Gentlemen,

since almost 2 years I was happy using openvpnconnect for a roadwarrior.

Roadwarrior uses win 10 and connected to ipfire 190, 192, 194 and 195 with 3 different releases.

• openvpnconnect 3.3.7 (2979)
• openvpnconnect 3.4.3 (3337)
• openvpnconnect 3.8.0 (4528)

At least one of my ipfires at core 195 works with openvpnconnect 3.43 and 3.8.0 until now.

I’ve got another ipfire which I updated to Core 197.

Both ipfires are connected to each other using openvpn n2n.

But after updating one of both ipfires from 195 to 197 I can connect that roadwarrior running openvpnconnet 3.8.0 (4528) to the first ipfire running 195.

But I can’t connect the same roadwarrior to ipfire 197.

I read bug-reports

• 13901 – iroute line is only written for the first of the OpenVPN client routes
• 13900 – “Additional configuration” is missing in OpenVPN Advanced Settings (CU197)
• 13895 – OpenVPN GUI does not apply DNS resolver settings for individual roadwarrrior connections
• 13896 – OpenVPN RW port not opened in firewall after reboot

Nothing helped. openvpnconnect answers “time out” or sometimes “dns error”. which indicates problems on the windows-roadwarrior.

But why does the same system successfully connect to the other ipfire 195?

I deleted roadwarrior on 197 and created a new one. I installed ca-cert again. I manually applied the patch within bugreport 13896 – OpenVPN RW port not opened in firewall after reboot to that files.

Nothing helped. I do not find anything in the logs. I wonder about that, because of mentioned “DNS-error”.

This leads me show my firewall rules to the experts because I’m not totally familiar with the output of iptables.

Shouldn’t there be an open port for roadwarrior on red?:

[root@ipfire ~]# iptables -L -n -v | grep “OVP”
11 988 OVPNBLOCK all – tun+ * 0.0.0.0/0 0.0.0.0/0
5284 384K OVPNINPUTRW all – * * 0.0.0.0/0 0.0.0.0/0
5282 384K OVPNINPUTN2N all – * * 0.0.0.0/0 0.0.0.0/0
8294 4152K OVPNBLOCK all – tun+ * 0.0.0.0/0 0.0.0.0/0
6010 1385K OVPNBLOCK all – * tun+ 0.0.0.0/0 0.0.0.0/0
Chain OVPNBLOCK (3 references)
Chain OVPNINPUTN2N (1 references)
Chain OVPNINPUTRW (1 references)

What should be in ovpn-file? Anything wrong?

########################################################################

IPFire OpenVPN Client Configuration for “TP580”

########################################################################
client
dev tun

remote (red0-ip) 1024
proto udp
tun-mtu 1360
remote-cert-tls server
verify-x509-name (domain) name
mssfix 0
auth SHA512
auth-nocache
;auth-token-user USER
;auth-token TOTP
;auth-retry interact

-----BEGIN CERTIFICATE-----

-—END CERTIFICATE-----

# # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----

Any ideas?

There is no possibility to delete x509 completely due to an working n2n connection.

Thanks again.

Have you tried testing connections using the OpenVPN GUI community client?

edit
What do OpenVPN logs show?

WUI–>Logs–>System Logs –> Select Section: OpenVPN then Update

edit2

You may need to download the PKCS12 file.

then import certificate

then select the certificate for the connection

The logs show nothing because this issue was caused by dns-troubles.

There are no connection-issues using OpenVPN Connect 3.8.0 (4528) running win 10 for a roadwarrior with ciphers AES-GCM 256, Hash SHA2-512, Fallback-ciphers AES-GCM 256, TLS-channel protection.