I also see some .y address in the log, a range that is not used on that network at all. Here are the logs from last night (the vpn exited at 00:10). Thanks for your reply, I have just changed the interface from WAN to any, to see how it goes. Jun 28 08:04:24 openvpn: TUN/TAP device /dev/tun1 opened Jun 28 08:04:24 openvpn: LZO compression initialized Jun 28 08:04:24 openvpn: NOTE: the current -script-security setting may allow this configuration to call user-defined scripts Jun 28 08:04:24 openvpn: Resolving hostnames will use randomisation if more than one IP address is found Jun 28 01:03:38 openvpn: TCP/UDP: Socket bind failed on local address 81.82.XXX.XXX: Can't assign requested address Using "save" on the webinterface or through the shell.Īny suggestions on how to fix or workaround this? Here's the log on OpenVPN: (as you can see I restarted it at 08:04) Jun 28 01:03:38 openvpn: LZO compression initialized It makes the site-to-site go down until I manually restart the openvpn process. No problem, but OpenVPN never retries because the process does not exist anymore and is not "restarted" until I do so manually. When the interface goes down, OpenVPN can't bind to the specified IP and exits. The WAN interface use DHCP and OpenVPN is using this connection to establish a site-to-site connection. (especially at night, so no big deal, these are 'cheap' internet connections) For some reason some of our pfsense boxes don't always get a new ip fast enough. Free, community-based support is also available via stunnel-users mailing list.I've been using OpenVPN since long and pfsense for a little while (almost a year) and I just have 1 issue with OpenVPN. Please contact us for commercial support or non-GPL licenses. We retain the copyright of the source code. Although distributed under GNU GPL version 2 or later with OpenSSL exception, stunnel is not a community project. Stunnel is a free software authored by Michał Trojnara. FIPS-enabled Windows installers of stunnel are available on request with our customer support plans. The OpenSSL FIPS 140-2 module is currently only available for OpenSSL 1.0.2. A scanned FIPS 140-2 Validation Certificate document is available for download on the NIST web page. It can benefit from the FIPS 140-2 validation of the OpenSSL FIPS Object Module, as long as the building process meets its Security Policy. Stunnel uses the OpenSSL library for cryptography, so it supports whatever cryptographic algorithms are compiled into the library. Its architecture is optimized for security, portability, and scalability (including load-balancing), making it suitable for large deployments. Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs' code.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |