Client change ip

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
lexeyFan
OpenVpn Newbie
Posts: 2
Joined: Mon Jun 08, 2020 11:25 am

Client change ip

Post by lexeyFan » Mon Jun 08, 2020 11:39 am

I have a server on Ubuntu and a number of clients on Windows and routers as clients, there are no problems with routers.
Windows 1 time per day automatically reconnects and receives the first free ip (this occurs if I am connected to the client via RPD, in other cases everything works fine), if I reconnect manually, it gets the address I assigned, tell me how to solve this problem?
Server:

server
proto udp
port 1194
dev tun
ca ca.crt
cert OpenVPN.crt
key OpenVPN.key
dh dh2048.pem
tls-auth ta.key 0
cipher AES-256-CBC
server 10.0.0.0 255.255.255.0
keepalive 10 120
persist-key
persist-tun
client-config-dir /etc/openvpn/ccd
status OpenVpn-status.log
log /var/log/OpenVPN.log
sndbuf 0
rcvbuf 0
client-to-client
ifconfig-pool-persist /etc/openvpn/ipp.list 0;
#push "redirect-gateway def1"
#push "dhcp-options DNS 8.8.8.8"
comp-lzo
verb 3
push "route 192.168.1.0 255.255.255.0"
#push "route 192.168.2.0 255.255.255.0"
#push "route 192.168.8.0 255.255.255.0'
push "route 192.168.11.0 255.255.255.0"
#push "route 10.0.0.0 255.255.255.0"
push "route 10.0.0.0 255.255.255.0"
route 10.0.0.0 255.255.255.0
#route 192.168.11.0 255.255.255.0
topology subnet
management localhost 7777


Client:

Client
client
dev tun
proto udp
remote server_adr 1194
resolv-retry interface
nobind
persist-key
persist-tun
key-direction 1
cipher AES-256-CBC
ns-cert-type server
comp-lzo
sndbuf 0
rcvbuf 0
keepalive 10 120
<ca>
</ca>
<cert>
</cert>
<key>
</key>
<tls-auth>
</tls-auth>

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client change ip

Post by TinCanTech » Mon Jun 08, 2020 1:32 pm

Set --verb 4 in your server config and check that your CCD file is used when the client connects.

lexeyFan
OpenVpn Newbie
Posts: 2
Joined: Mon Jun 08, 2020 11:25 am

Re: Client change ip

Post by lexeyFan » Thu Jun 18, 2020 9:24 am

Server log:

