OpenVPN Connection Issue

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
GeoffatMM
OpenVPN User
Posts: 24
Joined: Wed Feb 20, 2019 7:11 pm

OpenVPN Connection Issue

Post by GeoffatMM » Thu Sep 01, 2022 12:09 pm

O/S Ubuntu 20.04.4
Webmin 1.999
Virtualmin 7.1-1
OpenVPN Admin uses OpenVPN version 2.0_rc16, OpenSSL version 0.9.7e
(I have tried to upgrade to the latest version but the site returns a 502 error)


Hi,

I am having issues connecting to my VPN. It sits on my server and worked fine on the previous machine I used but when I had to transfer it to a new VPS, it was necessary to rebuild it from scratch.

The service is running but I do not know how to test if it is running properly or not.

I have checked the config files and they all look to be fine with the redirection of keys and certificates etc. but to be sure I have even tried a profile with all the certificate, dh and keys data embedded.

No matter what I try I cannot get a connection. The log shows that it is negotiating with the server but something is stopping it from finalising the connection.

The only thing I can think of is the firewall but the ports have been open for UDP (1194 and 1195) and when I try:

root@electra:~# firewall-cmd --zone=public --query-masquerade

I get the response

yes

[Unfortunately I do not know enough about IP Tables and Firewalld to determine what I have set up as the masquerade so that might be the first place to start?]

I am posting some config files below as well for more information but can anyone help me to get this working please? I am posting both in Virtualmin forums and OpenVPN forums.

Server Config


/etc/openvpn/xsxtc-vpn-kodi.conf

port 1195
proto udp
dev tun1
ca keys/xsxtc-ca/ca.crt
cert keys/xsxtc-ca/server-key.crt
key keys/xsxtc-ca/server-key.key
dh keys/xsxtc-ca/dh2048.pem
topology subnet
server 10.20.0.0 255.255.255.0
crl-verify keys/xsxtc-ca/crl.pem
ifconfig-pool-persist servers/xsxtc-vpn-kodi/logs/ipp.txt
cipher AES-256-CBC
user nobody
group nogroup
status servers/xsxtc-vpn-kodi/logs/openvpn-status.log
log-append servers/xsxtc-vpn-kodi/logs/openvpn.log
verb 2
mute 20
max-clients 100
keepalive 10 120
client-config-dir /etc/openvpn/servers/xsxtc-vpn-kodi/ccd
duplicate-cn
comp-lzo
persist-key
persist-tun
float
ccd-exclusive
auth SHA512
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp"


Server Log


Extract from the server log

Wed Aug 31 21:29:47 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Wed Aug 31 21:29:47 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Wed Aug 31 21:29:47 2022 WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Wed Aug 31 21:29:47 2022 WARNING: --ifconfig-pool-persist will not work with --duplicate-cn
Wed Aug 31 21:29:47 2022 TUN/TAP device tun1 opened
Wed Aug 31 21:29:47 2022 /sbin/ip link set dev tun1 up mtu 1500
Wed Aug 31 21:29:47 2022 /sbin/ip addr add dev tun1 10.20.0.1/24 broadcast 10.20.0.255
Wed Aug 31 21:29:47 2022 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Aug 31 21:29:47 2022 UDPv4 link local (bound): [AF_INET][undef]:1195
Wed Aug 31 21:29:47 2022 UDPv4 link remote: [AF_UNSPEC]
Wed Aug 31 21:29:47 2022 GID set to nogroup
Wed Aug 31 21:29:47 2022 UID set to nobody
Wed Aug 31 21:29:47 2022 Initialization Sequence Completed
Wed Aug 31 22:43:43 2022 event_wait : Interrupted system call (code=4)
Wed Aug 31 22:43:43 2022 Closing TUN/TAP interface
Wed Aug 31 22:43:43 2022 /sbin/ip addr del dev tun1 10.20.0.1/24
RTNETLINK answers: Operation not permitted
Wed Aug 31 22:43:43 2022 Linux ip addr del failed: external program exited with error status: 2
Wed Aug 31 22:43:43 2022 SIGTERM[hard,] received, process exiting
Wed Aug 31 22:44:00 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Wed Aug 31 22:44:00 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Wed Aug 31 22:44:00 2022 WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Wed Aug 31 22:44:00 2022 WARNING: --ifconfig-pool-persist will not work with --duplicate-cn
Wed Aug 31 22:44:00 2022 TUN/TAP device tun1 opened
Wed Aug 31 22:44:00 2022 /sbin/ip link set dev tun1 up mtu 1500
Wed Aug 31 22:44:00 2022 /sbin/ip addr add dev tun1 10.20.0.1/24 broadcast 10.20.0.255
Wed Aug 31 22:44:00 2022 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Aug 31 22:44:00 2022 UDPv4 link local (bound): [AF_INET][undef]:1195
Wed Aug 31 22:44:00 2022 UDPv4 link remote: [AF_UNSPEC]
Wed Aug 31 22:44:00 2022 GID set to nogroup
Wed Aug 31 22:44:00 2022 UID set to nobody
Wed Aug 31 22:44:00 2022 Initialization Sequence Completed


