OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: mrpsycho on January 30, 2019, 08:15:30 pm

Title: OpenVPN - two servers. First working as needed, second - not.
Post by: mrpsycho on January 30, 2019, 08:15:30 pm: Hello!

I have setup - opnsense 19.1 (but i updated today, was 18 series, problem the same.)

and 2 openvpn server instances:
* Roadwarriors - Remote Aceess + LDAP auth
* site-to-site - Peer to Peer SSL/TLS

First one working as expected - every client connects and gets to internal network.
Second - client connects, but it cannot access to local network.
Only gate is accessable.

On firewall i see only one OpenVPN tab. (on pfsense every vpn instance creates its own tab).
and i thought, broblem is firewall... but i have only one rule - pass all.

next, i tried to assign ovpns2 interface. And Firewall with this interfaces created. But, it doesn't help too.

what it could be? how to access local network from "Peer to Peer" connection?
Title: Re: OpenVPN - two servers. First working as needed, second - not.
Post by: bartjsmit on January 30, 2019, 09:14:57 pm: Does the LAN subnet appear in the routing table of the client?

Bart...
Title: Re: OpenVPN - two servers. First working as needed, second - not.
Post by: mrpsycho on January 30, 2019, 09:21:00 pm: yes, route sets correctly.

lan 192.168.0.0/22
peer-to-peer 192.168.201.0/24

and on client i see
Code: [Select]
192.168.0.0 255.255.255.0 192.168.201.5 192.168.201.6 35 192.168.201.1 255.255.255.255 192.168.201.5 192.168.201.6 35 192.168.201.4 255.255.255.252 On-link 192.168.201.6 291 192.168.201.6 255.255.255.255 On-link 192.168.201.6 291 192.168.201.7 255.255.255.255 On-link 192.168.201.6 291
Title: Re: OpenVPN - two servers. First working as needed, second - not.
Post by: bartjsmit on January 31, 2019, 08:59:14 am: Do you have an allow-all rule under Firewall, Rules, OpenVPN for each tunnel?

Bart...
Title: Re: OpenVPN - two servers. First working as needed, second - not.
Post by: DanMc85 on January 31, 2019, 10:20:18 pm: I have to agree... I am seeing some weird OpenVPN issues since upgrading. Some clients not staying connected.

I have 3 OpenVPN servers and 1 OpenVPN client (this client is Private Internet Access) which is being used as its own VLAN on the firewall for any devices on that VLAN network.

I keep seeing the red connection down icons in the main Portal Dashboard.

None of these issues were present before upgrading on 18.7.10_3

It is like all the OpenVPN connections keep restarting for whatever reason.

I am seeing errors like this in the OpenVPN logs:

Jan 31 16:15:07   openvpn[86050]: Restart pause, 5 second(s)
Jan 31 16:15:07   openvpn[86050]: SIGUSR1[connection failed(soft),init_instance] received, process restarting
Jan 31 16:15:07   openvpn[86050]: TCP: connect to [AF_INET] "IP:PORT" failed: Address already in use

Jan 31 16:15:01   openvpn[47396]: SIGUSR1[soft,ping-restart] received, process restarting
Jan 31 16:15:01   openvpn[47396]: Inactivity timeout (--ping-restart), restarting
Title: Re: OpenVPN - two servers. First working as needed, second - not.
Post by: mrpsycho on January 31, 2019, 11:20:26 pm: woaahhhh)))

no, my problem a little bit different (

@bartjsmit, yep, i have very weak rules, which allows any traffic on interfaces/tunnels.

i also have openconnect tunnel, and it works fine. And 1st OpenVPN server works as it should.

if threre some kind diagnostic report - i can send it.
Title: Re: OpenVPN - two servers. First working as needed, second - not.
Post by: bartjsmit on February 01, 2019, 08:55:02 am: OpenVPN has a log: VPN, OpenVPN, Log file. You can also run packet captures on the VPN tunnel. Interfaces, Diagnostics, Packet Capture. Wireshark is a good tool to dissect those.

Maybe worth running a diff between the two configs? System, Configuration, backups.

Bart...
Title: Re: OpenVPN - two servers. First working as needed, second - not.
Post by: mrpsycho on February 04, 2019, 08:40:20 pm: ok. i tried several solutions.
and noticed, that ovpns2 interface and any other - doens't work as it should.