Am 12.07.2017 um 16:17 schrieb Bernhard Schmidt:
> Am 12.07.2017 um 15:41 schrieb Patrick Matthäi:
>
> Hi,
>
>>>> we have got the same issue with all our VPNs upgraded to Stretch now.
>>>> Most VPNs are connected about a 1 GBit/s datacenter connection with each
>>>> other (also same LAN), the other ones are connected about a 100 MBit/s
>>>> connection.
>>>
>> I also uploaded the current testing version to stretch-bpo and deployed
>> it on one host, to see if there is a difference later
> Ah, I was already wondering who did.
>
>
Today I updated our Sophos UTM, which is one OpenVPN server, where are
here multiple vpn clients are connected with. While updating the UTM,
there are 2 reboots of the devices, so the client needs a reconnect.
The client with version openvpn_2.4.3-4~bpo9+1 still works, all
2.4.0-6+deb9u1 are dead. Also the VPN endpoint is not reachable on the
dead nodes.
Please note, that I replaced many IPs and hostnames with other stuff.
Working one (tun0 affected, tun1 is another VPN):
Jul 18 09:32:25 login ovpn-utm[8335]: [address.of.utm.de] Inactivity
timeout (--ping-restart), restarting
Jul 18 09:32:25 login ovpn-utm[8335]: SIGUSR1[soft,ping-restart]
received, process restarting
Jul 18 09:32:25 login ovpn-utm[8335]: Restart pause, 5 second(s)
Jul 18 09:32:30 login ovpn-utm[8335]: TCP/UDP: Preserving recently used
remote address: [AF_INET]EXT.IP.FROM.VPN:1197
Jul 18 09:32:30 login ovpn-utm[8335]: Socket Buffers: R=[212992->212992]
S=[212992->212992]
Jul 18 09:32:30 login ovpn-utm[8335]: UDP link local: (not bound)
Jul 18 09:32:30 login ovpn-utm[8335]: UDP link remote:
[AF_INET]EXT.IP.FROM.VPN:1197
Jul 18 09:32:30 login ovpn-utm[8335]: TLS: Initial packet from
[AF_INET]EXT.IP.FROM.VPN:1197, sid=4030f3bf 8b41b71f
Jul 18 09:32:31 login ovpn-utm[8335]: VERIFY OK: depth=1, C=de,
L=Paderborn, O=company Internet GmbH, CN=company Internet GmbH VPN CA,
emailAddress=tech...@company.de
Jul 18 09:32:31 login ovpn-utm[8335]: VERIFY X509NAME OK: C=de,
ST=Nordrhein-Westfalen, L=Paderborn, O=company Internet GmbH,
OU=Technik, CN=address.of.utm.de, emailAddress=tech...@company.de
Jul 18 09:32:31 login ovpn-utm[8335]: VERIFY OK: depth=0, C=de,
ST=Nordrhein-Westfalen, L=Paderborn, O=company Internet GmbH,
OU=Technik, CN=address.of.utm.de, emailAddress=tech...@company.de
Jul 18 09:32:33 login ovpn-utm[8335]: Control Channel: TLSv1.2, cipher
TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Jul 18 09:32:33 login ovpn-utm[8335]: [address.of.utm.de] Peer
Connection Initiated with [AF_INET]EXT.IP.FROM.VPN:1197
Jul 18 09:32:34 login ovpn-utm[8335]: SENT CONTROL [address.of.utm.de]:
'PUSH_REQUEST' (status=1)
Jul 18 09:32:35 login ovpn-utm[8335]: PUSH: Received control message:
'PUSH_REPLY,route-gateway 10.200.13.1,route-gateway 10.200.13.1,topology
subnet,ping 10,ping-restart 120,route INT.BEHIND.VPN2.0
255.255.255.0,route INT.BEHIND.VPN1.0 255.255.255.0,dhcp-option DNS
INT.BEHIND.VPN1.210,dhcp-option DNS INT.BEHIND.VPN2.250,dhcp-option
DOMAIN domäne.intern,ifconfig 10.200.13.4 255.255.255.0'
Jul 18 09:32:35 login ovpn-utm[8335]: OPTIONS IMPORT: timers and/or
timeouts modified
Jul 18 09:32:35 login ovpn-utm[8335]: OPTIONS IMPORT: --ifconfig/up
options modified
Jul 18 09:32:35 login ovpn-utm[8335]: OPTIONS IMPORT: route options modified
Jul 18 09:32:35 login ovpn-utm[8335]: OPTIONS IMPORT: route-related
options modified
Jul 18 09:32:35 login ovpn-utm[8335]: OPTIONS IMPORT: --ip-win32 and/or
--dhcp-option options modified
Jul 18 09:32:35 login ovpn-utm[8335]: Data Channel Encrypt: Cipher
'AES-256-CBC' initialized with 256 bit key
Jul 18 09:32:35 login ovpn-utm[8335]: Data Channel Encrypt: Using 256
bit message hash 'SHA256' for HMAC authentication
Jul 18 09:32:35 login ovpn-utm[8335]: Data Channel Decrypt: Cipher
'AES-256-CBC' initialized with 256 bit key
Jul 18 09:32:35 login ovpn-utm[8335]: Data Channel Decrypt: Using 256
bit message hash 'SHA256' for HMAC authentication
Jul 18 09:32:35 login ovpn-utm[8335]: Preserving previous TUN/TAP
instance: tun0
Jul 18 09:32:35 login ovpn-utm[8335]: NOTE: Pulled options changed on
restart, will need to close and reopen TUN/TAP device.
