Hello Folks, I have a VPN setup which works since years it's a simple peer to peer udp VPN. There was absolute zero change on the two endpoints, nothing on the routers, network equipment, servers etc. The VPN simply stopped functioning like a week ago with no reason. I have pretty much restarted all components (of course did not change anything). I get this in the log on the server:
RFri May 17 13:22:15 2024 us=116136 TLS: Initial packet from [AF_INET]<CONNECTING PEER IP>:39729, sid=77d2b662 053040f3 WWWrrrrWrrrrrrrrrrWrrrrrrrrrrrrrrrrrrrrrFri May 17 13:23:15 2024 us=858988 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Fri May 17 13:23:15 2024 us=859084 TLS Error: TLS handshake failed Fri May 17 13:23:15 2024 us=859405 TCP/UDP: Closing socket Fri May 17 13:23:15 2024 us=859487 Closing TUN/TAP interface Fri May 17 13:23:15 2024 us=859528 /sbin/ip addr del dev tun1 local 10.0.0.1 peer 10.0.0.2 Fri May 17 13:23:15 2024 us=936860 SIGUSR1[soft,tls-error] received, process restarting Fri May 17 13:23:15 2024 us=937343 Restart pause, 300 second(s) Fri May 17 13:28:15 2024 us=939065 Diffie-Hellman initialized with 2048 bit key Fri May 17 13:28:15 2024 us=942435 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri May 17 13:28:15 2024 us=942581 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri May 17 13:28:15 2024 us=943674 Control Channel MTU parms [ L:1557 D:1184 EF:66 EB:0 ET:0 EL:3 ] Fri May 17 13:28:15 2024 us=947603 TUN/TAP device tun1 opened Fri May 17 13:28:15 2024 us=949077 TUN/TAP TX queue length set to 100 Fri May 17 13:28:15 2024 us=949249 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Fri May 17 13:28:15 2024 us=949702 /sbin/ip link set dev tun1 up mtu 1500 Fri May 17 13:28:15 2024 us=961794 /sbin/ip addr add dev tun1 local 10.0.0.1 peer 10.0.0.2 Fri May 17 13:28:15 2024 us=975521 Data Channel MTU parms [ L:1557 D:1269 EF:57 EB:395 ET:0 EL:3 ] Fri May 17 13:28:15 2024 us=975855 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.2 10.0.0.1,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' Fri May 17 13:28:15 2024 us=976030 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.1 10.0.0.2,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' Fri May 17 13:28:15 2024 us=976118 Could not determine IPv4/IPv6 protocol. Using AF_INET Fri May 17 13:28:15 2024 us=976236 Socket Buffers: R=[163840->163840] S=[163840->163840] Fri May 17 13:28:15 2024 us=976352 UDPv4 link local (bound): [AF_INET][undef]:43000 Fri May 17 13:28:15 2024 us=976428 UDPv4 link remote: [AF_UNSPEC] RFri May 17 13:28:16 2024 us=563831 TLS: Initial packet from [AF_INET]<CONNECTING PEER IP>:45086, sid=94460619 1b42cb70 WWrrWrrrWrrrrrrrrrrrrrWrrrrrrrrrrrrrrrrrFri May 17 13:29:16 2024 us=241264 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Fri May 17 13:29:16 2024 us=241385 TLS Error: TLS handshake failed Fri May 17 13:29:16 2024 us=242113 TCP/UDP: Closing socket Fri May 17 13:29:16 2024 us=242322 Closing TUN/TAP interface Fri May 17 13:29:16 2024 us=242433 /sbin/ip addr del dev tun1 local 10.0.0.1 peer 10.0.0.2 Fri May 17 13:29:16 2024 us=356949 SIGUSR1[soft,tls-error] received, process restarting Fri May 17 13:29:16 2024 us=357112 Restart pause, 300 second(s) Fri May 17 13:34:16 2024 us=357823 Diffie-Hellman initialized with 2048 bit key Fri May 17 13:34:16 2024 us=358991 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri May 17 13:34:16 2024 us=359037 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri May 17 13:34:16 2024 us=359179 Control Channel MTU parms [ L:1557 D:1184 EF:66 EB:0 ET:0 EL:3 ] Fri May 17 13:34:16 2024 us=359788 TUN/TAP