1
18.1 Legacy Series / [SOLVED] OPNSense as OpenVPN Client kept disconnecting
« on: May 02, 2018, 12:17:00 pm »
Hi all. First post here, asking for directions.
So I have a very basic network, with 1 WAN and the router acting as VPN client for provider Express VPN (2 actually, but I believe the number is irrelevant to the case).
My VPN kept disconnecting with the following notice :
Other than some misconfigurations, I can not find what was causing the disconnections. Or did I took the wrong log?
Any pointers would be greatly appreciated, thank you.
So I have a very basic network, with 1 WAN and the router acting as VPN client for provider Express VPN (2 actually, but I believe the number is irrelevant to the case).
My VPN kept disconnecting with the following notice :
Code: [Select]
[ There were error(s) loading the rules: no IP address found for ovpnc2:0 - The line in question reads [0]: ]
I copied the VPN log and it came up with these :16:48:45 openvpn[58525] auth_user_pass_verify_script_via_file = DISABLED 16:48:45 openvpn[58525] auth_token_generate = DISABLED 16:48:45 openvpn[58525] auth_token_lifetime = 0 16:48:45 openvpn[58525] port_share_host = '[UNDEF]' 16:48:45 openvpn[58525] port_share_port = '[UNDEF]' 16:48:45 openvpn[58525] client = ENABLED 16:48:45 openvpn[58525] pull = ENABLED 16:48:45 openvpn[58525] auth_user_pass_file = '/var/etc/openvpn/client2.up' 16:48:45 openvpn[58525] OpenVPN 2.4.5 amd64-portbld-freebsd11.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Mar 20 2018 16:48:45 openvpn[58525] library versions: OpenSSL 1.0.2o 27 Mar 2018, LZO 2.10 16:48:45 openvpn[59061] MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client2.sock 16:48:45 openvpn[59061] WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead. 16:48:45 openvpn[59061] NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 16:48:45 openvpn[59061] Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 16:48:45 openvpn[59061] Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 16:48:45 openvpn[59061] LZO compression initializing 16:48:45 openvpn[59061] Control Channel MTU parms [ L:1626 D:1140 EF:110 EB:0 ET:0 EL:3 ] 16:48:46 openvpn[59061] Data Channel MTU parms [ L:1626 D:1450 EF:126 EB:407 ET:0 EL:3 ] 16:48:46 openvpn[59061] Fragmentation MTU parms [ L:1626 D:1300 EF:125 EB:407 ET:1 EL:3 ] 16:48:46 openvpn[59061] Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1606,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 1,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-client' 16:48:46 openvpn[59061] Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1606,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 0,cipher AES-256-CBC,auth SHA512,keysize 256,tls-auth,key-method 2,tls-server' 16:48:46 openvpn[59061] TCP/UDP: Preserving recently used remote address: [AF_INET]VPN_Interface_IP_Address:VPN_Interface_Port 16:48:46 openvpn[59061] Socket Buffers: R=[42080->524288] S=[57344->524288] 16:48:46 openvpn[59061] UDP link local (bound): [AF_INET]My_Public_WAN_IP:0 16:48:46 openvpn[59061] UDP link remote: [AF_INET]VPN_Interface_IP_Address:VPN_Interface_Port 16:48:46 openvpn[59061] TLS: Initial packet from [AF_INET]VPN_Interface_IP_Address:VPN_Interface_Port, sid=47918575 aca364c4 16:48:46 openvpn[59061] WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 16:48:46 openvpn[59061] VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com 16:48:46 openvpn[59061] VERIFY OK: nsCertType=SERVER 16:48:46 openvpn[59061] VERIFY X509NAME OK: C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-385-1a, emailAddress=support@expressvpn.com 16:48:46 openvpn[59061] VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-385-1a, emailAddress=support@expressvpn.com 16:48:47 openvpn[59061] Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 16:48:47 openvpn[59061] [Server-385-1a] Peer Connection Initiated with [AF_INET]VPN_Interface_IP_Address:VPN_Interface_Port 16:48:48 openvpn[59061] SENT CONTROL [Server-385-1a]: 'PUSH_REQUEST' (status=1) 16:48:48 openvpn[59061] PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.167.0.1,route 10.167.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.167.1.110 10.167.1.109' 16:48:48 openvpn[59061] Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) 16:48:48 openvpn[59061] Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) 16:48:48 openvpn[59061] Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS]) 16:48:48 openvpn[59061] OPTIONS IMPORT: timers and/or timeouts modified 16:48:48 openvpn[59061] OPTIONS IMPORT: --ifconfig/up options modified 16:48:48 openvpn[59061] Data Channel MTU parms [ L:1606 D:1450 EF:106 EB:407 ET:0 EL:3 ] 16:48:48 openvpn[59061] Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key 16:48:48 openvpn[59061] Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication 16:48:48 openvpn[59061] Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key 16:48:48 openvpn[59061] Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication 16:48:48 openvpn[59061] TUN/TAP device ovpnc2 exists previously, keep at program end 16:48:48 openvpn[59061] TUN/TAP device /dev/tun2 opened 16:48:48 openvpn[59061] do_ifconfig, tt->did_ifconfig_ipv6_setup=0 16:48:48 openvpn[59061] /sbin/ifconfig ovpnc2 10.167.1.110 10.167.1.109 mtu 1500 netmask 255.255.255.255 up 16:48:48 openvpn[59061] /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpnc2 1500 1606 10.167.1.110 10.167.1.109 init |
Other than some misconfigurations, I can not find what was causing the disconnections. Or did I took the wrong log?
Any pointers would be greatly appreciated, thank you.