Hello Folks,
I have a VPN setup which works since years it's a simple peer to peer udp VPN.
There was absolute zero change on the two endpoints, nothing on the routers,
network equipment, servers etc. The VPN simply stopped functioning like a week
ago with no reason. I have pretty much restarted all components (of course did
not change anything). I get this in the log on the server:
RFri May 17 13:22:15 2024 us=116136 TLS: Initial packet from
[AF_INET]<CONNECTING PEER IP>:39729, sid=77d2b662 053040f3
WWWrrrrWrrrrrrrrrrWrrrrrrrrrrrrrrrrrrrrrFri May 17 13:23:15 2024 us=858988 TLS
Error: TLS key negotiation failed to occur within 60 seconds (check your
network connectivity)
Fri May 17 13:23:15 2024 us=859084 TLS Error: TLS handshake failed
Fri May 17 13:23:15 2024 us=859405 TCP/UDP: Closing socket
Fri May 17 13:23:15 2024 us=859487 Closing TUN/TAP interface
Fri May 17 13:23:15 2024 us=859528 /sbin/ip addr del dev tun1 local 10.0.0.1
peer 10.0.0.2
Fri May 17 13:23:15 2024 us=936860 SIGUSR1[soft,tls-error] received, process
restarting
Fri May 17 13:23:15 2024 us=937343 Restart pause, 300 second(s)
Fri May 17 13:28:15 2024 us=939065 Diffie-Hellman initialized with 2048 bit key
Fri May 17 13:28:15 2024 us=942435 Outgoing Control Channel Authentication:
Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 17 13:28:15 2024 us=942581 Incoming Control Channel Authentication:
Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 17 13:28:15 2024 us=943674 Control Channel MTU parms [ L:1557 D:1184
EF:66 EB:0 ET:0 EL:3 ]
Fri May 17 13:28:15 2024 us=947603 TUN/TAP device tun1 opened
Fri May 17 13:28:15 2024 us=949077 TUN/TAP TX queue length set to 100
Fri May 17 13:28:15 2024 us=949249 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri May 17 13:28:15 2024 us=949702 /sbin/ip link set dev tun1 up mtu 1500
Fri May 17 13:28:15 2024 us=961794 /sbin/ip addr add dev tun1 local 10.0.0.1
peer 10.0.0.2
Fri May 17 13:28:15 2024 us=975521 Data Channel MTU parms [ L:1557 D:1269 EF:57
EB:395 ET:0 EL:3 ]
Fri May 17 13:28:15 2024 us=975855 Local Options String (VER=V4): 'V4,dev-type
tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.2 10.0.0.1,keydir
0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Fri May 17 13:28:15 2024 us=976030 Expected Remote Options String (VER=V4):
'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.1
10.0.0.2,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method
2,tls-client'
Fri May 17 13:28:15 2024 us=976118 Could not determine IPv4/IPv6 protocol.
Using AF_INET
Fri May 17 13:28:15 2024 us=976236 Socket Buffers: R=[163840->163840]
S=[163840->163840]
Fri May 17 13:28:15 2024 us=976352 UDPv4 link local (bound):
[AF_INET][undef]:43000
Fri May 17 13:28:15 2024 us=976428 UDPv4 link remote: [AF_UNSPEC]
RFri May 17 13:28:16 2024 us=563831 TLS: Initial packet from
[AF_INET]<CONNECTING PEER IP>:45086, sid=94460619 1b42cb70
WWrrWrrrWrrrrrrrrrrrrrWrrrrrrrrrrrrrrrrrFri May 17 13:29:16 2024 us=241264 TLS
Error: TLS key negotiation failed to occur within 60 seconds (check your
network connectivity)
Fri May 17 13:29:16 2024 us=241385 TLS Error: TLS handshake failed
Fri May 17 13:29:16 2024 us=242113 TCP/UDP: Closing socket
Fri May 17 13:29:16 2024 us=242322 Closing TUN/TAP interface
Fri May 17 13:29:16 2024 us=242433 /sbin/ip addr del dev tun1 local 10.0.0.1
peer 10.0.0.2
Fri May 17 13:29:16 2024 us=356949 SIGUSR1[soft,tls-error] received, process
restarting
Fri May 17 13:29:16 2024 us=357112 Restart pause, 300 second(s)
Fri May 17 13:34:16 2024 us=357823 Diffie-Hellman initialized with 2048 bit key
Fri May 17 13:34:16 2024 us=358991 Outgoing Control Channel Authentication:
Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 17 13:34:16 2024 us=359037 Incoming Control Channel Authentication:
Using 160 bit message hash 'SHA1' for HMAC authentication
Fri May 17 13:34:16 2024 us=359179 Control Channel MTU parms [ L:1557 D:1184
EF:66 EB:0 ET:0 EL:3 ]
Fri May 17 13:34:16 2024 us=359788 TUN/TAP device tun1 opened
Fri May 17 13:34:16 2024 us=359859 TUN/TAP TX queue length set to 100
Fri May 17 13:34:16 2024 us=359905 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Fri May 17 13:34:16 2024 us=359947 /sbin/ip link set dev tun1 up mtu 1500
Fri May 17 13:34:16 2024 us=365445 /sbin/ip addr add dev tun1 local 10.0.0.1
peer 10.0.0.2
Fri May 17 13:34:16 2024 us=371612 Data Channel MTU parms [ L:1557 D:1269 EF:57
EB:395 ET:0 EL:3 ]
Fri May 17 13:34:16 2024 us=371770 Local Options String (VER=V4): 'V4,dev-type
tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.2 10.0.0.1,keydir
0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Fri May 17 13:34:16 2024 us=371808 Expected Remote Options String (VER=V4):
'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.1
10.0.0.2,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method
2,tls-client'
Fri May 17 13:34:16 2024 us=371841 Could not determine IPv4/IPv6 protocol.
