Site-to-Site : Client reports not being connected but Server reports connected



  • Hello all!

    I have a site to site VPN set up. The client end is reporting (from the dashboard) "Unable to contact daemon. Service not running?". However, the server side reports the client connecting and then disconnect. The odd thing is, I have connectivity between the two. I can log into devices on the remote network from the server side.  So it seem stop be working. The error bother me because I don't want my data to be traversing the link unsecured. Is that possible?

    Also a packet capture show a lot of malformed packets in the OpenVPN Traffic. I have posted the logs below:

    Client logs:
    Feb 17 16:28:05 openvpn[83787]: ifconfig_pool_end = 0.0.0.0
    Feb 17 16:28:05 openvpn[83787]: ifconfig_pool_netmask = 0.0.0.0
    Feb 17 16:28:05 openvpn[83787]: ifconfig_pool_persist_filename = '[UNDEF]'
    Feb 17 16:28:05 openvpn[83787]: ifconfig_pool_persist_refresh_freq = 600
    Feb 17 16:28:05 openvpn[83787]: ifconfig_ipv6_pool_defined = DISABLED
    Feb 17 16:28:05 openvpn[83787]: ifconfig_ipv6_pool_base = ::
    Feb 17 16:28:05 openvpn[83787]: ifconfig_ipv6_pool_netbits = 0
    Feb 17 16:28:05 openvpn[83787]: n_bcast_buf = 256
    Feb 17 16:28:05 openvpn[83787]: tcp_queue_limit = 64
    Feb 17 16:28:05 openvpn[83787]: real_hash_size = 256
    Feb 17 16:28:05 openvpn[83787]: virtual_hash_size = 256
    Feb 17 16:28:05 openvpn[83787]: client_connect_script = '[UNDEF]'
    Feb 17 16:28:05 openvpn[83787]: learn_address_script = '[UNDEF]'
    Feb 17 16:28:05 openvpn[83787]: client_disconnect_script = '[UNDEF]'
    Feb 17 16:28:05 openvpn[83787]: client_config_dir = '[UNDEF]'
    Feb 17 16:28:05 openvpn[83787]: ccd_exclusive = DISABLED
    Feb 17 16:28:05 openvpn[83787]: tmp_dir = '/tmp'
    Feb 17 16:28:05 openvpn[83787]: push_ifconfig_defined = DISABLED
    Feb 17 16:28:05 openvpn[83787]: push_ifconfig_local = 0.0.0.0
    Feb 17 16:28:05 openvpn[83787]: push_ifconfig_remote_netmask = 0.0.0.0
    Feb 17 16:28:05 openvpn[83787]: push_ifconfig_ipv6_defined = DISABLED
    Feb 17 16:28:05 openvpn[83787]: push_ifconfig_ipv6_local = ::/0
    Feb 17 16:28:05 openvpn[83787]: push_ifconfig_ipv6_remote = ::
    Feb 17 16:28:05 openvpn[83787]: enable_c2c = DISABLED
    Feb 17 16:28:05 openvpn[83787]: duplicate_cn = DISABLED
    Feb 17 16:28:05 openvpn[83787]: cf_max = 0
    Feb 17 16:28:05 openvpn[83787]: cf_per = 0
    Feb 17 16:28:05 openvpn[83787]: max_clients = 1024
    Feb 17 16:28:05 openvpn[83787]: max_routes_per_client = 256
    Feb 17 16:28:05 openvpn[83787]: auth_user_pass_verify_script = '[UNDEF]'
    Feb 17 16:28:05 openvpn[83787]: auth_user_pass_verify_script_via_file = DISABLED
    Feb 17 16:28:05 openvpn[83787]: port_share_host = '[UNDEF]'
    Feb 17 16:28:05 openvpn[83787]: port_share_port = 0
    Feb 17 16:28:05 openvpn[83787]: client = DISABLED
    Feb 17 16:28:05 openvpn[83787]: pull = DISABLED
    Feb 17 16:28:05 openvpn[83787]: auth_user_pass_file = '[UNDEF]'
    Feb 17 16:28:05 openvpn[83787]: OpenVPN 2.3.6 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Dec 1 2014
    Feb 17 16:28:05 openvpn[83787]: library versions: OpenSSL 1.0.1k-freebsd 8 Jan 2015, LZO 2.08
    Feb 17 16:28:05 openvpn[83787]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client1.sock
    Feb 17 16:28:05 openvpn[84906]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Feb 17 16:28:05 openvpn[84906]: Static Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Feb 17 16:28:05 openvpn[84906]: Static Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Feb 17 16:28:05 openvpn[84906]: Static Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Feb 17 16:28:05 openvpn[84906]: Static Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Feb 17 16:28:05 openvpn[84906]: LZO compression initialized
    Feb 17 16:28:05 openvpn[84906]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    Feb 17 16:28:10 openvpn[84906]: ROUTE_GATEWAY 192.168.1.1
    Feb 17 16:28:10 openvpn[84906]: TUN/TAP device ovpnc1 exists previously, keep at program end
    Feb 17 16:28:10 openvpn[84906]: Cannot open TUN/TAP dev /dev/tun1: Device busy (errno=16)
    Feb 17 16:28:10 openvpn[84906]: Exiting due to fatal error

