OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • site to site OPENVPN
« previous next »
  • Print
Pages: [1]

Author Topic: site to site OPENVPN  (Read 2402 times)

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
site to site OPENVPN
« on: August 18, 2017, 12:25:46 pm »
Dear All,
We have a firewall server which is hosting 5 connection site to site VPN using OPENVPN pre-shared key.
everything has been working for over a month now.
today we got a call that the users from office 1 can't log in to the office 2.
so after we checked the tunnel is down.
the reason why we don't know. no one has changed anything.

the logs on the client side are

Code: [Select]
Aug 18 12:21:03
openvpn[64214]: UDP link remote: [AF_INET]SERVER-IP:10444
Aug 18 12:21:03
openvpn[64214]: UDP link local (bound): [AF_INET]CLIENT-IP:0
Aug 18 12:21:03
openvpn[64214]: TCP/UDP: Preserving recently used remote address: [AF_INET]SERVER-IP:10444
Aug 18 12:21:03
openvpn[64214]: Preserving previous TUN/TAP instance: ovpnc2
Aug 18 12:21:03
openvpn[64214]: Re-using pre-shared static key
Aug 18 12:21:03
openvpn[64214]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 18 12:20:58
openvpn[64214]: SIGUSR1[soft,ping-restart] received, process restarting
Aug 18 12:20:58
openvpn[64214]: Inactivity timeout (--ping-restart), restarting
Aug 18 12:19:58
openvpn[64214]: UDP link remote: [AF_INET]SERVER-IP:10444
Aug 18 12:19:58
openvpn[64214]: UDP link local (bound): [AF_INET]CLIENT-IP:0
Aug 18 12:19:58
openvpn[64214]: TCP/UDP: Preserving recently used remote address: [AF_INET]SERVER-IP:10444
Aug 18 12:19:57
openvpn[64214]: /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.2.10.2 10.2.10.1 init
Aug 18 12:19:57
openvpn[64214]: /sbin/ifconfig ovpnc2 10.2.10.2 10.2.10.1 mtu 1500 netmask 255.255.255.255 up
Aug 18 12:19:57
openvpn[64214]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Aug 18 12:19:57
openvpn[64214]: TUN/TAP device /dev/tun2 opened
Aug 18 12:19:57
openvpn[64214]: TUN/TAP device ovpnc2 exists previously, keep at program end
Aug 18 12:19:57
openvpn[64214]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 18 12:19:57
openvpn[63865]: library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10Can someone please advise why ?
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

Julien

  • Hero Member
  • *****
  • Posts: 651
  • Karma: 32
    • View Profile
Re: site to site OPENVPN
« Reply #1 on: August 18, 2017, 04:11:49 pm »
I see the IP of the client on the firewall as blocked even there is a rules on the WAN to allow the Traffic From that IP on that Port.
any suggestions why ?
two clients are down and the others are working fine.
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • site to site OPENVPN
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2