Problem on Linux OpenVPN Server

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
xetu
OpenVpn Newbie
Posts: 1
Joined: Mon May 18, 2015 11:02 pm

Problem on Linux OpenVPN Server

Post by xetu » Mon May 18, 2015 11:11 pm

Hello,

we have an Problem on our OpenVPN Server basend on Ubuntu Linux

We connect our Mikrotik Router to OpenVPN Server ... after a few connection we can see the following logfile entrys for all Mikrotik Router in openvpn.append Log

Code: Select all

May 18 22:11:38 2015 RADIUS-PLUGIN: FOREGROUND THREAD: New user: username: 4C:5E:0C:2C:F3:5A, password: *****, newuser ip: 79.234.70.105, newuser port: 57635 .
Mon May 18 22:11:38 2015 RADIUS-PLUGIN: BACKGROUND  AUTH: New user auth: username: 4C:5E:0C:2C:F3:5A, password: *****, calling station: 79.234.70.105, commonname: 4C:5E:0C:2C:F3:5A.
Mon May 18 22:11:38 2015 us=412494 79.234.70.105:57635 TLS: Username/Password authentication succeeded for username '4C:5E:0C:2C:F3:5A' [CN SET]
Mon May 18 22:11:38 2015 us=497835 79.234.70.105:57635 [4C:5E:0C:2C:F3:5A] Peer Connection Initiated with [AF_INET]79.234.70.105:57635
Mon May 18 22:11:38 2015 us=497887 4C:5E:0C:2C:F3:5A/79.234.70.105:57635 MULTI: no free --ifconfig-pool addresses are available
Mon May 18 22:11:38 2015 RADIUS-PLUGIN: FOREGROUND: Set FramedIP to the IP () OpenVPN assigned to the user 4C:5E:0C:2C:F3:5A
Mon May 18 22:11:38 2015 RADIUS-PLUGIN: FOREGROUND: Add user for accounting: username: 4C:5E:0C:2C:F3:5A, commonname: 4C:5E:0C:2C:F3:5A
Mon May 18 22:11:38 2015 RADIUS-PLUGIN: BACKGROUND ACCT: New user acct: username: 4C:5E:0C:2C:F3:5A, interval: 0, calling station: 79.234.70.105, commonname: 4C:5E:0C:2C:F3:5A, framed ip: .
Mon May 18 22:11:38 2015 us=513746 4C:5E:0C:2C:F3:5A/79.234.70.105:57635 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_CLIENT_CONNECT status=0
Mon May 18 22:11:38 2015 us=513788 4C:5E:0C:2C:F3:5A/79.234.70.105:57635 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_a1acba4370707aa62f3faf246cacd288.tmp
Mon May 18 22:11:38 2015 us=513887 4C:5E:0C:2C:F3:5A/79.234.70.105:57635 MULTI: no free --ifconfig-pool addresses are available
Mon May 18 22:11:38 2015 us=702462 4C:5E:0C:2C:F3:5A/79.234.70.105:57635 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_d49ad34658d6477216469230c27c714b.tmp
Mon May 18 22:11:38 2015 us=702639 4C:5E:0C:2C:F3:5A/79.234.70.105:57635 MULTI: no free --ifconfig-pool addresses are available
Mon May 18 22:11:38 2015 us=702878 4C:5E:0C:2C:F3:5A/79.234.70.105:57635 MULTI: no dynamic or static remote --ifconfig address is available for 4C:5E:0C:2C:F3:5A/79.234.70.105:57635
RRMon May 18 22:11:38 2015 us=702990 4C:5E:0C:2C:F3:5A/79.234.70.105:57635 PUSH: Received control message: 'PUSH_REQUEST'
Mon May 18 22:11:38 2015 us=703007 4C:5E:0C:2C:F3:5A/79.234.70.105:57635 send_push_reply(): safe_cap=940
Mon May 18 22:11:38 2015 us=703040 4C:5E:0C:2C:F3:5A/79.234.70.105:57635 SENT CONTROL [4C:5E:0C:2C:F3:5A]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.101.0.1,topology net30,ping 5,ping-restart 30' (status=1)
WWWWRRRMon May 18 22:11:38 2015 us=811473 4C:5E:0C:2C:F3:5A/79.234.70.105:57635 Connection reset, restarting [0]
Mon May 18 22:11:38 2015 us=811534 4C:5E:0C:2C:F3:5A/79.234.70.105:57635 SIGUSR1[soft,connection-reset] received, client-instance restarting
Mon May 18 22:11:38 2015 RADIUS-PLUGIN: BACKGROUND ACCT: Stop acct: username: 4C:5E:0C:2C:F3:5A, calling station: 79.234.70.105, commonname: 4C:5E:0C:2C:F3:5A.
