As of yesterday, new clients cannot connect

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
User avatar
PhilSilvers
OpenVpn Newbie
Posts: 1
Joined: Thu Jan 12, 2017 8:44 pm

As of yesterday, new clients cannot connect

Post by PhilSilvers » Thu Jan 12, 2017 10:31 pm

Suddenly, some of our users are not able to connect via OpenVPN Connect autologin MSI. I created some new users. Some of them can connect, some cannot. I created a new user to try myself and observed this:

1. OpenVPN AS version 2.1.3, Amazon appliance running Ubuntu 16.04 Xenial
2. openvpn-connect-2.1.1.102.msi
3. Windows 10 Pro client, version 1607 build 14993.693
4. Error on connecting is "the connection to [our server name] has been disconnected"
5. Error in client log is:

Wed Jan 11 17:43:14 2017 Wed Jan 11 17:43:14 2017 OpenVPN Management Interface 1.0.0/3.1.1 win x86_64 64-bit [PolarSSL] built on Sep 26 2016 13:15:42
Wed Jan 11 17:43:14 2017 Wed Jan 11 17:43:14 2017 OMI Connecting to [127.0.0.1]:55271 [tcp]
Wed Jan 11 17:43:14 2017 Wed Jan 11 17:43:14 2017 eval config error: option_error: option <ca> was not properly closed out

6. Server does not show any connection error or attempt in the logs.
7. Today is the first day we have had this problem.
8. Some older accounts can connect fine (I cannot say if that is true for all of them.)
9. This happened to multiple clients.

Here are the steps I took to investigate the problem:
1. Based on the message in the client log, I downloaded just the .ovpn file for the user, and examined it. I didn't see anything unusual, but there were spaces in between the <ca> open and close tags and other tags, so I tried removing the spaces, and importing the file into OpenVPN connect.
1a. This WORKED
1b. Obviously this is a problem because the server gave me an embedded config file in the MSI that did not work.
1c. We examined other (working) users' openvpn files, and they had spaces in the same places, but worked consistently.
2. Attempted to update AS version from 2.1.3 to 2.1.4b. Status: This updated our Openvpn-connect MSIs from version 2.1.1.102 to 2.1.3.110.
2a. installed new client, attempted connection again from new client and new server version
2b. Status: DID NOT WORK
3. Updated all Linux software on server appliance using apt-get.
3a. Status: DID NOT WORK
4. Downloaded ONLY the .ovpn file, and the latest version of OpenVPN from website, version 2.4.0, installed and imported the config file.
4a. Status: WORKED
5. Rebooted server
5a. Status: DID NOT WORK

So here is where we stand right now. The files that are downloaded from the server, as of today, have stopped working. Up to that point, the ONLY thing we have changed on the server config between a working state and non-working state was: adding an additional license for 80 more seats, bringing us to 100 seats (confirmed on Web gui.)
Top
Post Reply

Return to “The OpenVPN Access Server”