ibVPN app stopped working inside webconfig after upgrading my clearOS community server to version 7.4. I rebooted the server and uninstalled/reinstalled the app, but still the app's page isn't working.
Visiting the page https://server.local:81/app/ibvpn hangs the Chrome browser for a while the results in the following error page:
EDIT: this issue is related to the ibVPN App in the ClearOS' WebConfig. It has nothing to do with service provided by ibVPN company. The issue is about the app's page not loading in the webconfig.
Visiting the page https://server.local:81/app/ibvpn hangs the Chrome browser for a while the results in the following error page:
This page isn’t working
server.local redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS
EDIT: this issue is related to the ibVPN App in the ClearOS' WebConfig. It has nothing to do with service provided by ibVPN company. The issue is about the app's page not loading in the webconfig.
In ibVPN
Share this post:
Responses (31)
-
Accepted Answer
The webconfig/access_log is full with redirection requests (307) to ibVPN app such as the following:
192.168.0.145 - - [22/Oct/2017:01:06:59 +0300] "GET /app/ibvpn HTTP/1.1" 307 - "https://server.local:81/app/log_viewer/index" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Mansoor wrote:
ibVPN app stopped working inside webconfig after upgrading my clearOS community server to version 7.4. I rebooted the server and uninstalled/reinstalled the app, but still the app's page isn't working.
Visiting the page https://server.local:81/app/ibvpn hangs the Chrome browser for a while the results in the following error page:
This page isn’t working
server.local redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS
EDIT: this issue is related to the ibVPN App in the ClearOS' WebConfig. It has nothing to do with service provided by ibVPN company. The issue is about the app's page not loading in the webconfig.
The issue has been fixed in version 1.2.1. You can update to the latest version using the following command:
# yum update --enablerepo=clearos-updates-testing app-ibvpn
-
Accepted Answer
Darryl Sokoloski wrote:
The issue has been fixed in version 1.2.1. You can update to the latest version using the following command:
# yum update --enablerepo=clearos-updates-testing app-ibvpn
Nothing found to update.
[root@server ~]# yum update --enablerepo=clearos-updates-testing app-ibvpn
Loaded plugins: clearcenter-marketplace, fastestmirror
ClearCenter Marketplace: fetching repositories...
Loading mirror speeds from cached hostfile
* clearos: mirror1-amsterdam.clearos.com
* clearos-centos: download3.clearsdn.com
* clearos-centos-sclo-rh: download3.clearsdn.com
* clearos-centos-updates: download3.clearsdn.com
* clearos-contribs: mirror1-amsterdam.clearos.com
* clearos-epel: download3.clearsdn.com
* clearos-fast-updates: download3.clearsdn.com
* clearos-infra: mirror1-amsterdam.clearos.com
* clearos-updates: mirror1-amsterdam.clearos.com
* clearos-updates-testing: mirror1-amsterdam.clearos.com
* private-clearcenter-dnsthingy: download1.clearsdn.com:80
* private-clearcenter-dyndns: download4.clearsdn.com:80
* private-clearcenter-plex: download2.clearsdn.com:80
No packages marked for update -
Accepted Answer
-
Accepted Answer
Thank you Nick. I found it in clearos-contribs-testing.
The app's page is accessible now from within webconfig now, but the service cannot be started! The "Status" remains "Stopped" after clicking on Start button. I tried to look for some log files for this app to see what's going on, but couldn't find any. -
Accepted Answer
-
Accepted Answer
Ok, I found some logs in /var/log/system. It seems the system is trying to restart the ibvpn service every 5 minutes:
Nov 2 02:30:34 srv servicewatch: restarting ibvpn
Nov 2 02:35:01 srv servicewatch: sanity checking ibvpn
Nov 2 02:35:33 srv servicewatch: restarting ibvpn
Nov 2 02:40:01 srv servicewatch: sanity checking ibvpn
Nov 2 02:40:34 srv servicewatch: restarting ibvpn
Nov 2 02:45:02 srv servicewatch: sanity checking ibvpn
Nov 2 02:45:34 srv servicewatch: restarting ibvpn
Nov 2 02:50:02 srv servicewatch: sanity checking ibvpn
Nov 2 02:50:34 srv servicewatch: restarting ibvpn
Nov 2 02:55:01 srv servicewatch: sanity checking ibvpn
Nov 2 02:55:34 srv servicewatch: restarting ibvpn
The service status reports the following:
[root@srv ~]# systemctl status ibvpn.service
● ibvpn.service - ibVPN Service
Loaded: loaded (/usr/lib/systemd/system/ibvpn.service; enabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Thu 2017-11-02 02:56:07 +03; 21s ago
Process: 32543 ExecStopPost=/usr/libexec/ibvpn/ibvpn-exec-post.sh (code=exited, status=0/SUCCESS)
Process: 32540 ExecStart=/usr/sbin/ibvpn --daemon ibvpn --config ${IBVPN_CONFIG} --cd ${IBVPN_CD} --local ${IBVPN_WANIP} --lport ${IBVPN_PORT} (code=exited, status=0/SUCCESS)
Process: 32527 ExecStartPre=/usr/libexec/ibvpn/ibvpn-exec-pre.sh (code=exited, status=0/SUCCESS)
Main PID: 32541 (code=exited, status=1/FAILURE)
Nov 02 02:56:06 srv systemd[1]: Unit ibvpn.service entered failed state.
Nov 02 02:56:06 srv systemd[1]: ibvpn.service failed.
Nov 02 02:56:07 srv systemd[1]: ibvpn.service holdoff time over, scheduling restart.
Nov 02 02:56:07 srv systemd[1]: start request repeated too quickly for ibvpn.service
Nov 02 02:56:07 srv systemd[1]: Failed to start ibVPN Service.
Nov 02 02:56:07 srv systemd[1]: Unit ibvpn.service entered failed state.
Nov 02 02:56:07 srv systemd[1]: ibvpn.service failed. -
Accepted Answer
To anyone experiencing issues with the ibVPN app for ClearOS; try the following:
Under Server Location, select Edit. Then verify the ibVPN Server is correct and click Update (always click on Update even if it is correct so a new configuration file is generated). Click on Start. The service should remain running... if not, please post the output frrom the following command:
# grep ibvpn /var/log/messages | tail -n 40
-
Accepted Answer
Still not working. Here is the log output:
Nov 6 19:41:29 serverd ibvpn[8988]: library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Nov 6 19:41:29 serverd ibvpn[8989]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Nov 6 19:41:29 serverd ibvpn[8989]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 6 19:41:29 serverd ibvpn[8989]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1420)
Nov 6 19:41:29 serverd ibvpn[8989]: RESOLVE: Cannot resolve host address: :1190 (Name or service not known)
Nov 6 19:41:29 serverd ibvpn[8989]: Exiting due to fatal error
Nov 6 19:41:29 serverd systemd: ibvpn.service: main process exited, code=exited, status=1/FAILURE
Nov 6 19:41:29 serverd systemd: Unit ibvpn.service entered failed state.
Nov 6 19:41:29 serverd systemd: ibvpn.service failed.
Nov 6 19:41:29 serverd systemd: ibvpn.service holdoff time over, scheduling restart.
Nov 6 19:41:29 serverd ibvpn-exec-pre.sh: Command line is not complete. Try option "help"
Nov 6 19:41:29 serverd ibvpn[9009]: DEPRECATED OPTION: --max-routes option ignored.The number of routes is unlimited as of version 2.4. This option will be removed in a future version, please remove it from your configuration.
Nov 6 19:41:29 serverd ibvpn[9009]: OpenVPN 2.4.3 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 21 2017
Nov 6 19:41:29 serverd ibvpn[9009]: library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Nov 6 19:41:29 serverd systemd: PID file /var/run/ibvpn/ibvpn.pid not readable (yet?) after start.
Nov 6 19:41:29 serverd ibvpn[9010]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Nov 6 19:41:29 serverd ibvpn[9010]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 6 19:41:29 serverd ibvpn[9010]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1420)
Nov 6 19:41:29 serverd ibvpn[9010]: RESOLVE: Cannot resolve host address: :1190 (Name or service not known)
Nov 6 19:41:29 serverd ibvpn[9010]: Exiting due to fatal error
Nov 6 19:41:29 serverd systemd: ibvpn.service: main process exited, code=exited, status=1/FAILURE
Nov 6 19:41:29 serverd systemd: Unit ibvpn.service entered failed state.