Jul 18 09:32:35 login ovpn-utm[8335]: /sbin/ip route del EXT.IP.FROM.VPN/32
Jul 18 09:32:35 login ovpn-utm[8335]: /sbin/ip route del
INT.BEHIND.VPN2.0/24
Jul 18 09:32:35 login ovpn-utm[8335]: /sbin/ip route del
INT.BEHIND.VPN1.0/24
Jul 18 09:32:35 login ovpn-utm[8335]: Closing TUN/TAP interface
Jul 18 09:32:35 login ovpn-utm[8335]: /sbin/ip addr del dev tun0
10.200.13.2/24
Jul 18 09:32:36 login ovpn-utm[8335]: ROUTE_GATEWAY
TWO.NETWORK.2.1/255.255.255.0 IFACE=eth0 HWADDR=00:0c:29:cd:45:cc
Jul 18 09:32:36 login ovpn-utm[8335]: TUN/TAP device tun0 opened
Jul 18 09:32:36 login ovpn-utm[8335]: TUN/TAP TX queue length set to 100
Jul 18 09:32:36 login ovpn-utm[8335]: do_ifconfig,
tt->did_ifconfig_ipv6_setup=0
Jul 18 09:32:36 login ovpn-utm[8335]: /sbin/ip link set dev tun0 up mtu 1500
Jul 18 09:32:36 login ovpn-utm[8335]: /sbin/ip addr add dev tun0
10.200.13.4/24 broadcast 10.200.13.255
Jul 18 09:32:40 login ovpn-utm[8335]: /sbin/ip route add
EXT.IP.FROM.VPN/32 via TWO.NETWORK.2.1
Jul 18 09:32:40 login ovpn-utm[8335]: /sbin/ip route add
INT.BEHIND.VPN2.0/24 via 10.200.13.1
Jul 18 09:32:40 login ovpn-utm[8335]: /sbin/ip route add
INT.BEHIND.VPN1.0/24 via 10.200.13.1
Jul 18 09:32:40 login ovpn-utm[8335]: Initialization Sequence Completed
Jul 18 09:47:35 login ovpn-utm[8335]: [address.of.utm.de] Inactivity
timeout (--ping-restart), restarting
Jul 18 09:47:35 login ovpn-utm[8335]: SIGUSR1[soft,ping-restart]
received, process restarting
Jul 18 09:47:35 login ovpn-utm[8335]: Restart pause, 5 second(s)
Jul 18 09:47:40 login ovpn-utm[8335]: TCP/UDP: Preserving recently used
remote address: [AF_INET]EXT.IP.FROM.VPN:1197
Jul 18 09:47:40 login ovpn-utm[8335]: Socket Buffers: R=[212992->212992]
S=[212992->212992]
Jul 18 09:47:40 login ovpn-utm[8335]: UDP link local: (not bound)
Jul 18 09:47:40 login ovpn-utm[8335]: UDP link remote:
[AF_INET]EXT.IP.FROM.VPN:1197
Jul 18 09:47:40 login ovpn-utm[8335]: TLS: Initial packet from
[AF_INET]EXT.IP.FROM.VPN:1197, sid=2641d8ae 42f32787
Jul 18 09:47:41 login ovpn-utm[8335]: VERIFY OK: depth=1, C=de,
L=Paderborn, O=company Internet GmbH, CN=company Internet GmbH VPN CA,
emailAddress=tech...@company.de
Jul 18 09:47:41 login ovpn-utm[8335]: VERIFY X509NAME OK: C=de,
ST=Nordrhein-Westfalen, L=Paderborn, O=company Internet GmbH,
OU=Technik, CN=address.of.utm.de, emailAddress=tech...@company.de
Jul 18 09:47:41 login ovpn-utm[8335]: VERIFY OK: depth=0, C=de,
ST=Nordrhein-Westfalen, L=Paderborn, O=company Internet GmbH,
OU=Technik, CN=address.of.utm.de, emailAddress=tech...@company.de
Jul 18 09:47:42 login ovpn-utm[8335]: Control Channel: TLSv1.2, cipher
TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Jul 18 09:47:42 login ovpn-utm[8335]: [address.of.utm.de] Peer
Connection Initiated with [AF_INET]EXT.IP.FROM.VPN:1197
Jul 18 09:47:43 login ovpn-utm[8335]: SENT CONTROL [address.of.utm.de]:
'PUSH_REQUEST' (status=1)
Jul 18 09:47:48 login ovpn-utm[8335]: SENT CONTROL [address.of.utm.de]:
'PUSH_REQUEST' (status=1)
Jul 18 09:47:48 login ovpn-utm[8335]: PUSH: Received control message:
'PUSH_REPLY,route-gateway 10.200.13.1,route-gateway 10.200.13.1,topology
subnet,ping 10,ping-restart 120,route INT.BEHIND.VPN2.0
255.255.255.0,route INT.BEHIND.VPN1.0 255.255.255.0,dhcp-option DNS
INT.BEHIND.VPN1.210,dhcp-option DNS INT.BEHIND.VPN2.250,dhcp-option
DOMAIN domäne.intern,ifconfig 10.200.13.5 255.255.255.0'
Jul 18 09:47:48 login ovpn-utm[8335]: OPTIONS IMPORT: timers and/or
timeouts modified
Jul 18 09:47:48 login ovpn-utm[8335]: OPTIONS IMPORT: --ifconfig/up
options modified
Jul 18 09:47:48 login ovpn-utm[8335]: OPTIONS IMPORT: route options modified
Jul 18 09:47:48 login ovpn-utm[8335]: OPTIONS IMPORT: route-related
options modified
Jul 18 09:47:48 login ovpn-utm[8335]: OPTIONS IMPORT: --ip-win32 and/or
--dhcp-option options modified
Jul 18 09:47:48 login ovpn-utm[8335]: Data Channel Encrypt: Cipher
'AES-256-CBC' initialized with 256 bit key
Jul 18 09:47:48 login ovpn-utm[8335]: Data Channel Encrypt: Using 256
bit message hash 'SHA256' for HMAC authentication
Jul 18 09:47:48 login ovpn-utm[8335]: Data Channel Decrypt: Cipher
'AES-256-CBC' initialized with 256 bit key
Jul 18 09:47:48 login ovpn-utm[8335]: Data Channel Decrypt: Using 256
bit message hash 'SHA256' for HMAC authentication
Jul 18 09:47:48 login ovpn-utm[8335]: Preserving previous TUN/TAP
instance: tun0
Jul 18 09:47:48 login ovpn-utm[8335]: NOTE: Pulled options changed on
restart, will need to close and reopen TUN/TAP device.
Jul 18 09:47:48 login ovpn-utm[8335]: /sbin/ip route del EXT.IP.FROM.VPN/32
Jul 18 09:47:48 login ovpn-utm[8335]: /sbin/ip route del
INT.BEHIND.VPN2.0/24
Jul 18 09:47:48 login ovpn-utm[8335]: /sbin/ip route del
INT.BEHIND.VPN1.0/24
Jul 18 09:47:48 login ovpn-utm[8335]: Closing TUN/TAP interface
Jul 18 09:47:48 login ovpn-utm[8335]: /sbin/ip addr del dev tun0
10.200.13.4/24
Jul 18 09:47:49 login ovpn-utm[8335]: ROUTE_GATEWAY
TWO.NETWORK.2.1/255.255.255.0 IFACE=eth0 HWADDR=00:0c:29:cd:45:cc
Jul 18 09:47:49 login ovpn-utm[8335]: TUN/TAP device tun0 opened
Jul 18 09:47:49 login ovpn-utm[8335]: TUN/TAP TX queue length set to 100
Jul 18 09:47:49 login ovpn-utm[8335]: do_ifconfig,
tt->did_ifconfig_ipv6_setup=0
Jul 18 09:47:49 login ovpn-utm[8335]: /sbin/ip link set dev tun0 up mtu 1500
Jul 18 09:47:49 login ovpn-utm[8335]: /sbin/ip addr add dev tun0
10.200.13.5/24 broadcast 10.200.13.255
Jul 18 09:47:53 login ovpn-utm[8335]: /sbin/ip route add
EXT.IP.FROM.VPN/32 via TWO.NETWORK.2.1
Jul 18 09:47:53 login ovpn-utm[8335]: /sbin/ip route add
INT.BEHIND.VPN2.0/24 via 10.200.13.1
Jul 18 09:47:53 login ovpn-utm[8335]: /sbin/ip route add
INT.BEHIND.VPN1.0/24 via 10.200.13.1
Jul 18 09:47:53 login ovpn-utm[8335]: Initialization Sequence Completed
root@login:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000
link/ether 00:0c:29:cd:45:cc brd ff:ff:ff:ff:ff:ff
inet TWO.NETWORK.2.102/24 brd TWO.NETWORK.2.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.127.1/24 brd 192.168.127.255 scope global eth0:1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fecd:45cc/64 scope link
valid_lft forever preferred_lft forever
17: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.242.2.8/24 brd 10.242.2.255 scope global tun1
valid_lft forever preferred_lft forever
inet6 fe80::f390:a02f:783b:7d4e/64 scope link flags 800
valid_lft forever preferred_lft forever
20: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.200.13.5/24 brd 10.200.13.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::85d4:e9c5:d11a:807/64 scope link flags 800
valid_lft forever preferred_lft forever
root@login:~# ip r
default via TWO.NETWORK.2.1 dev eth0 onlink
10.200.13.0/24 dev tun0 proto kernel scope link src 10.200.13.5
10.242.2.0/24 dev tun1 proto kernel scope link src 10.242.2.8
62.214.68.130 via TWO.NETWORK.2.1 dev eth0
EXT.IP.FROM.VPN via TWO.NETWORK.2.1 dev eth0
172.27.0.11 via 10.242.2.1 dev tun1
172.27.0.131 via 10.242.2.1 dev tun1
172.27.0.133 via 10.242.2.1 dev tun1
172.27.0.134 via 10.242.2.1 dev tun1
192.168.127.0/24 dev eth0 proto kernel scope link src 192.168.127.1
INT.BEHIND.VPN1.0/24 via 10.200.13.1 dev tun0
INT.BEHIND.VPN2.0/24 via 10.200.13.1 dev tun0
TWO.NETWORK.2.0/24 dev eth0 scope link
TWO.NETWORK.2.0/24 dev eth0 proto kernel scope link src TWO.NETWORK.2.102
ONE.NETWORK.1.0/24 dev eth0 scope link
root@login:~# ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
mode DEFAULT group default qlen 1000
link/ether 00:0c:29:cd:45:cc brd ff:ff:ff:ff:ff:ff
17: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN mode DEFAULT group default qlen 100
link/none
20: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN mode DEFAULT group default qlen 100
link/none
Not working1:
Jul 18 09:27:06 notworking1 ovpn-utm[23466]: VERIFY OK: depth=1, C=de,
L=Paderborn, O=company Internet GmbH, CN=company Internet GmbH VPN CA,
emailAddress=tech...@company.de
Jul 18 09:27:06 notworking1 ovpn-utm[23466]: VERIFY X509NAME OK: C=de,
ST=Nordrhein-Westfalen, L=Paderborn, O=company Internet GmbH,
OU=Technik, CN=address.of.utm.de, emailAddress=tech...@company.de
Jul 18 09:27:06 notworking1 ovpn-utm[23466]: VERIFY OK: depth=0, C=de,
ST=Nordrhein-Westfalen, L=Paderborn, O=company Internet GmbH,
OU=Technik, CN=address.of.utm.de, emailAddress=tech...@company.de
Jul 18 09:27:07 notworking1 ovpn-utm[23466]: Data Channel Encrypt:
Cipher 'AES-256-CBC' initialized with 256 bit key
Jul 18 09:27:07 notworking1 ovpn-utm[23466]: Data Channel Encrypt: Using
256 bit message hash 'SHA256' for HMAC authentication
Jul 18 09:27:07 notworking1 ovpn-utm[23466]: Data Channel Decrypt:
Cipher 'AES-256-CBC' initialized with 256 bit key
Jul 18 09:27:07 notworking1 ovpn-utm[23466]: Data Channel Decrypt: Using
256 bit message hash 'SHA256' for HMAC authentication
Jul 18 09:27:07 notworking1 ovpn-utm[23466]: Control Channel: TLSv1.2,
cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Jul 18 09:32:23 notworking1 ovpn-utm[23466]: [address.of.utm.de]
Inactivity timeout (--ping-restart), restarting
Jul 18 09:32:23 notworking1 ovpn-utm[23466]: SIGUSR1[soft,ping-restart]
received, process restarting
Jul 18 09:32:23 notworking1 ovpn-utm[23466]: Restart pause, 5 second(s)
Jul 18 09:32:28 notworking1 ovpn-utm[23466]: TCP/UDP: Preserving
recently used remote address: [AF_INET]EXT.IP.FROM.VPN:1197
Jul 18 09:32:28 notworking1 ovpn-utm[23466]: Socket Buffers:
R=[212992->212992] S=[212992->212992]
Jul 18 09:32:28 notworking1 ovpn-utm[23466]: UDP link local: (not bound)
Jul 18 09:32:28 notworking1 ovpn-utm[23466]: UDP link remote:
[AF_INET]EXT.IP.FROM.VPN:1197
Jul 18 09:32:28 notworking1 ovpn-utm[23466]: TLS: Initial packet from
[AF_INET]EXT.IP.FROM.VPN:1197, sid=bf60e79c 829c1465
Jul 18 09:32:29 notworking1 ovpn-utm[23466]: VERIFY OK: depth=1, C=de,
L=Paderborn, O=company Internet GmbH, CN=company Internet GmbH VPN CA,
emailAddress=tech...@company.de
Jul 18 09:32:29 notworking1 ovpn-utm[23466]: VERIFY X509NAME OK: C=de,
ST=Nordrhein-Westfalen, L=Paderborn, O=company Internet GmbH,
OU=Technik, CN=address.of.utm.de, emailAddress=tech...@company.de
Jul 18 09:32:29 notworking1 ovpn-utm[23466]: VERIFY OK: depth=0, C=de,
ST=Nordrhein-Westfalen, L=Paderborn, O=company Internet GmbH,
OU=Technik, CN=address.of.utm.de, emailAddress=tech...@company.de
Jul 18 09:32:30 notworking1 ovpn-utm[23466]: Control Channel: TLSv1.2,
cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Jul 18 09:32:30 notworking1 ovpn-utm[23466]: [address.of.utm.de] Peer
Connection Initiated with [AF_INET]EXT.IP.FROM.VPN:1197
Jul 18 09:32:31 notworking1 ovpn-utm[23466]: SENT CONTROL
[address.of.utm.de]: 'PUSH_REQUEST' (status=1)
Jul 18 09:32:36 notworking1 ovpn-utm[23466]: SENT CONTROL
[address.of.utm.de]: 'PUSH_REQUEST' (status=1)
Jul 18 09:32:36 notworking1 ovpn-utm[23466]: PUSH: Received control
message: 'PUSH_REPLY,route-gateway 10.200.13.1,route-gateway
10.200.13.1,topology subnet,ping 10,ping-restart 120,route
INT.BEHIND.VPN1.212 255.255.255.255,dhcp-option DNS
INT.BEHIND.VPN1.210,dhcp-option DNS INT.BEHIND.VPN2.250,dhcp-option
DOMAIN domäne.intern,ifconfig 10.200.13.3 255.255.255.0'
Jul 18 09:32:36 notworking1 ovpn-utm[23466]: OPTIONS IMPORT: timers
and/or timeouts modified
Jul 18 09:32:36 notworking1 ovpn-utm[23466]: OPTIONS IMPORT:
--ifconfig/up options modified
Jul 18 09:32:36 notworking1 ovpn-utm[23466]: OPTIONS IMPORT: route
options modified
Jul 18 09:32:36 notworking1 ovpn-utm[23466]: OPTIONS IMPORT:
route-related options modified
Jul 18 09:32:36 notworking1 ovpn-utm[23466]: OPTIONS IMPORT: --ip-win32
and/or --dhcp-option options modified
Jul 18 09:32:36 notworking1 ovpn-utm[23466]: Data Channel Encrypt:
Cipher 'AES-256-CBC' initialized with 256 bit key
Jul 18 09:32:36 notworking1 ovpn-utm[23466]: Data Channel Encrypt: Using
256 bit message hash 'SHA256' for HMAC authentication
Jul 18 09:32:36 notworking1 ovpn-utm[23466]: Data Channel Decrypt:
Cipher 'AES-256-CBC' initialized with 256 bit key
Jul 18 09:32:36 notworking1 ovpn-utm[23466]: Data Channel Decrypt: Using
256 bit message hash 'SHA256' for HMAC authentication
Jul 18 09:32:36 notworking1 ovpn-utm[23466]: Preserving previous TUN/TAP
instance: tun0
Jul 18 09:32:36 notworking1 ovpn-utm[23466]: Initialization Sequence
Completed
Jul 18 09:47:34 notworking1 ovpn-utm[23466]: [address.of.utm.de]
Inactivity timeout (--ping-restart), restarting
Jul 18 09:47:34 notworking1 ovpn-utm[23466]: SIGUSR1[soft,ping-restart]
received, process restarting
Jul 18 09:47:34 notworking1 ovpn-utm[23466]: Restart pause, 5 second(s)
Jul 18 09:47:39 notworking1 ovpn-utm[23466]: TCP/UDP: Preserving
recently used remote address: [AF_INET]EXT.IP.FROM.VPN:1197
Jul 18 09:47:39 notworking1 ovpn-utm[23466]: Socket Buffers:
R=[212992->212992] S=[212992->212992]
Jul 18 09:47:39 notworking1 ovpn-utm[23466]: UDP link local: (not bound)
Jul 18 09:47:39 notworking1 ovpn-utm[23466]: UDP link remote:
[AF_INET]EXT.IP.FROM.VPN:1197
Jul 18 09:47:39 notworking1 ovpn-utm[23466]: TLS: Initial packet from
[AF_INET]EXT.IP.FROM.VPN:1197, sid=05d4dc5d c20155bd
Jul 18 09:47:39 notworking1 ovpn-utm[23466]: VERIFY OK: depth=1, C=de,
