Can't randomly access to Green network

I just have a new installed ipfire 169 in my new office.
i use openvpn to connect my clients to my nas.
i’m experiencing the following trouble: client can connect to vpn, but randomly they can’t reach my nas ip (in green network).
What is strange is that it works 80% of times, but randomly it doesn’t, without modify any parameter.
This append from different clients with different provider/connections
Also i will like to know how to post a log on here, hiding all sensitive data.

Can they do anything else?

Just mangle the text in an editor before posting it here. Use the preformatted text option.

Unfortunately when problem appear, i can’t ping any address of my green network.

after disconnect and connect it again without touching any paramether everything woks flawlessy.

this is part of openvpn log hoping it will helps

06:46:37 openvpnserver[6727]: 2.xxx.xxx.xxx:52772 TLS: Initial packet from [AF_INET]2.xxx.xxx.xxx:52772, sid=74457fc6 33549909
06:46:37 openvpnserver[6727]: 2.xxx.xxx.xxx:52772 VERIFY SCRIPT OK: depth=1, C=FR, O=xxxxinternational, CN=xxxxinternational CA
06:46:37 openvpnserver[6727]: 2.xxx.xxx.xxx:52772 VERIFY OK: depth=1, C=FR, O=xxxxinternational, CN=xxxxinternational CA
06:46:37 openvpnserver[6727]: 2.xxx.xxx.xxx:52772 VERIFY SCRIPT OK: depth=0, C=FR, O=xxxxinternational, CN=Alessandro
06:46:37 openvpnserver[6727]: 2.xxx.xxx.xxx:52772 VERIFY OK: depth=0, C=FR, O=xxxxinternational, CN=Alessandro
06:46:37 openvpnserver[6727]: 2.xxx.xxx.xxx:52772 peer info: IV_VER=2.5.4
06:46:37 openvpnserver[6727]: 2.xxx.xxx.xxx:52772 peer info: IV_PLAT=mac
06:46:37 openvpnserver[6727]: 2.xxx.xxx.xxx:52772 peer info: IV_PROTO=6
06:46:37 openvpnserver[6727]: 2.xxx.xxx.xxx:52772 peer info: IV_NCP=2
06:46:37 openvpnserver[6727]: 2.xxx.xxx.xxx:52772 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CAMELLIA-256-CBC
06:46:37 openvpnserver[6727]: 2.xxx.xxx.xxx:52772 peer info: IV_LZ4=1
06:46:37 openvpnserver[6727]: 2.xxx.xxx.xxx:52772 peer info: IV_LZ4v2=1
06:46:37 openvpnserver[6727]: 2.xxx.xxx.xxx:52772 peer info: IV_LZO=1
06:46:37 openvpnserver[6727]: 2.xxx.xxx.xxx:52772 peer info: IV_COMP_STUB=1
06:46:37 openvpnserver[6727]: 2.xxx.xxx.xxx:52772 peer info: IV_COMP_STUBv2=1
06:46:37 openvpnserver[6727]: 2.xxx.xxx.xxx:52772 peer info: IV_TCPNL=1
06:46:37 openvpnserver[6727]: 2.xxx.xxx.xxx:52772 peer info: IV_GUI_VER=“net.tunnelblick.tunnelblick_5770_3.8.7a__build_5770)”
06:46:37 openvpnserver[6727]: 2.xxx.xxx.xxx:52772 TLS: Username/Password authentication deferred for username ‘Q!
06:46:37 openvpnserver[6727]: MANAGEMENT: CMD ‘client-auth-nt 153 0’
06:46:37 openvpnserver[6727]: 2.xxx.xxx.xxx:52772 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
06:46:37 openvpnserver[6727]: 2.xxx.xxx.xxx:52772 [Alessandro] Peer Connection Initiated with [AF_INET]2.xxx.xxx.xxx:52772
06:46:37 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 MULTI_sva: pool returned IPv4=10.11.213.14, IPv6=(Not enabled)
06:46:37 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 OPTIONS IMPORT: reading client specific options from: /var/ipfire/ovpn/ccd/Alessandro
06:46:37 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_196efb46621545db17292081b7afb69d.tmp
06:46:37 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 MULTI: Learn: 10.11.213.14 → Alessandro/2.xxx.xxx.xxx:52772
06:46:37 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 MULTI: primary virtual IP for Alessandro/2.xxx.xxx.xxx:52772: 10.11.213.14
06:46:37 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 Outgoing Data Channel: Cipher ‘CAMELLIA-256-CBC’ initialized with 256 bit key
06:46:37 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 Outgoing Data Channel: Using 512 bit message hash ‘whirlpool’ for HMAC authentication
06:46:37 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 Incoming Data Channel: Cipher ‘CAMELLIA-256-CBC’ initialized with 256 bit key
06:46:37 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 Incoming Data Channel: Using 512 bit message hash ‘whirlpool’ for HMAC authentication
06:46:37 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 SENT CONTROL [Alessandro]: ‘PUSH_REPLY,route 10.11.213.0 255.255.255.0,topology net30,ping 10,ping-restart 60,route 192.168.1.0 255.255.255.0,ifconfig 10.11.213.14 10.11.213.13,peer-id 0,cipher CAMELLIA-256-CBC’ (status=1)
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 VERIFY SCRIPT OK: depth=1, C=FR, O=xxxxinternational, CN=xxxxinternational CA
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 VERIFY OK: depth=1, C=FR, O=xxxxinternational, CN=xxxxinternational CA
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 VERIFY SCRIPT OK: depth=0, C=FR, O=xxxxinternational, CN=Alessandro
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 VERIFY OK: depth=0, C=FR, O=xxxxinternational, CN=Alessandro
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 peer info: IV_VER=2.5.4
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 peer info: IV_PLAT=mac
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 peer info: IV_PROTO=6
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 peer info: IV_NCP=2
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CAMELLIA-256-CBC
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 peer info: IV_LZ4=1
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 peer info: IV_LZ4v2=1
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 peer info: IV_LZO=1
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 peer info: IV_COMP_STUB=1
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 peer info: IV_COMP_STUBv2=1
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 peer info: IV_TCPNL=1
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 peer info: IV_GUI_VER=“net.tunnelblick.tunnelblick_5770_3.8.7a__build_5770)”
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 TLS: Username/Password authentication deferred for username 'Q!

07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 Outgoing Data Channel: Cipher ‘CAMELLIA-256-CBC’ initialized with 256 bit key
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 Outgoing Data Channel: Using 512 bit message hash ‘whirlpool’ for HMAC authentication
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 Incoming Data Channel: Cipher ‘CAMELLIA-256-CBC’ initialized with 256 bit key
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 Incoming Data Channel: Using 512 bit message hash ‘whirlpool’ for HMAC authentication
07:46:38 openvpnserver[6727]: MANAGEMENT: CMD ‘client-auth-nt 153 2’
07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256

Can you see any difference in the logs as you posted them and after you successfully connect? Can you do the same comparison also from the client side?

I noticed this in your logs (notice my use of the preformatted text):

07:46:38 openvpnserver[6727]: Alessandro/2.xxx.xxx.xxx:52772 TLS: Username/Password authentication deferred for username 'Q!’

Maybe you have this problem:

https://community.openvpn.net/openvpn/ticket/222

It could fit the randomness of your connection.


EDIT: moderator corrected link

This should help:

1 Like