Closed sakalosj closed 3 years ago
You're thin on the details here. What exactly do you do? Do you first do a openvpn3 session-manage --disconnect
and then a openvpn3 session-start
?
Can you please increase logging and provide that? Before starting your session, in a separate terminal run openvpn3 log --log-level 6 --config $CONFIG_FILENAME
. Alternatively, as root run openvpn3-admin log-service --log-level 6
and extract log events from the systemd journal using either journalctl SYSLOG_IDENTIFIER=net.openvpn.v3.log
, journalctl SYSLOG_IDENTIFIER=openvpn3-service-logger
or journalctl -u dbus
(what works depends on Linux distro and systemd versions). The log scope can further be reduced by adding --since today
or --since 15:00
.
first i succesfully connect using
openvpn3 session-start --config
then disconnect using
openvpn3 session-manage --disconnect --config
then trying to connect again:
openvpn3 session-start --config
log:
Waiting for session to start ... Done
Attaching to session /net/openvpn/v3/sessions/a9fc51c6s83b1s4e29s9523sbbd19a7b9067
2021-01-05 15:41:43 >> Connection, Configuration OK: config_path=/net/openvpn/v3/configuration/4a5504edxa5a9x43acx9b0fx7c9906291928
2021-01-05 15:41:43 Client INFO: Starting connection
2021-01-05 15:41:43 Client VERB1: Username/password provided successfully for 'asdf'
2021-01-05 15:41:43 >> Connection, Client connecting
2021-01-05 15:41:43 Client DEBUG: OpenVPN core 3.git:HEAD:ce0c9963 linux x86_64 64-bit OVPN-DCO
2021-01-05 15:41:43 Client DEBUG: Frame=512/2048/512 mssfix-ctrl=1250
2021-01-05 15:41:43 Client DEBUG: UNUSED OPTIONS
1 [persist-key]
3 [ncp-ciphers] [AES-256-CBC]
5 [tls-client]
7 [resolv-retry] [infinite]
12 [lport] [0]
17 [verb] [4]
2021-01-05 15:41:43 Client VERB2: Resolving
2021-01-05 15:41:53 Client DEBUG: Server poll timeout, trying next remote entry...
2021-01-05 15:41:53 Client INFO: Reconnecting
2021-01-05 15:41:53 >> Connection, Client reconnect
2021-01-05 15:41:53 Client VERB2: Resolving
2021-01-05 15:42:03 Client DEBUG: Server poll timeout, trying next remote entry...
2021-01-05 15:42:03 Client INFO: Reconnecting
2021-01-05 15:42:03 >> Connection, Client reconnect
2021-01-05 15:42:03 Client VERB2: Resolving
2021-01-05 15:42:13 Client DEBUG: Server poll timeout, trying next remote entry...
2021-01-05 15:42:13 Client INFO: Reconnecting
2021-01-05 15:42:13 >> Connection, Client reconnect
2021-01-05 15:42:13 Client VERB2: Resolving
Session closed
VPN server is using MFA. after restarting computer I am able to login to VPN again.
Okay, which Linux distribution do you use? You might want to double check that /etc/resolv.conf
has been properly restored when disconnecting. Alternatively, if you have a distro with systemd v243 or newer and use systemd-resolved
, you might want to consider using the systemd-resolved integration instead. More details here: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20607.html
distro: Fedora 33
openvpn was installed from copr
dnf copr enable dsommers/openvpn3
/etc/resolv.conf
was restored correctly, I have tried systemd-resolved
integration, and still failing.
when I configure IP instead of FQDN it works
nslookp _vpn_server_fqdn_
doesn't work after disconnecting
Using IP instead of hostname will not require the name lookup, so that is a workaround.
I will spin up a fresh Fedora 33 and try to reproduce it myself.
I was pretty sure I rebooted os, but now when I was digging into found out that it is working, so switching to systemd-resolved
openvpn3-admin netcfg-service --config-set systemd-resolved 1
helped
for me it is working ok
many thanks for your help and ultra quick response :)
Great! I'll do some testing on Fedora 33 and plan for the Fedora 33+ builds to have systemd-resolved enabled by default.
As of the coming v14_beta release, systemd-resolved will now be enabled by default on Fedora 33 and newer.
The v14_beta release is happening today. systemd-resolved will be enabled by default on Fedora 33 and newer, as well as Ubuntu 20.04 and newer.
after disconnecting from vpn, i am unable to connect again with error:
session-start: ERROR Failed to connect: Connection, Client reconnect