|
|
On 2/2/06, Ben Scott <dragonhawk@xxxxxxxxx> wrote: > On 2/2/06, Cameron Gocke <livedrive777@xxxxxxxxx> wrote: > > One of the things throwing me for a loop is that these errors > > are happening in my server log not my clients. > > From what I understand, OpenVPN is basically a peer-to-peer design. > The client/server mode is mainly used as an administrative > convenience, to simply things like tunnel configuration. Once the > tunnel is up and running, I believe the client/server distinction > largely disappears. So it could well be that something is going > wrong, and then when something on the server side of the tunnel tries > to transmit, the server notices and logs the problem. > > > Since the log doesn't indicate what session the error applies to I > > don't know who or what exactly it thinks it has lost its connection > > to. > > That does make things more difficult. But, with my logs on my > server, most of the connection-specific log entries include client IP > address, port number, and name. For example (names and addresses > changed to protect the guilty): > > Feb 1 13:57:14 server openvpn[314]: LAPTOP128/192.168.15.16:1192 Data > Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key > > "LAPTOP128" being the pretend client here, with IP address > 192.168.15.16 and port 1192. You're not seeing that, I take it? > > > Now, my firewall doesn't allow any outbound traffic from my > > OpenVPN server (which is in my DMZ), but I wouldn't think that it > > would need to since all of the connections originate from the clients. > > Your firewall might not be recognizing the OpenVPN session for what > it is (UDP being stateless), or timing out the connection, or some > such thing. You might try adding an explicit firewall rule that > permits the OpenVPN server to send any packet with an OpenVPN as the > source port. > > > Is there anything else that could cause this that I'm still not getting? > > Probably. ;-) > > -- Ben > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx > https://lists.sourceforge.net/lists/listinfo/openvpn-users > That is correct, the exact error taken from the log is this: Thu Feb 02 15:15:41 2006 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054) So, no client information is included. I can try modifying my firewall to allow all traffic outbound from UDP 443 to any and see what happens. It is just weird that as far as I can tell I haven't had any trouble establishing connections, so I'm not sure what to expect there. I'm using a Cisco PIX firewall, so maybe I can find some info out there about UDP traffic and session timeouts related to the PIX. Thanks for the help Ben, and if anyone else out there has ideas I'm certainly game to hear them! ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-02/msg00037.html on line 251 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-02/msg00037.html on line 251 |