Client Profile


Client kodi.opvn file (sits in a directory with all the referenced keys and certificates etc.)

client
proto udp
dev tun
ca ca.crt
dh dh2048.pem
cert kodi.crt
key kodi.key
remote xxx.xxx.xxx.xxx 1195
cipher AES-256-CBC
verb 2
mute 20
keepalive 10 120
comp-lzo
persist-key
persist-tun
float
resolv-retry infinite
nobind
auth SHA512

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN Connection Issue

Post by TinCanTech » Thu Sep 01, 2022 12:31 pm

Your log does not show any connection attempts.

Use --verb 4 in your server config.

GeoffatMM
OpenVPN User
Posts: 24
Joined: Wed Feb 20, 2019 7:11 pm

Re: OpenVPN Connection Issue

Post by GeoffatMM » Thu Sep 01, 2022 7:25 pm

OK will organise this evening.

GeoffatMM
OpenVPN User
Posts: 24
Joined: Wed Feb 20, 2019 7:11 pm

Re: OpenVPN Connection Issue

Post by GeoffatMM » Thu Sep 01, 2022 10:33 pm

OK I have set the VPN server config (/etc/openvpn/xsxtc-vpn-kodi.conf) to verb 4 and then run several attempts to connect.

Be aware that there is a 2 hour time shift between the server and the client so server 21:00 = client 23:00. Here is the server log output:

