hm, both IPFIRE now have different public IPs.
How does IPFIRE1 get to know the dyndns from the IPFIRE2? How do I enter the dyndnsIP in the OPENVPN connection?
This is the client-side protocoll:
17:40:22 openvpnserver[2378]: event_wait : Interrupted system call (code=4)
17:40:22 openvpnserver[2378]: /sbin/ip route del 10.38.129.0/24
17:40:22 openvpnserver[2378]: ERROR: Linux route delete command failed: external program exited with error status: 2
17:40:22 openvpnserver[2378]: Closing TUN/TAP interface
17:40:22 openvpnserver[2378]: /sbin/ip addr del dev tun0 local 10.38.129.1 peer 10.38.129.2
17:40:22 openvpnserver[2378]: Linux ip addr del failed: external program exited with error status: 2
17:40:22 openvpnserver[2378]: SIGTERM[hard,] received, process exiting
17:41:02 VPNHolzhausenvierteln2n[3145]: Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
17:41:02 VPNHolzhausenvierteln2n[3145]: WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
17:41:02 VPNHolzhausenvierteln2n[3145]: OpenVPN 2.5.8 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 14 2023
17:41:02 VPNHolzhausenvierteln2n[3145]: library versions: OpenSSL 1.1.1t 7 Feb 2023, LZO 2.10
17:41:02 VPNHolzhausenvierteln2n[3147]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:2000
17:41:02 VPNHolzhausenvierteln2n[3147]: RESOLVE: Cannot resolve host address: ipfire1.hauptwache:2000 (Name or service not known)
17:41:02 VPNHolzhausenvierteln2n[3147]: ROUTE_GATEWAY 192.168.146.1/255.255.255.0 IFACE=red0 HWADDR=00:0d:b9:60:6d:1b
17:41:02 VPNHolzhausenvierteln2n[3147]: TUN/TAP device tun0 opened
17:41:02 VPNHolzhausenvierteln2n[3147]: /sbin/ip link set dev tun0 up mtu 1500
17:41:02 VPNHolzhausenvierteln2n[3147]: /sbin/ip link set dev tun0 up
17:41:02 VPNHolzhausenvierteln2n[3147]: /sbin/ip addr add dev tun0 local 10.10.1.2 peer 10.10.1.1
17:41:02 VPNHolzhausenvierteln2n[3147]: /sbin/ip route add 192.168.222.0/24 via 10.10.1.1
17:41:03 VPNHolzhausenvierteln2n[3147]: RESOLVE: Cannot resolve host address: ipfire1.hauptwache:2000 (Name or service not known)
17:41:03 VPNHolzhausenvierteln2n[3147]: Could not determine IPv4/IPv6 protocol
17:41:03 VPNHolzhausenvierteln2n[3147]: GID set to nobody
17:41:03 VPNHolzhausenvierteln2n[3147]: UID set to nobody
17:41:03 VPNHolzhausenvierteln2n[3147]: SIGUSR1[soft,init_instance] received, process restarting
17:41:03 VPNHolzhausenvierteln2n[3147]: Restart pause, 5 second(s)
17:41:05 VPNHolzhausenvierteln2n[3147]: MANAGEMENT: Client connected from [AF_INET]127.0.0.1:2000
17:41:05 VPNHolzhausenvierteln2n[3147]: MANAGEMENT: CMD ‘state’
17:41:05 VPNHolzhausenvierteln2n[3147]: MANAGEMENT: Client disconnected
17:41:08 VPNHolzhausenvierteln2n[3147]: RESOLVE: Cannot resolve host address: ipfire1.hauptwache:2000 (Name or service not known)
17:41:08 VPNHolzhausenvierteln2n[3147]: Preserving previous TUN/TAP instance: tun0
17:41:08 VPNHolzhausenvierteln2n[3147]: RESOLVE: Cannot resolve host address: ipfire1.hauptwache:2000 (Name or service not known)
17:41:08 VPNHolzhausenvierteln2n[3147]: Could not determine IPv4/IPv6 protocol
