I need away to restart openvpn. I’m getting stuck users and the only way to log them out is to stop and start. I am remote and stopping openvpn locks me out. Restarting at least would let me back in after the openvpn server restart.
Can you describe these “stuck users” in more detail? Maybe there is a solution that does not involve restarting.
Are the users unable to turn off OVPN? Or are they turning it off successfully from their end, but the IPFire UI shows they are still logged in?
In the webui the users are listed as connected but they are not and cannot connect. When I stop and start OpenVPN server they still cannot connect and still show as connected. The only way I’ve been able to get them reconnected is to reboot the IPfire firewall. Another weird thing is when I stop the OpenVPN server the home page still shows it running.
Any clues in the logs?
Logs->System Logs->OpenVPN
I need to get Teamview back into the network. My Openvpn is one of the locked out users. I’ll get back to you. Thanks.
When you say that you stop and start OpenVPN server do you mean on the WUI OpenVPN page or do you mean via the console?
The wui OpenVPN page. I wish there was a restart OpenVPN button on the WUI OpenVPN page. I got someone to reboot the IPfire so I can get back in and look at the logs.
1 Like
When you stop the OpenVPN server running via the WUI and your connection is also via OpenVPN then your connection to the WUI is lost so when you look at the home page, if it was cached in your browser then you will see the status it was at before you stopped the server.
If you have no browser caching then if you lose your connection then you will also end up with a blank page except for a message saying that the connection to the URL has been lost.
Yes, but someone has to go and do it and it is not as simple as just sticking another button in. A restart button should only be shown or allowed to be pressed when the server is running. If restart is run when the server is already stopped then error messages will occur because the involved daemons, openvpn and openvpn-authenticator are already stopped. So the restart button must only be allowed to be pressed when the server is actually running.
The other factor is that the openvpnctrl c program has a restart option but when I tried it from the command line it stopped the server running and it stayed stopped. Trying to start it from either the WUI or the console failed to get it to start and the only way I could get it to start was by rebooting.
I just found the reason the restart command doesn’t work. There is a restart section in the ovpnmain.cgi code but it is commented out due to the fact that the openvpn daemon SIGHUP does not work when running as nobody, which is how it is running in IPFire.
So restart has been there in the past but it fails to work properly with the OpenVPN daemon and it has been like that since at least 2012, so I doubt that the OpenVPN developers are likely to change anything now.
That’s a bummer. Especially when remote using Openvpn for access to IPfire WUI. Have you successfully stopped OpenVPN and check the System/Home page and see if the OpenVPN is still online? I’ve tried killing the process and starting it. I get connected but no access to the local network. I have to have someone reboot IPFire.
Here is the logs.
