Per the troubleshooting part of the guide I rebooted the FreeNAS box and now it works again.
1) Any ideas on what caused problem? see logs at end of post.
2) If I'm away from my computer I can't reboot the FreeNAS box without the VPN working. Is there any other way to fix this remotely if this were to happen again?
nano /var/log/messages
Code:
Oct 31 19:28:08 OpenVPN openvpn[27701]: 70.214.77.234:9727 TLS: Initial packet from [AF_INET]70.214.77.234:9727, sid=ccbfc9e8 9481fd81
Oct 31 19:28:09 OpenVPN openvpn[27701]: 70.214.77.234:9727 VERIFY OK: depth=1, CN=user1 NAS CA
Oct 31 19:28:09 OpenVPN openvpn[27701]: 70.214.77.234:9727 VERIFY OK: depth=0, CN=openvpn.user1
Oct 31 19:28:09 OpenVPN openvpn[27701]: 70.214.77.234:9727 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Oct 31 19:28:09 OpenVPN openvpn[27701]: 70.214.77.234:9727 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Oct 31 19:28:09 OpenVPN openvpn[27701]: 70.214.77.234:9727 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Oct 31 19:28:09 OpenVPN openvpn[27701]: 70.214.77.234:9727 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Oct 31 19:28:09 OpenVPN openvpn[27701]: 70.214.77.234:9727 Control Channel: TLSv1, cipher TLSv1/SSLv3 EDH-RSA-DES-CBC3-SHA, 4096 bit RSA
Oct 31 19:28:09 OpenVPN openvpn[27701]: 70.214.77.234:9727 [openvpn.user1] Peer Connection Initiated with [AF_INET]70.214.77.234:9727
Oct 31 19:28:09 OpenVPN openvpn[27701]: openvpn.user1/70.214.77.234:9727 MULTI_sva: pool returned IPv4=172.16.8.6, IPv6=(Not enabled)
Oct 31 19:28:09 OpenVPN openvpn[27701]: openvpn.user1/70.214.77.234:9727 MULTI: Learn: 172.16.8.6 -> openvpn.user1/70.214.77.234:9727
Oct 31 19:28:09 OpenVPN openvpn[27701]: openvpn.user1/70.214.77.234:9727 MULTI: primary virtual IP for openvpn.user1/70.214.77.234:9727: 172.16.8.6
Oct 31 19:28:09 OpenVPN openvpn[27701]: openvpn.user1/70.214.77.234:9727 PUSH: Received control message: 'PUSH_REQUEST'
Oct 31 19:28:09 OpenVPN openvpn[27701]: openvpn.user1/70.214.77.234:9727 send_push_reply(): safe_cap=940
Oct 31 19:28:09 OpenVPN openvpn[27701]: openvpn.user1/70.214.77.234:9727 SENT CONTROL [openvpn.user1]: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 172.16.8.1,topology net30,ping 10,ping-restart 120,ifconfig 172.16.8.6 172.16.8.5' (status=1)
[root@OpenVPN /mnt/keys]# ipfw list
Code:
00100 nat 1 ip from 172.16.8.0/24 to any out via epair12b
00200 nat 1 ip from any to any in via epair12b
65535 allow ip from any to any
nano openvpn.conf
Code:
port 10011
proto udp
dev tun
ca ca.crt
cert openvpn-server.crt #Server public key
key openvpn-server.key #Server private key
dh dh.pem #Diffie-Hellman parameters
server 172.16.8.0 255.255.255.0 #Purple network
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0" #Yellow network
tls-auth ta.key 0
#crl-verify crl.pem
keepalive 10 120
cipher AES-256-CBC
group nobody
user nobody
comp-lzo
persist-key
persist-tun
verb 3
[root@OpenVPN /mnt/keys]# ps aux
Code:
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
nobody 27701 0.1 0.0 22388 4524 ?? SsJ 9:18PM 0:17.79 /usr/local/sbin/openvpn --cd /mnt/keys --daemon openvpn --config /mnt/keys/openvpn.conf --writepid /var/run/openvpn.pid
root 27669 0.0 0.0 12088 1592 ?? SsJ 9:18PM 0:00.13 /usr/sbin/syslogd -s
root 27729 0.0 0.0 14184 1564 ?? IsJ 9:18PM 0:00.07 /usr/sbin/cron -s
root 88138 0.0 0.0 17464 2644 0 SJ 7:20PM 0:00.01 bash
root 89571 0.0 0.0 16296 1484 0 R+J 7:54PM 0:00.00 ps aux
[root@OpenVPN /mnt/keys]# service openvpn stop
Code:
Stopping openvpn.
Waiting for PIDS: 27701.
[root@OpenVPN /mnt/keys]# openvpn --config /mnt/keys/openvpn.conf
Mon Oct 31 19:56:38 2016 OpenVPN 2.3.12 amd64-portbld-freebsd9.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Oct 12 2016
Mon Oct 31 19:56:38 2016 library versions: OpenSSL 0.9.8za-freebsd 5 Jun 2014, LZO 2.09
Mon Oct 31 19:56:38 2016 Diffie-Hellman initialized with 4096 bit key
Mon Oct 31 19:56:38 2016 WARNING: file 'openvpn-server.key' is group or others accessible
Mon Oct 31 19:56:38 2016 WARNING: file 'ta.key' is group or others accessible
Mon Oct 31 19:56:38 2016 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Mon Oct 31 19:56:38 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 31 19:56:38 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 31 19:56:38 2016 Socket Buffers: R=[42080->42080] S=[9216->9216]
Mon Oct 31 19:56:38 2016 ROUTE_GATEWAY 192.168.1.1
Mon Oct 31 19:56:38 2016 TUN/TAP device /dev/tun0 opened
Mon Oct 31 19:56:38 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Oct 31 19:56:38 2016 /sbin/ifconfig tun0 172.16.8.1 172.16.8.2 mtu 1500 netmask 255.255.255.255 up
Mon Oct 31 19:56:38 2016 /sbin/route add -net 172.16.8.0 172.16.8.2 255.255.255.0
add net 172.16.8.0: gateway 172.16.8.2
Mon Oct 31 19:56:38 2016 GID set to nobody
Mon Oct 31 19:56:38 2016 UID set to nobody
Mon Oct 31 19:56:38 2016 UDPv4 link local (bound): [undef]
Mon Oct 31 19:56:38 2016 UDPv4 link remote: [undef]
Mon Oct 31 19:56:38 2016 MULTI: multi_init called, r=256 v=256
Mon Oct 31 19:56:38 2016 IFCONFIG POOL: base=172.16.8.4 size=62, ipv6=0
Mon Oct 31 19:56:38 2016 ifconfig_pool_read(), in='openvpn.user1,172.16.8.4', TODO: IPv6
Mon Oct 31 19:56:38 2016 succeeded -> ifconfig_pool_set()
Mon Oct 31 19:56:38 2016 ifconfig_pool_read(), in='user1.ipad,172.16.8.8', TODO: IPv6
Mon Oct 31 19:56:38 2016 succeeded -> ifconfig_pool_set()
Mon Oct 31 19:56:38 2016 IFCONFIG POOL LIST
Mon Oct 31 19:56:38 2016 openvpn.user1,172.16.8.4
Mon Oct 31 19:56:38 2016 user1.ipad,172.16.8.8
Mon Oct 31 19:56:38 2016 Initialization Sequence Completed