OpenVPN connection dropping every 2 weeks

[computerrepair]

Hi, I've started threads regarding this before... and I am having the same problem again.

I have 2 locations. Each location has an untangle box in router mode. Each box only has OpenVPN added to the rack. Site A has OpenVPN in server mode and Site B is in client mode.

Roughly every 2 weeks the connection will stop working. Normally 1 computer at site B will be unable to access shares located at site A. I check the OpenVPN rack at both locations and it shows their is a connection (normally it will say 2 or 3 connections, although there is only 1 site).

I have tried turning the OpenVPN rack off/on a both sites with no luck. Removing and adding the OpenVPN rack back again at both sites, no luck. Normally I have to reboot both Untangle boxes and re-setup the VPN for things to start working again.

I am not sure what is going on. I did a port check at canyouseeme.org today at site A and it said it could not see port 1194, which is the port the VPN runs on. Is this normal? Do you have any ideas?

I'm going through the motions again right now. Thanks for any help!

[computerrepair]

Just an update: I rebooted both Untangle boxes and started from scratch on the VPN but still no luck. I am stumped as to what it is doing now. Are there any logs I can check for errors at?

[sky-knight]

canyouseeme.org is testing TCP, openvpn runs on UDP that test is useless in this case.

I think the log you need to read is on the client Untangle, at /etc/openvpn/openvpn-status.log

I would also download the client script from the Untangle server side of the tunnel, and manually verify it's being generated properly. You can do this by extracting the .zip file, and reading the .conf file. Look for a line that says remote, it should read an appropriate DNS name or IP address to connect to your Untangle server.

[sky-knight]

Before you go too nuts, make sure a soft client can connect to your OpenVPN server. They are far easier to troubleshoot, and if the ISP is in the way or the OpenVPN service is crapping out, it'll show you much more easily than the site-to-site will.

[computerrepair]

Thanks for the tips. I will try a client connection first and see what happens.

[computerrepair]

Ok, it fails to connect using the client as well. Here is what is says in the log (from the OpenVPN client):

Sun Aug 05 15:27:32 2012 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Sun Aug 05 15:27:32 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Aug 05 15:27:32 2012 LZO compression initialized
Sun Aug 05 15:27:32 2012 UDPv4 link local: [undef]
Sun Aug 05 15:27:32 2012 UDPv4 link remote: 108.xxx.xxx.xxx:1194
Sun Aug 05 15:28:32 2012 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Aug 05 15:28:32 2012 TLS Error: TLS handshake failed
Sun Aug 05 15:28:32 2012 SIGTERM[soft,tls-error] received, process exiting

Note: I have put x's in the ip address field above. The log does list the correct ip address.

[computerrepair]

I'm starting to think the issue is with the AT&T U-verse modem at site A. I have had issues with this modem since the service switched from DSL to U-verse. Besides the VPN issue, I cannot get remote administration working as well, which makes me believe even more that the modem is the issue. The remote site is through a different carrier with different modem and there are no issues with anything.

[computerrepair]

Sorry for all of the posts. After rebooting the AT&T modem, magically my OpenVPN client connected successfully (Windows client, not the site). I will check the site to site connection tomorrow. I will post the outcome tomorrow. Thanks again!!

[sky-knight]

Once you get the software client working, all you should have to do is power cycle the OpenVPN module on the client side of the tunnel to bring the site to site back.

That is assuming your WAN IP address didn't change, if it did you'll have to remove the client side's OpenVPN rack application, reinstall it, and rerun the configuration wizard with a fresh client configuration from the OpenVPN server.

[agit8or]

We have seen clients have issues with U-Verse and multiple static ip addresses assigned to the same nic. The U-Verse router doesn't like seeing the same mac address for multiple ip addresses.