device tun1 opened Fri May 17 13:34:16 2024 us=359859 TUN/TAP TX queue length set to 100 Fri May 17 13:34:16 2024 us=359905 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Fri May 17 13:34:16 2024 us=359947 /sbin/ip link set dev tun1 up mtu 1500 Fri May 17 13:34:16 2024 us=365445 /sbin/ip addr add dev tun1 local 10.0.0.1 peer 10.0.0.2 Fri May 17 13:34:16 2024 us=371612 Data Channel MTU parms [ L:1557 D:1269 EF:57 EB:395 ET:0 EL:3 ] Fri May 17 13:34:16 2024 us=371770 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.2 10.0.0.1,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' Fri May 17 13:34:16 2024 us=371808 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.1 10.0.0.2,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' Fri May 17 13:34:16 2024 us=371841 Could not determine IPv4/IPv6 protocol. Using AF_INET Fri May 17 13:34:16 2024 us=371895 Socket Buffers: R=[163840->163840] S=[163840->163840] Fri May 17 13:34:16 2024 us=371946 UDPv4 link local (bound): [AF_INET][undef]:43000 Tcpdamp 13:57:45.995046 IP <REMOTE PEER IP>.41699 > <VPN SERVER IP>.43000: UDP, length 42 0x0000: 0000 0000 0201 244c 07ee cc12 0800 4500 ......$L......E. 0x0010: 0046 0bf4 4000 3a11 0710 3e4d e48b 0a02 .F..@.:...>M.... 0x0020: 00c9 a2e3 c352 0032 a244 38dc 45ed b506 .....R.2.D8.E... 0x0030: d98e ecd9 3b34 e019 1cc2 5b09 ca17 facd ....;4....[..... 0x0040: 34e2 0875 892f 2f00 0000 0166 4746 3900 4..u.//....fGF9. 0x0050: 0000 0000 .... 13:57:47.080365 IP <REMOTE PEER IP>.41699 > <VPN SERVER IP>.43000: UDP, length 42 0x0000: 0000 0000 0201 244c 07ee cc12 0800 4500 ......$L......E. 0x0010: 0046 0c0b 4000 3a11 06f9 3e4d e48b 0a02 .F..@.:...>M.... 0x0020: 00c9 a2e3 c352 0032 27ab 38dc 45ed b506 .....R.2'.8.E... 0x0030: d98e ec1b bd22 e15b 8310 a9e7 241b d34f .....".[....$..O 0x0040: 0c86 cc2c 7748 b500 0000 0266 4746 3900 ...,wH.....fGF9. 0x0050: 0000 0000 .... 13:57:51.413290 IP <REMOTE PEER IP>.41699 > <VPN SERVER IP>.43000: UDP, length 42 0x0000: 0000 0000 0201 244c 07ee cc12 0800 4500 ......$L......E. 0x0010: 0046 0dac 4000 3a11 0558 3e4d e48b 0a02 .F..@.:..X>M.... 0x0020: 00c9 a2e3 c352 0032 833b 38dc 45ed b506 .....R.2.;8.E... 0x0030: d98e ec14 d391 03c4 04e7 adec 7e6e 321c ............~n2. 0x0040: f6de c542 e97d 8b00 0000 0366 4746 3900 ...B.}.....fGF9. 0x0050: 0000 0000 .... 13:57:51.413664 IP <VPN SERVER IP>.43000 > <REMOTE PEER IP>.41699: UDP, length 54 0x0000: 244c 07ee cc12 0000 0000 0201 0800 4500 $L............E. 0x0010: 0052 41a4 4000 4011 cb53 0a02 00c9 3e4d .RA.@.@..S....>M 0x0020: e48b c352 a2e3 003e 2df3 405a dae7 6244 ...R...>-.@Z..bD 0x0030: ff21 8529 97e5 7c0f 60ca d5e6 4382 3ab8 .!.)..|.`...C.:. 0x0040: c91d 051d 0adb 0e00 0000 0166 4746 3f01 ...........fGF?. 0x0050: 0000 0000 dc45 edb5 06d9 8eec 0000 0000 .....E.......... 13:57:53.004424 IP <VPN SERVER IP>.43000 > <REMOTE PEER IP>.41699: UDP, length 42 0x0000: 244c 07ee cc12 0000 0000 0201 0800 4500 $L............E. 0x0010: 0046 41e3 4000 4011 cb20 0a02 00c9 3e4d .FA.@.@.......>M 0x0020: e48b c352 a2e3 0032 2de7 405a dae7 6244 ...r......@z..bd 0x0030: ff21 85f5 9aab e7ca eeb6 f1cd 1e32 a8de .!...........2.. 0x0040: 60c7 3bba 114c 6900 0000 0266 4746 3f00 `.;..Li....fGF?. 0x0050: 0000 0000 .... So here is what is interesting, packets are "sipping in" so you cannot say it's a firewall issue, especially as I said nothing changed from my side and all the components were even rebooted. Here is what I tried: 1, tried to move the udp port -> didn't help 2, switched from udp to tcp -> didn't help Anyone encountered similar situation? Thanks _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users