Previously Working Site to Site Stopped Working.

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
Naldinho
OpenVpn Newbie
Posts: 17
Joined: Thu Feb 28, 2013 5:05 pm

Previously Working Site to Site Stopped Working.

Post by Naldinho » Sat Jun 08, 2013 10:35 pm

I had a site to site that was working but now it just stopped. Uncertain if it was upgrading to Ubuntu 13.04 or something else but the client now refuses to create tun0:

Server.Conf

Code: Select all

local 10.1.1.3
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/ipp.txt
push "route 10.1.1.0 255.255.255.0"
client-config-dir /etc/openvpn/client-configs
route 192.168.2.0 255.255.255.0
keepalive 10 120
cipher BF-CBC
max-clients 5
;user nobody
;group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 5
daemon
Clinet Config in CCD

Code: Select all

iroute 192.168.2.0 255.255.255.0
push "route 10.1.1.0 255.255.255.0 vpn_gateway"
ifconfig-push 10.8.0.22 10.8.0.21
Client.conf

Code: Select all

Client
dev tun
remote xx.xxx.xxx.xxx  1194
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client.crt
key /etc/openvpn/client.key
cipher BF-CBC
port 1194
proto udp
log /var/log/openvpn.log
verb 4
;user nobody
;group nobody
daemon
persist-tun
persist-key
Server Routing

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.1.1.1        0.0.0.0         UG        0 0          0 eth0
10.1.1.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0
10.8.0.0        10.8.0.2        255.255.255.0   UG        0 0          0 tun0
10.8.0.2        0.0.0.0         255.255.255.255 UH        0 0          0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
192.168.2.0     10.8.0.2        255.255.255.0   UG        0 0          0 tun0
Client Routing

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 eth1
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
For the client log

Code: Select all

WARNING: No server certificate verification method has been enabled.
a few lines down nine lines with the following

Code: Select all

TCP/UDP: Incoming packet rejected from
followed by

Code: Select all

TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TCP/UDP: Closing socket
All the CRT files appear to be present. Just can't get tun0: to start on client.

Does anyone have any suggestions?
Top
User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:
Contact maikcat

Re: Previously Working Site to Site Stopped Working.

Post by maikcat » Thu Jun 13, 2013 11:55 am

please post both server/client logs,

TLS errors usually mean that something blocks/alters traffic...

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"
Top
Post Reply

Return to “Installation Help”