Re: [Openvpn-users] UDPv4 [ECONNREFUSED]: Connection refused (code=111)

[ddaasd <ddaasd@xxxxxxxxx>]

Very clear explanation.
Thanks :)

ddaas



Mathias Sundman wrote:

> On Tue, 5 Jul 2005, ddaasd wrote:
>
>>
>> Hi,
>> I finally set up an OpenVpn 2.0 Server  on rhel3 and  winxp  clients.
>> Everything works just fine until now.
>> The only problem is that after I close the connection from the client
>> the server logs continuously:
>>
>> Tue Jul  5 11:45:40 2005 read UDPv4 [ECONNREFUSED]: Connection
>> refused (code=111)
>> ...
>> Tue Jul  5 11:46:01 2005 read UDPv4 [ECONNREFUSED]: Connection
>> refused (code=111)
>>
>> This is really annoying, increases  my logs, generates snort alerts
>> "ICMP Destination Unreachable Port Unreachable" and so on.
>>
>> Is something configured wrong or this is the normal behaviour? If yes
>> how can I get rid of this kind of message?
>
>
> It's nothing wrong. Per default the server is not notified when a
> client disconnects, what's why you get these messages in the server log.
>
> There is two things you can to make things better though. Use
> --keepalive (or ping/ping-restart) to make the server realize that a
> client has disconnected after some time. I usually use the following
> values
>
> On server:
> ping 10
> ping-restart 120
>
> On clients:
> ping 10
> ping-restart 60
>
> And, then you can add "--explicit-exit-notify 2" on the client, which
> will cause it to notify the server when you disconnect cleanly. The
> '2' means that it will send to exit-notify packets to the server
> before exiting. There is no acknowledge to this exit-notify packet
> that why you can tell OpenVPN to send multiple exit-notify packets it
> case happends to be dropped.
>

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users