L=Paderborn, O=company Internet GmbH, CN=company Internet GmbH VPN CA,
emailAddress=tech...@company.de
Jul 18 09:47:39 notworking1 ovpn-utm[23466]: VERIFY X509NAME OK: C=de,
ST=Nordrhein-Westfalen, L=Paderborn, O=company Internet GmbH,
OU=Technik, CN=address.of.utm.de, emailAddress=tech...@company.de
Jul 18 09:47:39 notworking1 ovpn-utm[23466]: VERIFY OK: depth=0, C=de,
ST=Nordrhein-Westfalen, L=Paderborn, O=company Internet GmbH,
OU=Technik, CN=address.of.utm.de, emailAddress=tech...@company.de
Jul 18 09:47:40 notworking1 ovpn-utm[23466]: Control Channel: TLSv1.2,
cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Jul 18 09:47:40 notworking1 ovpn-utm[23466]: [address.of.utm.de] Peer
Connection Initiated with [AF_INET]EXT.IP.FROM.VPN:1197
Jul 18 09:47:41 notworking1 ovpn-utm[23466]: SENT CONTROL
[address.of.utm.de]: 'PUSH_REQUEST' (status=1)
Jul 18 09:47:42 notworking1 ovpn-utm[23466]: PUSH: Received control
message: 'PUSH_REPLY,route-gateway 10.200.13.1,route-gateway
10.200.13.1,topology subnet,ping 10,ping-restart 120,route
INT.BEHIND.VPN1.212 255.255.255.255,dhcp-option DNS
INT.BEHIND.VPN1.210,dhcp-option DNS INT.BEHIND.VPN2.250,dhcp-option
DOMAIN domäne.intern,ifconfig 10.200.13.4 255.255.255.0'
Jul 18 09:47:42 notworking1 ovpn-utm[23466]: OPTIONS IMPORT: timers
and/or timeouts modified
Jul 18 09:47:42 notworking1 ovpn-utm[23466]: OPTIONS IMPORT:
--ifconfig/up options modified
Jul 18 09:47:42 notworking1 ovpn-utm[23466]: OPTIONS IMPORT: route
options modified
Jul 18 09:47:42 notworking1 ovpn-utm[23466]: OPTIONS IMPORT:
route-related options modified
Jul 18 09:47:42 notworking1 ovpn-utm[23466]: OPTIONS IMPORT: --ip-win32
and/or --dhcp-option options modified
Jul 18 09:47:42 notworking1 ovpn-utm[23466]: Data Channel Encrypt:
Cipher 'AES-256-CBC' initialized with 256 bit key
Jul 18 09:47:42 notworking1 ovpn-utm[23466]: Data Channel Encrypt: Using
256 bit message hash 'SHA256' for HMAC authentication
Jul 18 09:47:42 notworking1 ovpn-utm[23466]: Data Channel Decrypt:
Cipher 'AES-256-CBC' initialized with 256 bit key
Jul 18 09:47:42 notworking1 ovpn-utm[23466]: Data Channel Decrypt: Using
256 bit message hash 'SHA256' for HMAC authentication
Jul 18 09:47:42 notworking1 ovpn-utm[23466]: Preserving previous TUN/TAP
instance: tun0
Jul 18 09:47:42 notworking1 ovpn-utm[23466]: Initialization Sequence
Completed
root@notworking1:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000
link/ether 00:0c:29:f2:d5:b8 brd ff:ff:ff:ff:ff:ff
inet ONE.NETWORK.1.138/24 brd ONE.NETWORK.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef2:d5b8/64 scope link
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.200.13.3/24 brd 10.200.13.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::17e6:9f90:15c0:870c/64 scope link flags 800
valid_lft forever preferred_lft forever
root@notworking1:~# ip r
default via ONE.NETWORK.1.1 dev eth0 onlink
10.200.13.0/24 dev tun0 proto kernel scope link src 10.200.13.3
EXT.IP.FROM.VPN via ONE.NETWORK.1.1 dev eth0
INT.BEHIND.VPN1.212 via 10.200.13.1 dev tun0
TWO.NETWORK.2.0/24 dev eth0 scope link
ONE.NETWORK.1.0/24 dev eth0 scope link
ONE.NETWORK.1.0/24 dev eth0 proto kernel scope link src ONE.NETWORK.1.138
root@notworking1:~# ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
mode DEFAULT group default qlen 1000
link/ether 00:0c:29:f2:d5:b8 brd ff:ff:ff:ff:ff:ff
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN mode DEFAULT group default qlen 100
link/none
Not working2:
Jul 18 09:31:24 notworking2 ovpn-utm[14557]: TLS: tls_process: killed
expiring key
Jul 18 09:32:27 notworking2 ovpn-utm[14557]: [address.of.utm.de]
Inactivity timeout (--ping-restart), restarting
Jul 18 09:32:27 notworking2 ovpn-utm[14557]: SIGUSR1[soft,ping-restart]
received, process restarting
Jul 18 09:32:27 notworking2 ovpn-utm[14557]: Restart pause, 5 second(s)
Jul 18 09:32:32 notworking2 ovpn-utm[14557]: TCP/UDP: Preserving
recently used remote address: [AF_INET]EXT.IP.FROM.VPN:1197
Jul 18 09:32:32 notworking2 ovpn-utm[14557]: Socket Buffers:
R=[212992->212992] S=[212992->212992]
Jul 18 09:32:32 notworking2 ovpn-utm[14557]: UDP link local: (not bound)
Jul 18 09:32:32 notworking2 ovpn-utm[14557]: UDP link remote:
[AF_INET]EXT.IP.FROM.VPN:1197
Jul 18 09:32:32 notworking2 ovpn-utm[14557]: TLS: Initial packet from
