OpenVPN Issue – [Resolved 4 Apr 16]
-
** Resolved in .. VPN / OpenVPN / Client Specific Overrides.
** /30 addressing removed and replaced with /24 address.
** Example : removed 10.192.168.12/30 and replaced with 10.192.168.12/24.** Logs now show…
Mon Apr 04 22:47:19 2016 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{535AE7AA-F3DF-4F97-BDD8-E88CDD18FA4A}.tap Mon Apr 04 22:47:19 2016 Set TAP-Windows TUN subnet mode network/local/netmask = 10.192.168.0/10.192.168.12/255.255.255.0 [SUCCEEDED] Mon Apr 04 22:47:19 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.192.168.12/255.255.255.0 on interface {535AE7AA-F3DF-4F97-BDD8-E88CDD18FA4A} [DHCP-serv: 10.192.168.254, lease-time: 31536000] Mon Apr 04 22:47:19 2016 Successful ARP Flush on interface [11] {535AE7AA-F3DF-4F97-BDD8-E88CDD18FA4A} Mon Apr 04 22:47:20 2016 Initialization Sequence Completed
Hello.
I am running latest and greatest…community edition.
2.3-RC (amd64)
built on Mon Apr 04 07:32:16 CDT 2016
FreeBSD 10.3-RELEASEIntel(R) Atom(TM) CPU D510 @ 1.66GHz
4 CPUs: 1 package(s) x 2 core(s) x 2 HTT threadsI do have a problem with OpenVPN clients who can connect into the VPN, but are unable to communicate further. Anyone else having this problem?
Jits.
OpenVPN clients
-
for me help's a reboot..
-
What do you mean by further?
- Add allow rule to the firewall?
- If it's to the web NAT rules?
- other IP routes, did you properly advertise the IP routes the router has to the client?
- …
Please explain closer, there's several things I can understand from your question, all with different solutions.
-
so did this use to work and after the upgrade to this snapshot it failed.. Or is this a new setup?
What I can tell you is I am using CE
2.3-RC (amd64)
built on Sun Apr 03 14:24:26 CDT 2016And I am currently remote oopenvpn in and not having any issues getting to anything. I don't really like upgrading while I am gone to a new snapshot.. If something happens to fail, I am kind of locked out and wife would be pissed no internet until I get home sort of thing ;)
-
no issues here.
-
my apologies…
It's Monday.
This is an upgrade from 2.2.6 version. I've rebooted and then thought that perhaps I need to resend the client files to the users after the upgrade. That made sense to me. I resent to myself, and on the client side, when logging in this is what I get...
Mon Apr 04 14:19:22 2016 OpenVPN 2.3.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Jun 8 2015 Mon Apr 04 14:19:22 2016 library versions: OpenSSL 1.0.1m 19 Mar 2015, LZO 2.08 Enter Management Password: Mon Apr 04 14:19:23 2016 Control Channel Authentication: using 'gateway-luna-udp-3396-Paperlips-tls.key' as a OpenVPN static key file Mon Apr 04 14:19:23 2016 UDPv4 link local (bound): [undef] Mon Apr 04 14:19:23 2016 UDPv4 link remote: [AF_INET]X.X.106.2:3396 Mon Apr 04 14:19:24 2016 [GPOServer] Peer Connection Initiated with [AF_INET]X.X.106.2:3396 Mon Apr 04 14:19:26 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Mon Apr 04 14:19:26 2016 open_tun, tt->ipv6=0 Mon Apr 04 14:19:26 2016 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{C4F2E093-407F-483C-BBAC-0A1AD555208A}.tap Mon Apr 04 14:19:26 2016 Set TAP-Windows TUN subnet mode network/local/netmask = 10.192.168.12/10.192.168.12/255.255.255.252 [SUCCEEDED] Mon Apr 04 14:19:26 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.192.168.12/255.255.255.252 on interface {C4F2E093-407F-483C-BBAC-0A1AD555208A} [DHCP-serv: 10.192.168.14, lease-time: 31536000] Mon Apr 04 14:19:26 2016 Successful ARP Flush on interface [13] {C4F2E093-407F-483C-BBAC-0A1AD555208A} Mon Apr 04 14:19:57 2016 SIGTERM[hard,] received, process exiting
And..on the server side, this is what I get…
Apr 4 14:21:54 openvpn 32873 Paperlips/192.168.1.177:52769 [Paperlips] Inactivity timeout (--ping-restart), restarting Apr 4 14:19:23 openvpn 32873 Paperlips/192.168.1.177:52769 send_push_reply(): safe_cap=940 Apr 4 14:19:21 openvpn 32873 192.168.1.177:52769 [Paperlips] Peer Connection Initiated with [AF_INET]192.168.1.177:52769
