I am running an Ubuntu 20.04.5 server on a remote LAN for hosting the OpenVPN
service.
This has been working for many years, but yesterday something happened that
broke the remote connections and I am trying to figure out what is the problem.
Luckily I have set up a secondary OpenVPN server too on the LAN for maintenance
connections when the Linux main server needs to be updated. So I am still able
to access the LAN via that VPN.
With that I have have connected using SSH to the server command line to check
the state and I have also rebooted the main OpenVPN server to no avail.
On the server side the status of the two services report this using the status
command (only showing the full web service but both look the same):
Status?
--------------------------------------
$ sudo systemctl status openvpn-server@serverweb
? openvpn-server@serverweb.service - OpenVPN service for serverweb
Loaded: loaded (/lib/systemd/system/openvpn-server@.service; enabled;
vendor preset: enabled)
Active: active (running) since Wed 2023-02-22 11:57:51 CST; 13h ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 927 (openvpn)
Status: "Initialization Sequence Completed"
Tasks: 1 (limit: 1066)
Memory: 2.1M
CGroup:
/system.slice/system-openvpn\x2dserver.slice/openvpn-server@serverweb.service
+-927 /usr/sbin/openvpn --status
/run/openvpn-server/status-serverweb.log --status-version 2
--suppress-timestamps ->
Feb 22 11:57:48 vpnserver systemd[1]: Starting OpenVPN service for serverweb...
Feb 22 11:57:51 vpnserver systemd[1]: Started OpenVPN service for serverweb.
---------------------------------------
Is the OpenVpn service OK?
---------------------------------------
$ sudo journalctl -u openvpn-server@serverweb
-- Logs begin at Tue 2023-02-07 22:40:22 CST, end at Thu 2023-02-23 01:33:48
CST. --
Feb 19 14:43:12 vpnserver systemd[1]: Starting OpenVPN service for serverweb...
Feb 19 14:43:14 vpnserver systemd[1]: Started OpenVPN service for serverweb.
Feb 22 11:56:51 vpnserver systemd[1]: Stopping OpenVPN service for serverweb...
Feb 22 11:56:53 vpnserver systemd[1]: openvpn-server@serverweb.service:
Succeeded.
Feb 22 11:56:53 vpnserver systemd[1]: Stopped OpenVPN service for serverweb.
-- Reboot --
Feb 22 11:57:48 vpnserver systemd[1]: Starting OpenVPN service for serverweb...
Feb 22 11:57:51 vpnserver systemd[1]: Started OpenVPN service for serverweb.
---------------------------------------
Are the ports listening?
---------------------------------------
$ netstat -vaun
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
...
udp 0 0 0.0.0.0:1194 0.0.0.0:*
udp 0 0 0.0.0.0:1195 0.0.0.0:*
---------------------------------------
Fortigate ROUTER/FIREWALL
=========================
On the LAN router/firewall I have checked that the port forwarding is working
and it is. I have 4 such rules on the firewall, 2 for the main server and 2 for
the secondary server and they both look identical but the main uses ports
1194-1195 whereas the secondary uses 1198-1199. Apart from that they are the
same.
All have been working fine up until yesterday...
But now when I connect on 1194 or 1195 from a remote location nothing happens
whereas on 1198 or 1199 I get instant connection.
So now I am looking for a way to log on to a Linux box on the LAN (via the
secondary OpenVPN server) and then test if a connection can be made to the main
server on ports 1194 or 1195 on the internal LAN. This to bypass the firewall
and just check that the server itself is working correctly.
Is that possible and if so how should I go about it?
I have a few RaspberryPi devices on the LAN which I can connect to with SSH and
operate any Linux command. 2 of them also have openvpn installed (one is the
secondary maintenance OpenVPN server).
Any advice much appreciated!
--
Bo Berglund
Developer in Sweden
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
