since at least four days I am experiencing pretty much problems on both my clients at once:
I have three networks connected via tap-bridges. Everything worked very fine before, and I didn't even change anything but suddenly it stopped working. I did just apt-get updates and upgrades and dist-upgrades on each device.
The ping is still working on every client to every client, that's the only thing.
No names of my network devices are displayed anymore in my router. No http connection is possible to my other networks. No smb, no ssh, nothing but ping.
So I googled and tested again my config added with the following commands on server and only one client, I deactivated the other one manually:
Code: Select all
tun-mtu 1400
mssfix 1360
tun-mtu 1500
fragmentation 1300
mssfix 1300
link-mtu 1400
mtu-test
tun-mtu 6000
fragment 0
mssfix 0
txqueuelen 1000
mtu-disc yes #isn't possible on Raspberry Pi 3
mtu-test
ip link set tap0 mtu 1350
I don't know why this isn't working anymore like the whole weeks before?? I just installed ~1,5 weeks before ebtables and blocked the DHCP-requests of the other networks. So I just get rid of it and flushed it with ebtables -F. Also I uninstalled and rebooted like 3-4 times every device. Still not working at all.
Ping server-client:
Code: Select all
ping 192.168.1.1 -M do -s 286 -4
PING 192.168.1.1 (192.168.1.1) 286(314) bytes of data.
294 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=13.7 ms
Code: Select all
ping 192.168.0.4 -M do -s 280 -4
PING 192.168.0.4 (192.168.0.4) 280(308) bytes of data.
288 bytes from 192.168.0.4: icmp_seq=1 ttl=64 time=13.2 ms
server
port 1194
mode server
passtos
fast-io
proto udp
dev tap0
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/test.crt
key /etc/openvpn/easy-rsa/keys/test.key # This file should be kept secret
dh /etc/openvpn/easy-rsa/keys/dh4096.pem
topology subnet
client-to-client
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0 # This file is secret
tls-server
remote-cert-tls client
cipher AES-256-CBC
compress lz4-v2
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
mode server
passtos
fast-io
proto udp
dev tap0
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/test.crt
key /etc/openvpn/easy-rsa/keys/test.key # This file should be kept secret
dh /etc/openvpn/easy-rsa/keys/dh4096.pem
topology subnet
client-to-client
keepalive 10 120
tls-auth /etc/openvpn/ta.key 0 # This file is secret
tls-server
remote-cert-tls client
cipher AES-256-CBC
compress lz4-v2
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
client
client
dev tap0
proto udp
remote test 1194
resolv-retry infinite
nobind
persist-key
persist-tun
passtos
fast-io
user nobody
group nogroup
askpass /etc/openvpn/test.pass
ca /etc/openvpn/ca.crt
cert /etc/openvpn/test.crt
key /etc/openvpn/test.key
tls-auth /etc/openvpn/ta.key 1
remote-cert-tls server
verb 3
dev tap0
proto udp
remote test 1194
resolv-retry infinite
nobind
persist-key
persist-tun
passtos
fast-io
user nobody
group nogroup
askpass /etc/openvpn/test.pass
ca /etc/openvpn/ca.crt
cert /etc/openvpn/test.crt
key /etc/openvpn/test.key
tls-auth /etc/openvpn/ta.key 1
remote-cert-tls server
verb 3
Wireshark also often shows me TCP Retransmissions from the other networks if I am trying to open their router interfaces via http.
Thank you in advance.