|
|
I'm replying on openvpn-users, which is the more appropriate list for this. On Thu, 31 Mar 2005, Rolf Fokkens wrote: > Hi, > > Currently not being able to test of this problem also exists in more > recent rc's, I'll just mention it: when is use the "ping" or "keepalive" > settings, periodically the SSL connections reset, the syslog output > follows below. Without the ping settings connections seem tu survive > much longer! The whole point of keepalive/ping/ping-restart is to force a reconnection and renegotiation if no ping packets are received for a certain period of time. You can always use a high restart value, for example keepalive 10 600, to require a longer period of time without any received pings (10 minutes in this case) before a restart is triggered. > > Hope this is useful information. > > Cheers, > > Rolf Fokkens > > Apr 1 03:23:32 plaza-server openvpn[2502]: TLS: Initial packet from > 83.118.84.1 > 29:11800, sid=737dedce 3fab1f1c > Apr 1 03:23:33 plaza-server openvpn[2502]: VERIFY OK: depth=1, > /C=NL/L=Groningen/O=Vertis_bv/CN=Vertis-VPN-CA > Apr 1 03:23:33 plaza-server openvpn[2502]: VERIFY OK: depth=0, > /C=NL/L=Groningen/O=Vertis_bv/CN=N003.Vertis-VPN > Apr 1 03:23:33 plaza-server openvpn[2502]: Data Channel Encrypt: Cipher > 'AES-128-CBC' initialized with 128 bit key > Apr 1 03:23:33 plaza-server openvpn[2502]: Data Channel Encrypt: Using > 160 bitmessage hash 'SHA1' for HMAC authentication > Apr 1 03:23:33 plaza-server openvpn[2502]: Data Channel Decrypt: Cipher > 'AES-128-CBC' initialized with 128 bit key > Apr 1 03:23:33 plaza-server openvpn[2502]: Data Channel Decrypt: Using > 160 bitmessage hash 'SHA1' for HMAC authentication > Apr 1 03:23:33 plaza-server openvpn[2502]: Control Channel: TLSv1, > cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 512 bit RSA > Apr 1 03:23:33 plaza-server openvpn[2502]: [N003.Vertis-VPN] Peer > Connection Initiated with 83.118.84.129:11800 > Apr 1 03:23:34 plaza-server openvpn[2502]: Initialization Sequence > Completed > Apr 1 03:24:02 plaza-server openvpn[2502]: Authenticate/Decrypt packet > error: cipher final failed > Apr 1 03:24:04 plaza-server openvpn[2502]: TLS_ERROR: BIO read > tls_read_plaintext error: error:06065064:digital envelope > routines:EVP_DecryptFinal:bad decrypt > Apr 1 03:24:04 plaza-server openvpn[2502]: TLS Error: TLS object -> > incoming plaintext read error > Apr 1 03:24:04 plaza-server openvpn[2502]: TLS Error: TLS handshake failed > Apr 1 03:24:04 plaza-server openvpn[2502]: TCP/UDP: Closing socket > Apr 1 03:24:04 plaza-server openvpn[2502]: Closing TUN/TAP interface > Apr 1 03:24:04 plaza-server openvpn[2502]: SIGUSR1[soft,tls-error] > received, process restarting > Apr 1 03:24:04 plaza-server openvpn[2502]: Restart pause, 2 second(s) It would be useful to see your config files on this. This is not an inactivity-related restart. It looks more like an issue with crypto options. James ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-04/msg00004.html on line 244 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-04/msg00004.html on line 244 |