Logs recorded from 02 APR…
Apr 4 14:21:54 openvpn 32873 Paperlips/192.168.1.177:52769 [Paperlips] Inactivity timeout (--ping-restart), restarting Apr 4 14:19:23 openvpn 32873 Paperlips/192.168.1.177:52769 send_push_reply(): safe_cap=940 Apr 4 14:19:21 openvpn 32873 192.168.1.177:52769 [Paperlips] Peer Connection Initiated with [AF_INET]192.168.1.177:52769 Apr 4 14:18:55 openvpn 32873 x.x.132.52:63855 send_push_reply(): safe_cap=940 Apr 4 14:18:54 openvpn 32873 x.x.167.158:60368 send_push_reply(): safe_cap=940 Apr 4 14:18:52 openvpn 32873 x.x.132.52:63855 [C] Peer Connection Initiated with [AF_INET]x.x.132.52:63855 Apr 4 14:18:52 openvpn 32873 x.x.96.41:50427 send_push_reply(): safe_cap=940 Apr 4 14:18:52 openvpn 32873 x.x.167.158:60368 [C] Peer Connection Initiated with [AF_INET]x.x.167.158:60368 Apr 4 14:18:50 openvpn 32873 x.x.96.41:50427 MULTI_sva: pool returned IPv4=10.192.168.2, IPv6=(Not enabled) Apr 4 14:18:50 openvpn 32873 x.x.96.41:50427 [car] Peer Connection Initiated with [AF_INET]x.x.96.41:50427 Apr 4 14:18:44 openvpn 32873 x.x.167.158:60368 write UDPv4: No route to host (code=65) Apr 4 14:18:44 openvpn 32873 x.x.132.52:63855 write UDPv4: No route to host (code=65) Apr 4 14:18:44 openvpn 32873 x.x.96.41:50427 write UDPv4: No route to host (code=65) Apr 4 14:18:42 openvpn 32873 x.x.167.158:60368 write UDPv4: No route to host (code=65) Apr 4 14:18:41 openvpn 32873 x.x.96.41:50427 write UDPv4: No route to host (code=65) Apr 4 14:18:40 openvpn 32873 x.x.167.158:60368 write UDPv4: No route to host (code=65) Apr 4 14:18:33 openvpn 32873 Initialization Sequence Completed Apr 4 14:18:33 openvpn 32873 UDPv4 link remote: [undef] Apr 4 14:18:33 openvpn 32873 UDPv4 link local (bound): [AF_INET]x.x.106.2:3396 Apr 4 14:18:33 openvpn 32873 /usr/local/sbin/ovpn-linkup ovpns2 1500 1602 10.192.168.1 255.255.255.0 init Apr 4 14:18:33 openvpn 32873 /sbin/ifconfig ovpns2 10.192.168.1 10.192.168.2 mtu 1500 netmask 255.255.255.0 up Apr 4 14:18:33 openvpn 32873 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Apr 4 14:18:33 openvpn 32873 ioctl(TUNSIFMODE): Device busy: Device busy (errno=16) Apr 4 14:18:33 openvpn 32873 TUN/TAP device /dev/tun2 opened Apr 4 14:18:33 openvpn 32873 TUN/TAP device ovpns2 exists previously, keep at program end Apr 4 14:18:33 openvpn 32873 Control Channel Authentication: using '/var/etc/openvpn/server2.tls-auth' as a OpenVPN static key file Apr 4 14:18:33 openvpn 32873 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Apr 4 14:18:33 openvpn 32873 Could not retrieve default gateway from route socket:: No such process (errno=3) Apr 4 14:18:33 openvpn 32553 library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09 Apr 4 14:18:33 openvpn 32553 OpenVPN 2.3.9 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Mar 31 2016 Apr 4 14:13:22 openvpn 31123 S/x.x.82.18:53174 [s] Inactivity timeout (--ping-restart), restarting Apr 4 14:11:22 openvpn 31123 S/x.x.82.18:53174 send_push_reply(): safe_cap=940 Apr 4 14:11:20 openvpn 31123 x.x.82.18:53174 [s] Peer Connection Initiated with [AF_INET]x.x.82.18:53174 Apr 4 14:10:54 openvpn 31123 S/x.x.82.18:42576 send_push_reply(): safe_cap=940 Apr 4 14:10:52 openvpn 31123 x.x.82.18:42576 [s] Peer Connection Initiated with [AF_INET]x.x.82.18:42576 Apr 4 13:41:26 openvpn 31123 S/x.x.82.18:15892 [s] Inactivity timeout (--ping-restart), restarting Apr 4 13:39:26 openvpn 31123 S/x.x.82.18:15892 send_push_reply(): safe_cap=940 Apr 4 13:39:24 openvpn 31123 x.x.82.18:15892 [s] Peer Connection Initiated with [AF_INET]x.x.82.18:15892 Apr 4 13:38:49 openvpn 31123 S/x.x.82.18:55188 send_push_reply(): safe_cap=940 Apr 4 13:38:47 openvpn 31123 x.x.82.18:55188 [s] Peer Connection Initiated with [AF_INET]x.x.82.18:55188 Apr 4 13:24:11 openvpn 