OS: Debian GNU/Linux 8.9 (jessie)
Access Server version: 2.1.12
What seems to be occurring randomly for a few of our users is that they lose a chain record in iptables for some reason.
Only happens to users with static IP set.
openvpnas.log looks legit, static IP is set correctly:
USER-A_AUTOLOGIN/EXT_IP:6200 MULTI: Learn: 172.30.20.10 -> USER-A_AUTOLOGIN/EXT_IP:6200'
USER-A_AUTOLOGIN/EXT_IP:6200 MULTI: primary virtual IP for USER-A_AUTOLOGIN/EXT_IP:6200: 172.30.20.10'
but from iptables:
$ sudo iptables -vnL | grep USER-A
Chain AS0_U_USER-A_IN (0 references)
Here is the output from a user that is NOT affected:
$ sudo iptables -vnL | grep USER-B
174 19518 AS0_U_USER-B_IN all -- * * 172.30.20.11 0.0.0.0/0
Chain AS0_U_USER-B_IN (1 references)
I did a reboot of the whole server, which fixed it:
$ sudo iptables -vnL | grep USER-A
0 0 AS0_U_USER-A_IN all -- * * 172.30.20.10 0.0.0.0/0
Chain AS0_U_USER-A_IN (1 references)
Feels like a logical error.
Randomly occuring iptables chain problemoccurring
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Nov 16, 2016 1:17 pm
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Randomly occuring iptables chain problemoccurring
I suggest you contact the support ticket system and lay out your configuration there. Also be absolutely sure you are really using the installer package that is meant for your OS, and not for example for Ubuntu or perhaps Debian 7 or such.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.