| 7:01:33 | openvpnserver[5428]: | 10.1.10.69:51171 TLS: Initial packet from [AF_INET]10.1.10.69:51171, sid=c813d86 e a59fa3cf |
|---|---|---|
| 17:01:33 | openvpnserver[5428]: | 10.1.10.69:51171 VERIFY SCRIPT OK: depth=1, C=US, ST=PA, L=Exton, O=VisualTechno logy, OU=IT, CN=VisualTechnology CA, emailAddress=willie@yaconiello.org |
| 17:01:33 | openvpnserver[5428]: | 10.1.10.69:51171 VERIFY OK: depth=1, C=US, ST=PA, L=Exton, O=VisualTechnology, O U=IT, CN=VisualTechnology CA, emailAddress=willie@yaconiello.org |
| 17:01:33 | openvpnserver[5428]: | 10.1.10.69:51171 VERIFY SCRIPT OK: depth=0, C=US, ST=PA, O=VisualTechnology, OU= IT, CN=Willie |
| 17:01:33 | openvpnserver[5428]: | 10.1.10.69:51171 VERIFY OK: depth=0, C=US, ST=PA, O=VisualTechnology, OU=IT, CN= Willie |
| 17:01:33 | openvpnserver[5428]: | 10.1.10.69:51171 peer info: IV_VER=2.6.10 |
| 17:01:33 | openvpnserver[5428]: | 10.1.10.69:51171 peer info: IV_PLAT=win |
| 17:01:33 | openvpnserver[5428]: | 10.1.10.69:51171 peer info: IV_TCPNL=1 |
| 17:01:33 | openvpnserver[5428]: | 10.1.10.69:51171 peer info: IV_MTU=1600 |
| 17:01:33 | openvpnserver[5428]: | 10.1.10.69:51171 peer info: IV_NCP=2 |
| 17:01:33 | openvpnserver[5428]: | 10.1.10.69:51171 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305 |
| 17:01:33 | openvpnserver[5428]: | 10.1.10.69:51171 peer info: IV_PROTO=990 |
| 17:01:33 | openvpnserver[5428]: | 10.1.10.69:51171 peer info: IV_LZO_STUB=1 |
| 17:01:33 | openvpnserver[5428]: | 10.1.10.69:51171 peer info: IV_COMP_STUB=1 |
| 17:01:33 | openvpnserver[5428]: | 10.1.10.69:51171 peer info: IV_COMP_STUBv2=1 |
| 17:01:33 | openvpnserver[5428]: | 10.1.10.69:51171 TLS: Username/Password authentication deferred for username ‘Q! _’ |
| 17:01:33 | openvpnserver[5428]: | 10.1.10.69:51171 WARNING: ‘link-mtu’ is used inconsistently, local=‘link-mtu 144 9’, remote=‘link-mtu 1501’ |
| 17:01:33 | openvpnserver[5428]: | 10.1.10.69:51171 WARNING: ‘auth’ is used inconsistently, local=‘auth [null-diges t]’, remote=‘auth SHA512’ |
| 17:01:33 | openvpnserver[5428]: | MANAGEMENT: CMD ‘client-auth-nt 1 0’ |
| 17:01:33 | openvpnserver[5428]: | 10.1.10.69:51171 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384 , peer certificate: 4096 bit RSA, signature: RSA-SHA256 |
| 17:01:33 | openvpnserver[5428]: | 10.1.10.69:51171 [Willie] Peer Connection Initiated with [AF_INET]10.1.10.69:511 71 |
| 17:01:33 | openvpnserver[5428]: | Willie/10.1.10.69:51171 MULTI_sva: pool returned IPv4=10.155.168.10, IPv6=(Not e nabled) |
| 17:01:33 | openvpnserver[5428]: | Willie/10.1.10.69:51171 OPTIONS IMPORT: reading client specific options from: /v ar/ipfire/ovpn/ccd/Willie |
| 17:01:34 | openvpnserver[5428]: | Willie/10.1.10.69:51171 OPTIONS IMPORT: reading client specific options from: /t mp/openvpn_cc_12b826dcb9bcccb21c33c8fead239315.tmp |
| 17:01:34 | openvpnserver[5428]: | Willie/10.1.10.69:51171 MULTI: Learn: 10.155.168.10 → Willie/10.1.10.69:51171 |
| 17:01:34 | openvpnserver[5428]: | Willie/10.1.10.69:51171 MULTI: primary virtual IP for Willie/10.1.10.69:51171: 1 0.155.168.10 |
| 17:01:34 | openvpnserver[5428]: | Willie/10.1.10.69:51171 Outgoing Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key |
| 17:01:34 | openvpnserver[5428]: | Willie/10.1.10.69:51171 Incoming Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key |
| 17:01:34 | openvpnserver[5428]: Willie/10.1.10.69:51171 SENT CONTROL [Willie]: | ‘PUSH_REPLY,route 10.155.168.1,topology net30,redirect-gateway,route 192.168.11. 0 255.255.255.0,dhcp-option DNS 192.168.11.168,dhcp-option DNS 8.8.8.8,ifconfig 10.155.168.10 10.155.168.9,peer-id 1,cipher AES-256-GCM’ (status=1) |
| 17:01:43 | openvpnserver[5428]: | 10.1.10.69:55553 TLS: Initial packet from [AF_INET]10.1.10.69:55553, sid=e63e0e7 5 73a9b6d6 |
| 17:01:43 | openvpnserver[5428]: | 10.1.10.69:55553 VERIFY SCRIPT OK: depth=1, C=US, ST=PA, L=Exton, O=VisualTechno logy, OU=IT, CN=VisualTechnology CA, emailAddress=willie@yaconiello.org |
| 17:01:43 | openvpnserver[5428]: | 10.1.10.69:55553 VERIFY OK: depth=1, C=US, ST=PA, L=Exton, O=VisualTechnology, O U=IT, CN=VisualTechnology CA, emailAddress=willie@yaconiello.org |
| 17:01:43 | openvpnserver[5428]: | 10.1.10.69:55553 VERIFY SCRIPT OK: depth=0, C=US, ST=PA, O=VisualTechnology, OU= IT, CN=Willie |
| 17:01:43 | openvpnserver[5428]: | 10.1.10.69:55553 VERIFY OK: depth=0, C=US, ST=PA, O=VisualTechnology, OU=IT, CN= Willie |
| 17:01:43 | openvpnserver[5428]: | 10.1.10.69:55553 peer info: IV_VER=2.6.10 |
| 17:01:43 | openvpnserver[5428]: | 10.1.10.69:55553 peer info: IV_PLAT=win |
| 17:01:43 | openvpnserver[5428]: | 10.1.10.69:55553 peer info: IV_TCPNL=1 |
| 17:01:43 | openvpnserver[5428]: | 10.1.10.69:55553 peer info: IV_MTU=1600 |
| 17:01:43 | openvpnserver[5428]: | 10.1.10.69:55553 peer info: IV_NCP=2 |
| 17:01:43 | openvpnserver[5428]: | 10.1.10.69:55553 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305 |
| 17:01:43 | openvpnserver[5428]: | 10.1.10.69:55553 peer info: IV_PROTO=990 |
| 17:01:43 | openvpnserver[5428]: | 10.1.10.69:55553 peer info: IV_LZO_STUB=1 |
| 17:01:43 | openvpnserver[5428]: | 10.1.10.69:55553 peer info: IV_COMP_STUB=1 |
| 17:01:43 | openvpnserver[5428]: | 10.1.10.69:55553 peer info: IV_COMP_STUBv2=1 |
| 17:01:43 | openvpnserver[5428]: | 10.1.10.69:55553 TLS: Username/Password authentication deferred for username ‘Q! _’ |
| 17:01:43 | openvpnserver[5428]: | 10.1.10.69:55553 WARNING: ‘link-mtu’ is used inconsistently, local=‘link-mtu 144 9’, remote=‘link-mtu 1501’ |
| 17:01:43 | openvpnserver[5428]: | 10.1.10.69:55553 WARNING: ‘auth’ is used inconsistently, local=‘auth [null-diges t]’, remote=‘auth SHA512’ |
| 17:01:43 | openvpnserver[5428]: | MANAGEMENT: CMD ‘client-auth-nt 2 0’ |
| 17:01:43 | openvpnserver[5428]: | 10.1.10.69:55553 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384 , peer certificate: 4096 bit RSA, signature: RSA-SHA256 |
| 17:01:43 | openvpnserver[5428]: | 10.1.10.69:55553 [Willie] Peer Connection Initiated with [AF_INET]10.1.10.69:555 53 |
| 17:01:43 | openvpnserver[5428]: | MULTI: new connection by client ‘Willie’ will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you wan t multiple clients using the same certificate or username to concurrently connec t. |
| 17:01:43 | openvpnserver[5428]: | MULTI_sva: pool returned IPv4=10.155.168.10, IPv6=(Not enabled) |
| 17:01:43 | openvpnserver[5428]: | OPTIONS IMPORT: reading client specific options from: /var/ipfire/ovpn/ccd/Willi e |
| 17:01:43 | openvpnserver[5428]: | OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_5c6d92702b e4fdc61c9d72e03521ef.tmp |
| 17:01:43 | openvpnserver[5428]: | MULTI: Learn: 10.155.168.10 → Willie/10.1.10.69:55553 |
| 17:01:43 | openvpnserver[5428]: | MULTI: primary virtual IP for Willie/10.1.10.69:55553: 10.155.168.10 |
| 17:01:43 | openvpnserver[5428]: | Outgoing Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key |
| 17:01:43 | openvpnserver[5428]: | Incoming Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key |
| 17:01:43 | openvpnserver[5428]: SENT CONTROL [Willie]: | ‘PUSH_REPLY,route 10.155.168.1,topology net30,redirect-gateway,route 192.168.11. 0 255.255.255.0,dhcp-option DNS 192.168.11.168,dhcp-option DNS 8.8.8.8,ifconfig 10.155.168.10 10.155.168.9,peer-id 2,cipher AES-256-GCM’ (status=1) |
| 17:01:57 | openvpnserver[5428]: | 10.1.10.69:51277 TLS: Initial packet from [AF_INET]10.1.10.69:51277, sid=3e73059 2 41eaba2f |
| 17:01:57 | openvpnserver[5428]: | 10.1.10.69:51277 VERIFY SCRIPT OK: depth=1, C=US, ST=PA, L=Exton, O=VisualTechno logy, OU=IT, CN=VisualTechnology CA, emailAddress=willie@yaconiello.org |
| 17:01:57 | openvpnserver[5428]: | 10.1.10.69:51277 VERIFY OK: depth=1, C=US, ST=PA, L=Exton, O=VisualTechnology, O U=IT, CN=VisualTechnology CA, emailAddress=willie@yaconiello.org |
| 17:01:58 | openvpnserver[5428]: | 10.1.10.69:51277 VERIFY SCRIPT OK: depth=0, C=US, ST=PA, O=VisualTechnology, OU= IT, CN=Willie |
| 17:01:58 | openvpnserver[5428]: | 10.1.10.69:51277 VERIFY OK: depth=0, C=US, ST=PA, O=VisualTechnology, OU=IT, CN= Willie |
| 17:01:58 | openvpnserver[5428]: | 10.1.10.69:51277 peer info: IV_VER=2.6.10 |
| 17:01:58 | openvpnserver[5428]: | 10.1.10.69:51277 peer info: IV_PLAT=win |
| 17:01:58 | openvpnserver[5428]: | 10.1.10.69:51277 peer info: IV_TCPNL=1 |
| 17:01:58 | openvpnserver[5428]: | 10.1.10.69:51277 peer info: IV_MTU=1600 |
| 17:01:58 | openvpnserver[5428]: | 10.1.10.69:51277 peer info: IV_NCP=2 |
| 17:01:58 | openvpnserver[5428]: | 10.1.10.69:51277 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305 |
| 17:01:58 | openvpnserver[5428]: | 10.1.10.69:51277 peer info: IV_PROTO=990 |
| 17:01:58 | openvpnserver[5428]: | 10.1.10.69:51277 peer info: IV_LZO_STUB=1 |
| 17:01:58 | openvpnserver[5428]: | 10.1.10.69:51277 peer info: IV_COMP_STUB=1 |
| 17:01:58 | openvpnserver[5428]: | 10.1.10.69:51277 peer info: IV_COMP_STUBv2=1 |
| 17:01:58 | openvpnserver[5428]: | 10.1.10.69:51277 TLS: Username/Password authentication deferred for username ‘Q! _’ |
| 17:01:58 | openvpnserver[5428]: | 10.1.10.69:51277 WARNING: ‘link-mtu’ is used inconsistently, local=‘link-mtu 144 9’, remote=‘link-mtu 1501’ |
| 17:01:58 | openvpnserver[5428]: | 10.1.10.69:51277 WARNING: ‘auth’ is used inconsistently, local=‘auth [null-diges t]’, remote=‘auth SHA512’ |
| 17:01:58 | openvpnserver[5428]: | MANAGEMENT: CMD ‘client-auth-nt 3 0’ |
| 17:01:58 | openvpnserver[5428]: | 10.1.10.69:51277 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384 , peer certificate: 4096 bit RSA, signature: RSA-SHA256 |
| 17:01:58 | openvpnserver[5428]: | 10.1.10.69:51277 [Willie] Peer Connection Initiated with [AF_INET]10.1.10.69:512 77 |
| 17:01:58 | openvpnserver[5428]: | MULTI: new connection by client ‘Willie’ will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you wan t multiple clients using the same certificate or username to concurrently connec t. |
| 17:01:58 | openvpnserver[5428]: | MULTI_sva: pool returned IPv4=10.155.168.10, IPv6=(Not enabled) |
| 17:01:58 | openvpnserver[5428]: | OPTIONS IMPORT: reading client specific options from: /var/ipfire/ovpn/ccd/Willi e |
