I've got a pair of OpenVPN installations (1.2RC3) on some Alix WRAPs
which are working well. Good performance over an SSL site-to-site VPN
etc.
However, one of the boxes (which is by chance the site-to-site OpenVPN
client) is in a remote location abroad in an environment with
unreliable power. Even though the device is powered via a small UPS,
there seem to be outages where the box is power cycled.
When power is restored, the client reboots fine and DHCP and general
routing service is restored, but the OpenVPN site-to-site fails?!
Connections to the client box's Roadwarrior OpenVPN server work fine.
Looking at the logs on the site-to-site server (194.XXX.XXX.123):
Jan 28 09:16:35 s2sclient openvpn[407]: Inactivity timeout (--ping-
restart), restarting
Jan 28 09:16:35 s2sclient openvpn[407]: SIGUSR1[soft,ping-restart]
received, process restarting
Jan 28 09:16:37 s2sclient openvpn[407]: Re-using pre-shared static key
Jan 28 09:16:37 s2sclient openvpn[407]: LZO compression initialized
Jan 28 09:16:37 s2sclient openvpn[407]: TCP/UDP: Preserving recently
used remote address: 220.XXX.XXX.234:1194
Jan 28 09:16:37 s2sclient openvpn[407]: Preserving previous TUN/TAP
instance: tuCLOG???
And also on the site-to-site client (220.XXX.XX.234):
Jan 28 14:53:40 s2sserver openvpn[374]: 194.XXX.XXX.123:1195 LZO
compression initialized
Jan 28 14:53:40 s2sserver openvpn[374]: 194.XXX.XXX.123:1195 TLS
Error: reading acknowledgement record from packet
Jan 28 14:53:52 s2sserver openvpn[374]: 194.XXX.XXX.123:1195 TLS
Error: unknown opcode received from 194.XXX.XXX.123:1195 op=23
Jan 28 14:54:03 s2sserver openvpn[374]: 194.XXX.XXX.123:1195 TLS
Error: client->client or server->server connection attempted from
194.XXX.XXX.123:1195
Jan 28 14:54:03 s2sserver openvpn[374]: 194.XXX.XXX.123:1195 TLS
Error: unknown opcode received from 194.XXX.XXX.123:1195 op=20
Jan 28 14:54:12 s2sserver openvpn[374]: 194.XXX.XXX.123:1195 TLS
Error: unknown opcode received from 194.XXX.XXX.123:1195 op=24
Jan 28 14:54:12 s2sserver openvpn[374]: 194.XXX.XXX.123:1195 TLS
Error: unknown opcode received from 194.XXX.XXX.123:1195 op=15
Jan 28 14:54:22 s2sserver openvpn[374]: 194.XXX.XXX.123:1195 TLS
Error: unknown opcode received from 194.XXX.XXX.123:1195 op=0
Jan 28 14:54:22 s2sserver openvpn[374]: 194.XXX.XXX.123:1195 TLS
Error: unknown opcode received from 194.XXX.XXX.123:1195 op=13
Jan 28 14:54:32 s2sserver openvpn[374]: 194.XXX.XXX.123:1195 TLS
Error: unknown opcode received from 194.XXX.XXX.123:1195 op=29
Jan 28 14:54:32 s2sserver openvpn[374]: 194.XXX.XXX.123:1195 TLS
Error: Unroutable control packet received from 194.XXX.XXX.123:1195
(si=3 op=P_ACK_V1)
Jan 28 14:54:40 s2sserver openvpn[374]: 194.XXX.XXX.123:1195 TLS
Error: TLS key negotiation failed to occur within 60 seconds (check
your network connectivity)
Jan 28 14:54:40 s2sserver openvpn[374]: 194.XXX.XXX.123:1195 TLS
Error: TLS handshake failed
It seems to be that the server is trying to reuse the same key and tun/
tap instance that existed before the power cut, which clearly no
longer exists on the client. What do I need to specify - and where -
to ensure the site-to-site gets reestablished once power resumes?
TIA.
Merul
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
