Suddenly can no longer connect to previously working OpenVPN server

[vindianajones]

So I had setup my OpenVPN on a server on my home network using this DigitalOcean tutorial https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04 on Ubuntu server 16.04. Everything had been working fine until today when I could no longer connect from my work computer nor my phone.

I haven't made any changes to my router or firewall configuration. I'm using an Edgerouter Lite. The firewall allows 1194/UDP on both WAN_IN and WAN_LOCAL. The port 1194/UDP is forwarded to port 1194 on my OpenVPN box. This configuration has worked fine for months.

On the OpenVPN machine, UFW is running and wllowing 1194/UDP. I also tried with UFW disabled and there is no change. A tcpdump seems to show traffic getting through to it when I try to make a connection from my phone (addresses changed just for security) but no connection on the OpenVPN app is ever made (it eventually times out).

Code: Select all

sudo tcpdump -i ens18 udp port 1194
sudo: unable to resolve host home
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens18, link-type EN10MB (Ethernet), capture size 262144 bytes
17:55:57.113209 IP 192.168.1.1.38496 > mydomain.net.openvpn: UDP, length 54
17:55:58.108123 IP 192.168.1.1.38496 > mydomain.net.openvpn: UDP, length 54
17:55:59.120424 IP 192.168.1.1.38496 > mydomain.net.openvpn: UDP, length 54
17:55:59.213690 IP 192.168.1.1.42609 > mydomain.net.openvpn: UDP, length 54
17:56:06.038529 IP 36.sub-000-000-000.myvzw.com.12494 > mydomain.net.openvpn: UDP, length 54
17:56:06.910423 IP 36.sub-000-000-000.myvzw.com.12494 > mydomain.net.openvpn: UDP, length 54
17:56:07.911153 IP 36.sub-000-000-000.myvzw.com.12494 > mydomain.net.openvpn: UDP, length 54
17:56:08.911117 IP 36.sub-000-000-000.myvzw.com.12494 > mydomain.net.openvpn: UDP, length 54
17:56:09.911225 IP 36.sub-000-000-000.myvzw.com.12494 > mydomain.net.openvpn: UDP, length 54
17:56:10.911615 IP 36.sub-000-000-000.myvzw.com.12494 > mydomain.net.openvpn: UDP, length 54
17:56:11.918871 IP 36.sub-000-000-000.myvzw.com.12494 > mydomain.net.openvpn: UDP, length 54
17:56:12.910859 IP 36.sub-000-000-000.myvzw.com.12494 > mydomain.net.openvpn: UDP, length 54
17:56:13.912131 IP 36.sub-000-000-000.myvzw.com.12494 > mydomain.net.openvpn: UDP, length 54
17:56:14.911992 IP 36.sub-000-000-000.myvzw.com.12494 > mydomain.net.openvpn: UDP, length 54
17:56:15.818226 IP 192.168.1.1.42609 > mydomain.net.openvpn: UDP, length 54
17:56:15.931240 IP 36.sub-000-000-000.myvzw.com.12495 > mydomain.net.openvpn: UDP, length 54
17:56:16.918808 IP 36.sub-000-000-000.myvzw.com.12495 > mydomain.net.openvpn: UDP, length 54
17:56:17.910613 IP 36.sub-000-000-000.myvzw.com.12495 > mydomain.net.openvpn: UDP, length 54
17:56:18.911016 IP 36.sub-000-000-000.myvzw.com.12495 > mydomain.net.openvpn: UDP, length 54
17:56:19.910662 IP 36.sub-000-000-000.myvzw.com.12495 > mydomain.net.openvpn: UDP, length 54
17:56:20.910780 IP 36.sub-000-000-000.myvzw.com.12495 > mydomain.net.openvpn: UDP, length 54
17:56:21.911083 IP 36.sub-000-000-000.myvzw.com.12495 > mydomain.net.openvpn: UDP, length 54
17:56:22.910943 IP 36.sub-000-000-000.myvzw.com.12495 > mydomain.net.openvpn: UDP, length 54
17:56:23.911121 IP 36.sub-000-000-000.myvzw.com.12495 > mydomain.net.openvpn: UDP, length 54

So next step was I just completely nuked everything and installed/configured OpenVPN from scratch using the exact same tutorial. New client configs, same problem. Some initial traffic seems to be getting there but it never establishes a connection. In /var/log, there is absolutely nothing for openvpn.

The tunnel is up and the service is running properly. I've already tried restarting the service and rebooting.

Code: Select all

4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none
    inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
       valid_lft forever preferred_lft forever

● openvpn@server.service - OpenVPN connection to server
   Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2018-06-04 17:23:41 EDT; 50min ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
 Main PID: 8268 (openvpn)
   CGroup: /system.slice/system-openvpn.slice/openvpn@server.service
           └─8268 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/server.conf --writepid /run/openvpn/server.pid

Jun 04 17:23:41 home ovpn-server[8268]: /sbin/ip route add 10.8.0.0/24 via 10.8.0.2
Jun 04 17:23:41 home ovpn-server[8268]: GID set to nogroup
Jun 04 17:23:41 home ovpn-server[8268]: UID set to nobody
Jun 04 17:23:41 home ovpn-server[8268]: UDPv4 link local (bound): [undef]
Jun 04 17:23:41 home ovpn-server[8268]: UDPv4 link remote: [undef]
Jun 04 17:23:41 home ovpn-server[8268]: MULTI: multi_init called, r=256 v=256
Jun 04 17:23:41 home ovpn-server[8268]: IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Jun 04 17:23:41 home ovpn-server[8268]: IFCONFIG POOL LIST
Jun 04 17:23:41 home ovpn-server[8268]: Initialization Sequence Completed
Jun 04 17:23:41 home systemd[1]: Started OpenVPN connection to server.

I really don't know what I'm missing here. Everything was working just fine and then it suddenly stopped. The only updates I've made to the OS were security updates, but I do believe there was a kernel update in there somewhere. What else can I provide to try to figure out what the issue is here?

[TinCanTech]

Please see:
HOWTO: Request Help !

[hpoonis]

Please see:
HOWTO: Request Help !

That is hardly helpful. It would have been better for you to not have posted. That is a circular reference to help. I used all that when I got here and ended up at the head of the forums for 3 iterations. It sends a person back to this very forum where we then post our topics and get folk like you directing us back here to post a topic.

[TinCanTech]

Quote from the post, which I guess you did not read:

In summary, if you have been asked to read this post then we require to see:

• Your server configuration file
  If you are using a router with OpenWRT then use screen shots or handwrite the configuration
• Your server log file at --verb 4
  Which means put the words "verb 4" into your configuration file and restart your server
• Your client configuration file
  Do not include the DNS name or IP address of your server.
• Your client log file at --verb 4
  Which means put the words "verb 4" into your configuration file and restart your client
  Do not include the DNS name or IP address of your server.
  Open your log file in a text editor and replace the server IP address with "x.x.x.x"
  Open your log file in a text editor and delete the DNS name of your server
  which appears only once and is located at line 17 (approx) of the log file
  
  Thank you

using this DigitalOcean tutorial https://www.digitalocean.com/community/ ... untu-16-04

We do not support that tutorial.

Please use the Openvpn Howto.
HOWTO: For OpenVPN Community Edition

In /var/log, there is absolutely nothing for openvpn.

See --log & --verb in The Manual v24x

I really don't know what I'm missing here

Neither do we .. which is why we ask for the information above ..

That is hardly helpful

We can only do so much .. the rest is up to you.