Nov 6 19:41:29 serverd systemd: ibvpn.service failed.
Nov 6 19:41:29 serverd systemd: ibvpn.service holdoff time over, scheduling restart.
Nov 6 19:41:29 serverd ibvpn-exec-pre.sh: Command line is not complete. Try option "help"
Nov 6 19:41:29 serverd ibvpn[9030]: DEPRECATED OPTION: --max-routes option ignored.The number of routes is unlimited as of version 2.4. This option will be removed in a future version, please remove it from your configuration.
Nov 6 19:41:29 serverd ibvpn[9030]: OpenVPN 2.4.3 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 21 2017
Nov 6 19:41:29 serverd ibvpn[9030]: library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Nov 6 19:41:29 serverd ibvpn[9031]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Nov 6 19:41:29 serverd ibvpn[9031]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 6 19:41:29 serverd ibvpn[9031]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1420)
Nov 6 19:41:29 serverd ibvpn[9031]: RESOLVE: Cannot resolve host address: :1190 (Name or service not known)
Nov 6 19:41:29 serverd ibvpn[9031]: Exiting due to fatal error
Nov 6 19:41:29 serverd systemd: ibvpn.service: main process exited, code=exited, status=1/FAILURE
Nov 6 19:41:29 serverd systemd: Unit ibvpn.service entered failed state.
Nov 6 19:41:29 serverd systemd: ibvpn.service failed.
Nov 6 19:41:29 serverd systemd: ibvpn.service holdoff time over, scheduling restart.
Nov 6 19:41:30 serverd systemd: start request repeated too quickly for ibvpn.service
Nov 6 19:41:30 serverd systemd: Unit ibvpn.service entered failed state.
Nov 6 19:41:30 serverd systemd: ibvpn.service failed.
Thank you. -
Accepted Answer
There was bug introduced with the addition of MultiWAN support. For those with only one external interface (most of us), the external interface was not being set resulting in an error from OpenVPN. I have fixed the bug and submitted a new build to the build system. The version is 1.2.2. The update will take several hours to propagate to our mirror servers. Anyone experiencing issues can wait to upgrade to the latest version and follow my previous steps:
Under Server Location, select Edit. Then verify the ibVPN Server is correct and click Update (always click on Update even if it is correct so a new configuration file is generated). Click on Start.
Or if you would prefer to get going now, you can simply edit /etc/clearos/ibvpn.conf and add the name of your external network interface to the line:
external_interface=""
(This key should NOT be empty -- that is a bug!)
Start/restart ibVPN:
# systemctl restart ibvpn.service
-
Accepted Answer
Problem persists. I have a new install and ibvpn never worked. Once installed, there is no way to configure, as clicking the link in the navigation pane post install gives you the “too many redirects” error in the browser.
I manually edited the conf file.
Service status output:
ibvpn.service: control process exited, code=exited status=1
Nov 07 08:48:52 gateway.starwars.co.za systemd[1]: Failed to start ibVPN Service.
Nov 07 08:48:52 gateway.starwars.co.za systemd[1]: Unit ibvpn.service entered failed state.
Nov 07 08:48:52 gateway.starwars.co.za systemd[1]: ibvpn.service failed.
Nov 07 08:48:53 gateway.starwars.co.za systemd[1]: ibvpn.service holdoff time over, scheduling restart.
Nov 07 08:48:53 gateway.starwars.co.za systemd[1]: start request repeated too quickly for ibvpn.service
Nov 07 08:48:53 gateway.starwars.co.za systemd[1]: Failed to start ibVPN Service.
Nov 07 08:48:53 gateway.starwars.co.za systemd[1]: Unit ibvpn.service entered failed state.
Nov 07 08:48:53 gateway.starwars.co.za systemd[1]: ibvpn.service failed.
From log:
Nov 7 07:16:20 gateway ibvpn-exec-pre.sh: Can not start ibVPN, not configured.
Nov 7 07:16:20 gateway systemd: ibvpn.service: control process exited, code=exited status=1
Nov 7 07:16:20 gateway systemd: Unit ibvpn.service entered failed state.