17:41:08 VPNHolzhausenvierteln2n[3147]: SIGUSR1[soft,init_instance] received, process restarting
17:41:08 VPNHolzhausenvierteln2n[3147]: Restart pause, 5 second(s)
17:41:13 VPNHolzhausenvierteln2n[3147]: RESOLVE: Cannot resolve host address: ipfire1.hauptwache:2000 (Name or service not known)
17:41:13 VPNHolzhausenvierteln2n[3147]: Preserving previous TUN/TAP instance: tun0
17:41:13 VPNHolzhausenvierteln2n[3147]: RESOLVE: Cannot resolve host address: ipfire1.hauptwache:2000 (Name or service not known)
17:41:13 VPNHolzhausenvierteln2n[3147]: Could not determine IPv4/IPv6 protocol
17:41:13 VPNHolzhausenvierteln2n[3147]: SIGUSR1[soft,init_instance] received, process restarting
17:41:13 VPNHolzhausenvierteln2n[3147]: Restart pause, 5 second(s)
17:41:18 VPNHolzhausenvierteln2n[3147]: RESOLVE: Cannot resolve host address: ipfire1.hauptwache:2000 (Name or service not known)
17:41:18 VPNHolzhausenvierteln2n[3147]: Preserving previous TUN/TAP instance: tun0
17:41:18 VPNHolzhausenvierteln2n[3147]: RESOLVE: Cannot resolve host address: ipfire1.hauptwache:2000 (Name or service not known)
17:41:18 VPNHolzhausenvierteln2n[3147]: Could not determine IPv4/IPv6 protocol
17:41:18 VPNHolzhausenvierteln2n[3147]: SIGUSR1[soft,init_instance] received, process restarting
17:41:18 VPNHolzhausenvierteln2n[3147]: Restart pause, 5 second(s)
17:41:23 VPNHolzhausenvierteln2n[3147]: RESOLVE: Cannot resolve host address: ipfire1.hauptwache:2000 (Name or service not known)
17:41:23 VPNHolzhausenvierteln2n[3147]: Preserving previous TUN/TAP instance: tun0
17:41:23 VPNHolzhausenvierteln2n[3147]: RESOLVE: Cannot resolve host address: ipfire1.hauptwache:2000 (Name or service not known)
17:41:23 VPNHolzhausenvierteln2n[3147]: Could not determine IPv4/IPv6 protocol
17:41:23 VPNHolzhausenvierteln2n[3147]: SIGUSR1[soft,init_instance] received, process restarting
17:41:23 VPNHolzhausenvierteln2n[3147]: Restart pause, 10 second(s)
17:41:33 VPNHolzhausenvierteln2n[3147]: RESOLVE: Cannot resolve host address: ipfire1.hauptwache:2000 (Name or service not known)
17:41:33 VPNHolzhausenvierteln2n[3147]: Preserving previous TUN/TAP instance: tun0
17:41:33 VPNHolzhausenvierteln2n[3147]: RESOLVE: Cannot resolve host address: ipfire1.hauptwache:2000 (Name or service not known)
17:41:33 VPNHolzhausenvierteln2n[3147]: Could not determine IPv4/IPv6 protocol
17:41:33 VPNHolzhausenvierteln2n[3147]: SIGUSR1[soft,init_instance] received, process restarting
17:41:33 VPNHolzhausenvierteln2n[3147]: Restart pause, 20 second(s)
17:41:53 VPNHolzhausenvierteln2n[3147]: RESOLVE: Cannot resolve host address: ipfire1.hauptwache:2000 (Name or service not known)
17:41:53 VPNHolzhausenvierteln2n[3147]: Preserving previous TUN/TAP instance: tun0
17:41:53 VPNHolzhausenvierteln2n[3147]: RESOLVE: Cannot resolve host address: ipfire1.hauptwache:2000 (Name or service not known)
17:41:53 VPNHolzhausenvierteln2n[3147]: Could not determine IPv4/IPv6 protocol
17:41:53 VPNHolzhausenvierteln2n[3147]: SIGUSR1[soft,init_instance] received, process restarting
17:41:53 VPNHolzhausenvierteln2n[3147]: Restart pause, 40 second(s)
17:42:08 VPNHolzhausenvierteln2n[3147]: MANAGEMENT: Client connected from [AF_INET]127.0.0.1:2000