    Server Logs

    Feb 17 16:33:27 openvpn[66184]: /sbin/route delete -net 192.168.11.0 10.10.11.2 255.255.255.0
    Feb 17 16:33:27 openvpn[66184]: Closing TUN/TAP interface
    Feb 17 16:33:27 openvpn[66184]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1573 10.10.11.1 10.10.11.2 init
    Feb 17 16:33:27 openvpn[66184]: SIGTERM[hard,] received, process exiting
    Feb 17 16:33:28 openvpn[33411]: OpenVPN 2.3.6 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Dec 1 2014
    Feb 17 16:33:28 openvpn[33411]: library versions: OpenSSL 1.0.1k-freebsd 8 Jan 2015, LZO 2.08
    Feb 17 16:33:28 openvpn[33411]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server1.sock
    Feb 17 16:33:28 openvpn[33497]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Feb 17 16:33:28 openvpn[33497]: Static Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Feb 17 16:33:28 openvpn[33497]: Static Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Feb 17 16:33:28 openvpn[33497]: Static Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Feb 17 16:33:28 openvpn[33497]: Static Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Feb 17 16:33:28 openvpn[33497]: Socket Buffers: R=[42080->65536] S=[57344->65536]
    Feb 17 16:33:28 openvpn[33497]: ROUTE_GATEWAY [Masked IP]
    Feb 17 16:33:28 openvpn[33497]: TUN/TAP device ovpns1 exists previously, keep at program end
    Feb 17 16:33:28 openvpn[33497]: TUN/TAP device /dev/tun1 opened
    Feb 17 16:33:28 openvpn[33497]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Feb 17 16:33:28 openvpn[33497]: /sbin/ifconfig ovpns1 10.10.11.1 10.10.11.2 mtu 1500 netmask 255.255.255.255 up
    Feb 17 16:33:28 openvpn[33497]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1573 10.10.11.1 10.10.11.2 init
    Feb 17 16:33:28 openvpn[33497]: /sbin/route add -net 192.168.11.0 10.10.11.2 255.255.255.0
    Feb 17 16:33:28 openvpn[33497]: UDPv4 link local (bound): [AF_INET][MaskedIP]:1194
    Feb 17 16:33:28 openvpn[33497]: UDPv4 link remote: [undef]
    Feb 17 16:33:30 openvpn[33497]: Peer Connection Initiated with [AF_INET][maskedIP]:47482
    Feb 17 16:33:30 openvpn[33497]: Initialization Sequence Completed
    Feb 17 16:33:38 openvpn[33497]: WARNING: 'tun-ipv6' is present in remote config but missing in local config, remote='tun-ipv6'
    Feb 17 16:34:05 openvpn[33497]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Feb 17 16:34:06 openvpn[33497]: MANAGEMENT: CMD 'status 2'
    Feb 17 16:34:06 openvpn[33497]: MANAGEMENT: CMD 'quit'
    Feb 17 16:34:06 openvpn[33497]: MANAGEMENT: Client disconnected
    Feb 17 16:35:09 openvpn[33497]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Feb 17 16:35:09 openvpn[33497]: MANAGEMENT: CMD 'status 2'
    Feb 17 16:35:09 openvpn[33497]: MANAGEMENT: CMD 'quit'
    Feb 17 16:35:09 openvpn[33497]: MANAGEMENT: Client disconnected

    Can anyone help? If more info is needed let me know.

    Thanks!



  • Restart the openvpn service on both ends.



  • I have multiple times with no success.