Results 1 to 9 of 9
  1. #1
    Master Untangler BytesSolutions's Avatar
    Join Date
    Dec 2010
    Location
    República Dominicana
    Posts
    205

    Default OpenVPN Tunnel is UP, UDP Traffic OK, but TCP Traffic is not Working

    Good morning all,

    I have an OpenVPN site-to-site tunnel configured from many years ago which has been working with no issue. Since several days back, in both sites the tunnels remains connected, after running a Traceroute Test from both sites, they shows UDP traffic complete successfully, but TCP traffic is failing.

    At both sites, I removed OpenVPN, recreate the remote client, uploaded from the remote site, it is currently connected, but I can't reach any remote equipment from both sites.

    UT is configured in Bridge Mode in both sites. I am running UT version 14.1.0 in both sites.

    Have anyone experienced this issue?

    Any help you can provide?

    Thank you in advanced for your replies and help.

    Regards,
    Bytes Solutions
    www.bytes-solutions.com

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,729

    Default

    No idea, but I would test with ping not traceroute.
    traceroute is really bad for troubleshooting and is likely going to confuse you a lot more than it will help you.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Master Untangler BytesSolutions's Avatar
    Join Date
    Dec 2010
    Location
    República Dominicana
    Posts
    205

    Default

    I have also tried with ping test, but I have received no replies from remote sites.
    Bytes Solutions
    www.bytes-solutions.com

  4. #4
    Master Untangler BytesSolutions's Avatar
    Join Date
    Dec 2010
    Location
    República Dominicana
    Posts
    205

    Default

    Good News, I have found and fixed the issue.

    Apparently, it all has to do with OpenVPN recent updates.

    I have performed these steps:

    1 - First of all, I went into OpenVPN, "Client" tab and exported all the configuration files for remote sites and mobile users.
    Please noticed, I "Exported" all the files from the "Export" button at the right, I did not download each individual file to my laptop.

    2 - At main and remote sites, I have removed and re-installed OpenVPN again.

    3 - At the main site, I uploaded the file with the exported remote networks and mobile users.

    4 - At the main site, in OpenVPN under "Groups""Default Group", I modified each remote site configuration and enabled "Full Tunnel" check box. Then I exported all the remote networks including the local one from the main site.

    5 - For each remote site, I had to upload the site configuration ZIP file to enable the remote connection. For each mobile user, I had to remove and reinstalled the OpenVPN Client.

    6 - On each Untangle server, I Stopped and Started the OpenVPN application located at the applications rack.

    After following these steps, everything went back to normal and everything is working fine.

    I really hope this information helps to anyone having same situation and read this thread.

    Regards.
    Bytes Solutions
    www.bytes-solutions.com

  5. #5
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,763

    Default

    Thanks for the follow-up and glad it's working for you again.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #6
    Master Untangler
    Join Date
    May 2008
    Posts
    924

    Default

    Quote Originally Posted by dmorris View Post
    No idea, but I would test with ping not traceroute.
    traceroute is really bad for troubleshooting and is likely going to confuse you a lot more than it will help you.
    A better tool that combines ping and traceroute is mtr. There is a feature request for it at.
    https://untanglengfirewall.featureup...erout-with-mtr

  7. #7
    Master Untangler
    Join Date
    Apr 2007
    Posts
    640

    Default

    FYI, at every single site I have had upgrade from 14.0.1 to 14.1 openvpn breaks something about the certificate expiration. Requires remove and reinstall of the application and rebuild of all VPN tunnels. Stinks to high hell....

  8. #8
    Untanglit
    Join Date
    Oct 2013
    Posts
    24

    Default

    Quote Originally Posted by bigdessert View Post
    FYI, at every single site I have had upgrade from 14.0.1 to 14.1 openvpn breaks something about the certificate expiration. Requires remove and reinstall of the application and rebuild of all VPN tunnels. Stinks to high hell....
    We have seen this with several of our clients as well, and you're right, it sucks!

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,298

    Default

    Double check your clients for this error: Bad LZO decompression header byte: 251

    If you see that, your compression settings have been screwed up and you need to read my condensed post here: https://forums.untangle.com/openvpn/...tml#post231142

    You will probably also want Johnson's screenshot here: https://forums.untangle.com/openvpn/...tml#post231123
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2