|
|
James Yonan wrote:
I'm replying on openvpn-users, which is the more appropriate list for
this.
OK. If possible bugs are considered user-matters.
On Thu, 31 Mar 2005, Rolf Fokkens wrote:
Hi,
Currently not being able to test of this problem also exists in more
recent rc's, I'll just mention it: when is use the "ping" or "keepalive"
settings, periodically the SSL connections reset, the syslog output
follows below. Without the ping settings connections seem tu survive
much longer!
It would be useful to see your config files on this.
This is not an inactivity-related restart. It looks more like an issue
with crypto options.
There's no inactivity issue here, without the ping all traffic comes
through, for hours and hours. Attached bothe client and server config,
without the keepalive setting.
The only thing I'm aware of now is the fact that both have dh configed -
but that shouldn't cause the reconnects, should it?
Rolf
#
# Sample OpenVPN configuration file for
# home using a pre-shared static key.
#
# '#' or ';' may be used to delimit comments.
cipher aes-128-cbc
engine padlock
# Use a dynamic tun device.
# For Linux 2.2 or non-Linux OSes,
# you may want to use an explicit
# unit number such as "tun1".
# OpenVPN also supports virtual
# ethernet "tap" devices.
dev tap0
# Our OpenVPN peer is the office gateway.
remote 145.66.1.12
#remote home14
fragment 1300
mtu-disc yes
# 10.1.0.2 is our local VPN endpoint (home).
# 10.1.0.1 is our remote VPN endpoint (office).
#ifconfig 83.118.84.129 82.73.20.10
# Our up script will establish routes
# once the VPN is alive.
#up ./home.up
# Our pre-shared static key
tls-client
dh /etc/openvpn/plaza/dh1024.pem
ca /etc/openvpn/plaza/openvpn-ca.crt
cert /etc/openvpn/plaza/openvpn-N003.crt
key /etc/openvpn/plaza/openvpn-N003.key
# OpenVPN uses UDP port 5000 by default.
# Each OpenVPN tunnel must use
# a different port number.
# lport or rport can be used
# to denote different ports
# for local and remote.
port 5000
# Downgrade UID and GID to
# "nobody" after initialization
# for extra security.
; user nobody
; group nobody
# If you built OpenVPN with
# LZO compression, uncomment
# out the following line.
; comp-lzo
# Send a UDP ping to remote once
# every 15 seconds to keep
# stateful firewall connection
# alive. Uncomment this
# out if you are using a stateful
# firewall.
; ping 15
# Uncomment this section for a more reliable detection when a system
# loses its connection. For example, dial-ups or laptops that
# travel to other locations.
; ping 15
; ping-restart 45
; ping-timer-rem
; persist-tun
; persist-key
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 3
management 127.0.0.1 5000
#
# Sample OpenVPN configuration file for
# home using a pre-shared static key.
#
# '#' or ';' may be used to delimit comments.
cipher aes-128-cbc
engine padlock
# Use a dynamic tun device.
# For Linux 2.2 or non-Linux OSes,
# you may want to use an explicit
# unit number such as "tun1".
# OpenVPN also supports virtual
# ethernet "tap" devices.
dev tap0
# Our OpenVPN peer is the office gateway.
#remote 82.73.20.10
float
fragment 1300
mtu-disc yes
# 10.1.0.2 is our local VPN endpoint (home).
# 10.1.0.1 is our remote VPN endpoint (office).
#ifconfig 83.118.84.129 82.73.20.10
# Our up script will establish routes
# once the VPN is alive.
#up ./home.up
# Our pre-shared static key
tls-server
dh /etc/openvpn/plaza/dh1024.pem
ca /etc/openvpn/plaza/openvpn-ca.crt
cert /etc/openvpn/plaza/openvpn-N001.crt
key /etc/openvpn/plaza/openvpn-N001.key
# OpenVPN uses UDP port 5000 by default.
# Each OpenVPN tunnel must use
# a different port number.
# lport or rport can be used
# to denote different ports
# for local and remote.
port 5000
# Downgrade UID and GID to
# "nobody" after initialization
# for extra security.
; user nobody
; group nobody
# If you built OpenVPN with
# LZO compression, uncomment
# out the following line.
; comp-lzo
# Send a UDP ping to remote once
# every 15 seconds to keep
# stateful firewall connection
# alive. Uncomment this
# out if you are using a stateful
# firewall.
; ping 15
# Uncomment this section for a more reliable detection when a system
# loses its connection. For example, dial-ups or laptops that
# travel to other locations.
; ping 15
; ping-restart 45
; ping-timer-rem
; persist-tun
; persist-key
# Verbosity level.
# 0 -- quiet except for fatal errors.
# 1 -- mostly quiet, but display non-fatal network errors.
# 3 -- medium output, good for normal operation.
# 9 -- verbose, good for troubleshooting
verb 3
management 127.0.0.1 5000
Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-04/msg00008.html on line 362
Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2005-04/msg00008.html on line 362
|