Question about OPENVPN Status Display for peer-peer shared key


  • I have a setup whereby the central server talks to two clients peer-peer, shared key.  Only one shows up in the OpenVPN Status display screen.  Not sure what I am supposed to be seeing here.  Am I supposed to see both concurrently on this screen.  Both clients show the VPN is up with the server.  Only one shows up at a time.  In fact, when I turn off the OpenVPN process in the client that shows up, it goes away and the other one shows up (on the Server OpenVPN Status display).

    The central server is displaying and inordinate number of potential replay errors but does show that both VPN sessions have initiated.

    10.0.0.63 is Server and 10.0.0.31 and 10.0.0.75 are the clients.  Looks to me like the VPNs are up and running from the log below…why are they both not showing up on the OpenVPN Status display of the Server?

    Jan 28 06:05:40 openvpn[74255]: event_wait : Interrupted system call (code=4)
    Jan 28 06:05:40 openvpn[74255]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1560 172.16.16.1 172.16.16.2 init
    Jan 28 06:05:40 openvpn[74255]: SIGTERM[hard,] received, process exiting
    Jan 28 06:05:40 openvpn[93828]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013
    Jan 28 06:05:40 openvpn[93828]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Jan 28 06:05:40 openvpn[93828]: Could not retrieve default gateway from route socket:: No such process (errno=3)
    Jan 28 06:05:40 openvpn[93828]: TUN/TAP device ovpns1 exists previously, keep at program end
    Jan 28 06:05:40 openvpn[93828]: TUN/TAP device /dev/tun1 opened
    Jan 28 06:05:40 openvpn[93828]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Jan 28 06:05:40 openvpn[93828]: /sbin/ifconfig ovpns1 172.16.16.1 172.16.16.2 mtu 1500 netmask 255.255.255.255 up
    Jan 28 06:05:40 openvpn[93828]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1560 172.16.16.1 172.16.16.2 init
    Jan 28 06:05:41 openvpn[95171]: UDPv4 link local (bound): [AF_INET]10.0.0.63:8213
    Jan 28 06:05:41 openvpn[95171]: UDPv4 link remote: [undef]
    Jan 28 06:05:49 openvpn[95171]: Peer Connection Initiated with [AF_INET]10.0.0.31:14287
    Jan 28 06:05:50 openvpn[95171]: Initialization Sequence Completed
    Jan 28 06:05:51 openvpn[95171]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 172.16.16.1 172.16.16.2', remote='ifconfig 172.16.16.5 172.16.16.6'
    Jan 28 06:06:07 openvpn[95171]: Peer Connection Initiated with [AF_INET]10.0.0.75:46767
    Jan 28 06:06:17 openvpn[95171]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1252 / time = (1390931091) Tue Jan 28 12:44:51 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
    Jan 28 06:06:27 openvpn[95171]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1253 / time = (1390931091) Tue Jan 28 12:44:51 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
    Jan 28 06:06:29 openvpn[95171]: Peer Connection Initiated with [AF_INET]10.0.0.31:62559
    Jan 28 06:06:39 openvpn[95171]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #25 / time = (1390932361) Tue Jan 28 13:06:01 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
    Jan 28 06:06:49 openvpn[95171]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #26 / time = (1390932361) Tue Jan 28 13:06:01 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
    Jan 28 06:06:59 openvpn[95171]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #27 / time = (1390932361) Tue Jan 28 13:06:01 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
    Jan 28 06:07:00 openvpn[95171]: event_wait : Interrupted system call (code=4)
    Jan 28 06:07:00 openvpn[95171]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1560 172.16.16.1 172.16.16.2 init
    Jan 28 06:07:00 openvpn[95171]: SIGTERM[hard,] received, process exiting
    Jan 28 06:07:01 openvpn[49964]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013
    Jan 28 06:07:01 openvpn[49964]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Jan 28 06:07:01 openvpn[49964]: Could not retrieve default gateway from route socket:: No such process (errno=3)
    Jan 28 06:07:01 openvpn[49964]: TUN/TAP device ovpns1 exists previously, keep at program end
    Jan 28 06:07:01 openvpn[49964]: TUN/TAP device /dev/tun1 opened
    Jan 28 06:07:01 openvpn[49964]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Jan 28 06:07:01 openvpn[49964]: /sbin/ifconfig ovpns1 172.16.16.1 172.16.16.2 mtu 1500 netmask 255.255.255.255 up
    Jan 28 06:07:01 openvpn[49964]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1560 172.16.16.1 172.16.16.2 init
    Jan 28 06:07:01 openvpn[51532]: UDPv4 link local (bound): [AF_INET]10.0.0.63:8213
    Jan 28 06:07:01 openvpn[51532]: UDPv4 link remote: [undef]
    Jan 28 06:07:05 openvpn[51532]: Peer Connection Initiated with [AF_INET]10.0.0.75:22073
    Jan 28 06:07:05 openvpn[51532]: Initialization Sequence Completed
    Jan 28 06:07:11 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #34 / time = (1390932380) Tue Jan 28 13:06:20 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
    Jan 28 06:07:18 openvpn[51532]: Peer Connection Initiated with [AF_INET]10.0.0.31:56066
    Jan 28 06:07:27 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #17 / time = (1390932419) Tue Jan 28 13:06:59 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
    Jan 28 06:07:37 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #18 / time = (1390932419) Tue Jan 28 13:06:59 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
    Jan 28 06:07:47 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #19 / time = (1390932419) Tue Jan 28 13:06:59 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
    Jan 28 06:07:57 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #20 / time = (1390932419) Tue Jan 28 13:06:59 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
    Jan 28 06:08:07 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #21 / time = (1390932419) Tue Jan 28 13:06:59 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
    Jan 28 06:08:19 openvpn[51532]: Peer Connection Initiated with [AF_INET]10.0.0.75:20038
    Jan 28 06:08:19 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #63 / time = (1390932429) Tue Jan 28 13:07:09 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

  • Rebel Alliance Developer Netgate

    Shared key is 1:1 – one server, one client only. The two clients will fight over which one is actually online/up.

    If you want one server and multiple remotes then you'll need to use a site-to-site PKI/SSL setup which is a bit more complex. Otherwise, setup one server process for each remote node.