Question about OPENVPN Status Display for peer-peer shared key

trueno · Jan 28, 2014, 6:12 PM

I have a setup whereby the central server talks to two clients peer-peer, shared key. Only one shows up in the OpenVPN Status display screen. Not sure what I am supposed to be seeing here. Am I supposed to see both concurrently on this screen. Both clients show the VPN is up with the server. Only one shows up at a time. In fact, when I turn off the OpenVPN process in the client that shows up, it goes away and the other one shows up (on the Server OpenVPN Status display).

The central server is displaying and inordinate number of potential replay errors but does show that both VPN sessions have initiated.

10.0.0.63 is Server and 10.0.0.31 and 10.0.0.75 are the clients. Looks to me like the VPNs are up and running from the log below…why are they both not showing up on the OpenVPN Status display of the Server?

Jan 28 06:05:40 openvpn[74255]: event_wait : Interrupted system call (code=4)
Jan 28 06:05:40 openvpn[74255]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1560 172.16.16.1 172.16.16.2 init
Jan 28 06:05:40 openvpn[74255]: SIGTERM[hard,] received, process exiting
Jan 28 06:05:40 openvpn[93828]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013
Jan 28 06:05:40 openvpn[93828]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Jan 28 06:05:40 openvpn[93828]: Could not retrieve default gateway from route socket:: No such process (errno=3)
Jan 28 06:05:40 openvpn[93828]: TUN/TAP device ovpns1 exists previously, keep at program end
Jan 28 06:05:40 openvpn[93828]: TUN/TAP device /dev/tun1 opened
Jan 28 06:05:40 openvpn[93828]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Jan 28 06:05:40 openvpn[93828]: /sbin/ifconfig ovpns1 172.16.16.1 172.16.16.2 mtu 1500 netmask 255.255.255.255 up
Jan 28 06:05:40 openvpn[93828]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1560 172.16.16.1 172.16.16.2 init
Jan 28 06:05:41 openvpn[95171]: UDPv4 link local (bound): [AF_INET]10.0.0.63:8213
Jan 28 06:05:41 openvpn[95171]: UDPv4 link remote: [undef]
Jan 28 06:05:49 openvpn[95171]: Peer Connection Initiated with [AF_INET]10.0.0.31:14287
Jan 28 06:05:50 openvpn[95171]: Initialization Sequence Completed
Jan 28 06:05:51 openvpn[95171]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 172.16.16.1 172.16.16.2', remote='ifconfig 172.16.16.5 172.16.16.6'
Jan 28 06:06:07 openvpn[95171]: Peer Connection Initiated with [AF_INET]10.0.0.75:46767
Jan 28 06:06:17 openvpn[95171]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1252 / time = (1390931091) Tue Jan 28 12:44:51 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 28 06:06:27 openvpn[95171]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #1253 / time = (1390931091) Tue Jan 28 12:44:51 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 28 06:06:29 openvpn[95171]: Peer Connection Initiated with [AF_INET]10.0.0.31:62559
Jan 28 06:06:39 openvpn[95171]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #25 / time = (1390932361) Tue Jan 28 13:06:01 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 28 06:06:49 openvpn[95171]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #26 / time = (1390932361) Tue Jan 28 13:06:01 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 28 06:06:59 openvpn[95171]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #27 / time = (1390932361) Tue Jan 28 13:06:01 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 28 06:07:00 openvpn[95171]: event_wait : Interrupted system call (code=4)
Jan 28 06:07:00 openvpn[95171]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1560 172.16.16.1 172.16.16.2 init
Jan 28 06:07:00 openvpn[95171]: SIGTERM[hard,] received, process exiting
Jan 28 06:07:01 openvpn[49964]: OpenVPN 2.3.2 i386-portbld-freebsd8.3 [SSL (OpenSSL)] [LZO] [eurephia] [MH] [IPv6] built on Jul 24 2013
Jan 28 06:07:01 openvpn[49964]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Jan 28 06:07:01 openvpn[49964]: Could not retrieve default gateway from route socket:: No such process (errno=3)
Jan 28 06:07:01 openvpn[49964]: TUN/TAP device ovpns1 exists previously, keep at program end
Jan 28 06:07:01 openvpn[49964]: TUN/TAP device /dev/tun1 opened
Jan 28 06:07:01 openvpn[49964]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Jan 28 06:07:01 openvpn[49964]: /sbin/ifconfig ovpns1 172.16.16.1 172.16.16.2 mtu 1500 netmask 255.255.255.255 up
Jan 28 06:07:01 openvpn[49964]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1560 172.16.16.1 172.16.16.2 init
Jan 28 06:07:01 openvpn[51532]: UDPv4 link local (bound): [AF_INET]10.0.0.63:8213
Jan 28 06:07:01 openvpn[51532]: UDPv4 link remote: [undef]
Jan 28 06:07:05 openvpn[51532]: Peer Connection Initiated with [AF_INET]10.0.0.75:22073
Jan 28 06:07:05 openvpn[51532]: Initialization Sequence Completed
Jan 28 06:07:11 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #34 / time = (1390932380) Tue Jan 28 13:06:20 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 28 06:07:18 openvpn[51532]: Peer Connection Initiated with [AF_INET]10.0.0.31:56066
Jan 28 06:07:27 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #17 / time = (1390932419) Tue Jan 28 13:06:59 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 28 06:07:37 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #18 / time = (1390932419) Tue Jan 28 13:06:59 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 28 06:07:47 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #19 / time = (1390932419) Tue Jan 28 13:06:59 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 28 06:07:57 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #20 / time = (1390932419) Tue Jan 28 13:06:59 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 28 06:08:07 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #21 / time = (1390932419) Tue Jan 28 13:06:59 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Jan 28 06:08:19 openvpn[51532]: Peer Connection Initiated with [AF_INET]10.0.0.75:20038
Jan 28 06:08:19 openvpn[51532]: Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #63 / time = (1390932429) Tue Jan 28 13:07:09 2014 ] – see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

jimp · Jan 31, 2014, 4:12 PM

Shared key is 1:1 – one server, one client only. The two clients will fight over which one is actually online/up.

If you want one server and multiple remotes then you'll need to use a site-to-site PKI/SSL setup which is a bit more complex. Otherwise, setup one server process for each remote node.