I noticed that if I don't set --local option to a specific IP on the server (Linux), OpenVPN 2.5.2 server doesn't work with UDP - I can see that the client connects, but then it just times out:
Code: Select all
May 12 19:15:16 gw2 daemon.notice openvpn[12735]: xxx.xxx.xxx.xxx:53566 Re-using SSL/TLS context
May 12 19:15:16 gw2 daemon.notice openvpn[12735]: xxx.xxx.xxx.xxx:53566 Control Channel MTU parms [ L:1621 D:1212 EF:38 EB:0 ET:0 EL:3 ]
May 12 19:15:16 gw2 daemon.notice openvpn[12735]: xxx.xxx.xxx.xxx:53566 Data Channel MTU parms [ L:1621 D:1450 EF:121 EB:406 ET:0 EL:3 ]
May 12 19:15:16 gw2 daemon.notice openvpn[12735]: xxx.xxx.xxx.xxx:53566 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
May 12 19:15:16 gw2 daemon.notice openvpn[12735]: xxx.xxx.xxx.xxx:53566 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
May 12 19:15:16 gw2 daemon.notice openvpn[12735]: xxx.xxx.xxx.xxx:53566 UDPv4 READ [14] from [AF_INET]xxx.xxx.xxx.xxx:53566: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
May 12 19:15:16 gw2 daemon.notice openvpn[12735]: xxx.xxx.xxx.xxx:53566 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:53566, sid=559aaabf fd5b7415
May 12 19:15:16 gw2 daemon.notice openvpn[12735]: xxx.xxx.xxx.xxx:53566 UDPv4 WRITE [26] to [AF_INET]xxx.xxx.xxx.xxx:53566: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
May 12 19:15:18 gw2 daemon.notice openvpn[12735]: xxx.xxx.xxx.xxx:53566 UDPv4 READ [14] from [AF_INET]xxx.xxx.xxx.xxx:53566: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
May 12 19:15:18 gw2 daemon.notice openvpn[12735]: xxx.xxx.xxx.xxx:53566 UDPv4 WRITE [26] to [AF_INET]xxx.xxx.xxx.xxx:53566: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
May 12 19:15:22 gw2 daemon.notice openvpn[12735]: xxx.xxx.xxx.xxx:53566 UDPv4 WRITE [14] to [AF_INET]xxx.xxx.xxx.xxx:53566: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0
May 12 19:15:22 gw2 daemon.notice openvpn[12735]: xxx.xxx.xxx.xxx:53566 UDPv4 READ [14] from [AF_INET]xxx.xxx.xxx.xxx:53566: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
May 12 19:15:22 gw2 daemon.notice openvpn[12735]: xxx.xxx.xxx.xxx:53566 UDPv4 WRITE [22] to [AF_INET]xxx.xxx.xxx.xxx:53566: P_ACK_V1 kid=0 [ 0 ]
May 12 19:15:30 gw2 daemon.notice openvpn[12735]: xxx.xxx.xxx.xxx:53566 UDPv4 READ [14] from [AF_INET]xxx.xxx.xxx.xxx:53566: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
May 12 19:15:30 gw2 daemon.notice openvpn[12735]: xxx.xxx.xxx.xxx:53566 UDPv4 WRITE [26] to [AF_INET]xxx.xxx.xxx.xxx:53566: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ 0 ] pid=0 DATA len=0
May 12 19:15:45 gw2 daemon.notice openvpn[12735]: xxx.xxx.xxx.xxx:53566 UDPv4 READ [14] from [AF_INET]xxx.xxx.xxx.xxx:53566: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
May 12 19:15:45 gw2 daemon.notice openvpn[12735]: xxx.xxx.xxx.xxx:53566 UDPv4 WRITE [22] to [AF_INET]xxx.xxx.xxx.xxx:53566: P_ACK_V1 kid=0 [ 0 ]
May 12 19:15:47 gw2 daemon.notice openvpn[12735]: xxx.xxx.xxx.xxx:53566 UDPv4 WRITE [14] to [AF_INET]xxx.xxx.xxx.xxx:53566: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0
May 12 19:16:16 gw2 daemon.err openvpn[12735]: xxx.xxx.xxx.xxx:53566 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
May 12 19:16:16 gw2 daemon.err openvpn[12735]: xxx.xxx.xxx.xxx:53566 TLS Error: TLS handshake failed
May 12 19:16:16 gw2 daemon.notice openvpn[12735]: xxx.xxx.xxx.xxx:53566 SIGUSR1[soft,tls-error] received, client-instance restarting
I couldn't find anything like that mentioned in the docs, so is it a bug or am I missing something?
Regards,
Danilo