Hello, I can even send data on that udp port with netcat between the two like:
netcat -ul 43000 ewqeqw kek lel test dah This node where the logs were from (server): OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019 Other (client) OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 29 2022 Please do not tell me to upgrade I will upgrade it in the next 5 years but this was working just fine till now. Here is the log from the client: Sat May 18 09:39:37 2024 us=286938 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode Sat May 18 09:39:37 2024 us=287342 Current Parameter Settings: Sat May 18 09:39:37 2024 us=287412 config = '/etc/openvpn/client.conf' Sat May 18 09:39:37 2024 us=287478 mode = 0 Sat May 18 09:39:37 2024 us=287540 persist_config = DISABLED Sat May 18 09:39:37 2024 us=287603 persist_mode = 1 Sat May 18 09:39:37 2024 us=287664 show_ciphers = DISABLED Sat May 18 09:39:37 2024 us=287726 show_digests = DISABLED Sat May 18 09:39:37 2024 us=287786 show_engines = DISABLED Sat May 18 09:39:37 2024 us=287847 genkey = DISABLED Sat May 18 09:39:37 2024 us=287909 key_pass_file = '[UNDEF]' Sat May 18 09:39:37 2024 us=287971 show_tls_ciphers = DISABLED Sat May 18 09:39:37 2024 us=288033 connect_retry_max = 0 Sat May 18 09:39:37 2024 us=288095 Connection profiles [0]: Sat May 18 09:39:37 2024 us=288157 proto = udp Sat May 18 09:39:37 2024 us=288219 local = '[UNDEF]' Sat May 18 09:39:37 2024 us=288279 local_port = '[UNDEF]' Sat May 18 09:39:37 2024 us=288341 remote = '<remote dns>' Sat May 18 09:39:37 2024 us=288402 remote_port = '43000' Sat May 18 09:39:37 2024 us=288462 remote_float = DISABLED Sat May 18 09:39:37 2024 us=288523 bind_defined = DISABLED Sat May 18 09:39:37 2024 us=288583 NOTE: --mute triggered... Sat May 18 09:39:37 2024 us=288684 260 variation(s) on previous 20 message(s) suppressed by --mute Sat May 18 09:39:37 2024 us=288749 OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 29 2022 Sat May 18 09:39:37 2024 us=288862 library versions: OpenSSL 1.0.2u 20 Dec 2019, LZO 2.08 Sat May 18 09:39:37 2024 us=298322 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sat May 18 09:39:37 2024 us=298504 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Sat May 18 09:39:37 2024 us=298911 Control Channel MTU parms [ L:1557 D:1184 EF:66 EB:0 ET:0 EL:3 ] Sat May 18 09:39:37 2024 us=325678 TUN/TAP device tun1 opened Sat May 18 09:39:37 2024 us=325893 TUN/TAP TX queue length set to 100 Sat May 18 09:39:37 2024 us=326007 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Sat May 18 09:39:37 2024 us=326129 /sbin/ip link set dev tun1 up mtu 1500 Sat May 18 09:39:37 2024 us=337018 /sbin/ip addr add dev tun1 local 10.0.0.2 peer 10.0.0.1 Sat May 18 09:39:37 2024 us=343281 Data Channel MTU parms [ L:1557 D:1450 EF:57 EB:395 ET:0 EL:3 ] Sat May 18 09:39:37 2024 us=343482 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.1 10.0.0.2,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' Sat May 18 09:39:37 2024 us=343536 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.2 10.0.0.1,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' Sat May 18 09:39:37 2024 us=343597 TCP/UDP: Preserving recently used remote address: [AF_INET]<REMOTE SERVER IP>:43000 Sat May 18 09:39:37 2024 us=343663 Socket Buffers: R=[163840->163840] S=[163840->163840] Sat May 18 09:39:37 2024 us=343699 UDP link local: (not bound) Sat May 18 09:39:37 2024 us=343753 UDP link remote: [AF_INET]<REMOTE SERVER IP>:43000 Sat May 18 09:39:37 2024 us=344086 UDP WRITE [42] to [AF_INET]<REMOTE SERVER IP>:43000: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0 Sat May 18 09:39:39 2024 us=639422 UDP WRITE [42] to [AF_INET]<REMOTE SERVER IP>:43000: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0 Sat May 18 09:39:43 2024 us=81570 UDP WRITE [42] to [AF_INET]<REMOTE SERVER IP>:43000: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0 Sat May 18 09:39:51 2024 us=265082 UDP WRITE [42] to [AF_INET]<REMOTE SERVER IP>:43000: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0 Sat May 18 09:40:00 2024 us=622157 TUN READ [60] Sat May 18 09:40:01 2024 us=635778 TUN READ [60] Sat May 18 09:40:03 2024 us=715629 TUN READ [60] Sat May 18 09:40:07 2024 us=795641 TUN READ [60] Sat May 18 09:40:07 2024 us=796118 UDP WRITE [42] to [AF_INET]<REMOTE SERVER IP>:43000: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #5 ] [ ] pid=0 DATA len=0 Sat May 18 09:40:16 2024 us=35643 TUN READ [60] Sat May 18 09:40:24 2024 us=695267 TUN READ [60] Sat May 18 09:40:25 2024 us=715627 TUN READ [60] Sat May 18 09:40:27 2024 us=795669 TUN READ [60] Sat May 18 09:40:31 2024 us=875634 TUN READ [60] Sat May 18 09:40:37 2024 us=96530 [UNDEF] Inactivity timeout (--ping-restart), restarting Sat May 18 09:40:37 2024 us=97013 TCP/UDP: Closing socket Sat May 18 09:40:37 2024 us=97165 SIGUSR1[soft,ping-restart] received, process restarting Sat May 18 09:40:37 2024 us=97278 Restart pause, 5 second(s) Sat May 18 09:40:42 2024 us=97476 Re-using SSL/TLS context Sat May 18 09:40:42 2024 us=97976 Control Channel MTU parms [ L:1557 D:1184 EF:66 EB:0 ET:0 EL:3 ] Sat May 18 09:40:42 2024 us=123404 Preserving previous TUN/TAP instance: tun1 Sat May 18 09:40:42 2024 us=123660 Data Channel MTU parms [ L:1557 D:1450 EF:57 EB:395 ET:0 EL:3 ] Sat May 18 09:40:42 2024 us=123845 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.1 10.0.0.2,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' Sat May 18 09:40:42 2024 us=123918 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.2 10.0.0.1,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' Sat May 18 09:40:42 2024 us=124013 TCP/UDP: Preserving recently used remote address: [AF_INET]<REMOTE SERVER IP>:43000 Sat May 18 09:40:42 2024 us=124121 Socket Buffers: R=[163840->163840] S=[163840->163840] Sat May 18 09:40:42 2024 us=124191 UDP link local: (not bound) Sat May 18 09:40:42 2024 us=124269 UDP link remote: [AF_INET]<REMOTE SERVER IP>:43000 Sat May 18 09:40:42 2024 us=124486 UDP WRITE [42] to [AF_INET]<REMOTE SERVER IP>:43000: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #1 ] [ ] pid=0 DATA len=0 Sat May 18 09:40:42 2024 us=124851 TUN READ [60] Sat May 18 09:40:44 2024 us=287471 UDP WRITE [42] to [AF_INET]<REMOTE SERVER IP>:43000: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #2 ] [ ] pid=0 DATA len=0 Sat May 18 09:40:45 2024 us=728789 TUN READ [60] Sat May 18 09:40:46 2024 us=755652 TUN READ [60] Sat May 18 09:40:48 2024 us=835630 TUN READ [60] Sat May 18 09:40:48 2024 us=835961 UDP WRITE [42] to [AF_INET]<REMOTE SERVER IP>:43000: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #3 ] [ ] pid=0 DATA len=0 Sat May 18 09:40:52 