| 17:01:58 | openvpnserver[5428]: | OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_1002c185f6 33b90c772ed9edfb6a6066.tmp |
| 17:01:58 | openvpnserver[5428]: | MULTI: Learn: 10.155.168.10 → Willie/10.1.10.69:51277 |
| 17:01:58 | openvpnserver[5428]: | MULTI: primary virtual IP for Willie/10.1.10.69:51277: 10.155.168.10 |
| 17:01:58 | openvpnserver[5428]: | Outgoing Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key |
| 17:01:58 | openvpnserver[5428]: | Incoming Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key |
| 17:01:58 | openvpnserver[5428]: SENT CONTROL [Willie]: | ‘PUSH_REPLY,route 10.155.168.1,topology net30,redirect-gateway,route 192.168.11. 0 255.255.255.0,dhcp-option DNS 192.168.11.168,dhcp-option DNS 8.8.8.8,ifconfig 10.155.168.10 10.155.168.9,peer-id 1,cipher AES-256-GCM’ (status=1) |
| 17:04:14 | openvpnserver[5428]: | 10.1.10.69:54058 TLS: Initial packet from [AF_INET]10.1.10.69:54058, sid=2c7ca85 6 e63ed49f |
| 17:04:14 | openvpnserver[5428]: | 10.1.10.69:54058 VERIFY SCRIPT OK: depth=1, C=US, ST=PA, L=Exton, O=VisualTechno logy, OU=IT, CN=VisualTechnology CA, emailAddress=willie@yaconiello.org |
| 17:04:14 | openvpnserver[5428]: | 10.1.10.69:54058 VERIFY OK: depth=1, C=US, ST=PA, L=Exton, O=VisualTechnology, O U=IT, CN=VisualTechnology CA, emailAddress=willie@yaconiello.org |
| 17:04:14 | openvpnserver[5428]: | 10.1.10.69:54058 VERIFY SCRIPT OK: depth=0, C=US, ST=PA, O=VisualTechnology, OU= IT, CN=Willie |
| 17:04:14 | openvpnserver[5428]: | 10.1.10.69:54058 VERIFY OK: depth=0, C=US, ST=PA, O=VisualTechnology, OU=IT, CN= Willie |
| 17:04:14 | openvpnserver[5428]: | 10.1.10.69:54058 peer info: IV_VER=2.6.10 |
| 17:04:14 | openvpnserver[5428]: | 10.1.10.69:54058 peer info: IV_PLAT=win |
| 17:04:14 | openvpnserver[5428]: | 10.1.10.69:54058 peer info: IV_TCPNL=1 |
| 17:04:14 | openvpnserver[5428]: | 10.1.10.69:54058 peer info: IV_MTU=1600 |
| 17:04:14 | openvpnserver[5428]: | 10.1.10.69:54058 peer info: IV_NCP=2 |
| 17:04:14 | openvpnserver[5428]: | 10.1.10.69:54058 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305 |
| 17:04:14 | openvpnserver[5428]: | 10.1.10.69:54058 peer info: IV_PROTO=990 |
| 17:04:14 | openvpnserver[5428]: | 10.1.10.69:54058 peer info: IV_LZO_STUB=1 |
| 17:04:14 | openvpnserver[5428]: | 10.1.10.69:54058 peer info: IV_COMP_STUB=1 |
| 17:04:14 | openvpnserver[5428]: | 10.1.10.69:54058 peer info: IV_COMP_STUBv2=1 |
| 17:04:14 | openvpnserver[5428]: | 10.1.10.69:54058 TLS: Username/Password authentication deferred for username ‘Q! _’ |
| 17:04:14 | openvpnserver[5428]: | 10.1.10.69:54058 WARNING: ‘link-mtu’ is used inconsistently, local=‘link-mtu 144 9’, remote=‘link-mtu 1501’ |
| 17:04:14 | openvpnserver[5428]: | 10.1.10.69:54058 WARNING: ‘auth’ is used inconsistently, local=‘auth [null-diges t]’, remote=‘auth SHA512’ |
| 17:04:14 | openvpnserver[5428]: | 10.1.10.69:54058 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384 , peer certificate: 4096 bit RSA, signature: RSA-SHA256 |
| 17:04:14 | openvpnserver[5428]: | 10.1.10.69:54058 [Willie] Peer Connection Initiated with [AF_INET]10.1.10.69:540 58 |
| 17:04:14 | openvpnserver[5428]: | MANAGEMENT: CMD ‘client-auth-nt 4 0’ |
| 17:04:15 | openvpnserver[5428]: | MULTI: new connection by client ‘Willie’ will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you wan t multiple clients using the same certificate or username to concurrently connec t. |
