Menu
▾
▴
Re: [leaf-user] OpenVPN Issues
|
From: marko <le...@me...> - 2024-12-05 00:05:26
|
Hi Robert, I use OpenVPN 7.3.1.1 also on a standard upgrade path. My system works ok, though it is not busy. One thing that has changed over time is the sha security level that the scripts use when creating the machine keys. It is/was hard coded into the easyRSA scripts. It would be worth ruling that one out first. cheers marko On Thursday, 5 December 2024 7:36:42 AM AEDT Robert K Coffman Jr. -Info From Data Corp. wrote: > I'm having serious issues with OpenVPN, starting after an upgrade to > 7.3.1.1 (OpenVPN 2.6.10). > > Some or all of my OpenVPN servers exhibit a behavior where they stop > accepting connections from clients. What is very strange is that after > the upgrade, things were fine - only later did this problem start to > occur. I made a copy of an affected box and eliminated every possible > source of a potential issue - disabling shorewall, placing the server > on the same RFC1918 subnet (unmanaged switch), disabling the HMAC > signing, running OpenVPN as root - and it just refused to accept > connections. We did a packet capture, and we see an intermittent > packet from the client on the server, but no response from the server. > > I upgraded two of the affected boxes to the latest Leaf beta (OpenVPN > 2.6.12) and on one of them, it started to allow connections again, but > not from every client. On the other, it allowed one connection, and > then - no more. > > Additionally, and probably unrelated, with these OpenVPN versions, > there seems to be a bug in the startup script. Issuing > "/etc/init.d/openvpn restart" sometimes (usually) results in this kind > of error: > > Stopping virtual private network daemon:rm: can't remove > '/var/run/openvpn.c_ifdroute_sweitzer.pid': No such file or directory > > And the daemon doesn't restart.... Issuing the same command again > usually starts it up successfully. > > I am at a complete loss to explain this. Even a reboot doesn't resolve > the connection issue once it starts. > > Anyone else seeing issues with OpenVPN running as a server? This does > not seem to affect when running as a client. > > Thanks - > > Robert > -- > Robert K Coffman Jr. > Info From Data Corp. > 3307249000 > [1]su...@in... > > References > > 1. mailto:su...@in... > > ------------------------------------------------------------------------ > leaf-user mailing list: lea...@li... > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ |
