Troubleshooting:Openvpn Troubleshooting: Difference between revisions
Added troubleshooting guide: OpenVPN Troubleshooting (troubleshooting) |
Major update - troubleshooting guide: OpenVPN Troubleshooting (19 sections) (troubleshooting) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
This guide covers troubleshooting for OpenVPN server and client connection issues. | This guide covers troubleshooting for OpenVPN server and client connection issues. | ||
== Server Not Starting == | == Server Not Starting == | ||
= '''Check logs''': = | === '''Check logs''': === | ||
<pre class="lang-bash"> | <pre class="lang-bash"> | ||
journalctl -u openvpn -n 50 | journalctl -u openvpn -n 50 | ||
</pre> | </pre> | ||
= '''Verify configuration''': = | == '''Verify configuration''': == | ||
<pre class="lang-bash"> | <pre class="lang-bash"> | ||
openvpn --config /etc/openvpn/server/server.conf --test-crypto | openvpn --config /etc/openvpn/server/server.conf --test-crypto | ||
</pre> | </pre> | ||
= '''Check file permissions''': = | == '''Check file permissions''': == | ||
<pre class="lang-bash"> | <pre class="lang-bash"> | ||
ls -la /etc/openvpn/server/ | ls -la /etc/openvpn/server/ | ||
=== Certificates should be readable by OpenVPN user === | |||
</pre> | </pre> | ||
== Client Cannot Connect == | == Client Cannot Connect == | ||
= '''Check server is listening''': = | === '''Check server is listening''': === | ||
<pre class="lang-bash"> | <pre class="lang-bash"> | ||
ss -ulnp | grep 1194 | ss -ulnp | grep 1194 | ||
</pre> | </pre> | ||
= '''Check firewall''': = | == '''Check firewall''': == | ||
<pre class="lang-bash"> | <pre class="lang-bash"> | ||
iptables -L INPUT -n -v | grep 1194 | iptables -L INPUT -n -v | grep 1194 | ||
</pre> | </pre> | ||
= '''Verify client certificate''': = | == '''Verify client certificate''': == | ||
* Ensure certificate hasn't been revoked | |||
* Check certificate expiration date | |||
* Verify CA certificate matches server | |||
= '''Check server logs''': = | == '''Check server logs''': == | ||
<pre class="lang-bash"> | <pre class="lang-bash"> | ||
tail -f /var/log/syslog | grep openvpn | tail -f /var/log/syslog | grep openvpn | ||
| Line 45: | Line 45: | ||
== Connection Drops == | == Connection Drops == | ||
= '''Check keepalive settings''' in server.conf = | === '''Check keepalive settings''' in server.conf === | ||
= '''Verify network connectivity''': = | == '''Verify network connectivity''': == | ||
<pre class="lang-bash"> | <pre class="lang-bash"> | ||
ping 10.8.0.2 | ping 10.8.0.2 | ||
</pre> | </pre> | ||
= '''Check routing''': = | == '''Check routing''': == | ||
<pre class="lang-bash"> | <pre class="lang-bash"> | ||
ip route | grep 10.8.0.0 | ip route | grep 10.8.0.0 | ||
| Line 58: | Line 58: | ||
== Performance Issues == | == Performance Issues == | ||
= '''Check server load''': = | === '''Check server load''': === | ||
<pre class="lang-bash"> | <pre class="lang-bash"> | ||
top | top | ||
| Line 64: | Line 64: | ||
</pre> | </pre> | ||
= '''Monitor network traffic''': = | == '''Monitor network traffic''': == | ||
<pre class="lang-bash"> | <pre class="lang-bash"> | ||
iftop -i tun0 | iftop -i tun0 | ||
</pre> | </pre> | ||
= '''Check for connection limits''' in server configuration = | == '''Check for connection limits''' in server configuration == | ||
== Related Documentation == | == Related Documentation == | ||
* [OpenVPN Server](index.md) - Server configuration | |||
* [User Management](user-management.md) - User management | * [User Management](user-management.md) - User management | ||
[[Category:Documentation]] | [[Category:Documentation]] | ||
[[Category:Documentation/Troubleshooting]] | [[Category:Documentation/Troubleshooting]] | ||
Latest revision as of 13:44, 1 January 2026
This guide covers troubleshooting for OpenVPN server and client connection issues.
Server Not Starting
[edit]Check logs:
[edit]journalctl -u openvpn -n 50
Verify configuration:
[edit]openvpn --config /etc/openvpn/server/server.conf --test-crypto
Check file permissions:
[edit]ls -la /etc/openvpn/server/ === Certificates should be readable by OpenVPN user ===
Client Cannot Connect
[edit]Check server is listening:
[edit]ss -ulnp | grep 1194
Check firewall:
[edit]iptables -L INPUT -n -v | grep 1194
Verify client certificate:
[edit]* Ensure certificate hasn't been revoked
* Check certificate expiration date
* Verify CA certificate matches server
Check server logs:
[edit]tail -f /var/log/syslog | grep openvpn
Connection Drops
[edit]Check keepalive settings in server.conf
[edit]Verify network connectivity:
[edit]ping 10.8.0.2
Check routing:
[edit]ip route | grep 10.8.0.0
Performance Issues
[edit]Check server load:
[edit]top htop
Monitor network traffic:
[edit]iftop -i tun0
Check for connection limits in server configuration
[edit]Related Documentation
[edit]- [OpenVPN Server](index.md) - Server configuration
- [User Management](user-management.md) - User management