| 17:04:15 | openvpnserver[5428]: | MULTI_sva: pool returned IPv4=10.155.168.10, IPv6=(Not enabled) |
| 17:04:15 | openvpnserver[5428]: | OPTIONS IMPORT: reading client specific options from: /var/ipfire/ovpn/ccd/Willi e |
| 17:04:16 | openvpnserver[5428]: | OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_4e0274b23d b659e3319ac7f0fa37e8e9.tmp |
| 17:04:16 | openvpnserver[5428]: | MULTI: Learn: 10.155.168.10 → Willie/10.1.10.69:54058 |
| 17:04:16 | openvpnserver[5428]: | MULTI: primary virtual IP for Willie/10.1.10.69:54058: 10.155.168.10 |
| 17:04:16 | openvpnserver[5428]: | Outgoing Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key |
| 17:04:16 | openvpnserver[5428]: | Incoming Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key |
| 17:04:16 | openvpnserver[5428]: SENT CONTROL [Willie]: | ‘PUSH_REPLY,route 10.155.168.1,topology net30,redirect-gateway,route 192.168.11. 0 255.255.255.0,dhcp-option DNS 192.168.11.168,dhcp-option DNS 8.8.8.8,ifconfig 10.155.168.10 10.155.168.9,peer-id 2,cipher AES-256-GCM’ (status=1) |
| 17:04:16 | openvpnserver[5428]: | Willie/10.1.10.69:54058 PUSH: Received control message: ‘PUSH_REQUEST’ |
| 17:05:04 | openvpnserver[5428]: | 10.1.10.69:49271 TLS: Initial packet from [AF_INET]10.1.10.69:49271, sid=a066a63 a b5ce29dc |
| 17:05:04 | openvpnserver[5428]: | 10.1.10.69:49271 VERIFY SCRIPT OK: depth=1, C=US, ST=PA, L=Exton, O=VisualTechno logy, OU=IT, CN=VisualTechnology CA, emailAddress=willie@yaconiello.org |
| 17:05:04 | openvpnserver[5428]: | 10.1.10.69:49271 VERIFY OK: depth=1, C=US, ST=PA, L=Exton, O=VisualTechnology, O U=IT, CN=VisualTechnology CA, emailAddress=willie@yaconiello.org |
| 17:05:04 | openvpnserver[5428]: | 10.1.10.69:49271 VERIFY SCRIPT OK: depth=0, C=US, ST=PA, O=VisualTechnology, OU= IT, CN=Willie |
| 17:05:04 | openvpnserver[5428]: | 10.1.10.69:49271 VERIFY OK: depth=0, C=US, ST=PA, O=VisualTechnology, OU=IT, CN= Willie |
| 17:05:04 | openvpnserver[5428]: | 10.1.10.69:49271 peer info: IV_VER=2.6.10 |
| 17:05:04 | openvpnserver[5428]: | 10.1.10.69:49271 peer info: IV_PLAT=win |
| 17:05:04 | openvpnserver[5428]: | 10.1.10.69:49271 peer info: IV_TCPNL=1 |
| 17:05:04 | openvpnserver[5428]: | 10.1.10.69:49271 peer info: IV_MTU=1600 |
| 17:05:04 | openvpnserver[5428]: | 10.1.10.69:49271 peer info: IV_NCP=2 |
| 17:05:04 | openvpnserver[5428]: | 10.1.10.69:49271 peer info: IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305 |
| 17:05:04 | openvpnserver[5428]: | 10.1.10.69:49271 peer info: IV_PROTO=990 |
| 17:05:04 | openvpnserver[5428]: | 10.1.10.69:49271 peer info: IV_LZO_STUB=1 |
| 17:05:04 | openvpnserver[5428]: | 10.1.10.69:49271 peer info: IV_COMP_STUB=1 |
| 17:05:04 | openvpnserver[5428]: | 10.1.10.69:49271 peer info: IV_COMP_STUBv2=1 |
| 17:05:04 | openvpnserver[5428]: | 10.1.10.69:49271 TLS: Username/Password authentication deferred for username ‘Q! _’ |
| 17:05:04 | openvpnserver[5428]: | 10.1.10.69:49271 WARNING: ‘link-mtu’ is used inconsistently, local=‘link-mtu 144 9’, remote=‘link-mtu 1501’ |
| 17:05:04 | openvpnserver[5428]: | 10.1.10.69:49271 WARNING: ‘auth’ is used inconsistently, local=‘auth [null-diges t]’, remote=‘auth SHA512’ |
| 17:05:04 | openvpnserver[5428]: | MANAGEMENT: CMD ‘client-auth-nt 5 0’ |