Nov 7 07:16:20 gateway systemd: ibvpn.service failed.
Nov 7 07:16:20 gateway systemd: ibvpn.service holdoff time over, scheduling restart.
Nov 7 07:16:20 gateway systemd: start request repeated too quickly for ibvpn.service
Nov 7 07:16:20 gateway systemd: Unit ibvpn.service entered failed state.
Nov 7 07:16:20 gateway systemd: ibvpn.service failed.
Nov 7 08:41:29 gateway yum[3634]: Erased: 1:app-ibvpn-1.2.0-1.v7.noarch
Nov 7 08:41:30 gateway yum[3634]: Erased: 1:app-ibvpn-core-1.2.0-1.v7.noarch
Nov 7 08:45:45 gateway yum[5221]: Installed: 1:app-ibvpn-core-1.2.0-1.v7.noarch
Nov 7 08:45:45 gateway yum[5221]: Installed: 1:app-ibvpn-1.2.0-1.v7.noarch
Nov 7 08:48:51 gateway ibvpn-exec-pre.sh: Can not start ibVPN, not configured.
Nov 7 08:48:51 gateway systemd: ibvpn.service: control process exited, code=exited status=1
Nov 7 08:48:51 gateway systemd: Unit ibvpn.service entered failed state.
Nov 7 08:48:51 gateway systemd: ibvpn.service failed.
Nov 7 08:48:52 gateway systemd: ibvpn.service holdoff time over, scheduling restart.
Nov 7 08:48:52 gateway ibvpn-exec-pre.sh: Can not start ibVPN, not configured.
Nov 7 08:48:52 gateway systemd: ibvpn.service: control process exited, code=exited status=1
Nov 7 08:48:52 gateway systemd: Unit ibvpn.service entered failed state.
Nov 7 08:48:52 gateway systemd: ibvpn.service failed.
Nov 7 08:48:52 gateway systemd: ibvpn.service holdoff time over, scheduling restart.
Nov 7 08:48:52 gateway ibvpn-exec-pre.sh: Can not start ibVPN, not configured.
Nov 7 08:48:52 gateway systemd: ibvpn.service: control process exited, code=exited status=1
Nov 7 08:48:52 gateway systemd: Unit ibvpn.service entered failed state.
Nov 7 08:48:52 gateway systemd: ibvpn.service failed.
Nov 7 08:48:52 gateway systemd: ibvpn.service holdoff time over, scheduling restart.
Nov 7 08:48:52 gateway ibvpn-exec-pre.sh: Can not start ibVPN, not configured.
Nov 7 08:48:52 gateway systemd: ibvpn.service: control process exited, code=exited status=1
Nov 7 08:48:52 gateway systemd: Unit ibvpn.service entered failed state.
Nov 7 08:48:52 gateway systemd: ibvpn.service failed.
Nov 7 08:48:52 gateway systemd: ibvpn.service holdoff time over, scheduling restart.
Nov 7 08:48:52 gateway ibvpn-exec-pre.sh: Can not start ibVPN, not configured.
Nov 7 08:48:52 gateway systemd: ibvpn.service: control process exited, code=exited status=1
Nov 7 08:48:52 gateway systemd: Unit ibvpn.service entered failed state.
Nov 7 08:48:52 gateway systemd: ibvpn.service failed.
Nov 7 08:48:53 gateway systemd: ibvpn.service holdoff time over, scheduling restart.
Nov 7 08:48:53 gateway systemd: start request repeated too quickly for ibvpn.service
Nov 7 08:48:53 gateway systemd: Unit ibvpn.service entered failed state.
Nov 7 08:48:53 gateway systemd: ibvpn.service failed. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Using the the Contributed-Testing repo worked prior to the current 7.4 full update. At this time iBVP shows running but nothing routing through. I have removed previous installation & reinstalled same version of app-iBVPn 1.2.3-1 V7 only current available version at this time but nothing works. Outside of manually configuring the configuration file which does not work well with the security side. Has a new solution been provided?? -
Accepted Answer
Daniel p wrote:
Using the the Contributed-Testing repo worked prior to the current 7.4 full update. At this time iBVP shows running but nothing routing through. I have removed previous installation & reinstalled same version of app-iBVPn 1.2.3-1 V7 only current available version at this time but nothing works. Outside of manually configuring the configuration file which does not work well with the security side. Has a new solution been provided??