17:42:08 VPNHolzhausenvierteln2n[3147]: MANAGEMENT: CMD ‘state’
17:42:08 VPNHolzhausenvierteln2n[3147]: MANAGEMENT: Client disconnected
17:42:33 VPNHolzhausenvierteln2n[3147]: RESOLVE: Cannot resolve host address: ipfire1.hauptwache:2000 (Name or service not known)
17:42:33 VPNHolzhausenvierteln2n[3147]: Preserving previous TUN/TAP instance: tun0
17:42:33 VPNHolzhausenvierteln2n[3147]: RESOLVE: Cannot resolve host address: ipfire1.hauptwache:2000 (Name or service not known)
17:42:33 VPNHolzhausenvierteln2n[3147]: Could not determine IPv4/IPv6 protocol
17:42:33 VPNHolzhausenvierteln2n[3147]: SIGUSR1[soft,init_instance] received, process restarting
17:42:33 VPNHolzhausenvierteln2n[3147]: Restart pause, 80 second(s)
Here is the server side:
17:41:11 VPNHolzhausenvierteln2n[23120]: Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
17:41:11 VPNHolzhausenvierteln2n[23120]: WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure
17:41:11 VPNHolzhausenvierteln2n[23120]: OpenVPN 2.5.8 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 14 2023
17:41:11 VPNHolzhausenvierteln2n[23120]: library versions: OpenSSL 1.1.1t 7 Feb 2023, LZO 2.10
17:41:11 VPNHolzhausenvierteln2n[23121]: MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:2000
17:41:11 VPNHolzhausenvierteln2n[23121]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
17:41:11 VPNHolzhausenvierteln2n[23121]: Diffie-Hellman initialized with 4096 bit key
17:41:11 VPNHolzhausenvierteln2n[23121]: ROUTE_GATEWAY 192.168.150.1/255.255.255.0 IFACE=red0 HWADDR=00:0d:b9:60:5a:fb
17:41:11 VPNHolzhausenvierteln2n[23121]: TUN/TAP device tun0 opened
17:41:11 VPNHolzhausenvierteln2n[23121]: /sbin/ip link set dev tun0 up mtu 1500
17:41:11 VPNHolzhausenvierteln2n[23121]: /sbin/ip link set dev tun0 up
17:41:11 VPNHolzhausenvierteln2n[23121]: /sbin/ip addr add dev tun0 local 10.10.1.1 peer 10.10.1.2
17:41:11 VPNHolzhausenvierteln2n[23121]: /etc/init.d/static-routes start tun0 1500 1605 10.10.1.1 10.10.1.2 init
17:41:11 VPNHolzhausenvierteln2n[23121]: /sbin/ip route add 192.168.1.0/24 via 10.10.1.2
17:41:11 VPNHolzhausenvierteln2n[23121]: TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.1:2000
17:41:11 VPNHolzhausenvierteln2n[23121]: Socket Buffers: R=[212992->212992] S=[212992->212992]
17:41:11 VPNHolzhausenvierteln2n[23121]: UDPv4 link local (bound): [AF_INET]192.168.150.172:2000
17:41:11 VPNHolzhausenvierteln2n[23121]: UDPv4 link remote: [AF_INET]192.168.1.1:2000
17:41:11 VPNHolzhausenvierteln2n[23121]: GID set to nobody
17:41:11 VPNHolzhausenvierteln2n[23121]: UID set to nobody
17:41:14 VPNHolzhausenvierteln2n[23121]: MANAGEMENT: Client connected from [AF_INET]127.0.0.1:2000
17:41:14 VPNHolzhausenvierteln2n[23121]: MANAGEMENT: CMD ‘state’
17:41:14 VPNHolzhausenvierteln2n[23121]: MANAGEMENT: Client disconnected
17:41:18 openvpnserver[23278]: DEPRECATED OPTION: ncp-disable. Disabling cipher negotiation is a deprecated debug feature that will be removed in OpenVPN 2.6
17:41:18 openvpnserver[23278]: WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible.