Server Log


Thu Sep 1 21:40:21 2022 event_wait : Interrupted system call (code=4)
Thu Sep 1 21:40:21 2022 Closing TUN/TAP interface
Thu Sep 1 21:40:21 2022 /sbin/ip addr del dev tun1 10.20.0.1/24
RTNETLINK answers: Operation not permitted
Thu Sep 1 21:40:21 2022 Linux ip addr del failed: external program exited with error status: 2
Thu Sep 1 21:40:21 2022 SIGTERM[hard,] received, process exiting
Thu Sep 1 21:40:21 2022 us=462795 Current Parameter Settings:
Thu Sep 1 21:40:21 2022 us=462846 config = '/etc/openvpn/xsxtc-vpn-kodi.conf'
Thu Sep 1 21:40:21 2022 us=462856 mode = 1
Thu Sep 1 21:40:21 2022 us=462864 persist_config = DISABLED
Thu Sep 1 21:40:21 2022 us=462872 persist_mode = 1
Thu Sep 1 21:40:21 2022 us=462880 show_ciphers = DISABLED
Thu Sep 1 21:40:21 2022 us=462887 show_digests = DISABLED
Thu Sep 1 21:40:21 2022 us=462894 show_engines = DISABLED
Thu Sep 1 21:40:21 2022 us=462902 genkey = DISABLED
Thu Sep 1 21:40:21 2022 us=462909 key_pass_file = '[UNDEF]'
Thu Sep 1 21:40:21 2022 us=462917 show_tls_ciphers = DISABLED
Thu Sep 1 21:40:21 2022 us=462924 connect_retry_max = 0
Thu Sep 1 21:40:21 2022 us=462932 Connection profiles [0]:
Thu Sep 1 21:40:21 2022 us=462939 proto = udp
Thu Sep 1 21:40:21 2022 us=462947 local = '[UNDEF]'
Thu Sep 1 21:40:21 2022 us=462954 local_port = '1195'
Thu Sep 1 21:40:21 2022 us=462966 remote = '[UNDEF]'
Thu Sep 1 21:40:21 2022 us=462974 remote_port = '1195'
Thu Sep 1 21:40:21 2022 us=462981 remote_float = ENABLED
Thu Sep 1 21:40:21 2022 us=465805 bind_defined = DISABLED
Thu Sep 1 21:40:21 2022 us=465827 NOTE: --mute triggered...
Thu Sep 1 21:40:21 2022 us=465864 269 variation(s) on previous 20 message(s) suppressed by --mute
Thu Sep 1 21:40:21 2022 us=465874 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Thu Sep 1 21:40:21 2022 us=465893 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Thu Sep 1 21:40:21 2022 us=466186 WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Thu Sep 1 21:40:21 2022 us=466201 WARNING: --ifconfig-pool-persist will not work with --duplicate-cn
Thu Sep 1 21:40:21 2022 us=469368 Diffie-Hellman initialized with 2048 bit key
Thu Sep 1 21:40:21 2022 us=477043 TLS-Auth MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Thu Sep 1 21:40:21 2022 us=477601 TUN/TAP device tun1 opened
Thu Sep 1 21:40:21 2022 us=477700 TUN/TAP TX queue length set to 100
Thu Sep 1 21:40:21 2022 us=477724 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Sep 1 21:40:21 2022 us=477744 /sbin/ip link set dev tun1 up mtu 1500
Thu Sep 1 21:40:21 2022 us=481635 /sbin/ip addr add dev tun1 10.20.0.1/24 broadcast 10.20.0.255
Thu Sep 1 21:40:21 2022 us=483363 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Thu Sep 1 21:40:21 2022 us=483662 Could not determine IPv4/IPv6 protocol. Using AF_INET
Thu Sep 1 21:40:21 2022 us=483685 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Sep 1 21:40:21 2022 us=483703 UDPv4 link local (bound): [AF_INET][undef]:1195
Thu Sep 1 21:40:21 2022 us=483711 UDPv4 link remote: [AF_UNSPEC]
Thu Sep 1 21:40:21 2022 us=483724 GID set to nogroup
Thu Sep 1 21:40:21 2022 us=483800 UID set to nobody
Thu Sep 1 21:40:21 2022 us=483818 MULTI: multi_init called, r=256 v=256
Thu Sep 1 21:40:21 2022 us=483851 IFCONFIG POOL: base=10.20.0.2 size=252, ipv6=0
Thu Sep 1 21:40:21 2022 us=483867 IFCONFIG POOL LIST
Thu Sep 1 21:40:21 2022 us=484446 Initialization Sequence Completed
Thu Sep 1 21:54:17 2022 us=513593 event_wait : Interrupted system call (code=4)