Daniel,
While ibVPN is running, can you check these two things:
# grep ibvpn /var/log/messages
# ip rule ls
The first will show you the log file for the ibVPN (openvpn) service. Does it appear that the tunnel is up and running?
The second will show you the routing rules as per your ibVPN configuration. You should see the IP address(es) of all hosts that are configured to use ibVPN -- specifically all lines ending with "table 20" will use the ibVPN routing table 20:
# ip route ls table 20
Here you should have a list of local routes for your LAN plus a default route that is using the remote side of the ibVPN tunnel. -
Accepted Answer
Darryl Sokoloski,
All requested commands output::
Using the the Contributed-Testing repo worked prior to the current 7.4 full update. At this time iBVP shows running but nothing routing through. I have removed previous installation & reinstalled same version of app-iBVPn 1.2.3-1 V7 only current available version at this time but nothing works. Outside of manually configuring the configuration file which does not work well with the security side. Has a new solution been provided??
Daniel,
While ibVPN is running, can you check these two things:
# grep ibvpn /var/log/messages
# ip rule ls
The first will show you the log file for the ibVPN (openvpn) service. Does it appear that the tunnel is up and running?
The second will show you the routing rules as per your ibVPN configuration. You should see the IP address(es) of all hosts that are configured to use ibVPN -- specifically all lines ending with "table 20" will use the ibVPN routing table 20:
# ip route ls table 20
Here you should have a list of local routes for your LAN plus a default route that is using the remote side of the ibVPN tunnel.
grep ibvpn /var/log/messages: OUTPUT
grep ibvpn /var/log/messagesDec 23 19:51:34 gateway webconfig: Redirecting to /bin/systemctl start ibvpn.service
Dec 23 19:51:34 gateway ibvpn[5841]: DEPRECATED OPTION: --max-routes option ignored.The number of routes is unlimited as of OpenVPN 2.4. This option will be removed in a future version, please remove it from your configu
Dec 23 19:51:34 gateway ibvpn[5841]: OpenVPN 2.4.4 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 26 2017
Dec 23 19:51:34 gateway ibvpn[5841]: library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Dec 23 19:51:34 gateway systemd: PID file /var/run/ibvpn/ibvpn.pid not readable (yet?) after start.
Dec 23 19:51:34 gateway ibvpn[5842]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Dec 23 19:51:34 gateway ibvpn[5842]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 23 19:51:34 gateway ibvpn[5842]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1420)
Dec 23 19:51:34 gateway ibvpn[5842]: TCP/UDP: Preserving recently used remote address: [AF_INET]198.105.254.130:1194
Dec 23 19:51:34 gateway ibvpn[5842]: Socket Buffers: R=[229376->229376] S=[229376->229376]
Dec 23 19:51:34 gateway ibvpn[5842]: UDP link local (bound): [AF_INET]10.0.10.6:1190
Dec 23 19:51:34 gateway ibvpn[5842]: UDP link remote: [AF_INET]198.105.254.130:1194
**Wants OpenVPN 2.4 removed but its required per the installation package requirement**
# ip rule ls
0: from all lookup local
20: from 178.32.145.121 lookup 20
32766: from all lookup main
32767: from all lookup default
#ip route ls table 20
default via x.x.x.1 dev ibvpn
x.x.x.0/24 dev enp7s9 proto kernel scope link src x.x.x.6
x.x.x.0/24 dev ibvpn proto kernel scope link src x.x.x.2
x.x.x.0/24 dev enp63s0 proto kernel scope link src x.x.x.15 -
Accepted Answer
@Daniel, routing through the VPN takes sometime to start. Just keep checking your remote IP with https://www.xmyip.com for example until you see the ibVPN IP.
@Darryl, lately I cannot connect to most USA servers! I updated the servers list many times, but it just refused to connect to USA servers (except Atlanta's). The European servers are fine. I tried to connect to USA servers using the ibVPN app for macOS from my laptop and it worked well. -
Accepted Answer
Mansoor wrote:
@Daniel, routing through the VPN takes sometime to start. Just keep checking your remote IP with https://www.xmyip.com for example until you see the ibVPN IP.