| 17:05:04 | openvpnserver[5428]: | 10.1.10.69:49271 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384 , peer certificate: 4096 bit RSA, signature: RSA-SHA256 |
| 17:05:04 | openvpnserver[5428]: | 10.1.10.69:49271 [Willie] Peer Connection Initiated with [AF_INET]10.1.10.69:492 71 |
| 17:05:04 | openvpnserver[5428]: | MULTI: new connection by client ‘Willie’ will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you wan t multiple clients using the same certificate or username to concurrently connec t. |
| 17:05:04 | openvpnserver[5428]: | MULTI_sva: pool returned IPv4=10.155.168.10, IPv6=(Not enabled) |
| 17:05:04 | openvpnserver[5428]: | OPTIONS IMPORT: reading client specific options from: /var/ipfire/ovpn/ccd/Willi e |
| 17:05:05 | openvpnserver[5428]: | OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_eb13f38932 4ff07458b5c20d8125ab3.tmp |
| 17:05:05 | openvpnserver[5428]: | MULTI: Learn: 10.155.168.10 → Willie/10.1.10.69:49271 |
| 17:05:05 | openvpnserver[5428]: | MULTI: primary virtual IP for Willie/10.1.10.69:49271: 10.155.168.10 |
| 17:05:05 | openvpnserver[5428]: | Outgoing Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key |
| 17:05:05 | openvpnserver[5428]: | Incoming Data Channel: Cipher ‘AES-256-GCM’ initialized with 256 bit key |
| 17:05:05 | openvpnserver[5428]: SENT CONTROL [Willie]: | ‘PUSH_REPLY,route 10.155.168.1,topology net30,redirect-gateway,route 192.168.11. 0 255.255.255.0,dhcp-option DNS 192.168.11.168,dhcp-option DNS 8.8.8.8,ifconfig 10.155.168.10 10.155.168.9,peer-id 1,cipher AES-256-GCM’ (status=1) |
Being Online does not mean that the OpenVPN server is Running or Stopped. It means that you have OpenVPN on at least one of RED, BLUE or ORANGE enabled. If you disable OpenVPN for Red, Blue and Orange and then look at the home page you will then see that the OpenVPN entry is no longer shown.
OK. Still does answer why stopping and starting doesn’t work and only a reboot fixes it.
Looking at the log you provided, this never shows you successfully making a connection.
A communication is started between the client and the server but before a full connection is successfully made the client starts another connection communication which means that the server then drops any previous active sessions. In the log you showed that cycle occurs 4 times.
Edited what I previously wrote as it was not correct.
The server makes a connection with the client which is the following line.
Normally after that there would be the udp packets being sent by the client through the tunnel.
In your case 48 seconds after the above connection has been made the client sends out another Initial packet
and the whole checking of the certificates starts again.
This Initial packet being sent by the client occurs 5 times in the above log and only once was a successful connection made. The rest of the time the client is sending an initial packet before the connection has been successfully made.
I think you need to look through the logs on the clients to see why they are starting the connection request up either during the making of the connection or after a connection has been successfully made.
If you know when a user started to get “stuck” you can look in the client logs around that time period.
So, I was finally able to test the OpenVPN client that was having the issue. It turns out the Windows TAP driver wasn’t installed. Thank you for all your help.
1 Like