OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: Julien on August 18, 2017, 12:25:46 pm

Title: site to site OPENVPN
Post by: Julien on August 18, 2017, 12:25:46 pm: Dear All,
We have a firewall server which is hosting 5 connection site to site VPN using OPENVPN pre-shared key.
everything has been working for over a month now.
today we got a call that the users from office 1 can't log in to the office 2.
so after we checked the tunnel is down.
the reason why we don't know. no one has changed anything.

the logs on the client side are

Code: [Select]
Aug 18 12:21:03 openvpn[64214]: UDP link remote: [AF_INET]SERVER-IP:10444 Aug 18 12:21:03 openvpn[64214]: UDP link local (bound): [AF_INET]CLIENT-IP:0 Aug 18 12:21:03 openvpn[64214]: TCP/UDP: Preserving recently used remote address: [AF_INET]SERVER-IP:10444 Aug 18 12:21:03 openvpn[64214]: Preserving previous TUN/TAP instance: ovpnc2 Aug 18 12:21:03 openvpn[64214]: Re-using pre-shared static key Aug 18 12:21:03 openvpn[64214]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Aug 18 12:20:58 openvpn[64214]: SIGUSR1[soft,ping-restart] received, process restarting Aug 18 12:20:58 openvpn[64214]: Inactivity timeout (--ping-restart), restarting Aug 18 12:19:58 openvpn[64214]: UDP link remote: [AF_INET]SERVER-IP:10444 Aug 18 12:19:58 openvpn[64214]: UDP link local (bound): [AF_INET]CLIENT-IP:0 Aug 18 12:19:58 openvpn[64214]: TCP/UDP: Preserving recently used remote address: [AF_INET]SERVER-IP:10444 Aug 18 12:19:57 openvpn[64214]: /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.2.10.2 10.2.10.1 init Aug 18 12:19:57 openvpn[64214]: /sbin/ifconfig ovpnc2 10.2.10.2 10.2.10.1 mtu 1500 netmask 255.255.255.255 up Aug 18 12:19:57 openvpn[64214]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Aug 18 12:19:57 openvpn[64214]: TUN/TAP device /dev/tun2 opened Aug 18 12:19:57 openvpn[64214]: TUN/TAP device ovpnc2 exists previously, keep at program end Aug 18 12:19:57 openvpn[64214]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Aug 18 12:19:57 openvpn[63865]: library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10Can someone please advise why ?
Title: Re: site to site OPENVPN
Post by: Julien on August 18, 2017, 04:11:49 pm: I see the IP of the client on the firewall as blocked even there is a rules on the WAN to allow the Traffic From that IP on that Port.
any suggestions why ?
two clients are down and the others are working fine.