@Darryl, lately I cannot connect to most USA servers! I updated the servers list many times, but it just refused to connect to USA servers (except Atlanta's). The European servers are fine. I tried to connect to USA servers using the ibVPN app and it worked well.
Masoor:
The VPN service has never taken this long to activate a connection, specially if different connecting servers are tried but nothing routes. I don't need a website to check my remote IP connection when any site can easily tell me my IP. The service all together on 7.4 update fails no matter what is done on the recent ClearOS version.
As for the output I provided that is all the output I get continuously obtain no matter what connecting server is chosen / only local IP server IP shows when I test my connection.
Version 1.2.3-1 v7 worked prior to upgrading to ClearOS 7.4. That version specifically solved the too many tries, etc. error from before without a problem, but since the actual upgrade to 7.4 nothing has worked. I also took the extra step of doing a fresh system install to make sure nothing else was causing the problem, at this point nothing has corrected the IbVPN service routing issue. -
Accepted Answer
-
Accepted Answer
Nick Howitt wrote:
@Daniel, it makes it a little difficult to diagnose when you munge your IP addresses. I've also fixed the "quote" tags in your post and please can you use "code" tags (the piece of paper icon with a <> on it) for all system output.
Are you by any chance using the proxy?
No Proxy being used, IbVPn program through ClearOS - as for the IP's the only part the IP's were X's out were on the 0/24 in , though & out - on the the logs it shows the ips's being used.
IBvpn only seems to work after updates are applied to the system - speedtest shows the connection but if change connection location stop & restart the service it no longer routes. Rebooting the system does nothing either, as noted before a fresh install does nothing either.
I understand this program is an add-on but look at how many people are reporting the same issue, its not a coincidence that this started happening from the last change. If users are now having to expose the system to untested contributed REPO just to get the system barely up & then since the 7.4 full upgrade nothing works due to multiple users are reporting this issue. Its a clear indication the issue is across the board. -
Accepted Answer
ibVPN just stopped working on the server. The logs show some error with TLS as can be seen in the following:
[root@gateway ~]# grep ibvpn /var/log/messages
Feb 17 06:56:41 gateway ibvpn[7959]: Restart pause, 10 second(s)
Feb 17 06:56:51 gateway ibvpn[7959]: WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Feb 17 06:56:51 gateway ibvpn[7959]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Feb 17 06:56:51 gateway ibvpn[7959]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1420)
Feb 17 06:56:51 gateway ibvpn[7959]: TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:443
Feb 17 06:56:51 gateway ibvpn[7959]: Socket Buffers: R=[229376->229376] S=[229376->229376]
Feb 17 06:56:51 gateway ibvpn[7959]: UDP link local (bound): [AF_INET]192.168.1.2:1190
Feb 17 06:56:51 gateway ibvpn[7959]: UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:443
Feb 17 06:57:51 gateway ibvpn[7959]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Feb 17 06:57:51 gateway ibvpn[7959]: TLS Error: TLS handshake failed
Feb 17 06:57:51 gateway ibvpn[7959]: SIGUSR1[soft,tls-error] received, process restarting
Feb 17 06:57:51 gateway ibvpn[7959]: Restart pause, 10 second(s)
[root@gateway ~]# ip rule ls
0: from all lookup local
20: from 192.168.0.10 lookup 20
20: from 192.168.0.241 lookup 20
32766: from all lookup main
32767: from all lookup default
# ip route ls table 20 returns nothing.
UPDATE: if I add 'local <server ip>' to /etc/clearos/ibvpn.d/ibvpn.ovpn then the app can connect to the selected ibVPN server but no traffic is forwarded via the link (clients timeout). -
Accepted Answer
-
Accepted Answer
Daniel,
Can you give us some info on the errors in the logs. There were some bug fixes that resolved this but if it is still down for you we need to reproduce and replicate the error. So I need to either affirm in your logs that it is the same or see what is different.
I've already apprised the lead dev on this at ClearCenter so he will look for your reply in this thread.
Thanks for reporting your issue.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »