote site (Machine 2-client). Any other thoughts?
-
Could it be that your client machine is setup wrong?
that is uses the tunnel you planned for the laptop?this warning says that the connecting client uses a config that is not compatible to the local config.
client:
Oct 18 21:47:15 openvpn[357]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 192.168.2.2 192.168.2.1', remote='ifconfig 192.168.252.2 192.168.252.1'This means the client wants to use 192.168.x.x as ip-config but he notices the server uses different IP's.
server:
Oct 19 05:50:36 openvpn[314]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 192.168.252.1 192.168.252.2', remote='ifconfig 192.168.2.1 192.168.2.2'this means the server wants wants to use 192.252.x.x as ip-config but he notices that the client uses different IP's.
I would try to use two ports that are more easy to differentiate (for finding the error now).
-
I had similar issues upgraded both machines to RC2 resolved it
Sure! I would have posted these yesterday but the link was still up ;-)
OpenVPN logs:
Machine 1 (server):
Last 50 OpenVPN log entries
Oct 19 05:50:22 openvpn[297]: OpenVPN 2.0.6 i386-portbld-freebsd6.1 [SSL] [LZO] built on Apr 6 2006
Oct 19 05:50:22 openvpn[297]: WARNING: file '/var/etc/openvpn_server0.secret' is group or others accessible
Oct 19 05:50:22 openvpn[297]: LZO compression initialized
Oct 19 05:50:22 openvpn[297]: gw 66.159.x.x
Oct 19 05:50:22 openvpn[297]: TUN/TAP device /dev/tun0 opened
Oct 19 05:50:22 openvpn[297]: /sbin/ifconfig tun0 192.168.252.1 192.168.252.2 mtu 1500 netmask 255.255.255.255 up
Oct 19 05:50:22 openvpn[297]: /etc/rc.filter_configure tun0 1500 1547 192.168.252.1 192.168.252.2 init
Oct 19 05:50:23 openvpn[314]: Listening for incoming TCP connection on [undef]:1192
Oct 19 05:50:24 openvpn[324]: OpenVPN 2.0.6 i386-portbld-freebsd6.1 [SSL] [LZO] built on Apr 6 2006
Oct 19 05:50:24 openvpn[324]: WARNING: file '/var/etc/openvpn_server1.key' is group or others accessible
Oct 19 05:50:24 openvpn[324]: gw 66.159.x.x
Oct 19 05:50:24 openvpn[324]: TUN/TAP device /dev/tun1 opened
Oct 19 05:50:24 openvpn[324]: /sbin/ifconfig tun1 192.168.253.1 192.168.253.2 mtu 1500 netmask 255.255.255.255 up
Oct 19 05:50:24 openvpn[324]: /etc/rc.filter_configure tun1 1500 1544 192.168.253.1 192.168.253.2 init
Oct 19 05:50:26 openvpn[314]: TCP connection established with 76.114.x.x:64805
Oct 19 05:50:26 openvpn[314]: TCPv4_SERVER link local (bound): [undef]:1192
Oct 19 05:50:26 openvpn[314]: TCPv4_SERVER link remote: 76.114.x.x:64805
Oct 19 05:50:26 openvpn[314]: Peer Connection Initiated with 76.114.x.x:64805
Oct 19 05:50:27 openvpn[314]: Initialization Sequence Completed
Oct 19 05:50:29 openvpn[412]: Listening for incoming TCP connection on [undef]:1193
Oct 19 05:50:29 openvpn[412]: TCPv4_SERVER link local (bound): [undef]:1193
Oct 19 05:50:29 openvpn[412]: TCPv4_SERVER link remote: [undef]
Oct 19 05:50:29 openvpn[412]: Initialization Sequence Completed
Oct 19 05:50:29 openvpn[412]: Need IPv6 code in mroute_extract_addr_from_packet
Oct 19 05:50:29 openvpn[412]: Need IPv6 code in mroute_extract_addr_from_packet
Oct 19 05:50:36 openvpn[314]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 192.168.252.1 192.168.252.2', remote='ifconfig 192.168.2.1 192.168.2.2'
Oct 20 01:44:59 openvpn[314]: read TCPv4_SERVER: Operation timed out (code=60)
Oct 20 01:44:59 openvpn[314]: Connection reset, restarting [0]
Oct 20 01:44:59 openvpn[314]: SIGUSR1[soft,connection-reset] received, process restarting
Oct 20 01:45:00 openvpn[314]: Re-using pre-shared static key
Oct 20 01:45:00 openvpn[314]: LZO compression initialized
Oct 20 01:45:00 openvpn[314]: TCP/UDP: Socket bind failed on local address [undef]:1192: Address already in use