[AF_INET]EXT.IP.FROM.VPN:1197, sid=4f5674be 44ad3c47
Jul 18 09:32:34 notworking2 ovpn-utm[14557]: VERIFY OK: depth=1, C=de,
L=Paderborn, O=company Internet GmbH, CN=company Internet GmbH VPN CA,
emailAddress=tech...@company.de
Jul 18 09:32:34 notworking2 ovpn-utm[14557]: VERIFY X509NAME OK: C=de,
ST=Nordrhein-Westfalen, L=Paderborn, O=company Internet GmbH,
OU=Technik, CN=address.of.utm.de, emailAddress=tech...@company.de
Jul 18 09:32:34 notworking2 ovpn-utm[14557]: VERIFY OK: depth=0, C=de,
ST=Nordrhein-Westfalen, L=Paderborn, O=company Internet GmbH,
OU=Technik, CN=address.of.utm.de, emailAddress=tech...@company.de
Jul 18 09:32:35 notworking2 ovpn-utm[14557]: Control Channel: TLSv1.2,
cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Jul 18 09:32:35 notworking2 ovpn-utm[14557]: [address.of.utm.de] Peer
Connection Initiated with [AF_INET]EXT.IP.FROM.VPN:1197
Jul 18 09:32:36 notworking2 ovpn-utm[14557]: SENT CONTROL
[address.of.utm.de]: 'PUSH_REQUEST' (status=1)
Jul 18 09:32:41 notworking2 ovpn-utm[14557]: SENT CONTROL
[address.of.utm.de]: 'PUSH_REQUEST' (status=1)
Jul 18 09:32:41 notworking2 ovpn-utm[14557]: PUSH: Received control
message: 'PUSH_REPLY,route-gateway 10.200.13.1,route-gateway
10.200.13.1,topology subnet,ping 10,ping-restart 120,route
INT.BEHIND.VPN2.0 255.255.255.0,route INT.BEHIND.VPN1.0
255.255.255.0,route 192.168.221.0 255.255.255.0,dhcp-option DNS
INT.BEHIND.VPN1.210,dhcp-option DNS INT.BEHIND.VPN2.250,dhcp-option
DOMAIN domäne.intern,ifconfig 10.200.13.6 255.255.255.0'
Jul 18 09:32:41 notworking2 ovpn-utm[14557]: OPTIONS IMPORT: timers
and/or timeouts modified
Jul 18 09:32:41 notworking2 ovpn-utm[14557]: OPTIONS IMPORT:
--ifconfig/up options modified
Jul 18 09:32:41 notworking2 ovpn-utm[14557]: OPTIONS IMPORT: route
options modified
Jul 18 09:32:41 notworking2 ovpn-utm[14557]: OPTIONS IMPORT:
route-related options modified
Jul 18 09:32:41 notworking2 ovpn-utm[14557]: OPTIONS IMPORT: --ip-win32
and/or --dhcp-option options modified
Jul 18 09:32:41 notworking2 ovpn-utm[14557]: Data Channel Encrypt:
Cipher 'AES-256-CBC' initialized with 256 bit key
Jul 18 09:32:41 notworking2 ovpn-utm[14557]: Data Channel Encrypt: Using
256 bit message hash 'SHA256' for HMAC authentication
Jul 18 09:32:41 notworking2 ovpn-utm[14557]: Data Channel Decrypt:
Cipher 'AES-256-CBC' initialized with 256 bit key
Jul 18 09:32:41 notworking2 ovpn-utm[14557]: Data Channel Decrypt: Using
256 bit message hash 'SHA256' for HMAC authentication
Jul 18 09:32:41 notworking2 ovpn-utm[14557]: Preserving previous TUN/TAP
instance: tun1
Jul 18 09:32:41 notworking2 ovpn-utm[14557]: Initialization Sequence
Completed
Jul 18 09:47:38 notworking2 ovpn-utm[14557]: [address.of.utm.de]
Inactivity timeout (--ping-restart), restarting
Jul 18 09:47:38 notworking2 ovpn-utm[14557]: SIGUSR1[soft,ping-restart]
received, process restarting
Jul 18 09:47:38 notworking2 ovpn-utm[14557]: Restart pause, 5 second(s)
Jul 18 09:47:43 notworking2 ovpn-utm[14557]: TCP/UDP: Preserving
recently used remote address: [AF_INET]EXT.IP.FROM.VPN:1197
Jul 18 09:47:43 notworking2 ovpn-utm[14557]: Socket Buffers:
R=[212992->212992] S=[212992->212992]
Jul 18 09:47:43 notworking2 ovpn-utm[14557]: UDP link local: (not bound)
Jul 18 09:47:43 notworking2 ovpn-utm[14557]: UDP link remote:
[AF_INET]EXT.IP.FROM.VPN:1197
Jul 18 09:47:43 notworking2 ovpn-utm[14557]: TLS: Initial packet from
[AF_INET]EXT.IP.FROM.VPN:1197, sid=e9987478 1ddebbfa
Jul 18 09:47:43 notworking2 ovpn-utm[14557]: VERIFY OK: depth=1, C=de,
L=Paderborn, O=company Internet GmbH, CN=company Internet GmbH VPN CA,
emailAddress=tech...@company.de
Jul 18 09:47:43 notworking2 ovpn-utm[14557]: VERIFY X509NAME OK: C=de,
ST=Nordrhein-Westfalen, L=Paderborn, O=company Internet GmbH,
OU=Technik, CN=address.of.utm.de, emailAddress=tech...@company.de
Jul 18 09:47:43 notworking2 ovpn-utm[14557]: VERIFY OK: depth=0, C=de,
ST=Nordrhein-Westfalen, L=Paderborn, O=company Internet GmbH,
OU=Technik, CN=address.of.utm.de, emailAddress=tech...@company.de
Jul 18 09:47:45 notworking2 ovpn-utm[14557]: Control Channel: TLSv1.2,
cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Jul 18 09:47:45 notworking2 ovpn-utm[14557]: [address.of.utm.de] Peer
Connection Initiated with [AF_INET]EXT.IP.FROM.VPN:1197