Thu Sep 1 21:54:17 2022 us=513845 TCP/UDP: Closing socket
Thu Sep 1 21:54:17 2022 us=513900 Closing TUN/TAP interface
Thu Sep 1 21:54:17 2022 us=513916 /sbin/ip addr del dev tun1 10.20.0.1/24
RTNETLINK answers: Operation not permitted
Thu Sep 1 21:54:17 2022 us=516698 Linux ip addr del failed: external program exited with error status: 2
Thu Sep 1 21:54:17 2022 us=533290 SIGTERM[hard,] received, process exiting
Thu Sep 1 21:55:50 2022 us=851761 Current Parameter Settings:
Thu Sep 1 21:55:50 2022 us=851812 config = '/etc/openvpn/xsxtc-vpn-kodi.conf'
Thu Sep 1 21:55:50 2022 us=851822 mode = 1
Thu Sep 1 21:55:50 2022 us=851831 persist_config = DISABLED
Thu Sep 1 21:55:50 2022 us=851838 persist_mode = 1
Thu Sep 1 21:55:50 2022 us=851846 show_ciphers = DISABLED
Thu Sep 1 21:55:50 2022 us=851854 show_digests = DISABLED
Thu Sep 1 21:55:50 2022 us=851861 show_engines = DISABLED
Thu Sep 1 21:55:50 2022 us=851868 genkey = DISABLED
Thu Sep 1 21:55:50 2022 us=851876 key_pass_file = '[UNDEF]'
Thu Sep 1 21:55:50 2022 us=851883 show_tls_ciphers = DISABLED
Thu Sep 1 21:55:50 2022 us=851891 connect_retry_max = 0
Thu Sep 1 21:55:50 2022 us=851898 Connection profiles [0]:
Thu Sep 1 21:55:50 2022 us=851906 proto = udp
Thu Sep 1 21:55:50 2022 us=851913 local = '[UNDEF]'
Thu Sep 1 21:55:50 2022 us=851921 local_port = '1195'
Thu Sep 1 21:55:50 2022 us=851928 remote = '[UNDEF]'
Thu Sep 1 21:55:50 2022 us=851935 remote_port = '1195'
Thu Sep 1 21:55:50 2022 us=851943 remote_float = ENABLED
Thu Sep 1 21:55:50 2022 us=851950 bind_defined = DISABLED
Thu Sep 1 21:55:50 2022 us=851957 NOTE: --mute triggered...
Thu Sep 1 21:55:50 2022 us=851978 269 variation(s) on previous 20 message(s) suppressed by --mute
Thu Sep 1 21:55:50 2022 us=851986 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Thu Sep 1 21:55:50 2022 us=852207 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Thu Sep 1 21:55:50 2022 us=857405 WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Thu Sep 1 21:55:50 2022 us=857442 WARNING: --ifconfig-pool-persist will not work with --duplicate-cn
Thu Sep 1 21:55:50 2022 us=858182 Diffie-Hellman initialized with 2048 bit key
Thu Sep 1 21:55:50 2022 us=858874 TLS-Auth MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Thu Sep 1 21:55:50 2022 us=861823 TUN/TAP device tun1 opened
Thu Sep 1 21:55:50 2022 us=861994 TUN/TAP TX queue length set to 100
Thu Sep 1 21:55:50 2022 us=862021 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Sep 1 21:55:50 2022 us=862038 /sbin/ip link set dev tun1 up mtu 1500
Thu Sep 1 21:55:50 2022 us=865541 /sbin/ip addr add dev tun1 10.20.0.1/24 broadcast 10.20.0.255
Thu Sep 1 21:55:50 2022 us=868496 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Thu Sep 1 21:55:50 2022 us=868790 Could not determine IPv4/IPv6 protocol. Using AF_INET
Thu Sep 1 21:55:50 2022 us=868813 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Sep 1 21:55:50 2022 us=868829 UDPv4 link local (bound): [AF_INET][undef]:1195
Thu Sep 1 21:55:50 2022 us=868838 UDPv4 link remote: [AF_UNSPEC]
Thu Sep 1 21:55:50 2022 us=868851 GID set to nogroup
Thu Sep 1 21:55:50 2022 us=869928 UID set to nobody
Thu Sep 1 21:55:50 2022 us=869960 MULTI: multi_init called, r=256 v=256
Thu Sep 1 21:55:50 2022 us=869994 IFCONFIG POOL: base=10.20.0.2 size=252, ipv6=0
Thu Sep 1 21:55:50 2022 us=870011 IFCONFIG POOL LIST
Thu Sep 1 21:55:50 2022 us=870072 Initialization Sequence Completed
Thu Sep 1 21:56:15 2022 us=489154 event_wait : Interrupted system call (code=4)
