pieterlange
commented
6 years ago Sounds like a client configuration issue. What are you using?
Closed kc004 closed 6 years ago
pieterlange
commented
6 years ago Sounds like a client configuration issue. What are you using?
kc004
commented
6 years ago I didn't get your question. I am using bare metal server. My service cidr is 10.96.0.0/12 and pod cidr is 10.32.0.0/12.
pieterlange
commented
6 years ago What client software are you using? Take care of version and ciphersuite compatibility.
kc004
commented
6 years ago We are using Tunnelbrick as a client software. another problem is I am not able to access OpenVPN admin page. I am getting ERR_EMPTY_RESPONSE from the webpage.
kc004
commented
6 years ago Issue resolved. Actually, my master node and load balancer are on a different server. So it redirected to the wrong server. Thanks for helping.
I have successfully installed OpenVPN on kubernetes but it assign new port to each network connection. Here is my logs:
Wed Feb 07 12:30:15 2018 Running 'openvpn --config /etc/openvpn/openvpn.conf --push route 10.96.0.0 255.240.0.0 --push route 10.32.0.0 255.240.0.0 --client-config-dir /etc/openvpn/ccd --crl-verify /etc/openvpn/crl/crl.pem ' Wed Feb 7 12:30:15 2018 OpenVPN 2.4.4 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 9 2017 Wed Feb 7 12:30:15 2018 library versions: LibreSSL 2.6.3, LZO 2.10 Wed Feb 7 12:30:15 2018 Diffie-Hellman initialized with 2048 bit key Wed Feb 7 12:30:15 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Feb 7 12:30:15 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Feb 7 12:30:15 2018 TUN/TAP device tun0 opened Wed Feb 7 12:30:15 2018 TUN/TAP TX queue length set to 100 Wed Feb 7 12:30:15 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Wed Feb 7 12:30:15 2018 /sbin/ip link set dev tun0 up mtu 1500 Wed Feb 07 12:30:15 2018 Routing 10.38.0.4:20080 to 10.140.0.5:80 (example) Wed Feb 7 12:30:15 2018 /sbin/ip addr add dev tun0 10.140.0.1/24 broadcast 10.140.0.255 Wed Feb 7 12:30:15 2018 Could not determine IPv4/IPv6 protocol. Using AF_INET Wed Feb 7 12:30:15 2018 Socket Buffers: R=[87380->87380] S=[16384->16384] Wed Feb 7 12:30:15 2018 Listening for incoming TCP connection on [AF_INET][undef]:1194 Wed Feb 7 12:30:15 2018 TCPv4_SERVER link local (bound): [AF_INET][undef]:1194 Wed Feb 7 12:30:15 2018 TCPv4_SERVER link remote: [AF_UNSPEC] Wed Feb 7 12:30:15 2018 GID set to nogroup Wed Feb 7 12:30:15 2018 UID set to nobody Wed Feb 7 12:30:15 2018 MULTI: multi_init called, r=256 v=256 Wed Feb 7 12:30:15 2018 IFCONFIG POOL: base=10.140.0.2 size=252, ipv6=0 Wed Feb 7 12:30:15 2018 MULTI: TCP INIT maxclients=1024 maxevents=1028 Wed Feb 7 12:30:15 2018 Initialization Sequence Completed Wed Feb 7 12:32:26 2018 TCP connection established with [AF_INET]10.44.0.0:51022 Wed Feb 7 12:32:26 2018 10.44.0.0:51022 WARNING: Bad encapsulated packet length from peer (18245), which must be > 0 and <= 1626 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...] Wed Feb 7 12:32:26 2018 10.44.0.0:51022 Connection reset, restarting [0] Wed Feb 7 12:32:26 2018 10.44.0.0:51022 SIGUSR1[soft,connection-reset] received, client-instance restarting Wed Feb 7 12:33:47 2018 TCP connection established with [AF_INET]10.44.0.0:55270 Wed Feb 7 12:33:47 2018 10.44.0.0:55270 WARNING: Bad encapsulated packet length from peer (18245), which must be > 0 and <= 1626 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...] Wed Feb 7 12:33:47 2018 10.44.0.0:55270 Connection reset, restarting [0] Wed Feb 7 12:33:47 2018 10.44.0.0:55270 SIGUSR1[soft,connection-reset] received, client-instance restarting Wed Feb 7 12:37:16 2018 TCP connection established with [AF_INET]10.44.0.0:38560 Wed Feb 7 12:37:16 2018 10.44.0.0:38560 WARNING: Bad encapsulated packet length from peer (18245), which must be > 0 and <= 1626 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...] Wed Feb 7 12:37:16 2018 10.44.0.0:38560 Connection reset, restarting [0] Wed Feb 7 12:37:16 2018 10.44.0.0:38560 SIGUSR1[soft,connection-reset] received, client-instance restarting Wed Feb 7 12:37:19 2018 TCP connection established with [AF_INET]10.44.0.0:38720 Wed Feb 7 12:37:19 2018 10.44.0.0:38720 WARNING: Bad encapsulated packet length from peer (18245), which must be > 0 and <= 1626 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...] Wed Feb 7 12:37:19 2018 10.44.0.0:38720 Connection reset, restarting [0] Wed Feb 7 12:37:19 2018 10.44.0.0:38720 SIGUSR1[soft,connection-reset] received, client-instance restarting Wed Feb 7 12:38:36 2018 TCP connection established with [AF_INET]10.38.0.0:38400 Wed Feb 7 12:38:36 2018 10.38.0.0:38400 WARNING: Bad encapsulated packet length from peer (18245), which must be > 0 and <= 1626 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...] Wed Feb 7 12:38:36 2018 10.38.0.0:38400 Connection reset, restarting [0]