Re: [Openvpn-devel] [Openvpn-users] OpenVPN tunnel stopped working (no traffic) after upgrade to OpenVPN 2.7 (Fedora 44)

Thu, 14 May 2026 12:55:15 -0700 

On Thu, May 14, 2026 at 2:13 PM Antonio Quartulli <[email protected]> wrote:
>
> We have also tried to reproduce the issue locally on a Fedora 44 with no
> luck. It seems to be working fine here.

Thank you very much for your support and effort.


> Therefore it may be something specific to your configuration or setup.
>
> Among all other things, could you please provide your OpenVPN config
> file so that we can check if there is any option leading to this issue?

My config:
-----
client
dev ovpn-sfx
dev-type tun

proto udp
remote vpn.sfx.pl 1194
remote vpn.sfx.pl 1196
remote-random

resolv-retry infinite
nobind
dhcp-option domain-search sfx.local

script-security 2
setenv PATH /usr/sbin:/usr/bin
up /etc/openvpn/client/update-systemd-resolved.sh
down /etc/openvpn/client/update-systemd-resolved.sh
down-pre

persist-key
persist-tun

pkcs12 /etc/openvpn/client/sfx.vpn.p12
askpass /etc/openvpn/client/sfx.pass

mute-replay-warnings
verb 5
-----


> This (and also on the local LAN interface to see if they are actually
> getting out).

[miner@hostx ~]$ sudo tcpdump -i enp5s0 icmp
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp5s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
21:35:04.694647 IP hostx > xyz.sfx.pl: ICMP hostx udp port 46099
unreachable, length 141
21:35:05.718684 IP hostx > xyz.sfx.pl: ICMP hostx udp port 46099
unreachable, length 141
21:35:06.742366 IP hostx > xyz.sfx.pl: ICMP hostx udp port 46099
unreachable, length 141
21:35:07.766012 IP hostx > xyz.sfx.pl: ICMP hostx udp port 46099
unreachable, length 141
21:35:08.790908 IP hostx > xyz.sfx.pl: ICMP hostx udp port 46099
unreachable, length 141


>> Have you tried running tcpdump on on the other end to see if pings are
>> received or not? Just to understand where packets are getting stuck.

No, but I could try if need be.


> Might there be some new firewalling stuff involved that does not know
> how to deal with ovpn interfaces?

I have the firewall disabled:

[miner@hostx ~]$ systemctl status firewalld
â—‹ firewalld.service - firewalld - dynamic firewall daemon
    Loaded: loaded (/usr/lib/systemd/system/firewalld.service;
disabled; preset: enabled)
   Drop-In: /usr/lib/systemd/system/service.d
            └─10-timeout-abort.conf
    Active: inactive (dead)
      Docs: man:firewalld(1)


Regards,
Piotr Dobrogost


_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to