Thu Sep 1 21:56:15 2022 us=489330 TCP/UDP: Closing socket
Thu Sep 1 21:56:15 2022 us=489372 Closing TUN/TAP interface
Thu Sep 1 21:56:15 2022 us=489389 /sbin/ip addr del dev tun1 10.20.0.1/24
RTNETLINK answers: Operation not permitted
Thu Sep 1 21:56:15 2022 us=491447 Linux ip addr del failed: external program exited with error status: 2
Thu Sep 1 21:56:15 2022 us=525339 SIGTERM[hard,] received, process exiting
Thu Sep 1 22:00:31 2022 us=331937 Current Parameter Settings:
Thu Sep 1 22:00:31 2022 us=333206 config = '/etc/openvpn/xsxtc-vpn-kodi.conf'
Thu Sep 1 22:00:31 2022 us=333229 mode = 1
Thu Sep 1 22:00:31 2022 us=333238 persist_config = DISABLED
Thu Sep 1 22:00:31 2022 us=333245 persist_mode = 1
Thu Sep 1 22:00:31 2022 us=333253 show_ciphers = DISABLED
Thu Sep 1 22:00:31 2022 us=333260 show_digests = DISABLED
Thu Sep 1 22:00:31 2022 us=333268 show_engines = DISABLED
Thu Sep 1 22:00:31 2022 us=333275 genkey = DISABLED
Thu Sep 1 22:00:31 2022 us=333283 key_pass_file = '[UNDEF]'
Thu Sep 1 22:00:31 2022 us=333290 show_tls_ciphers = DISABLED
Thu Sep 1 22:00:31 2022 us=333297 connect_retry_max = 0
Thu Sep 1 22:00:31 2022 us=333305 Connection profiles [0]:
Thu Sep 1 22:00:31 2022 us=333313 proto = udp
Thu Sep 1 22:00:31 2022 us=333321 local = '[UNDEF]'
Thu Sep 1 22:00:31 2022 us=333328 local_port = '1195'
Thu Sep 1 22:00:31 2022 us=333336 remote = '[UNDEF]'
Thu Sep 1 22:00:31 2022 us=333343 remote_port = '1195'
Thu Sep 1 22:00:31 2022 us=333350 remote_float = ENABLED
Thu Sep 1 22:00:31 2022 us=333358 bind_defined = DISABLED
Thu Sep 1 22:00:31 2022 us=333365 NOTE: --mute triggered...
Thu Sep 1 22:00:31 2022 us=333386 269 variation(s) on previous 20 message(s) suppressed by --mute
Thu Sep 1 22:00:31 2022 us=333394 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Thu Sep 1 22:00:31 2022 us=333413 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Thu Sep 1 22:00:31 2022 us=333636 WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Thu Sep 1 22:00:31 2022 us=333647 WARNING: --ifconfig-pool-persist will not work with --duplicate-cn
Thu Sep 1 22:00:31 2022 us=333936 Diffie-Hellman initialized with 2048 bit key
Thu Sep 1 22:00:31 2022 us=337287 TLS-Auth MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Thu Sep 1 22:00:31 2022 us=338082 TUN/TAP device tun1 opened
Thu Sep 1 22:00:31 2022 us=338149 TUN/TAP TX queue length set to 100
Thu Sep 1 22:00:31 2022 us=338167 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Sep 1 22:00:31 2022 us=338182 /sbin/ip link set dev tun1 up mtu 1500
Thu Sep 1 22:00:31 2022 us=342182 /sbin/ip addr add dev tun1 10.20.0.1/24 broadcast 10.20.0.255
Thu Sep 1 22:00:31 2022 us=346858 Data Channel MTU parms [ L:1622 D:1450 EF:122 EB:406 ET:0 EL:3 ]
Thu Sep 1 22:00:31 2022 us=347151 Could not determine IPv4/IPv6 protocol. Using AF_INET
Thu Sep 1 22:00:31 2022 us=347175 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Sep 1 22:00:31 2022 us=347191 UDPv4 link local (bound): [AF_INET][undef]:1195
Thu Sep 1 22:00:31 2022 us=347199 UDPv4 link remote: [AF_UNSPEC]
Thu Sep 1 22:00:31 2022 us=347212 GID set to nogroup
Thu Sep 1 22:00:31 2022 us=347228 UID set to nobody
Thu Sep 1 22:00:31 2022 us=347248 MULTI: multi_init called, r=256 v=256
Thu Sep 1 22:00:31 2022 us=347278 IFCONFIG POOL: base=10.20.0.2 size=252, ipv6=0
Thu Sep 1 22:00:31 2022 us=347294 IFCONFIG POOL LIST
Thu Sep 1 22:00:31 2022 us=347362 Initialization Sequence Completed



I also wiped the OpenVPN Connect client log before testing and here is the tail of that output (the file was huge but just repeating the same information):

Client Log




}

⏎02/09/2022, 00:08:46 Connecting to [xxx.xxx.xxx.xxx]:1195 (xxx.xxx.xxx.xxx) via UDPv4
⏎02/09/2022, 00:08:56 Server poll timeout, trying next remote entry...
⏎02/09/2022, 00:08:56 EVENT: RECONNECTING ⏎02/09/2022, 00:08:56 EVENT: WAIT ⏎02/09/2022, 00:08:56 Contacting xxx.xxx.xxx.xxx:1195 via UDP
⏎02/09/2022, 00:08:56 UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
"host" : "xxx.xxx.xxx.xxx",
"ipv6" : false,
"pid" : 6493
}

⏎02/09/2022, 00:08:56 Connecting to [xxx.xxx.xxx.xxx]:1195 (xxx.xxx.xxx.xxx) via UDPv4
⏎02/09/2022, 00:09:06 Server poll timeout, trying next remote entry...
⏎02/09/2022, 00:09:06 EVENT: RECONNECTING ⏎02/09/2022, 00:09:06 EVENT: WAIT ⏎02/09/2022, 00:09:06 Contacting xxx.xxx.xxx.xxx:1195 via UDP
⏎02/09/2022, 00:09:06 UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
"host" : "xxx.xxx.xxx.xxx",
"ipv6" : false,
"pid" : 6493
}

⏎02/09/2022, 00:09:06 Connecting to [xxx.xxx.xxx.xxx]:1195 (xxx.xxx.xxx.xxx) via UDPv4
⏎02/09/2022, 00:09:16 Server poll timeout, trying next remote entry...
⏎02/09/2022, 00:09:16 EVENT: RECONNECTING ⏎02/09/2022, 00:09:16 EVENT: WAIT ⏎02/09/2022, 00:09:16 Contacting xxx.xxx.xxx.xxx:1195 via UDP
⏎02/09/2022, 00:09:16 UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
"host" : "xxx.xxx.xxx.xxx",
"ipv6" : false,
"pid" : 6493
}

⏎02/09/2022, 00:09:16 Connecting to [xxx.xxx.xxx.xxx]:1195 (xxx.xxx.xxx.xxx) via UDPv4
⏎02/09/2022, 00:09:26 Server poll timeout, trying next remote entry...
⏎02/09/2022, 00:09:26 EVENT: RECONNECTING ⏎02/09/2022, 00:09:26 EVENT: WAIT ⏎02/09/2022, 00:09:26 Contacting xxx.xxx.xxx.xxx:1195 via UDP
⏎02/09/2022, 00:09:26 UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
"host" : "xxx.xxx.xxx.xxx",
"ipv6" : false,
"pid" : 6493
}

⏎02/09/2022, 00:09:26 Connecting to [xxx.xxx.xxx.xxx]:1195 (xxx.xxx.xxx.xxx) via UDPv4
⏎02/09/2022, 00:09:36 Server poll timeout, trying next remote entry...
⏎02/09/2022, 00:09:36 EVENT: RECONNECTING ⏎02/09/2022, 00:09:36 EVENT: WAIT ⏎02/09/2022, 00:09:36 Contacting xxx.xxx.xxx.xxx:1195 via UDP
⏎02/09/2022, 00:09:36 UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
"host" : "xxx.xxx.xxx.xxx",
"ipv6" : false,
"pid" : 6493
}

⏎02/09/2022, 00:09:36 Connecting to [xxx.xxx.xxx.xxx]:1195 (xxx.xxx.xxx.xxx) via UDPv4
⏎02/09/2022, 00:09:46 Server poll timeout, trying next remote entry...
⏎02/09/2022, 00:09:46 Contacting xxx.xxx.xxx.xxx:1195 via UDP
⏎02/09/2022, 00:09:46 UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
"host" : "xxx.xxx.xxx.xxx",
"ipv6" : false,
"pid" : 6493
}

⏎02/09/2022, 00:09:46 EVENT: RECONNECTING ⏎02/09/2022, 00:09:46 EVENT: WAIT ⏎02/09/2022, 00:09:46 Connecting to [xxx.xxx.xxx.xxx]:1195 (xxx.xxx.xxx.xxx) via UDPv4
⏎02/09/2022, 00:09:56 Server poll timeout, trying next remote entry...
⏎02/09/2022, 00:09:56 EVENT: RECONNECTING ⏎02/09/2022, 00:09:56 EVENT: WAIT ⏎02/09/2022, 00:09:56 Contacting xxx.xxx.xxx.xxx:1195 via UDP
⏎02/09/2022, 00:09:56 UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
"host" : "xxx.xxx.xxx.xxx",
"ipv6" : false,
"pid" : 6493
}

⏎02/09/2022, 00:09:56 Connecting to [xxx.xxx.xxx.xxx]:1195 (xxx.xxx.xxx.xxx) via UDPv4
⏎02/09/2022, 00:10:06 Server poll timeout, trying next remote entry...
⏎02/09/2022, 00:10:06 EVENT: RECONNECTING ⏎02/09/2022, 00:10:06 EVENT: WAIT ⏎02/09/2022, 00:10:06 Contacting xxx.xxx.xxx.xxx:1195 via UDP
⏎02/09/2022, 00:10:06 UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
"host" : "xxx.xxx.xxx.xxx",
"ipv6" : false,
"pid" : 6493
}

