|
|
Hi list,
Thanks to your help, I have been able to get OpenVPN
1.4.0b10 setup between our servers and remote client
sites. Getting the mssfix 1437 value fixed a lot of
problems between the client sites it seems.
There is now an issue where rsync is running a backup
across OpenVPN between a windows machine (on cygwin),
and the Linux backup server.
Large files of about 2GB appear to be hanging the
connection. Rsync looks to time out, and OpenVPN
appears to be resetting at about the same time. I'm
not sure where the problem may be, but any help would
be appreciated.
There are also messages from OpenVPN about anti-replay
which sometimes occur around the same time as the
reconnects.
A few questions for the list:
Is there a "safe" setting for anti-replay, and can it
be pushed to clients?
Will using fragment in the config files with mssfix
provide a noticable stability increase, or just reduce
performance?
Should the mssfix/fragment values be set lower than
the mtu-test returned value to be safe?
#############################
# TLS server config
#
port 55345
dev tun
comp-lzo
# be a multi-client udp server
mode server
#TLS parms
tls-server
dh /some/place/dh1024.pem
ca /some/place/my-openvpn-keys/ca.crt
cert /some/place/com.crt
key /some/place/com.key
# server's virtual end points
ifconfig 10.0.0.1 10.0.0.2
# pool of /30 subnets to allocate to clients.
ifconfig-pool 10.0.0.4 10.0.0.255
# push route to client binding it to our local
endpoint.
push "route 10.0.0.1 255.255.255.255"
# client should attempt to reconnet on link failure.
ping 15
ping-restart 120
push "ping 10"
push "ping-restart 60"
# route the pool range to the openvpn server.
route 10.0.0.0 255.255.255.0
# no privileges requires
user nobody
group nobody
verb 3
mute 10
status openvpn-status.log
tun-mtu 1500
mssfix 1437
########################
OpenVPN error message:
Aug 30 09:38:23 server001 openvpn[12164]:
client.systemsaligned.com/12.34.56.789:64646
Authenticate/Decrypt packet error: bad packet ID (may
be a replay): [ #55473 ] -- see the man page entry for
--no-replay and --replay-window for more info or
silence this warning with --mute-replay-warnings
Rsync error message (this was not a user aborted
transfer, contrary to what the last line says):
Can't write 16 bytes to socket
Sending csums, cnt = 14876, phase = 1
Read EOF: Connection reset by peer
Tried again: got 0 bytes
finish: removing in-process file User/Contacts.pst
Child is aborting
Done: 16431 files, 6833928626 bytes
Got fatal error during xfer (aborted by signal=PIPE)
Backup aborted by user signal
Thanks for your time. Any comments or ideas on solving
this issue would be greatly appreciated.
Brian
______________________________________________________________________
Post your free ad now! http://personals.yahoo.ca
____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users
|