Messages

Update: I had to reinstall OPNSense due to a faulty SSD and now the warnings are gone (configuration exactly the same after importing a backup config). *shrug*

I've been seeing the warning from the thread title A LOT in my OpenVPN logs. Like 2,000 entries all at the same time and this dump seems to repeat every 15 minutes. I've googled a bit and tried playing around with the compression settings, since this error can apparently be caused by a server/client mismatch there. But the interesting thing is that the warnings keep coming even if no clients are connected to the server at all, like clockwork.

My server is configured via Servers [legacy].

Server config:
Server Mode: Remote Access (SSL/TLS + User Auth)
Authentication backend: Local db
Protocol: UDP
Device Mode: tun
Topology: net30
Compression: No Preference

Client export config:

Code Select Expand

dev tun
persist-tun
persist-key
data-ciphers-fallback AES-256-CBC
auth SHA256
client
resolv-retry infinite
remote **** udp
lport 0
verify-x509-name **** subject
remote-cert-tls server
auth-user-pass
auth-nocache

I have one CSO defined (to enforce a static tunnel IP), but as I said, the warnings keep coming in even if nothing is connected.

It's worth noting that my VPN works perfectly and clients can connect without issue. It's just these weird log entries that have me scratching my head and frankly make the logs a bitch to use. Running OPNsense 24.1.4-amd64, everything up to date.

+1

An official Discord server would be awesome.

Up until recently my network configuration was my ISP's modem/router in bridge mode and an old office PC with an additional network card running OPNSense on it. Worked mostly fine, but yesterday all of a sudden the WAN interface refused to acquire an IP from the upstream DHCP server. After a few hours of tinkering, I was at a total loss as to why (ISP said the connection was fine up until the modem, and indeed you could see the DHCP sending an IP, gateway, etc. in the OPNSense logs...) and since I've had strange connection drops every few weeks ever since switching to bridge mode, I decided to just revert to router mode, setting the OPNSense machine as a DMZ.

This fixed the problem, but now my VPN setup doesn't work anymore. I got OpenVPN running and it was working perfectly with the old config, but now the Technicolor being back to router mode seems to block the connection no matter what I do. As I said, I've basically switched off the inbuilt FW features of the Technicolor and set the OPNSense machine as a DMZ, so everything should get forwarded to it. Tried setting up specific port forwarding regardless, but it didn't make any difference. According to the client log, there's just no response. The public IP is correct, credentials are correct, I've even issued a new client certificate after the change, etc.

FW rule:       IPv4+6 UDP   *   *   WAN address   1194 (OpenVPN)   *   *      OpenVPN OpenVPN_Server wizard allow client access

Any ideas? Is this just something that the modem blocks by default? If you need any more details about my setup, please ask.

Thanks in advance.