⏎02/09/2022, 00:10:06 Connecting to [xxx.xxx.xxx.xxx]:1195 (xxx.xxx.xxx.xxx) via UDPv4
⏎02/09/2022, 00:10:09 Raw stats on disconnect:
BYTES_OUT : 7896
PACKETS_OUT : 564
N_RECONNECT : 56
⏎02/09/2022, 00:10:09 Performance stats on disconnect:
CPU usage (microseconds): 624909046
Network bytes per CPU second: 12
Tunnel bytes per CPU second: 0
⏎02/09/2022, 00:10:09 EVENT: DISCONNECTED ⏎




So it looks as if the two machines are talking but not connecting? Is this a firewall issue?

Geoff

GeoffatMM
OpenVPN User
Posts: 24
Joined: Wed Feb 20, 2019 7:11 pm

Re: OpenVPN Connection Issue

Post by GeoffatMM » Thu Sep 01, 2022 10:58 pm

I was concerned that I had not set the masquerading up for the correct interface (tun1 and tun2, one for each of my two VPN instances) so in looking for a command to show me the interface that masquerading was running on I found and ran this command

iptables -t nat -L

in order (so the article told me) to list the IP Tables entries for masquerading and got this output:

iptables listing



Chain PREROUTING (policy ACCEPT)
target prot opt source destination
PREROUTING_direct all -- anywhere anywhere
PREROUTING_ZONES all -- anywhere anywhere

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
POSTROUTING_direct all -- anywhere anywhere
POSTROUTING_ZONES all -- anywhere anywhere
MASQUERADE all -- 10.10.0.0/24 anywhere
MASQUERADE all -- 10.20.0.0/24 anywhere

Chain OUTPUT_direct (1 references)
target prot opt source destination

Chain POSTROUTING_ZONES (1 references)
target prot opt source destination
POST_public all -- anywhere anywhere [goto]
POST_public all -- anywhere anywhere [goto]
POST_public all -- anywhere anywhere [goto]
POST_public all -- anywhere anywhere [goto]
POST_public all -- anywhere anywhere [goto]

Chain POSTROUTING_direct (1 references)
target prot opt source destination

Chain POST_public (5 references)
target prot opt source destination
POST_public_pre all -- anywhere anywhere
POST_public_log all -- anywhere anywhere
POST_public_deny all -- anywhere anywhere
POST_public_allow all -- anywhere anywhere
POST_public_post all -- anywhere anywhere

Chain POST_public_allow (1 references)
target prot opt source destination
MASQUERADE all -- anywhere anywhere

Chain POST_public_deny (1 references)
target prot opt source destination

Chain POST_public_log (1 references)
target prot opt source destination

Chain POST_public_post (1 references)
target prot opt source destination

Chain POST_public_pre (1 references)
target prot opt source destination

Chain PREROUTING_ZONES (1 references)
target prot opt source destination
PRE_public all -- anywhere anywhere [goto]
PRE_public all -- anywhere anywhere [goto]
PRE_public all -- anywhere anywhere [goto]
PRE_public all -- anywhere anywhere [goto]
PRE_public all -- anywhere anywhere [goto]

Chain PREROUTING_direct (1 references)
target prot opt source destination

Chain PRE_public (5 references)
target prot opt source destination
PRE_public_pre all -- anywhere anywhere
PRE_public_log all -- anywhere anywhere
PRE_public_deny all -- anywhere anywhere
PRE_public_allow all -- anywhere anywhere
PRE_public_post all -- anywhere anywhere

Chain PRE_public_allow (1 references)
target prot opt source destination

Chain PRE_public_deny (1 references)
target prot opt source destination

Chain PRE_public_log (1 references)
target prot opt source destination

Chain PRE_public_post (1 references)
target prot opt source destination

Chain PRE_public_pre (1 references)
target prot opt source destination



I cannot see any specific entries for individual interfaces so is it safe to assume that it is running on any and all interfaces (remember I do not understand IP Tables and firewalls!)?

Geoff

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN Connection Issue

Post by TinCanTech » Fri Sep 02, 2022 10:02 am

GeoffatMM wrote:
Thu Sep 01, 2022 10:33 pm
So it looks as if the two machines are talking but not connecting?
It does not look like that.