Mon May 18 22:11:38 2015 RADIUS-PLUGIN: BACKGROUND ACCT: No accounting data was found for 4C:5E:0C:2C:F3:5A,79.234.70.105:57635.
Mon May 18 22:11:38 2015 RADIUS-PLUGIN: BACKGROUND-ACCT: Got accouting data from file, CN: 4C:5E:0C:2C:F3:5A in: 0 out: 0.
Mon May 18 22:11:38 2015 RADIUS-PLUGIN: BACKGROUND-ACCT: Stop packet was sent. CN: 4C:5E:0C:2C:F3:5A.
Mon May 18 22:11:41 2015 RADIUS-PLUGIN: FOREGROUND THREAD: New user: username: 4C:5E:0C:2C:F3:5A, password: *****, newuser ip: 79.234.70.105, newuser port: 57637 .
Mon May 18 22:11:41 2015 RADIUS-PLUGIN: BACKGROUND  AUTH: New user auth: username: 4C:5E:0C:2C:F3:5A, password: *****, calling station: 79.234.70.105, commonname: 4C:5E:0C:2C:F3:5A.
Mon May 18 22:11:41 2015 us=584899 79.234.70.105:57637 TLS: Username/Password authentication succeeded for username '4C:5E:0C:2C:F3:5A' [CN SET]
Mon May 18 22:11:41 2015 us=642557 79.234.70.105:57637 [4C:5E:0C:2C:F3:5A] Peer Connection Initiated with [AF_INET]79.234.70.105:57637
Mon May 18 22:11:41 2015 us=642620 4C:5E:0C:2C:F3:5A/79.234.70.105:57637 MULTI: no free --ifconfig-pool addresses are available
Mon May 18 22:11:41 2015 RADIUS-PLUGIN: FOREGROUND: Set FramedIP to the IP () OpenVPN assigned to the user 4C:5E:0C:2C:F3:5A
Mon May 18 22:11:41 2015 RADIUS-PLUGIN: FOREGROUND: Add user for accounting: username: 4C:5E:0C:2C:F3:5A, commonname: 4C:5E:0C:2C:F3:5A
Mon May 18 22:11:41 2015 RADIUS-PLUGIN: BACKGROUND ACCT: New user acct: username: 4C:5E:0C:2C:F3:5A, interval: 0, calling station: 79.234.70.105, commonname: 4C:5E:0C:2C:F3:5A, framed ip: .
Mon May 18 22:11:41 2015 us=659957 4C:5E:0C:2C:F3:5A/79.234.70.105:57637 PLUGIN_CALL: POST /etc/openvpn/radiusplugin.so/PLUGIN_CLIENT_CONNECT status=0
Mon May 18 22:11:41 2015 us=660056 4C:5E:0C:2C:F3:5A/79.234.70.105:57637 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_1afe860a5511a42d2c68c4e25e5feee7.tmp
Mon May 18 22:11:41 2015 us=660181 4C:5E:0C:2C:F3:5A/79.234.70.105:57637 MULTI: no free --ifconfig-pool addresses are available
Mon May 18 22:11:41 2015 us=847169 4C:5E:0C:2C:F3:5A/79.234.70.105:57637 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_91bce4fc81af869c79fa22315798e210.tmp
Mon May 18 22:11:41 2015 us=847325 4C:5E:0C:2C:F3:5A/79.234.70.105:57637 MULTI: no free --ifconfig-pool addresses are available
Mon May 18 22:11:41 2015 us=847380 4C:5E:0C:2C:F3:5A/79.234.70.105:57637 MULTI: no dynamic or static remote --ifconfig address is available for 4C:5E:0C:2C:F3:5A/79.234.70.105:57637
Mon May 18 22:11:41 2015 us=847451 4C:5E:0C:2C:F3:5A/79.234.70.105:57637 Connection reset, restarting [0]
Mon May 18 22:11:41 2015 us=847503 4C:5E:0C:2C:F3:5A/79.234.70.105:57637 SIGUSR1[soft,connection-reset] received, client-instance restarting
Mon May 18 22:11:41 2015 RADIUS-PLUGIN: BACKGROUND ACCT: Stop acct: username: 4C:5E:0C:2C:F3:5A, calling station: 79.234.70.105, commonname: 4C:5E:0C:2C:F3:5A.
Mon May 18 22:11:41 2015 RADIUS-PLUGIN: BACKGROUND ACCT: No accounting data was found for 4C:5E:0C:2C:F3:5A,79.234.70.105:57637.
Mon May 18 22:11:41 2015 RADIUS-PLUGIN: BACKGROUND-ACCT: Got accouting data from file, CN: 4C:5E:0C:2C:F3:5A in: 0 out: 0.
Mon May 18 22:11:41 2015 RADIUS-PLUGIN: BACKGROUND-ACCT: Stop packet was sent. CN: 4C:5E:0C:2C:F3:5A.
You can see that there is a message called no free --ifconfig-pool addresses are available or no dynamic or static remote --ifconfig address is available