31123 Paperlips/x.x.96.41:40544 [Paperlips] Inactivity timeout (--ping-restart), restarting Apr 4 13:13:05 openvpn 31123 S/192.168.90.46:63234 [Sacha] Inactivity timeout (--ping-restart), restarting Apr 4 13:07:08 openvpn 31123 Paperlips/x.x.96.41:40544 send_push_reply(): safe_cap=940 Apr 4 13:07:06 openvpn 31123 x.x.96.41:40544 [PaperClips] Peer Connection Initiated with [AF_INET]x.x.96.41:40544 Apr 4 12:55:22 openvpn 31123 S/192.168.90.46:63234 send_push_reply(): safe_cap=940 Apr 4 12:55:20 openvpn 31123 S/192.168.90.46:63234 MULTI_sva: pool returned IPv4=10.192.168.3, IPv6=(Not enabled) Apr 4 12:55:20 openvpn 31123 192.168.90.46:63234 [s] Peer Connection Initiated with [AF_INET]192.168.90.46:63234 Apr 4 12:31:06 openvpn 31123 Sacha/192.168.90.46:57861 [s] Inactivity timeout (--ping-restart), restarting Apr 4 11:49:20 openvpn 31123 C/x.x.132.52:52432 send_push_reply(): safe_cap=940 Apr 4 11:49:18 openvpn 31123 x.x.132.52:52432 [C] Peer Connection Initiated with [AF_INET]x.x.132.52:52432 Apr 4 11:46:41 openvpn 31123 Paperlips/x.x.96.41:53734 [Paperlips] Inactivity timeout (--ping-restart), restarting Apr 4 11:40:01 openvpn 31123 Paperlips/x.x.96.41:53734 send_push_reply(): safe_cap=940 Apr 4 11:39:58 openvpn 31123 x.x.96.41:53734 [Paperlips] Peer Connection Initiated with [AF_INET]x.x.96.41:53734 Apr 4 11:11:13 openvpn 31123 Sacha/192.168.90.46:57861 send_push_reply(): safe_cap=940 Apr 4 11:11:10 openvpn 31123 Sacha/192.168.90.46:57861 MULTI_sva: pool returned IPv4=10.192.168.3, IPv6=(Not enabled) Apr 4 11:11:10 openvpn 31123 192.168.90.46:57861 [s] Peer Connection Initiated with [AF_INET]192.168.90.46:57861 Apr 4 10:18:00 openvpn 31123 C/x.x.167.158:50190 send_push_reply(): safe_cap=940 Apr 4 10:18:00 openvpn 31123 C/x.x.132.52:55873 send_push_reply(): safe_cap=940 Apr 4 10:17:58 openvpn 31123 carletta/x.x.96.41:35123 send_push_reply(): safe_cap=940 Apr 4 10:17:58 openvpn 31123 x.x.132.52:55873 [C] Peer Connection Initiated with [AF_INET]x.x.132.52:55873 Apr 4 10:17:58 openvpn 31123 x.x.167.158:50190 [C] Peer Connection Initiated with [AF_INET]5.189.167.158:50190 Apr 4 10:17:55 openvpn 31123 carletta/x.x.96.41:35123 MULTI_sva: pool returned IPv4=10.192.168.2, IPv6=(Not enabled) Apr 4 10:17:55 openvpn 31123 209.59.96.41:35123 [c] Peer Connection Initiated with [AF_INET]x.x.96.41:35123 [/s][/s][/s][/s][/s][/s][/s][/s][/s]
-
why would you have to send anything?? I just upgraded my 2.2.6 to 2.3 couple days back and openvpn working with exact same files. Why would the config files change? The certs sure wouldn't of..
-
why would you have to send anything?? I just upgraded my 2.2.6 to 2.3 couple days back and openvpn working with exact same files. Why would the config files change? The certs sure wouldn't of..
+1 This.
-
Correct. There are no changes made to the certs, so no need to re-issue them.
I left openvpn connecting and after a while, this is the error..
Mon Apr 04 17:21:25 2016 Warning: route gateway is not reachable on any active network adapters: 10.192.168.1
Why would this be?
Thanks…
-
Your client's receiving a /30, so yeah .1 isn't going to be reachable. What's your server-side OpenVPN config look like, primarily for DHCP?
-
@cmb:
Your client's receiving a /30, so yeah .1 isn't going to be reachable. What's your server-side OpenVPN config look like, primarily for DHCP?
I will check to make sure when I reach back, but I think it is a mixture. Remote users log in and get assigned whatever IP address within subnet.
Other users, Remote Agents are assigned specific IP addresses within the same subnet. This because we build VM's for them to use billing software remotely, and print customer receipts locally. Within the VMs we use the NETUSE LPT1 to assign USB receipt printer back at their location.
This used to work before the upgrade to 2.3. Hope this help. Is there any further information I should provide?
Thanks…