I have running openvpn server, on openwrt machine version 2.4.4, in tap bridge mode, this server have assigned fixed, public ip from my isp.
Cilent is connecting from another openwrt machine, using different openvpn version 2.2.2
In general, everything works fine, except that about one time in a month, I have a situation, when server side openvpn says is connected:
but on the client side:Wed Apr 18 09:33:22 2018 daemon.notice openvpn(sandomierz)[10032]: UDPv4 link local (bound): [AF_INET][undef]:10010
Wed Apr 18 09:33:22 2018 daemon.notice openvpn(sandomierz)[10032]: UDPv4 link remote: [AF_UNSPEC]
Wed Apr 18 09:33:40 2018 daemon.notice openvpn(sandomierz)[10032]: Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:43593
Wed Apr 18 09:33:40 2018 daemon.warn openvpn(sandomierz)[10032]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Apr 18 09:33:41 2018 daemon.notice openvpn(sandomierz)[10032]: Initialization Sequence Completed
This is all I get.Apr 18 09:33:41 OpenWrt-PSP-SANDOMIERZ daemon.notice openvpn(vpn)[16766]: OpenVPN 2.2.2 mips-openwrt-linux [SSL] [LZO2] [EPOLL] built on Sep 11 2017
Apr 18 09:33:41 OpenWrt-PSP-SANDOMIERZ daemon.warn openvpn(vpn)[16766]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Apr 18 09:33:41 OpenWrt-PSP-SANDOMIERZ daemon.warn openvpn(vpn)[16766]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Apr 18 09:33:41 OpenWrt-PSP-SANDOMIERZ daemon.warn openvpn(vpn)[16766]: WARNING: file '/lib/uci/upload/sandomierz.key' is group or others accessible
Apr 18 09:33:41 OpenWrt-PSP-SANDOMIERZ daemon.notice openvpn(vpn)[16766]: Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Apr 18 09:33:41 OpenWrt-PSP-SANDOMIERZ daemon.notice openvpn(vpn)[16766]: Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 18 09:33:41 OpenWrt-PSP-SANDOMIERZ daemon.notice openvpn(vpn)[16766]: Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Apr 18 09:33:41 OpenWrt-PSP-SANDOMIERZ daemon.notice openvpn(vpn)[16766]: Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 18 09:33:41 OpenWrt-PSP-SANDOMIERZ daemon.notice openvpn(vpn)[16766]: Socket Buffers: R=[163840->131072] S=[163840->131072]
Apr 18 09:33:41 OpenWrt-PSP-SANDOMIERZ daemon.notice openvpn(vpn)[16766]: TUN/TAP device tap1 opened
Apr 18 09:33:41 OpenWrt-PSP-SANDOMIERZ daemon.notice openvpn(vpn)[16766]: TUN/TAP TX queue length set to 100
Apr 18 09:33:41 OpenWrt-PSP-SANDOMIERZ daemon.notice openvpn(vpn)[16766]: Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:4 ET:32 EL:0 ]
Apr 18 09:33:41 OpenWrt-PSP-SANDOMIERZ daemon.notice openvpn(vpn)[16766]: UDPv4 link local: [undef]
Apr 18 09:33:41 OpenWrt-PSP-SANDOMIERZ daemon.notice openvpn(vpn)[16766]: UDPv4 link remote: 194.28.xxx.55:10010
Here are my configs:
Server
config openvpn 'sandomierz'
option port '10010'
option proto 'udp'
option dev 'tap1'
option keepalive '30 60'
option status '/tmp/openvpn-sand.log'
option verb '5'
option float '1'
option secret '/lib/uci/upload/sandomierz.key'
option enabled '1'
client
config openvpn 'vpn'
option remote '194.28.xxx.55 10010 udp'
option ping '60'
option dev 'tap1'
option verb '5'
option enabled '1'
option nobind '1'
option secret '/lib/uci/upload/sandomierz.key'
This is very simple config with static key, in my other locations this config works very well without problems.
The only way to make it work again, is to change temporarily destination address, or port on client side, wait some time (about 30 minutes), restore original configuration, and after that connection works again, for some time.