OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Previously Working Site to Site Stopped Working.

https://forums.openvpn.net/viewtopic.php?t=13113

Page 1 of 1

Previously Working Site to Site Stopped Working.

Posted: Sat Jun 08, 2013 10:35 pm
by Naldinho
I had a site to site that was working but now it just stopped. Uncertain if it was upgrading to Ubuntu 13.04 or something else but the client now refuses to create tun0:

Server.Conf

Code: Select all

local 10.1.1.3
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/ipp.txt
push "route 10.1.1.0 255.255.255.0"
client-config-dir /etc/openvpn/client-configs
route 192.168.2.0 255.255.255.0
keepalive 10 120
cipher BF-CBC
max-clients 5
;user nobody
;group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 5
daemon
Clinet Config in CCD

Code: Select all

iroute 192.168.2.0 255.255.255.0
push "route 10.1.1.0 255.255.255.0 vpn_gateway"
ifconfig-push 10.8.0.22 10.8.0.21
Client.conf

Code: Select all

Client
dev tun
remote xx.xxx.xxx.xxx  1194
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client.crt
key /etc/openvpn/client.key
cipher BF-CBC
port 1194
proto udp
log /var/log/openvpn.log
verb 4
;user nobody
;group nobody
daemon
persist-tun
persist-key
Server Routing

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.1.1.1        0.0.0.0         UG        0 0          0 eth0
10.1.1.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0
10.8.0.0        10.8.0.2        255.255.255.0   UG        0 0          0 tun0
10.8.0.2        0.0.0.0         255.255.255.255 UH        0 0          0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
192.168.2.0     10.8.0.2        255.255.255.0   UG        0 0          0 tun0
Client Routing

Code: Select all

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.2.1     0.0.0.0         UG        0 0          0 eth1
192.168.2.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
For the client log

Code: Select all

WARNING: No server certificate verification method has been enabled.
a few lines down nine lines with the following

Code: Select all

TCP/UDP: Incoming packet rejected from
followed by

Code: Select all

TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TCP/UDP: Closing socket
All the CRT files appear to be present. Just can't get tun0: to start on client.

Does anyone have any suggestions?

Re: Previously Working Site to Site Stopped Working.

Posted: Thu Jun 13, 2013 11:55 am
by maikcat
please post both server/client logs,

TLS errors usually mean that something blocks/alters traffic...

Michael.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/