OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: rain0001 on May 02, 2017, 06:08:17 pm

Title: [SOLVED] OpenVPN (Road-Warrior) stuck at Connecting
Post by: rain0001 on May 02, 2017, 06:08:17 pm

Hello :)

I've got this strange issue with OPNSense + OpenVPN.
I'm using:

Quote

OPNsense 17.1.4-amd64
FreeBSD 11.0-RELEASE-p8
OpenSSL 1.0.2k 26 Jan 2017

When connecting with my Android phone, using the official OpenVPN Connect App, I get stuck in what seems a Connection/Disconnection cycle.
The client gets stuck displaying "Connecting", and after 20-30 secs it tries to connect again.
As far as I can tell, the server logs (below) seem to indicate that the client itself disconnects, which doesn't make any sense.

Update:
The OpenVPN Connect log states:

Quote

Processing of the Certificate handshake message failed

This seems to explain why the client drops the connection, but not why (at least not to me).
Does anyone have a clue why this is happening?

Thank you!

Code: [Select]

May 1 16:45:59 openvpn[31619]: I/O WAIT TR|Tw|SR|Sw [10/0]
May 1 16:45:59 openvpn[31619]: PO_CTL rwflags=0x0001 ev=5 arg=0xa38ad35068
May 1 16:45:59 openvpn[31619]: PO_CTL rwflags=0x0001 ev=7 arg=0xa38ad35064
May 1 16:45:59 openvpn[31619]: PO_CTL rwflags=0x0001 ev=6 arg=0xa38ad350f8
May 1 16:45:59 openvpn[31619]: SCHEDULE: schedule_find_least NULL
May 1 16:45:59 openvpn[31619]: MULTI: REAP range 112 -> 128
May 1 16:45:59 openvpn[31619]: I/O WAIT status=0x0020
May 1 16:45:59 openvpn[31619]: event_wait returned 0
May 1 16:45:49 openvpn[31619]: I/O WAIT TR|Tw|SR|Sw [10/0]
May 1 16:45:49 openvpn[31619]: PO_CTL rwflags=0x0001 ev=5 arg=0xa38ad35068
May 1 16:45:49 openvpn[31619]: PO_CTL rwflags=0x0001 ev=7 arg=0xa38ad35064
May 1 16:45:49 openvpn[31619]: PO_CTL rwflags=0x0001 ev=6 arg=0xa38ad350f8
May 1 16:45:49 openvpn[31619]: SCHEDULE: schedule_find_least NULL
May 1 16:45:49 openvpn[31619]: MULTI: REAP range 96 -> 112
May 1 16:45:49 openvpn[31619]: I/O WAIT status=0x0020
May 1 16:45:49 openvpn[31619]: event_wait returned 0
May 1 16:45:39 openvpn[31619]: I/O WAIT TR|Tw|SR|Sw [10/0]
May 1 16:45:39 openvpn[31619]: PO_CTL rwflags=0x0001 ev=5 arg=0xa38ad35068
May 1 16:45:39 openvpn[31619]: PO_CTL rwflags=0x0001 ev=7 arg=0xa38ad35064
May 1 16:45:39 openvpn[31619]: PO_CTL rwflags=0x0001 ev=6 arg=0xa38ad350f8
May 1 16:45:39 openvpn[31619]: SCHEDULE: schedule_find_least NULL
May 1 16:45:39 openvpn[31619]: MULTI: REAP range 80 -> 96
May 1 16:45:39 openvpn[31619]: I/O WAIT status=0x0020
May 1 16:45:39 openvpn[31619]: event_wait returned 0
May 1 16:45:29 openvpn[31619]: I/O WAIT TR|Tw|SR|Sw [10/0]
May 1 16:45:29 openvpn[31619]: PO_CTL rwflags=0x0001 ev=5 arg=0xa38ad35068
May 1 16:45:29 openvpn[31619]: PO_CTL rwflags=0x0001 ev=7 arg=0xa38ad35064
May 1 16:45:29 openvpn[31619]: PO_CTL rwflags=0x0001 ev=6 arg=0xa38ad350f8
May 1 16:45:29 openvpn[31619]: SCHEDULE: schedule_find_least NULL
May 1 16:45:29 openvpn[31619]: MANAGEMENT: Client disconnected
May 1 16:45:29 openvpn[31619]: MANAGEMENT: CMD 'quit'
May 1 16:45:29 openvpn[31619]: I/O WAIT status=0x0040
May 1 16:45:29 openvpn[31619]: event_wait returned 1
May 1 16:45:29 openvpn[31619]: PO_WAIT[2,0] fd=8 rev=0x00000001 rwflags=0x0001 arg=0xa38ad35068
May 1 16:45:29 openvpn[31619]: I/O WAIT TR|Tw|SR|Sw [10/0]
May 1 16:45:29 openvpn[31619]: PO_CTL rwflags=0x0001 ev=8 arg=0xa38ad35068
May 1 16:45:29 openvpn[31619]: PO_CTL rwflags=0x0001 ev=7 arg=0xa38ad35064
May 1 16:45:29 openvpn[31619]: PO_CTL rwflags=0x0001 ev=6 arg=0xa38ad350f8
May 1 16:45:29 openvpn[31619]: SCHEDULE: schedule_find_least NULL
May 1 16:45:29 openvpn[31619]: I/O WAIT status=0x0080
May 1 16:45:29 openvpn[31619]: event_wait returned 1
May 1 16:45:29 openvpn[31619]: PO_WAIT[2,0] fd=8 rev=0x00000004 rwflags=0x0002 arg=0xa38ad35068
May 1 16:45:29 openvpn[31619]: I/O WAIT TR|Tw|SR|Sw [10/0]
May 1 16:45:29 openvpn[31619]: PO_CTL rwflags=0x0002 ev=8 arg=0xa38ad35068
May 1 16:45:29 openvpn[31619]: PO_CTL rwflags=0x0001 ev=7 arg=0xa38ad35064
May 1 16:45:29 openvpn[31619]: PO_CTL rwflags=0x0001 ev=6 arg=0xa38ad350f8
May 1 16:45:29 openvpn[31619]: SCHEDULE: schedule_find_least NULL
May 1 16:45:29 openvpn[31619]: MANAGEMENT: CMD 'status 2'
May 1 16:45:29 openvpn[31619]: I/O WAIT status=0x0040
May 1 16:45:29 openvpn[31619]: event_wait returned 1

Title: Re: OpenVPN (Road-Warrior) stuck at Connecting
Post by: rain0001 on May 02, 2017, 07:44:37 pm

Solved.

The OpenVPN Connect App could sure use some better error messages.
Google didn't come up with anything useful so I tried an alternative OpenVPN client for Android.
This had some proper logging, and it seems that the OpenVPN server was using a user certificate instead of a server certificate.