Jul 18 09:47:46 notworking2 ovpn-utm[14557]: SENT CONTROL
[address.of.utm.de]: 'PUSH_REQUEST' (status=1)
Jul 18 09:47:51 notworking2 ovpn-utm[14557]: SENT CONTROL
[address.of.utm.de]: 'PUSH_REQUEST' (status=1)
Jul 18 09:47:51 notworking2 ovpn-utm[14557]: PUSH: Received control
message: 'PUSH_REPLY,route-gateway 10.200.13.1,route-gateway
10.200.13.1,topology subnet,ping 10,ping-restart 120,route
INT.BEHIND.VPN2.0 255.255.255.0,route INT.BEHIND.VPN1.0
255.255.255.0,route 192.168.221.0 255.255.255.0,dhcp-option DNS
INT.BEHIND.VPN1.210,dhcp-option DNS INT.BEHIND.VPN2.250,dhcp-option
DOMAIN domäne.intern,ifconfig 10.200.13.6 255.255.255.0'
Jul 18 09:47:51 notworking2 ovpn-utm[14557]: OPTIONS IMPORT: timers
and/or timeouts modified
Jul 18 09:47:51 notworking2 ovpn-utm[14557]: OPTIONS IMPORT:
--ifconfig/up options modified
Jul 18 09:47:51 notworking2 ovpn-utm[14557]: OPTIONS IMPORT: route
options modified
Jul 18 09:47:51 notworking2 ovpn-utm[14557]: OPTIONS IMPORT:
route-related options modified
Jul 18 09:47:51 notworking2 ovpn-utm[14557]: OPTIONS IMPORT: --ip-win32
and/or --dhcp-option options modified
Jul 18 09:47:51 notworking2 ovpn-utm[14557]: Data Channel Encrypt:
Cipher 'AES-256-CBC' initialized with 256 bit key
Jul 18 09:47:51 notworking2 ovpn-utm[14557]: Data Channel Encrypt: Using
256 bit message hash 'SHA256' for HMAC authentication
Jul 18 09:47:51 notworking2 ovpn-utm[14557]: Data Channel Decrypt:
Cipher 'AES-256-CBC' initialized with 256 bit key
Jul 18 09:47:51 notworking2 ovpn-utm[14557]: Data Channel Decrypt: Using
256 bit message hash 'SHA256' for HMAC authentication
Jul 18 09:47:51 notworking2 ovpn-utm[14557]: Preserving previous TUN/TAP
instance: tun1
Jul 18 09:47:51 notworking2 ovpn-utm[14557]: Initialization Sequence
Completed
root@notworking2:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000
link/ether 54:9f:35:04:cc:e6 brd ff:ff:ff:ff:ff:ff
inet 178.77.127.79/24 brd 178.77.127.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::569f:35ff:fe04:cce6/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether 54:9f:35:04:cc:e8 brd ff:ff:ff:ff:ff:ff
7: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN group default qlen 100
link/ether 5e:49:f9:a7:cd:52 brd ff:ff:ff:ff:ff:ff
inet 192.168.94.7/24 brd 192.168.94.255 scope global tap0
valid_lft forever preferred_lft forever
inet6 fe80::5c49:f9ff:fea7:cd52/64 scope link
valid_lft forever preferred_lft forever
8: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.242.2.9/24 brd 10.242.2.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::ac2:5d3f:fff8:b36b/64 scope link flags 800
valid_lft forever preferred_lft forever
9: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.200.13.4/24 brd 10.200.13.255 scope global tun1
valid_lft forever preferred_lft forever
inet6 fe80::e25d:757a:d049:c640/64 scope link flags 800
valid_lft forever preferred_lft forever
root@notworking2:~# ip r
default via 178.77.127.1 dev eth0 onlink
10.200.13.0/24 dev tun1 proto kernel scope link src 10.200.13.4
10.242.2.0/24 dev tun0 proto kernel scope link src 10.242.2.9
62.214.68.130 via 178.77.127.1 dev eth0
EXT.IP.FROM.VPN via 178.77.127.1 dev eth0
172.27.0.11 via 10.242.2.1 dev tun0
172.27.0.131 via 10.242.2.1 dev tun0
172.27.0.133 via 10.242.2.1 dev tun0
172.27.0.134 via 10.242.2.1 dev tun0
178.77.127.0/24 dev eth0 proto kernel scope link src 178.77.127.79
192.168.92.0/24 via 192.168.94.1 dev tap0
192.168.94.0/24 dev tap0 proto kernel scope link src 192.168.94.7
192.168.221.0/24 via 10.200.13.1 dev tun1
INT.BEHIND.VPN1.0/24 via 10.200.13.1 dev tun1
INT.BEHIND.VPN2.0/24 via 10.200.13.1 dev tun1
root@notworking2:~# ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
mode DEFAULT group default qlen 1000
link/ether 54:9f:35:04:cc:e6 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
DEFAULT group default qlen 1000
link/ether 54:9f:35:04:cc:e8 brd ff:ff:ff:ff:ff:ff
7: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN mode DEFAULT group default qlen 100
link/ether 5e:49:f9:a7:cd:52 brd ff:ff:ff:ff:ff:ff
8: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN mode DEFAULT group default qlen 100
link/none
9: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN mode DEFAULT group default qlen 100
link/none
If I restart the openvpn service on both notworking nodes they are
working again.