Oct 20 01:45:00 openvpn[314]: ExitingMachine 2 (client):
Last 50 OpenVPN log entries
Oct 18 21:47:15 openvpn[357]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 192.168.2.2 192.168.2.1', remote='ifconfig 192.168.252.2 192.168.252.1'
Oct 19 17:43:24 openvpn[357]: read TCPv4_CLIENT: Operation timed out (code=60)
Oct 19 17:43:24 openvpn[357]: Connection reset, restarting [0]
Oct 19 17:43:24 openvpn[357]: SIGUSR1[soft,connection-reset] received, process restarting
Oct 19 17:43:29 openvpn[357]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Oct 19 17:43:29 openvpn[357]: Re-using pre-shared static key
Oct 19 17:43:29 openvpn[357]: LZO compression initialized
Oct 19 17:43:29 openvpn[357]: Preserving previous TUN/TAP instance: tun0
Oct 19 17:43:29 openvpn[357]: Attempting to establish TCP connection with 66.159.x.x:1192
Oct 19 17:43:51 openvpn[357]: TCP connection established with 66.159.x.x:1192
Oct 19 17:43:51 openvpn[357]: TCPv4_CLIENT link local: [undef]
Oct 19 17:43:51 openvpn[357]: TCPv4_CLIENT link remote: 66.159.x.x:1192
Oct 19 17:44:51 openvpn[357]: Inactivity timeout (–ping-restart), restarting
Oct 19 17:44:51 openvpn[357]: SIGUSR1[soft,ping-restart] received, process restarting
Oct 19 17:44:56 openvpn[357]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Oct 19 17:44:56 openvpn[357]: Re-using pre-shared static key
Oct 19 17:44:56 openvpn[357]: LZO compression initialized
Oct 19 17:44:56 openvpn[357]: Preserving previous TUN/TAP instance: tun0
Oct 19 17:44:56 openvpn[357]: Attempting to establish TCP connection with 66.159.x.x:1192
Oct 19 17:44:56 openvpn[357]: TCP connection established with 66.159.x.x:1192
Oct 19 17:44:56 openvpn[357]: TCPv4_CLIENT link local: [undef]
Oct 19 17:44:56 openvpn[357]: TCPv4_CLIENT link remote: 66.159.x.x:1192
Oct 19 17:45:56 openvpn[357]: Inactivity timeout (–ping-restart), restarting
Oct 19 17:45:56 openvpn[357]: SIGUSR1[soft,ping-restart] received, process restarting
Oct 19 17:46:01 openvpn[357]: IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Oct 19 17:46:01 openvpn[357]: Re-using pre-shared static key
Oct 19 17:46:01 openvpn[357]: LZO compression initialized
Oct 19 17:46:01 openvpn[357]: Preserving previous TUN/TAP instance: tun0
Oct 19 17:46:01 openvpn[357]: Attempting to establish TCP connection with 66.159.x.x:1192
Oct 19 17:47:16 openvpn[357]: TCP: connect to 66.159.x.x:1192 failed, will try again in 5 seconds: Operation timed out (errno=60)
Oct 19 17:48:36 openvpn[357]: TCP: connect to 66.159.x.x:1192 failed, will try again in 5 seconds: Operation timed out (errno=60)
Oct 19 17:49:56 openvpn[357]: TCP: connect to 66.159.x.x:1192 failed, will try again in 5 seconds: Operation timed out (errno=60)
Oct 19 18:00:36 last message repeated 8 times
Oct 19 18:09:56 last message repeated 7 times
Oct 19 18:20:36 last message repeated 8 times
Oct 19 18:29:56 last message repeated 7 times
Oct 19 18:40:36 last message repeated 8 times
Oct 19 18:51:16 last message repeated 8 times
Oct 19 19:00:36 last message repeated 7 times
Oct 19 19:11:16 last message repeated 8 times
Oct 19 19:20:36 last message repeated 7 times
Oct 19 19:31:15 last message repeated 8 times
Oct 19 19:40:35 last message repeated 7 times
Oct 19 19:51:15 last message repeated 8 times
Oct 19 20:00:35 last message repeated 7 times
Oct 19 20:11:15 last message repeated 8 times
Oct 19 20:20:35 last message repeated 7 times
Oct 19 20:31:15 last message repeated 8 times
Oct 19 20:40:35 last message repeated 7 times
Oct 19 20:51:15 last message repeated 8 timesThanks!
-
The WARNING: 'ifconfig' **** "statement means that you have not setup the client in openvpn properly,
going off the information you have provided the client machine must have
interface Ip = 192.168.252.0/24 and remote network = 192.168.1.0/24