I suggest that you read your server log.

Due to using --mute, I cannot see what is happening.

As a guess, it looks like your server is crashing ..

GeoffatMM
OpenVPN User
Posts: 24
Joined: Wed Feb 20, 2019 7:11 pm

Re: OpenVPN Connection Issue

Post by GeoffatMM » Fri Sep 02, 2022 7:59 pm

Hi, the current setting is mute 20. Should I just comment it out or change the setting to another number?

GeoffatMM
OpenVPN User
Posts: 24
Joined: Wed Feb 20, 2019 7:11 pm

Re: OpenVPN Connection Issue

Post by GeoffatMM » Fri Sep 02, 2022 8:03 pm

I have checked the server status and processes and they all appear to be running OK. I can use other VPNs from my machine but they do not use the OpenVPN client. I am currently using Version 3.2.7 (3220) and I cannot remember if this is the same version I had working previously or not but I do not think it would be the client causing the issue? Very frustrating.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN Connection Issue

Post by TinCanTech » Fri Sep 02, 2022 8:31 pm

GeoffatMM wrote:
Fri Sep 02, 2022 8:03 pm
I have checked the server status and processes and they all appear to be running OK
Your log says otherwise.. They do restart but they are crashing or something ..
GeoffatMM wrote:
Fri Sep 02, 2022 8:03 pm
I am currently using Version 3.2.7 (3220)
That is an Openvpn-Connect product not the Free Open Source version. I can't help with that.

Probably best to start here:
viewtopic.php?t=22603

GeoffatMM
OpenVPN User
Posts: 24
Joined: Wed Feb 20, 2019 7:11 pm

Re: OpenVPN Connection Issue

Post by GeoffatMM » Sun Sep 04, 2022 11:33 pm

OK thanks. I am working my way through the documents you linked.

I removed everything and reinstalled including using Tunnelblick instead of OpenVPN connect.

It was clear from tunelblick that the server is not responding to the request to access the vpn service. However a status request says that the openvpn server is running.

OpenVPN Status Request

root@electra:~# systemctl status openvpn-server@server.service
openvpn-server@server.service - OpenVPN service for server
Loaded: loaded (/lib/systemd/system/openvpn-server@.service; enabled; vend>
Active: active (running) since Fri 2022-09-02 19:48:48 UTC; 2 days ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/w ... n24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 748 (openvpn)
Status: "Initialization Sequence Completed"
Tasks: 1 (limit: 2270)
Memory: 1.1M
CGroup: /system.slice/system-openvpn\x2dserver.slice/openvpn-server@server>
└─748 /usr/sbin/openvpn --status /run/openvpn-server/status-server>

Sep 02 19:48:48 electra openvpn[748]: UDPv4 link local (bound): [AF_INET]77.68.>
Sep 02 19:48:48 electra openvpn[748]: UDPv4 link remote: [AF_UNSPEC]
Sep 02 19:48:48 electra openvpn[748]: GID set to nogroup
Sep 02 19:48:48 electra openvpn[748]: UID set to nobody
Sep 02 19:48:48 electra openvpn[748]: MULTI: multi_init called, r=256 v=256
Sep 02 19:48:48 electra openvpn[748]: IFCONFIG POOL: base=10.8.0.2 size=252, ip>
Sep 02 19:48:48 electra openvpn[748]: IFCONFIG POOL LIST
Sep 02 19:48:48 electra openvpn[748]: Initialization Sequence Completed
Sep 02 19:48:48 electra systemd[1]: Started OpenVPN service for server.
Sep 04 22:44:01 electra systemd[1]: openvpn-server@server.service: Current comm>
lines 1-23



Both port 1194 and 1195 are open to accept UDP packages and Masquerade is set to run on ens192 (effectively my server's eth0). I cannot see any errors in the logs so I am at a loss to understand why it is not working.

I will continue reading the material but thought I would post this in case it is obvious (to you) why it is not connecting.
G

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: OpenVPN Connection Issue

Post by ordex » Sun Sep 11, 2022 10:58 pm

From the server log you posted, it seems there is no connection being made by any client.
This means that the client connection attempt is not reaching the OpenVPN server at all.

99.9% this is a firewall issue. The firewall could be on the OpenVPN server, but also on the router in front of it.
The OpenVPN server directly connected to the Internet with a public IP? Or is it behind a router?

Post Reply