Using AF_INET
Fri May 17 13:34:16 2024 us=371895 Socket Buffers: R=[163840->163840]
S=[163840->163840]
Fri May 17 13:34:16 2024 us=371946 UDPv4 link local (bound):
[AF_INET][undef]:43000
Tcpdamp
13:57:45.995046 IP <REMOTE PEER IP>.41699 > <VPN SERVER IP>.43000: UDP, length
42
0x0000: 0000 0000 0201 244c 07ee cc12 0800 4500 ......$L......E.
0x0010: 0046 0bf4 4000 3a11 0710 3e4d e48b 0a02 .F..@.:...>M....
0x0020: 00c9 a2e3 c352 0032 a244 38dc 45ed b506 .....R.2.D8.E...
0x0030: d98e ecd9 3b34 e019 1cc2 5b09 ca17 facd ....;4....[.....
0x0040: 34e2 0875 892f 2f00 0000 0166 4746 3900 4..u.//....fGF9.
0x0050: 0000 0000 ....
13:57:47.080365 IP <REMOTE PEER IP>.41699 > <VPN SERVER IP>.43000: UDP, length
42
0x0000: 0000 0000 0201 244c 07ee cc12 0800 4500 ......$L......E.
0x0010: 0046 0c0b 4000 3a11 06f9 3e4d e48b 0a02 .F..@.:...>M....
0x0020: 00c9 a2e3 c352 0032 27ab 38dc 45ed b506 .....R.2'.8.E...
0x0030: d98e ec1b bd22 e15b 8310 a9e7 241b d34f .....".[....$..O
0x0040: 0c86 cc2c 7748 b500 0000 0266 4746 3900 ...,wH.....fGF9.
0x0050: 0000 0000 ....
13:57:51.413290 IP <REMOTE PEER IP>.41699 > <VPN SERVER IP>.43000: UDP, length
42
0x0000: 0000 0000 0201 244c 07ee cc12 0800 4500 ......$L......E.
0x0010: 0046 0dac 4000 3a11 0558 3e4d e48b 0a02 .F..@.:..X>M....
0x0020: 00c9 a2e3 c352 0032 833b 38dc 45ed b506 .....R.2.;8.E...
0x0030: d98e ec14 d391 03c4 04e7 adec 7e6e 321c ............~n2.
0x0040: f6de c542 e97d 8b00 0000 0366 4746 3900 ...B.}.....fGF9.
0x0050: 0000 0000 ....
13:57:51.413664 IP <VPN SERVER IP>.43000 > <REMOTE PEER IP>.41699: UDP, length
54
0x0000: 244c 07ee cc12 0000 0000 0201 0800 4500 $L............E.
0x0010: 0052 41a4 4000 4011 cb53 0a02 00c9 3e4d .RA.@.@..S....>M
0x0020: e48b c352 a2e3 003e 2df3 405a dae7 6244 ...R...>-.@Z..bD
0x0030: ff21 8529 97e5 7c0f 60ca d5e6 4382 3ab8 .!.)..|.`...C.:.
0x0040: c91d 051d 0adb 0e00 0000 0166 4746 3f01 ...........fGF?.
0x0050: 0000 0000 dc45 edb5 06d9 8eec 0000 0000 .....E..........
13:57:53.004424 IP <VPN SERVER IP>.43000 > <REMOTE PEER IP>.41699: UDP, length
42
0x0000: 244c 07ee cc12 0000 0000 0201 0800 4500 $L............E.
0x0010: 0046 41e3 4000 4011 cb20 0a02 00c9 3e4d .FA.@.@.......>M
0x0020: e48b c352 a2e3 0032 2de7 405a dae7 6244 ...r......@z..bd
0x0030: ff21 85f5 9aab e7ca eeb6 f1cd 1e32 a8de .!...........2..
0x0040: 60c7 3bba 114c 6900 0000 0266 4746 3f00 `.;..Li....fGF?.
0x0050: 0000 0000 ....
So here is what is interesting, packets are "sipping in" so you cannot say it's
a firewall issue, especially as I said nothing changed from my side and all the
components were even rebooted.
Here is what I tried:
1, tried to move the udp port -> didn't help
2, switched from udp to tcp -> didn't help
Anyone encountered similar situation?
Thanks
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