Please note that:
* notworking 1 and working one are in the same datacenter / network
* notworking2 is in a different datacenter
ip {a,r,l} after restart from notworking1:
root@notworking1:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000
link/ether 00:0c:29:f2:d5:b8 brd ff:ff:ff:ff:ff:ff
inet ONE.NETWORK.1.138/24 brd ONE.NETWORK.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef2:d5b8/64 scope link
valid_lft forever preferred_lft forever
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.200.13.2/24 brd 10.200.13.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::afc2:1fea:eb8f:71f6/64 scope link flags 800
valid_lft forever preferred_lft forever
root@notworking1:~# ip r
default via ONE.NETWORK.1.1 dev eth0 onlink
10.200.13.0/24 dev tun0 proto kernel scope link src 10.200.13.2
EXT.IP.FROM.VPN via ONE.NETWORK.1.1 dev eth0
INT.BEHIND.VPN1.212 via 10.200.13.1 dev tun0
TWO.NETWORK.2.0/24 dev eth0 scope link
ONE.NETWORK.1.0/24 dev eth0 scope link
ONE.NETWORK.1.0/24 dev eth0 proto kernel scope link src ONE.NETWORK.1.138
root@notworking1:~# ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
mode DEFAULT group default qlen 1000
link/ether 00:0c:29:f2:d5:b8 brd ff:ff:ff:ff:ff:ff
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN mode DEFAULT group default qlen 100
link/none
ip {a,r,l} after restart from notworking2:
root@notworking2:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000
link/ether 54:9f:35:04:cc:e6 brd ff:ff:ff:ff:ff:ff
inet 178.77.127.79/24 brd 178.77.127.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::569f:35ff:fe04:cce6/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether 54:9f:35:04:cc:e8 brd ff:ff:ff:ff:ff:ff
10: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN group default qlen 100
link/ether c2:99:d8:32:e0:96 brd ff:ff:ff:ff:ff:ff
inet 192.168.94.8/24 brd 192.168.94.255 scope global tap0
valid_lft forever preferred_lft forever
inet6 fe80::c099:d8ff:fe32:e096/64 scope link
valid_lft forever preferred_lft forever
11: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.200.13.9/24 brd 10.200.13.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::ad43:bc4:d2ae:bc9/64 scope link flags 800
valid_lft forever preferred_lft forever
12: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.242.2.9/24 brd 10.242.2.255 scope global tun1
valid_lft forever preferred_lft forever
inet6 fe80::fc06:ec0e:f7c0:d1f8/64 scope link flags 800
valid_lft forever preferred_lft forever
root@notworking2:~# ip r
default via 178.77.127.1 dev eth0 onlink
10.200.13.0/24 dev tun0 proto kernel scope link src 10.200.13.9
10.242.2.0/24 dev tun1 proto kernel scope link src 10.242.2.9
62.214.68.130 via 178.77.127.1 dev eth0
EXT.IP.FROM.VPN via 178.77.127.1 dev eth0
172.27.0.11 via 10.242.2.1 dev tun1
172.27.0.131 via 10.242.2.1 dev tun1
172.27.0.133 via 10.242.2.1 dev tun1
172.27.0.134 via 10.242.2.1 dev tun1
178.77.127.0/24 dev eth0 proto kernel scope link src 178.77.127.79
192.168.92.0/24 via 192.168.94.1 dev tap0
192.168.94.0/24 dev tap0 proto kernel scope link src 192.168.94.8
192.168.221.0/24 via 10.200.13.1 dev tun0
INT.BEHIND.VPN1.0/24 via 10.200.13.1 dev tun0
INT.BEHIND.VPN2.0/24 via 10.200.13.1 dev tun0
root@notworking2:~# ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
mode DEFAULT group default qlen 1000
link/ether 54:9f:35:04:cc:e6 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
DEFAULT group default qlen 1000
link/ether 54:9f:35:04:cc:e8 brd ff:ff:ff:ff:ff:ff
10: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN mode DEFAULT group default qlen 100
link/ether c2:99:d8:32:e0:96 brd ff:ff:ff:ff:ff:ff
11: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN mode DEFAULT group default qlen 100
link/none
12: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN mode DEFAULT group default qlen 100
link/none
--
/*
Mit freundlichem Gruß / With kind regards,
Patrick Matthäi
GNU/Linux Debian Developer
Blog: http://www.linux-dev.org/
E-Mail: pmatth...@debian.org
patr...@linux-dev.org
*/