2024 us=915608 TUN READ [60] Sat May 18 09:40:56 2024 us=90304 UDP WRITE [42] to [AF_INET]<REMOTE SERVER IP>:43000: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #4 ] [ ] pid=0 DATA len=0 Sat May 18 09:41:01 2024 us=475633 TUN READ [60] Sat May 18 09:41:06 2024 us=762545 TUN READ [60] Sat May 18 09:41:07 2024 us=795663 TUN READ [60] Sat May 18 09:41:09 2024 us=875647 TUN READ [60] Sat May 18 09:41:12 2024 us=352579 UDP WRITE [42] to [AF_INET]<REMOTE SERVER IP>:43000: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 pid=[ #5 ] [ ] pid=0 DATA len=0 Sat May 18 09:41:13 2024 us=955606 TUN READ [60] Sat May 18 09:41:22 2024 us=595711 TUN READ [60] Sent with Proton Mail secure email. On Friday, May 17th, 2024 at 5:29 PM, Selva Nair <selva.n...@gmail.com> wrote: > Hi, > > > Fri May 17 13:23:15 2024 us=936860 SIGUSR1[soft,tls-error] received, > > process restarting > > Fri May 17 13:23:15 2024 us=937343 Restart pause, 300 second(s) > > If this is the tls-server side of the p2p connection, this is weird. What > version of OpenVPN is this? > We fixed the backoff logic in 2.5.3 to delay only on one side (the > client-side iirc) as otherwise the two sides could miss each other and lead > to timeout. > > Could you please post matching logs from the other side as well? > > Selva > > On Fri, May 17, 2024 at 8:15 AM shadowbladeee via Openvpn-users > <openvpn-users@lists.sourceforge.net> wrote: > > > Hello Folks, > > > > I have a VPN setup which works since years it's a simple peer to peer udp > > VPN. There was absolute zero change on the two endpoints, nothing on the > > routers, network equipment, servers etc. The VPN simply stopped functioning > > like a week ago with no reason. I have pretty much restarted all components > > (of course did not change anything). I get this in the log on the server: > > > > RFri May 17 13:22:15 2024 us=116136 TLS: Initial packet from > > [AF_INET]<CONNECTING PEER IP>:39729, sid=77d2b662 053040f3 > > WWWrrrrWrrrrrrrrrrWrrrrrrrrrrrrrrrrrrrrrFri May 17 13:23:15 2024 us=858988 > > TLS Error: TLS key negotiation failed to occur within 60 seconds (check > > your network connectivity) > > Fri May 17 13:23:15 2024 us=859084 TLS Error: TLS handshake failed > > Fri May 17 13:23:15 2024 us=859405 TCP/UDP: Closing socket > > Fri May 17 13:23:15 2024 us=859487 Closing TUN/TAP interface > > Fri May 17 13:23:15 2024 us=859528 /sbin/ip addr del dev tun1 local > > 10.0.0.1 peer 10.0.0.2 > > Fri May 17 13:23:15 2024 us=936860 SIGUSR1[soft,tls-error] received, > > process restarting > > Fri May 17 13:23:15 2024 us=937343 Restart pause, 300 second(s) > > Fri May 17 13:28:15 2024 us=939065 Diffie-Hellman initialized with 2048 bit > > key > > Fri May 17 13:28:15 2024 us=942435 Outgoing Control Channel Authentication: > > Using 160 bit message hash 'SHA1' for HMAC authentication > > Fri May 17 13:28:15 2024 us=942581 Incoming Control Channel Authentication: > > Using 160 bit message hash 'SHA1' for HMAC authentication > > Fri May 17 13:28:15 2024 us=943674 Control Channel MTU parms [ L:1557 > > D:1184 EF:66 EB:0 ET:0 EL:3 ] > > Fri May 17 13:28:15 2024 us=947603 TUN/TAP device tun1 opened > > Fri May 17 13:28:15 2024 us=949077 TUN/TAP TX queue length set to 100 > > Fri May 17 13:28:15 2024 us=949249 do_ifconfig, > > tt->did_ifconfig_ipv6_setup=0 > > Fri May 