Code: Select all

Thu Jun 18 12:07:44 2020 us=212716 server1c/11.11.11.11:49874 TLS ERROR: received control packet with stale session-id=2e73c8d9 370ea617
Thu Jun 18 12:07:45 2020 us=212819 server1c/11.11.11.11:49874 TLS ERROR: received control packet with stale session-id=2e73c8d9 370ea617
Thu Jun 18 12:07:46 2020 us=213066 server1c/11.11.11.11:49874 TLS ERROR: received control packet with stale session-id=2e73c8d9 370ea617
Thu Jun 18 12:07:47 2020 us=212883 server1c/11.11.11.11:49874 TLS ERROR: received control packet with stale session-id=2e73c8d9 370ea617
Thu Jun 18 12:07:48 2020 us=212932 server1c/11.11.11.11:49874 TLS ERROR: received control packet with stale session-id=2e73c8d9 370ea617
Thu Jun 18 12:07:49 2020 us=212955 server1c/11.11.11.11:49874 TLS ERROR: received control packet with stale session-id=2e73c8d9 370ea617
Thu Jun 18 12:07:50 2020 us=213186 server1c/11.11.11.11:49874 TLS ERROR: received control packet with stale session-id=2e73c8d9 370ea617
Thu Jun 18 12:07:51 2020 us=213138 server1c/11.11.11.11:49874 TLS ERROR: received control packet with stale session-id=2e73c8d9 370ea617
Thu Jun 18 12:07:52 2020 us=213483 server1c/11.11.11.11:49874 TLS ERROR: received control packet with stale session-id=2e73c8d9 370ea617
Thu Jun 18 12:07:53 2020 us=213109 server1c/11.11.11.11:49874 TLS ERROR: received control packet with stale session-id=2e73c8d9 370ea617
Thu Jun 18 12:07:54 2020 us=213522 server1c/11.11.11.11:49874 TLS ERROR: received control packet with stale session-id=2e73c8d9 370ea617
Thu Jun 18 12:07:55 2020 us=213564 server1c/11.11.11.11:49874 TLS ERROR: received control packet with stale session-id=2e73c8d9 370ea617
Thu Jun 18 12:07:56 2020 us=213445 server1c/11.11.11.11:49874 TLS ERROR: received control packet with stale session-id=2e73c8d9 370ea617
Thu Jun 18 12:07:57 2020 us=213580 server1c/11.11.11.11:49874 TLS ERROR: received control packet with stale session-id=2e73c8d9 370ea617
Thu Jun 18 12:07:58 2020 us=313353 server1c/11.11.11.11:49874 TLS: tls_multi_process: killed expiring key
Thu Jun 18 12:08:00 2020 us=237830 MULTI: multi_create_instance called
Thu Jun 18 12:08:00 2020 us=238069 11.11.11.11:51367 Re-using SSL/TLS context
Thu Jun 18 12:08:00 2020 us=238139 11.11.11.11:51367 LZO compression initialized
Thu Jun 18 12:08:00 2020 us=238246 11.11.11.11:51367 Control Channel MTU parms [ L:1558 D:1184 EF:66 EB:0 ET:0 EL:3 ]
Thu Jun 18 12:08:00 2020 us=238283 11.11.11.11:51367 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
Thu Jun 18 12:08:00 2020 us=238334 11.11.11.11:51367 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Thu Jun 18 12:08:00 2020 us=238359 11.11.11.11:51367 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Thu Jun 18 12:08:00 2020 us=238405 11.11.11.11:51367 Local Options hash (VER=V4): '52648557'
Thu Jun 18 12:08:00 2020 us=238444 11.11.11.11:51367 Expected Remote Options hash (VER=V4): '2cc36b12'
Thu Jun 18 12:08:00 2020 us=238498 11.11.11.11:51367 TLS: Initial packet from [AF_INET]11.11.11.11:51367, sid=710445e6 aaa97da8
Thu Jun 18 12:08:00 2020 us=450512 11.11.11.11:51367 VERIFY OK: depth=1, C=RU, ST=UL, L=Ulyanovsk, O=Track Korp, OU=Server, CN=Track Korp CA, name=Lexey, emailAddress=lt@tt.tt
Thu Jun 18 12:08:00 2020 us=450945 11.11.11.11:51367 VERIFY OK: depth=0, C=RU, ST=UL, L=Ulyanovsk, O=Track Korp, OU=Server, CN=server1c, name=EasyRSA, emailAddress=lt@tt.tt
Thu Jun 18 12:08:00 2020 us=489980 11.11.11.11:51367 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 18 12:08:00 2020 us=490049 11.11.11.11:51367 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 18 12:08:00 2020 us=490079 11.11.11.11:51367 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 18 12:08:00 2020 us=490107 11.11.11.11:51367 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 18 12:08:00 2020 us=522318 11.11.11.11:51367 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Jun 18 12:08:00 2020 us=522423 11.11.11.11:51367 [server1c] Peer Connection Initiated with [AF_INET]11.11.11.11:51367
Thu Jun 18 12:08:00 2020 us=522512 server1c/11.11.11.11:51367 MULTI_sva: pool returned IPv4=10.0.0.5, IPv6=(Not enabled)
Thu Jun 18 12:08:00 2020 us=522600 server1c/11.11.11.11:51367 MULTI: Learn: 10.0.0.5 -> server1c/11.11.11.11:51367
Thu Jun 18 12:08:00 2020 us=522629 server1c/11.11.11.11:51367 MULTI: primary virtual IP for server1c/11.11.11.11:51367: 10.0.0.5
Thu Jun 18 12:08:00 2020 us=523885 server1c/11.11.11.11:51367 PUSH: Received control message: 'PUSH_REQUEST'
Thu Jun 18 12:08:00 2020 us=523949 server1c/11.11.11.11:51367 send_push_reply(): safe_cap=940
Thu Jun 18 12:08:00 2020 us=523999 server1c/11.11.11.11:51367 SENT CONTROL [server1c]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 192.168.11.0 255.255.255.0,route 10.0.0.0 255.255.255.0,route-gateway 10.0.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.0.0.5 255.255.255.0' (status=1)
Thu Jun 18 12:08:08 2020 us=194299 server1c/11.11.11.11:51367 MULTI: bad source address from client [11.11.11.11], packet dropped
Thu Jun 18 12:08:58 2020 us=316146 server1c/11.11.11.11:49874 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Jun 18 12:08:58 2020 us=316352 server1c/11.11.11.11:49874 TLS Error: TLS handshake failed
Thu Jun 18 12:08:58 2020 us=316526 server1c/11.11.11.11:49874 SIGUSR1[soft,tls-error] received, client-instance restarting
Part of the log at the time when the client received a new ip
This is noticed only when connecting rdp
Last edited by Pippin on Thu Jun 18, 2020 9:31 am, edited 1 time in total.
Reason: Formatting

Post Reply