Hi guys, I got a really strange case, maybe is my mistake or didn't read the manual.
We got 3 servers running ovpn 2.3.8.
The infrastructure is shared key.
First tunnel, this let both clients access server1 network and vice versa.
server1-ovpn-srv <-->server2-ovpn-client/server3-ovpn-client
Second tunnel:
server2-ovpn-srv<-->server3-ovpn-client.
This allow server2 and server3 see each other resources.
Done, with this our 3 sites can see each other ring close, shared key no issue.
Latter, we want to add a road warrior setup in server3, we chose a tunnel not used in the current setup 10.0.99.0/29.
This server3 is just a client, does't do any ovpn servers stuff, this was his first setup as server in a road warrior mode.
We setup everything, we install windows app and download certs and setup config file.
Run the connection on a external site, we could connect to the network on server3 and access the resources no issue.
But..alarm, we lost all connection to our others servers, our vpn's from the shared-key setup went down.
Exist a conflict in this scenario?
Can a shared key setup work with a road-warrior?
My brain said, YES???
RoadWarrior shutdown a shared key infrastructure
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 9
- Joined: Wed Apr 18, 2018 2:26 am
- ordex
- OpenVPN Inc.
- Posts: 444
- Joined: Wed Dec 28, 2016 2:32 am
- Location: IRC #openvpn-devel @ libera.chat
Re: RoadWarrior shutdown a shared key infrastructure
There is no built-in conflict that can be created by OpenVPN. My suggestion is to check the log of the processes that have no connectivity anymore to see if something is going off in there. If logs are fine, to me this smells like a routing issue: i.e. when setting up the new connection you are somehow cutting off the routing to the other sites.
If you ant further help you should at least post the logs, the configs and possibly the output of 'ip route' on the server when everything works and when things stop working.
p.s. 2.3.8 is very ancient. You should definitely upgrade. Several security and non bugfixes have been merged since then.
If you ant further help you should at least post the logs, the configs and possibly the output of 'ip route' on the server when everything works and when things stop working.
p.s. 2.3.8 is very ancient. You should definitely upgrade. Several security and non bugfixes have been merged since then.
-
- OpenVpn Newbie
- Posts: 9
- Joined: Wed Apr 18, 2018 2:26 am
Re: RoadWarrior shutdown a shared key infrastructure
One of my biggest doubt was that shared-key and road-warrior could not exist on the same server.
My little experience tell me what u have confirm, there is no problem.
I will them check the logs and see if I can see where is the issue, thanks ordex.
About the version, 1 of the sysadm of one side doesn't want to upgrade(old person), but we are pushing this.
My little experience tell me what u have confirm, there is no problem.
I will them check the logs and see if I can see where is the issue, thanks ordex.
About the version, 1 of the sysadm of one side doesn't want to upgrade(old person), but we are pushing this.
- ordex
- OpenVPN Inc.
- Posts: 444
- Joined: Wed Dec 28, 2016 2:32 am
- Location: IRC #openvpn-devel @ libera.chat
Re: RoadWarrior shutdown a shared key infrastructure
just tell him that this version can be easily crashed by any random client sending an appropriate malicious packet
This argument is often fairly convincing
- ordex
- OpenVPN Inc.
- Posts: 444
- Joined: Wed Dec 28, 2016 2:32 am
- Location: IRC #openvpn-devel @ libera.chat
Re: RoadWarrior shutdown a shared key infrastructure
I moved this topic into the Community Edition section as this is not about Access Server (commercial product by OpenVPN, Inc.)
-
- OpenVpn Newbie
- Posts: 9
- Joined: Wed Apr 18, 2018 2:26 am
Re: RoadWarrior shutdown a shared key infrastructure
Thanks, sorry, I had understand the case, thanks ordex.