17:41:18 openvpnserver[23278]: DEPRECATED OPTION: --cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add ‘AES-256-CBC’ to --data-ciphers or change --cipher ‘AES-256-CBC’ to --data-ciphers-fallback ‘AES-256-CBC’ to silence this warning.
17:41:18 openvpnserver[23278]: OpenVPN 2.5.8 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 14 2023
17:41:18 openvpnserver[23278]: library versions: OpenSSL 1.1.1t 7 Feb 2023, LZO 2.10
17:41:18 openvpnserver[23279]: MANAGEMENT: unix domain socket listening on /var/run/openvpn.sock
17:41:18 openvpnserver[23279]: WARNING: --keepalive option is missing from server config
17:41:18 openvpnserver[23279]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
17:41:18 openvpnserver[23279]: Diffie-Hellman initialized with 4096 bit key
17:41:18 openvpnserver[23279]: CRL: loaded 1 CRLs from file /var/ipfire/ovpn/crls/cacrl.pem
17:41:18 openvpnserver[23279]: ROUTE_GATEWAY 192.168.150.1/255.255.255.0 IFACE=red0 HWADDR=00:0d:b9:60:5a:fb
17:41:18 openvpnserver[23279]: TUN/TAP device tun1 opened
17:41:18 openvpnserver[23279]: /sbin/ip link set dev tun1 up mtu 1400
17:41:18 openvpnserver[23279]: /sbin/ip link set dev tun1 up
17:41:18 openvpnserver[23279]: /sbin/ip addr add dev tun1 local 10.137.89.1 peer 10.137.89.2
17:41:18 openvpnserver[23279]: /sbin/ip route add 10.137.89.0/24 via 10.137.89.2
17:41:18 openvpnserver[23279]: Could not determine IPv4/IPv6 protocol. Using AF_INET
17:41:18 openvpnserver[23279]: Socket Buffers: R=[212992->212992] S=[212992->212992]
17:41:18 openvpnserver[23279]: UDPv4 link local (bound): [AF_INET][undef]:1194
17:41:18 openvpnserver[23279]: UDPv4 link remote: [AF_UNSPEC]
17:41:18 openvpnserver[23279]: GID set to nobody
17:41:18 openvpnserver[23279]: UID set to nobody
17:41:18 openvpnserver[23279]: MULTI: multi_init called, r=256 v=256
17:41:18 openvpnserver[23279]: IFCONFIG POOL IPv4: base=10.137.89.4 size=62
17:41:18 openvpnserver[23279]: IFCONFIG POOL LIST
17:41:18 openvpnserver[23279]: Initialization Sequence Completed
17:41:18 openvpnserver[23279]: MANAGEMENT: Client connected from /var/run/openvpn.sock
17:41:18 VPNHolzhausenvierteln2n[23121]: MANAGEMENT: Client connected from [AF_INET]127.0.0.1:2000
17:41:18 VPNHolzhausenvierteln2n[23121]: MANAGEMENT: CMD ‘state’
17:41:18 VPNHolzhausenvierteln2n[23121]: MANAGEMENT: Client disconnected
17:42:11 VPNHolzhausenvierteln2n[23121]: [UNDEF] Inactivity timeout (–ping-restart), restarting
17:42:11 VPNHolzhausenvierteln2n[23121]: SIGUSR1[soft,ping-restart] received, process restarting
17:42:11 VPNHolzhausenvierteln2n[23121]: Restart pause, 5 second(s)
17:42:16 VPNHolzhausenvierteln2n[23121]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
17:42:16 VPNHolzhausenvierteln2n[23121]: Preserving previous TUN/TAP instance: tun0
