• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

(Solved) OpenVPN lost connectivity

Scheduled Pinned Locked Moved 2.3-RC Snapshot Feedback and Issues - ARCHIVED
12 Posts 2 Posters 3.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    chpalmer
    last edited by Dec 5, 2015, 3:08 AM Dec 2, 2015, 7:27 AM

    2.3-ALPHA (i386)
    built on Tue Dec 01 22:17:20 CST 2015

    I have two spur offices that I am testing on.  Did upgrade tonight and lost VPN connectivity to both.  Still have a way in so I can see the routers are working otherwise.

    VPN still shows connected on both ends.

    Site to Site.

    | Client UDP:1194 | up | Tue Dec 1 23:16:36 2015 | 10.10.1.2 | x.x.x.138 | 6 KB | 7 KB |

    Triggering snowflakes one by one..
    Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

    1 Reply Last reply Reply Quote 0
    • C
      chpalmer
      last edited by Dec 2, 2015, 7:41 AM

      Some logs-

      | Dec 1 23:15:32[/t][/t] openvpn[633]: OpenVPN ROUTE: OpenVPN needs a gateway parameter for a –route option and no default was specified by either --route-gateway or --ifconfig options

      | Dec 1 23:15:32[/t] openvpn[633]: OpenVPN ROUTE: failed to parse/resolve route for host/network: 172.31.125.0

      | Dec 1 23:15:32[/t] openvpn[633]: OpenVPN ROUTE: OpenVPN needs a gateway parameter for a –route option and no default was specified by either --route-gateway or --ifconfig options

      | Dec 1 23:15:32[/t] openvpn[633]: OpenVPN ROUTE: failed to parse/resolve route for host/network: 172.30.15.0 |

      |

      |

      |

      Triggering snowflakes one by one..
      Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

      1 Reply Last reply Reply Quote 0
      • J
        jimp Rebel Alliance Developer Netgate
        last edited by Dec 2, 2015, 2:47 PM

        Is this an SSL/TLS remote access setup with client-specific overrides?

        If so, what options do you have specified in the overrides, and what do the contents of /var/etc/openvpn-csc/<server id="">/ <common name="">look like?</common></server>

        Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • C
          chpalmer
          last edited by Dec 2, 2015, 6:14 PM

          Hi JimP

          Its a peer to peer shared key setup.

          Triggering snowflakes one by one..
          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

          1 Reply Last reply Reply Quote 0
          • J
            jimp Rebel Alliance Developer Netgate
            last edited by Dec 2, 2015, 6:20 PM

            Hmm, nothing should have changed for shared key. Are those log messages found on both sides? Are both sides 2.3?
            Can you share the contents of the /var/etc/openvpn/*.conf files? Or at least the lines inside with ifconfig and route (No need to see keys or anything secret)

            Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • C
              chpalmer
              last edited by Dec 2, 2015, 6:34 PM Dec 2, 2015, 6:30 PM

              ~~Actually might be a bigger issue somewhere else.

              I cant get to anything behind the firewall with port forward rules Ive had for years. (Outside of the VPN.)

              I simply disable firewall rules when Im not using them as I use the VPN instead.~~  Im letting one of the sites update to the latest snap and will report back.

              Axe that- loose nut behind the wheel!

              Working on your requests now.

              One side is 2.2.5 and the two test sites are 2.3

              All 2.2.5 sites working fine.

              Triggering snowflakes one by one..
              Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

              1 Reply Last reply Reply Quote 0
              • C
                chpalmer
                last edited by Dec 2, 2015, 6:39 PM

                dev ovpnc1
                verb 1
                dev-type tun
                tun-ipv6
                dev-node /dev/tun1
                writepid /var/run/openvpn_client1.pid
                #user nobody
                #group nobody
                script-security 3
                daemon
                keepalive 10 60
                ping-timer-rem
                persist-tun
                persist-key
                proto udp
                cipher AES-256-CBC
                auth SHA1
                up /usr/local/sbin/ovpn-linkup
                down /usr/local/sbin/ovpn-linkdown
                local 173.xxx.xxx.26
                lport 1194
                management /var/etc/openvpn/client1.sock unix
                remote Box.MyIP.com 1194
                ifconfig 10.10.1.2 10.10.1.1
                route 172.31.125.0 255.255.255.0
                route 172.30.15.0 255.255.255.248
                route 192.168.25.0 255.255.255.0
                secret /var/etc/openvpn/client1.secret 
                comp-lzo adaptive
                topology subnet
                
                

                Triggering snowflakes one by one..
                Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                1 Reply Last reply Reply Quote 0
                • J
                  jimp Rebel Alliance Developer Netgate
                  last edited by Dec 2, 2015, 6:41 PM

                  Hmm it's adding topology there when it shouldn't be added for shared key. I'll take a look in the code and find a fix.

                  Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • C
                    chpalmer
                    last edited by Dec 2, 2015, 6:44 PM

                    This is from the 2.2.5 side in case it helps.  :)

                    Dec 2 10:30:42     openvpn[16323]: Inactivity timeout (--ping-restart), restarting
                    Dec 2 10:30:42     openvpn[16323]: SIGUSR1[soft,ping-restart] received, process restarting
                    Dec 2 10:30:44     openvpn[16323]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
                    Dec 2 10:30:44     openvpn[16323]: Re-using pre-shared static key
                    Dec 2 10:30:44     openvpn[16323]: Preserving previous TUN/TAP instance: ovpns1
                    Dec 2 10:30:44     openvpn[16323]: UDPv4 link local (bound): [AF_INET]xx.1xx.xxx.1x8:1194
                    Dec 2 10:30:44     openvpn[16323]: UDPv4 link remote: [undef]
                    Dec 2 10:31:17     openvpn[16323]: Peer Connection Initiated with [AF_INET]1xx.xxx.xxx.x6:1194
                    Dec 2 10:31:18     openvpn[16323]: Initialization Sequence Completed
                    Dec 2 10:31:25     openvpn[16323]: WARNING: 'ifconfig' is used inconsistently, local='ifconfig 10.10.1.1 10.10.1.2', remote='ifconfig 10.10.1.0 10.10.1.1'
                    
                    

                    Triggering snowflakes one by one..
                    Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                    1 Reply Last reply Reply Quote 0
                    • C
                      chpalmer
                      last edited by Dec 2, 2015, 7:29 PM

                      I was able to modify my config files on both affected machines and everything came back fine. So no other underlying issues. (But you knew that already.)  :)

                      Triggering snowflakes one by one..
                      Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                      1 Reply Last reply Reply Quote 0
                      • J
                        jimp Rebel Alliance Developer Netgate
                        last edited by Dec 2, 2015, 7:56 PM

                        OK I just pushed a fix, you can gitsync to pick it up in a few minutes, or wait until the next snapshot build and upgrade that way.

                        Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • C
                          chpalmer
                          last edited by Dec 2, 2015, 8:03 PM

                          Thanks JimP

                          Triggering snowflakes one by one..
                          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                          1 Reply Last reply Reply Quote 0
                          12 out of 12
                          • First post
                            12/12
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                            This community forum collects and processes your personal information.
                            consent.not_received