after a few minutes - every minute we see the following messages in logfile

Code: Select all

May 18 22:49:44 2015 us=739287 MULTI: multi_create_instance called
Mon May 18 22:49:44 2015 us=739467 Re-using SSL/TLS context
Mon May 18 22:49:44 2015 us=739600 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
Mon May 18 22:49:44 2015 us=739632 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
Mon May 18 22:49:44 2015 us=739676 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon May 18 22:49:44 2015 us=739688 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon May 18 22:49:44 2015 us=739712 Local Options hash (VER=V4): '7e068940'
Mon May 18 22:49:44 2015 us=739729 Expected Remote Options hash (VER=V4): 'db02a8f8'
Mon May 18 22:49:44 2015 us=739763 TCP connection established with [AF_INET]79.234.70.105:57681
Mon May 18 22:49:44 2015 us=739778 TCPv4_SERVER link local: [undef]
Mon May 18 22:49:44 2015 us=739791 TCPv4_SERVER link remote: [AF_INET]79.234.70.105:57681
Mon May 18 22:49:44 2015 us=743447 79.234.70.105:57681 TLS: Initial packet from [AF_INET]79.234.70.105:57681, sid=060d2fc4 4cb8ee06
Mon May 18 22:50:44 2015 us=140200 79.234.70.105:57681 [UNDEF] Inactivity timeout (--ping-restart), restarting
can someone tell us why there is no router become an ip-adress form internal pool ?

here the server.conf file

Code: Select all

port 443
proto tcp
max-clients 30
dev tun
reneg-sec 3600
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf #- Uncomment this line if you are using FreeRADIUS

username-as-common-name
server 10.101.0.0 255.255.255.224

push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

duplicate-cn
user nobody
group nogroup
keepalive 5 30
persist-key
persist-tun
log-append /var/log/openvpn.append
status /var/log/openvpn.log 5
status-version 2

verb 5

and here is the log from openvpn.log with count for active openvpn seesions:

Code: Select all

cat /var/log/openvpn.log | grep ^CLIENT_LIST | wc -l
6

best regards
Top
User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:
Contact maikcat

Re: Problem on Linux OpenVPN Server

Post by maikcat » Tue May 19, 2015 7:41 am

openvpn by default uses ptp mode meaning that actually 4 ips per client are allocated ,

you use

Code: Select all

server 10.101.0.0 255.255.255.224
.224 mask means 32 ips / 4 = 8 - 1(server) = 7.

maybe you should consider to switch to mode subnet...?

Michael.
Top
Post Reply

Return to “Server Administration”