17:42:16 VPNHolzhausenvierteln2n[23121]: TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.1:2000
17:42:16 VPNHolzhausenvierteln2n[23121]: Socket Buffers: R=[212992->212992] S=[212992->212992]
17:42:16 VPNHolzhausenvierteln2n[23121]: UDPv4 link local (bound): [AF_INET]192.168.150.172:2000
17:42:16 VPNHolzhausenvierteln2n[23121]: UDPv4 link remote: [AF_INET]192.168.1.1:2000
17:43:16 VPNHolzhausenvierteln2n[23121]: [UNDEF] Inactivity timeout (–ping-restart), restarting
17:43:16 VPNHolzhausenvierteln2n[23121]: SIGUSR1[soft,ping-restart] received, process restarting
17:43:16 VPNHolzhausenvierteln2n[23121]: Restart pause, 5 second(s)
17:43:21 VPNHolzhausenvierteln2n[23121]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
17:43:21 VPNHolzhausenvierteln2n[23121]: Preserving previous TUN/TAP instance: tun0
17:43:21 VPNHolzhausenvierteln2n[23121]: TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.1:2000
17:43:21 VPNHolzhausenvierteln2n[23121]: Socket Buffers: R=[212992->212992] S=[212992->212992]
17:43:21 VPNHolzhausenvierteln2n[23121]: UDPv4 link local (bound): [AF_INET]192.168.150.172:2000
17:43:21 VPNHolzhausenvierteln2n[23121]: UDPv4 link remote: [AF_INET]192.168.1.1:2000
17:44:21 VPNHolzhausenvierteln2n[23121]: [UNDEF] Inactivity timeout (–ping-restart), restarting
17:44:21 VPNHolzhausenvierteln2n[23121]: SIGUSR1[soft,ping-restart] received, process restarting
17:44:21 VPNHolzhausenvierteln2n[23121]: Restart pause, 5 second(s)
17:44:26 VPNHolzhausenvierteln2n[23121]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
17:44:26 VPNHolzhausenvierteln2n[23121]: Preserving previous TUN/TAP instance: tun0
17:44:26 VPNHolzhausenvierteln2n[23121]: TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.1:2000
17:44:26 VPNHolzhausenvierteln2n[23121]: Socket Buffers: R=[212992->212992] S=[212992->212992]
17:44:26 VPNHolzhausenvierteln2n[23121]: UDPv4 link local (bound): [AF_INET]192.168.150.172:2000
17:44:26 VPNHolzhausenvierteln2n[23121]: UDPv4 link remote: [AF_INET]192.168.1.1:2000
17:45:26 VPNHolzhausenvierteln2n[23121]: [UNDEF] Inactivity timeout (–ping-restart), restarting
17:45:26 VPNHolzhausenvierteln2n[23121]: SIGUSR1[soft,ping-restart] received, process restarting
17:45:26 VPNHolzhausenvierteln2n[23121]: Restart pause, 5 second(s)
17:45:31 VPNHolzhausenvierteln2n[23121]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
17:45:31 VPNHolzhausenvierteln2n[23121]: Preserving previous TUN/TAP instance: tun0
17:45:31 VPNHolzhausenvierteln2n[23121]: TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.1.1:2000
17:45:31 VPNHolzhausenvierteln2n[23121]: Socket Buffers: R=[212992->212992] S=[212992->212992]
17:45:31 VPNHolzhausenvierteln2n[23121]: UDPv4 link local (bound): [AF_INET]192.168.150.172:2000
17:45:31 VPNHolzhausenvierteln2n[23121]: UDPv4 link remote: [AF_INET]192.168.1.1:2000