Openvpn does not see incomming connection

My openvpn server stopped working and I cannot get any information what goes wrong.

I see the packets coming in on the interface with tcpdump:

09:06:33.283561 ARP, Request who-has blueberryext.home tell caiway.home, length 4609:06:33.283613 ARP, Reply blueberryext.home is-at b8:27:eb:80:ec:b6 (oui Unknown), length 2809:06:36.156366 IP externalIP.dynamic.caiway.nl.41914 > blueberryext.home.7443: Flags [S], seq 621312931, win 65535, options [mss 1412,sackOK,TS val 2272341292 ecr 0,nop,wscale 12], length 009:06:37.128963 IP externalIP.dynamic.caiway.nl.41914 > blueberryext.home.7443: Flags [S], seq 621312931, win 65535, options [mss 1412,sackOK,TS val 2272342309 ecr 0,nop,wscale 12], length 009:06:38.269443 ARP, Request who-has blueberryext.home tell caiway.home, length 4609:06:38.269487 ARP, Reply blueberryext.home is-at b8:27:eb:80:ec:b6 (oui Unknown), length 2809:06:39.237426 IP externalIP.dynamic.caiway.nl.41914 > blueberryext.home.7443: Flags [S], seq 621312931, win 65535, options [mss 1412,sackOK,TS val 2272344416 ecr 0,nop,wscale 12], length 009:06:43.320721 ARP, Request who-has blueberryext.home tell caiway.home, length 4609:06:43.320768 ARP, Reply blueberryext.home is-at b8:27:eb:80:ec:b6 (oui Unknown), length 2809:06:43.320880 IP externalIP.dynamic.caiway.nl.41914 > blueberryext.home.7443: Flags [S], seq 621312931, win 65535, options [mss 1412,sackOK,TS val 2272348470 ecr 0,nop,wscale 12], length 009:06:46.186804 IP externalIP.dynamic.caiway.nl.41916 > blueberryext.home.7443: Flags [S], seq 109473813, win 65535, options [mss 1412,sackOK,TS val 2272351292 ecr 0,nop,wscale 12], length 009:06:47.135196 IP externalIP.dynamic.caiway.nl.41916 > blueberryext.home.7443: Flags [S], seq 109473813, win 65535, options [mss 1412,sackOK,TS val 2272352310 ecr 0,nop,wscale 12], length 009:06:48.285301 ARP, Request who-has blueberryext.home tell caiway.home, length 46

However, there is no reaction from the ovpn daemon. I set verb to 11, and the log only produces:

Aug  2 09:37:36 10 ovpn-server[3488]: SCHEDULE: schedule_find_least NULLAug  2 09:37:46 10 ovpn-server[3488]: MULTI: REAP range 128 -> 144Aug  2 09:37:46 10 ovpn-server[3488]: MULTI TCP: multi_tcp_action a=TA_TIMEOUT p=0Aug  2 09:37:46 10 ovpn-server[3488]: MULTI TCP: multi_tcp_dispatch a=TA_TIMEOUT mi=0x00000000Aug  2 09:37:46 10 ovpn-server[3488]: MULTI TCP: multi_tcp_post TA_TIMEOUT -> TA_UNDEFAug  2 09:37:46 10 ovpn-server[3488]: SCHEDULE: schedule_find_least NULLAug  2 09:37:56 10 ovpn-server[3488]: MULTI: REAP range 144 -> 160Aug  2 09:37:56 10 ovpn-server[3488]: MULTI TCP: multi_tcp_action a=TA_TIMEOUT p=0Aug  2 09:37:56 10 ovpn-server[3488]: MULTI TCP: multi_tcp_dispatch a=TA_TIMEOUT mi=0x00000000Aug  2 09:37:56 10 ovpn-server[3488]: MULTI TCP: multi_tcp_post TA_TIMEOUT -> TA_UNDEFAug  2 09:37:56 10 ovpn-server[3488]: SCHEDULE: schedule_find_least NULL

whether a client tries to connect or not.

Any ideas where to look and/or what to try to get it working again?

As per comment:

The port is tcp/7443. In the tcpdump, I can see the packets arriving from the Caiway modem to blueberryext. However, I see no reaction whatsoever from openvpn. Not even at verb 11.

The client-file:

clientdev tunproto tcpremote externalIP 7443resolv-retry infinitenobindremote-cert-tls servertls-version-min 1.2verify-x509-name blueberry_9edafeac-5c08-40de-94c8-c7aa3e29de67 namecipher AES-256-CBCauth SHA256auth-nocacheverb 3<ca>-----BEGIN CERTIFICATE-----certificate-----END CERTIFICATE-----</ca><cert>-----BEGIN CERTIFICATE-----certificate-----END CERTIFICATE-----</cert><key>-----BEGIN PRIVATE KEY-----the key-----END PRIVATE KEY-----</key><tls-crypt>## 2048 bit OpenVPN static key#-----BEGIN OpenVPN Static key V1-----the key-----END OpenVPN Static key V1-----</tls-crypt>

And on the server side:

dev tunproto tcpport 7443ca /etc/openvpn/easy-rsa/pki/ca.crtcert /etc/openvpn/easy-rsa/pki/issued/blueberry_9edafeac-5c08-40de-94c8-c7aa3e29de67.crtkey /etc/openvpn/easy-rsa/pki/private/blueberry_9edafeac-5c08-40de-94c8-c7aa3e29de67.keydh noneecdh-curve prime256v1topology subnetserver 10.8.0.0 255.255.255.0# Set your primary domain name server address for clientspush "dhcp-option DNS <dns server>"push "dhcp-option DNS <dns server>"push "route internal.network 255.255.255.0"# Prevent DNS leaks on Windowspush "block-outside-dns"# Override the Client default gateway by using 0.0.0.0/1 and# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of# overriding but not wiping out the original default gateway.push "redirect-gateway def1"client-to-clientclient-config-dir /etc/openvpn/ccdkeepalive 15 120remote-cert-tls clienttls-version-min 1.2tls-crypt /etc/openvpn/easy-rsa/pki/ta.keycipher AES-256-CBCauth SHA256user openvpngroup openvpnpersist-keypersist-tuncrl-verify /etc/openvpn/crl.pemstatus /var/log/openvpn-status.log 20status-version 3syslogverb 11#DuplicateCNs allow access control on a less-granular, per user basis.#Remove # if you will manage access by user instead of device.#duplicate-cn# Generated for use by PiVPN.io

ss -nlp | grep -E 'Address:Port|LISTEN.*:7443' gives:

Netid State  Recv-Q Send-Q Local Address:Port  Peer Address:Port                                                            tcp   LISTEN 0      0      0.0.0.0:7443        0.0.0.0:*          users:(("openvpn",pid=8049,fd=6))

so openvpn seems to be listening to the port.

Latest Images

Trending Articles

Latest Images