Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Question about OPENVPN Status Display for peer-peer shared key

    OpenVPN
    2
    2
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      trueno
      last edited by

      I have a setup whereby the central server talks to two clients peer-peer, shared key.  Only one shows up in the OpenVPN Status display screen.  Not sure what I am supposed to be seeing here.  Am I supposed to see both concurrently on this screen.  Both clients show the VPN is up with the server.  Only one shows up at a time.  In fact, when I turn off the OpenVPN process in the client that shows up, it goes away and the other one shows up (on the Server OpenVPN Status display).

      The central server is displaying and inordinate number of potential replay errors but does show that both VPN sessions have initiated.

      10.0.0.63 is Server and 10.0.0.31 and 10.0.0.75 are the clients.  Looks to me like the VPNs are up and running from the log below…why are they both not showing up on the OpenVPN Status display of the Server?

      Jan 28 06:05:40 openvpn[74255]: event_wait : Interrupted system call (code=4)
      Jan 28 06:05:40 openvpn[74255]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1560 172.16.16.1 172.16.16.2 init
      Jan 28 06:05:40 openvpn[74255]: SIGTERM[hard,] received, process exiting
      Jan 28 06:05:40 openvpn[93828]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013
      Jan 28 06:05:40 openvpn[93828]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      Jan 28 06:05:40 openvpn[93828]: Could not retrieve default gateway from route socket:: No such process (errno=3)
      Jan 28 06:05:40 openvpn[93828]: TUN/TAP device ovpns1 exists previously, keep at program end
      Jan 28 06:05:40 openvpn[93828]: TUN/TAP device /dev/tun1 opened
      Jan 28 06:05:40 openvpn[93828]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
      Jan 28 06:05:40 openvpn[93828]: /sbin/ifconfig ovpns1 172.16.16.1 172.16.16.2 mtu 1500 netmask 255.255.255.255 up
      Jan 28 06:05:40 openvpn[93828]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1560 172.16.16.1 172.16.16.2 init
      Jan 28 06:05:41 openvpn[95171]: UDPv4 link local (bound): [AF_INET]10.0.0.63:8213
      Jan 28 06:05:41 openvpn[95171]: UDPv4 link remote: [undef]
      Jan 28 06:05:49 openvpn[95171]: Peer Connection Initiated with [AF_INET]10.0.0.31:14287
      Jan 28 06:05:50 openvpn[95171]: Initialization Sequence Completed
      Jan 28 06:05:51 openvpn[95171]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 172.16.16.1 172.16.16.2', remote='ifconfig 172.16.16.5 172.16.16.6'
      Jan 28 06:06:07 openvpn[95171]: Peer Connection Initiated with [AF_INET]10.0.0.75:46767
      Jan 28 06:06:17 openvpn[95171]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1252 / time = (1390931091) Tue Jan 28 12:44:51 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Jan 28 06:06:27 openvpn[95171]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1253 / time = (1390931091) Tue Jan 28 12:44:51 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Jan 28 06:06:29 openvpn[95171]: Peer Connection Initiated with [AF_INET]10.0.0.31:62559
      Jan 28 06:06:39 openvpn[95171]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #25 / time = (1390932361) Tue Jan 28 13:06:01 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Jan 28 06:06:49 openvpn[95171]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #26 / time = (1390932361) Tue Jan 28 13:06:01 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Jan 28 06:06:59 openvpn[95171]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #27 / time = (1390932361) Tue Jan 28 13:06:01 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Jan 28 06:07:00 openvpn[95171]: event_wait : Interrupted system call (code=4)
      Jan 28 06:07:00 openvpn[95171]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1560 172.16.16.1 172.16.16.2 init
      Jan 28 06:07:00 openvpn[95171]: SIGTERM[hard,] received, process exiting
      Jan 28 06:07:01 openvpn[49964]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013
      Jan 28 06:07:01 openvpn[49964]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      Jan 28 06:07:01 openvpn[49964]: Could not retrieve default gateway from route socket:: No such process (errno=3)
      Jan 28 06:07:01 openvpn[49964]: TUN/TAP device ovpns1 exists previously, keep at program end
      Jan 28 06:07:01 openvpn[49964]: TUN/TAP device /dev/tun1 opened
      Jan 28 06:07:01 openvpn[49964]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
      Jan 28 06:07:01 openvpn[49964]: /sbin/ifconfig ovpns1 172.16.16.1 172.16.16.2 mtu 1500 netmask 255.255.255.255 up
      Jan 28 06:07:01 openvpn[49964]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1560 172.16.16.1 172.16.16.2 init
      Jan 28 06:07:01 openvpn[51532]: UDPv4 link local (bound): [AF_INET]10.0.0.63:8213
      Jan 28 06:07:01 openvpn[51532]: UDPv4 link remote: [undef]
      Jan 28 06:07:05 openvpn[51532]: Peer Connection Initiated with [AF_INET]10.0.0.75:22073
      Jan 28 06:07:05 openvpn[51532]: Initialization Sequence Completed
      Jan 28 06:07:11 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #34 / time = (1390932380) Tue Jan 28 13:06:20 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Jan 28 06:07:18 openvpn[51532]: Peer Connection Initiated with [AF_INET]10.0.0.31:56066
      Jan 28 06:07:27 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #17 / time = (1390932419) Tue Jan 28 13:06:59 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Jan 28 06:07:37 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #18 / time = (1390932419) Tue Jan 28 13:06:59 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Jan 28 06:07:47 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #19 / time = (1390932419) Tue Jan 28 13:06:59 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Jan 28 06:07:57 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #20 / time = (1390932419) Tue Jan 28 13:06:59 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Jan 28 06:08:07 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #21 / time = (1390932419) Tue Jan 28 13:06:59 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
      Jan 28 06:08:19 openvpn[51532]: Peer Connection Initiated with [AF_INET]10.0.0.75:20038
      Jan 28 06:08:19 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #63 / time = (1390932429) Tue Jan 28 13:07:09 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Shared key is 1:1 – one server, one client only. The two clients will fight over which one is actually online/up.

        If you want one server and multiple remotes then you'll need to use a site-to-site PKI/SSL setup which is a bit more complex. Otherwise, setup one server process for each remote node.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.