Hi,
When I try to connect through OpenVPN, after providing a username and password, the connection is not completed, always staying stopped with the message:
MANAGEMENT:> STATE: 1602157800, WAIT ,
The connection type is Host-to-Net Virtual Private Network (RoadWarrior).
Can anybody help me?
Thank you!
Hi romagalo,
this message do not points out what the problem is. May you search further or you can also post the log, please x out the personal data then.
Best,
Erik
Hi Erik,
Thanks!
Thu Oct 08 14:21:44 2020 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019
Thu Oct 08 14:21:44 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Oct 08 14:21:44 2020 library versions: OpenSSL 1.1.0l 10 Sep 2019, LZO 2.10
Enter Management Password:
Thu Oct 08 14:21:44 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Thu Oct 08 14:21:44 2020 Need hold release from management interface, waiting…
Thu Oct 08 14:21:44 2020 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Thu Oct 08 14:21:44 2020 MANAGEMENT: CMD ‘state on’
Thu Oct 08 14:21:44 2020 MANAGEMENT: CMD ‘log all on’
Thu Oct 08 14:21:45 2020 MANAGEMENT: CMD ‘echo all on’
Thu Oct 08 14:21:45 2020 MANAGEMENT: CMD ‘bytecount 5’
Thu Oct 08 14:21:45 2020 MANAGEMENT: CMD ‘hold off’
Thu Oct 08 14:21:45 2020 MANAGEMENT: CMD ‘hold release’
Thu Oct 08 14:21:45 2020 MANAGEMENT: CMD ‘password […]’
Thu Oct 08 14:21:45 2020 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Thu Oct 08 14:21:45 2020 WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1400)
Thu Oct 08 14:21:45 2020 MANAGEMENT: >STATE:1602177705,RESOLVE,
Thu Oct 08 14:21:45 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
Thu Oct 08 14:21:45 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Oct 08 14:21:45 2020 UDP link local: (not bound)
Thu Oct 08 14:21:45 2020 UDP link remote: [AF_INET]x.x.x.x:1194
Thu Oct 08 14:21:45 2020 MANAGEMENT: >STATE:1602177705,WAIT,
#OpenVPN Client conf
tls-client
client
nobind
dev tun
proto udp
tun-mtu 1400
remote [my host] 1194
pkcs12 [my key.p12]
cipher AES-256-CBC
verb 3
remote-cert-tls server
verify-x509-name [my host] name
Hi romagalo,
the server logs are may more interesting to check…
Best,
Erik
| 18:04:06 | openvpnserver[19227]: | Initialization Sequence Completed |
|---|---|---|
| 18:04:06 | openvpnserver[19227]: | IFCONFIG POOL LIST |
| 18:04:06 | openvpnserver[19227]: | IFCONFIG POOL: base=10.215.189.4 size=62, ipv6=0 |
| 18:04:06 | openvpnserver[19227]: | MULTI: multi_init called, r=256 v=256 |
| 18:04:06 | openvpnserver[19227]: | UID set to nobody |
| 18:04:06 | openvpnserver[19227]: | GID set to nobody |
| 18:04:06 | openvpnserver[19227]: | UDPv4 link remote: [AF_UNSPEC] |
| 18:04:06 | openvpnserver[19227]: | UDPv4 link local (bound): [AF_INET][undef]:1194 |
| 18:04:06 | openvpnserver[19227]: | Socket Buffers: R=[212992->212992] S=[212992->212992] |
| 18:04:06 | openvpnserver[19227]: | Could not determine IPv4/IPv6 protocol. Using AF_INET |
| 18:04:06 | openvpnserver[19227]: | /sbin/ip route add 10.215.189.0/24 via 10.215.189.2 |
| 18:04:06 | openvpnserver[19227]: | /sbin/ip route add 10.0.50.0/24 via 10.215.189.2 |
| 18:04:06 | openvpnserver[19227]: | /sbin/ip route add 192.168.50.0/24 via 10.215.189.2 |
| 18:04:06 | openvpnserver[19227]: | /sbin/ip addr add dev tun0 local 10.215.189.1 peer 10.215.189.2 |
| 18:04:06 | openvpnserver[19227]: | /sbin/ip link set dev tun0 up mtu 1400 |
| 18:04:06 | openvpnserver[19227]: | TUN/TAP TX queue length set to 100 |
| 18:04:06 | openvpnserver[19227]: | TUN/TAP device tun0 opened |
| 18:04:06 | openvpnserver[19227]: | ROUTE_GATEWAY 10.255.255.36 |
| 18:04:06 | openvpnserver[19227]: | WARNING: normally if you use --mssfix and/or --fragment, you should also set --t un-mtu 1500 (currently it is 1400) |
| 18:04:06 | openvpnserver[19227]: | CRL: loaded 1 CRLs from file /var/ipfire/ovpn/crls/cacrl.pem |
| 18:04:06 | openvpnserver[19227]: | Diffie-Hellman initialized with 2048 bit key |
| 18:04:06 | openvpnserver[19227]: | NOTE: the current --script-security setting may allow this configuration to call user-defined scripts |
| 18:04:06 | openvpnserver[19227]: | WARNING: --keepalive option is missing from server config |
| 18:04:06 | openvpnserver[19226]: | library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.09 |
| 18:04:06 | openvpnserver[19226]: | OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINF O] [AEAD] built on Jun 26 2020 |
| 18:03:50 | openvpnserver[7789]: | SIGTERM[hard,] received, process exiting |
| 18:03:50 | openvpnserver[7789]: | Linux ip addr del failed: external program exited with error status: 2 |
| 18:03:50 | openvpnserver[7789]: | /sbin/ip addr del dev tun0 local 10.215.189.1 peer 10.215.189.2 |
| 18:03:50 | openvpnserver[7789]: | Closing TUN/TAP interface |
| 18:03:50 | openvpnserver[7789]: | ERROR: Linux route delete command failed: external program exited with error sta tus: 2 |
| 18:03:50 | openvpnserver[7789]: | /sbin/ip route del 10.215.189.0/24 |
| 18:03:50 | openvpnserver[7789]: | ERROR: Linux route delete command failed: external program exited with error sta tus: 2 |
| 18:03:50 | openvpnserver[7789]: | /sbin/ip route del 192.168.50.0/24 |
| 18:03:50 | openvpnserver[7789]: | ERROR: Linux route delete command failed: external program exited with error sta tus: 2 |
| 18:03:50 | openvpnserver[7789]: | /sbin/ip route del 10.0.50.0/24 |
| 18:03:50 | openvpnserver[7789]: | event_wait : Interrupted system call (code=4) |
Good morning,
there is no connection attempt on the OpenVPN server. The client log can point to a closed firewall. Do you have a preceding router before IPFire? If so, you would need a port forward rule. Another point can be that your ‘Local VPN Hostname/IP’ is not reachable from the outside if you use a kind of DDNS it might be an idea to check if it works correctly.
Some ideas for the first,
Best,
Erik
Thanks Erik,
The router before IPFire was blocking all.
Solved!
Your welcome.