Anyone having recent OpenVPN problems?

[bigredfish]

For some reason I can’t connect to any of my OpenVPN servers over the past week or so.

I use the OpenVPN client on Win11 and have used it for years. Have server setup on 6 different remote routers to access NVRs on those networks. No change on the remote networks and it’s ALL of them

Problem is local to me. As if some software (windows or Bitdefender?) may have updated and messed something g up.

Router and firewall logs here show initial outbound connect (not blocked) as does the OpenVPN client, but it won’t truly connect as if no response from remote server.

I think my client isn’t sending the full command or responding to the handshake.

Only message in client log is “server poll timeout”

Just thought it worth asking if anyone else has seen this recently?

 

[97JeepXJ]

I am able to connect to my router using the app on my iPhone but I don’t have it installed on my laptop so I can’t say about Windows

 

[wittaj]

I just tried mine and could connect to every system I help with.

Only thing I can think of is a windows update changed your network from public to private (or vice versa). I forget which way it does but Windows updates tend to change that with no warning.

 

[bigredfish]

That’s my thought, I turned off everything I can think of in Bitdefender and my firewall shows a good initial outbound connect but obviously the handshake is dying as if my laptop isn’t getting the handshake response.

I don’t have those on my phone, remote routers/NVRs I maintain/help on but don’t usually use phone to do it.

I could go Nextdoor and try their network to verify but I think it’s on my machine

 

[97JeepXJ]

I just have it as backup, WireGaurd is my primary way in now. It (OpenVPN) should probably be setup on my laptop too though

 

[wittaj]

Well I did have that issue last week and I couldn't connect - the elderly neighbor accidently unplugged the router, but for you to have all 6 do that is statistically impossible lol

 

[bigredfish]

I just have it as backup, WireGaurd is my primary way in now. It (OpenVPN) should probably be setup on my laptop too though

yeah I use Wireguard for accessing my home network and it works great. Faster than OpenVPN, but the routers I'm connecting to remote are older Asus with just OpenVPN as an option

 

[d5775927]

Try to connect from other device on your home network, to know if this is a network issue or device specific issue.
You can do that by using you smartphone as a client or doing live boot for Linux on your PC (but installing app on your smartphone is much faster).
I also moved to Wiregaurad a while ago (a few years) and don't use windows.

 

[Sybertiger]

Check the PRIVATE vs PUBLIC settings on your network card. I seem to recall mine changed on it's own after an update or modem swapout of something along those lines.

 

[looney2ns]

Do you use the Asus DDNS service for your URL?
Maybe it's down.
Try using the direct IP address to connect.

 

[bigredfish]

Direct IP.

So I drove down there today to 3 of the routers. All were effectively locked up, reboot and confirmed all good.

Pouring through the logs now, have to get by the other two this coming week

Aug 7 19:29:01 kernel: lowmem_reserve[]: 0 0 0
Aug 7 19:29:01 kernel: Normal: 85*4kB (UEMR) 19*8kB (EMR) 2*16kB (M) 1*32kB (R) 1*64kB (R) 1*128kB (R) 1*256kB (R) 1*512kB (R) 1*1024kB (R) 1*2048kB (R) 0*4096kB = 4588kB
Aug 7 19:29:01 kernel: 568 total pagecache pages
Aug 7 19:29:01 kernel: 32768 pages of RAM
Aug 7 19:29:01 kernel: 1366 free pages
Aug 7 19:29:01 kernel: 2356 reserved pages
Aug 7 19:29:01 kernel: 2699 slab pages
Aug 7 19:29:01 kernel: 732 pages shared
Aug 7 19:29:01 kernel: 0 pages swap cached
Aug 7 19:29:02 kernel: Out of memory: Kill process 3973 (vpnserver1) score 370 or sacrifice child
Aug 7 19:29:02 kernel: Killed process 3973 (vpnserver1) total-vm:93504kB, anon-rss:46240kB, file-rss:0kB
Aug 11 00:58:41 kernel: FIXMEsif_forward_mgmt_to_app: Event length more than expected..dropping
Aug 11 00:58:43 kernel: FIXMEsif_forward_mgmt_to_app: Event length more than expected..dropping
Aug 11 00:58:45 kernel: FIXMEsif_forward_mgmt_to_app: Event length more than expected..dropping
Aug 11 00:58:47 kernel: FIXMEsif_forward_mgmt_to_app: Event length more than expected..dropping
Aug 11 00:58:49 kernel: FIXMEsif_forward_mgmt_to_app: Event length more than expected..dropping
Aug 11 00:58:51 kernel: FIXMEsif_forward_mgmt_to_app: Event length more than expected..dropping
Aug 11 00:58:53 kernel: FIXMEsif_forward_mgmt_to_app: Event length more than expected..dropping

 

[bigredfish]

So of the 3

1- literally ran out of memory and froze
1- was under obvious constant DOS attack
1- My buddy blocked it on his firewall (small business) and didnt know enough to know he had or how to unblock it (basically blocked port 1194)

Of the other 2, I just talked to one guy, he rebooted his router and all came back to life. So I'll need to look at his logs, and the other guy I talked though how to port forward his Netgear router and I still can't hit it. I suspect his IP changed.
To @looney2ns point, I should set those two up with DDNS. Both of those are residential but have had the same IP for years. I suppose with the lightning storms we've been having the past 2-3 weeks, worst I've see, some servers got rebooted and issued new IP's to customers.

So it looks like 5 different events all within a week-10 days of each other. Because I rarely have the need to log in with VPN (most use P2P for camera access) and just happened to last week with @jmcu working with me on the one HOA location. Just dumb luck i started trying the others and discovered them dead.