17 13:28:15 2024 us=949702 /sbin/ip link set dev tun1 up mtu 1500 > > Fri May 17 13:28:15 2024 us=961794 /sbin/ip addr add dev tun1 local > > 10.0.0.1 peer 10.0.0.2 > > Fri May 17 13:28:15 2024 us=975521 Data Channel MTU parms [ L:1557 D:1269 > > EF:57 EB:395 ET:0 EL:3 ] > > Fri May 17 13:28:15 2024 us=975855 Local Options String (VER=V4): > > 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.2 > > 10.0.0.1,keydir 0,cipher AES-256-CBC,auth SHA1,keysize > > 256,tls-auth,key-method 2,tls-server' > > Fri May 17 13:28:15 2024 us=976030 Expected Remote Options String (VER=V4): > > 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.1 > > 10.0.0.2,keydir 1,cipher AES-256-CBC,auth SHA1,keysize > > 256,tls-auth,key-method 2,tls-client' > > Fri May 17 13:28:15 2024 us=976118 Could not determine IPv4/IPv6 protocol. > > Using AF_INET > > Fri May 17 13:28:15 2024 us=976236 Socket Buffers: R=[163840->163840] > > S=[163840->163840] > > Fri May 17 13:28:15 2024 us=976352 UDPv4 link local (bound): > > [AF_INET][undef]:43000 > > Fri May 17 13:28:15 2024 us=976428 UDPv4 link remote: [AF_UNSPEC] > > RFri May 17 13:28:16 2024 us=563831 TLS: Initial packet from > > [AF_INET]<CONNECTING PEER IP>:45086, sid=94460619 1b42cb70 > > WWrrWrrrWrrrrrrrrrrrrrWrrrrrrrrrrrrrrrrrFri May 17 13:29:16 2024 us=241264 > > TLS Error: TLS key negotiation failed to occur within 60 seconds (check > > your network connectivity) > > Fri May 17 13:29:16 2024 us=241385 TLS Error: TLS handshake failed > > Fri May 17 13:29:16 2024 us=242113 TCP/UDP: Closing socket > > Fri May 17 13:29:16 2024 us=242322 Closing TUN/TAP interface > > Fri May 17 13:29:16 2024 us=242433 /sbin/ip addr del dev tun1 local > > 10.0.0.1 peer 10.0.0.2 > > Fri May 17 13:29:16 2024 us=356949 SIGUSR1[soft,tls-error] received, > > process restarting > > Fri May 17 13:29:16 2024 us=357112 Restart pause, 300 second(s) > > Fri May 17 13:34:16 2024 us=357823 Diffie-Hellman initialized with 2048 bit > > key > > Fri May 17 13:34:16 2024 us=358991 Outgoing Control Channel Authentication: > > Using 160 bit message hash 'SHA1' for HMAC authentication > > Fri May 17 13:34:16 2024 us=359037 Incoming Control Channel Authentication: > > Using 160 bit message hash 'SHA1' for HMAC authentication > > Fri May 17 13:34:16 2024 us=359179 Control Channel MTU parms [ L:1557 > > D:1184 EF:66 EB:0 ET:0 EL:3 ] > > Fri May 17 13:34:16 2024 us=359788 TUN/TAP device tun1 opened > > Fri May 17 13:34:16 2024 us=359859 TUN/TAP TX queue length set to 100 > > Fri May 17 13:34:16 2024 us=359905 do_ifconfig, > > tt->did_ifconfig_ipv6_setup=0 > > Fri May 17 13:34:16 2024 us=359947 /sbin/ip link set dev tun1 up mtu 1500 > > Fri May 17 13:34:16 2024 us=365445 /sbin/ip addr add dev tun1 local > > 10.0.0.1 peer 10.0.0.2 > > Fri May 17 13:34:16 2024 us=371612 Data Channel MTU parms [ L:1557 D:1269 > > EF:57 EB:395 ET:0 EL:3 ] > > Fri May 17 13:34:16 2024 us=371770 Local Options String (VER=V4): > > 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.2 > > 10.0.0.1,keydir 0,cipher AES-256-CBC,auth SHA1,keysize > > 256,tls-auth,key-method 2,tls-server' > > Fri May 17 13:34:16 2024 us=371808 Expected Remote Options String (VER=V4): > > 'V4,dev-type tun,link-mtu 1557,tun-mtu 1500,proto UDPv4,ifconfig 10.0.0.1 > > 10.0.0.2,keydir 1,cipher AES-256-CBC,auth SHA1,keysize > > 256,tls-auth,key-method 2,tls-client' > > Fri May 17 13:34:16 2024 us=371841 Could not determine IPv4/IPv6 protocol. > > Using AF_INET > > Fri May 17 13:34:16 2024 us=371895 Socket Buffers: R=[163840->163840] > > S=[163840->163840] > > Fri May 17 13:34:16 2024 us=371946 UDPv4 link local (bound): > > [AF_INET][undef]:43000 > > > > > > Tcpdamp > > > > 13:57:45.995046 IP <REMOTE PEER IP>.41699 > <VPN SERVER IP>.43000: UDP, > > length 42 > > 0x0000: 0000 0000 0201 244c 07ee cc12 0800 4500 ......$L......E. > > 0x0010: 0046 0bf4 4000 3a11 0710 3e4d e48b 0a02 .F..@.:...>M.... > > 0x0020: 00c9 a2e3 c352 0032 a244 38dc 45ed b506 .....R.2.D8.E... > > 0x0030: d98e ecd9 3b34 e019 1cc2 5b09 ca17 facd ....;4....[..... > > 0x0040: 34e2 0875 892f 2f00 0000 0166 4746 3900 4..u.//....fGF9. > > 0x0050: 0000 0000 .... > > 13:57:47.080365 IP <REMOTE PEER IP>.41699 > <VPN SERVER IP>.43000: UDP, > > length 42 > > 0x0000: 0000 0000 0201 244c 07ee cc12 0800 4500 ......$L......E. > > 0x0010: 0046 0c0b 4000 3a11 06f9 3e4d e48b 0a02 .F..@.:...>M.... > > 0x0020: 00c9 a2e3 c352 0032 27ab 38dc 45ed b506 .....R.2'.8.E... > > 0x0030: d98e ec1b bd22 e15b 8310 a9e7 241b d34f .....".[....$..O > > 0x0040: 0c86 cc2c 7748 b500 0000 0266 4746 3900 ...,wH.....fGF9. > > 0x0050: 0000 0000 .... > > 13:57:51.413290 IP <REMOTE PEER IP>.41699 > <VPN SERVER IP>.43000: UDP, > > length 42 > > 0x0000: 0000 0000 0201 244c 07ee cc12 0800 4500 ......$L......E. > > 0x0010: 0046 0dac 4000 3a11 0558 3e4d e48b 0a02 .F..@.:..X>M.... > > 0x0020: 00c9 a2e3 c352 0032 833b 38dc 45ed b506 .....R.2.;8.E... > > 0x0030: d98e ec14 d391 03c4 04e7 adec 7e6e 321c ............~n2. > > 0x0040: f6de c542 e97d 8b00 0000 0366 4746 3900 ...B.}.....fGF9. > > 0x0050: 0000 0000 .... > > 13:57:51.413664 IP <VPN SERVER IP>.43000 > <REMOTE PEER IP>.41699: UDP, > > length 54 > > 0x0000: 244c 07ee cc12 0000 0000 0201 0800 4500 $L............E. > > 0x0010: 0052 41a4 4000 4011 cb53 0a02 00c9 3e4d .RA.@.@..S....>M > > 0x0020: e48b c352 a2e3 003e 2df3 405a dae7 6244 ...R...>-.@Z..bD > > 0x0030: ff21 8529 97e5 7c0f 60ca d5e6 4382 3ab8 .!.)..|.`...C.:. > > 0x0040: c91d 051d 0adb 0e00 0000 0166 4746 3f01 ...........fGF?. > > 0x0050: 0000 0000 dc45 edb5 06d9 8eec 0000 0000 .....E.......... > > 13:57:53.004424 IP <VPN SERVER IP>.43000 > <REMOTE PEER IP>.41699: UDP, > > length 42 > > 0x0000: 244c 07ee cc12 0000 0000 0201 0800 4500 $L............E. > > 0x0010: 0046 41e3 4000 4011 cb20 0a02 00c9 3e4d .FA.@.@.......>M > > 0x0020: e48b c352 a2e3 0032 2de7 405a dae7 6244 ...r......@z..bd > > 0x0030: ff21 85f5 9aab e7ca eeb6 f1cd 1e32 a8de .!...........2.. > > 0x0040: 60c7 3bba 114c 6900 0000 0266 4746 3f00 `.;..Li....fGF?. > > 0x0050: 0000 0000 .... > > > > So here is what is interesting, packets are "sipping in" so you cannot say > > it's a firewall issue, especially as I said nothing changed from my side > > and all the components were even rebooted. > > > > Here is what I tried: > > > > 1, tried to move the udp port -> didn't help > > > > 2, switched from udp to tcp -> didn't help > > > > Anyone encountered similar situation? > > > > > > Thanks > > > > > > > > _______________________________________________ > > Openvpn-users mailing list > > Openvpn-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/openvpn-users _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
