[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] connection works intermittently

  • Subject: Re: [Openvpn-users] connection works intermittently
  • From: "Bruno Cruvelier" <bcruvelier@xxxxxxxxxxxx>
  • Date: Wed, 5 Apr 2006 09:31:42 +0200

----- Original Message ----- From: "Jon Bendtsen" <jon.bendtsen@xxxxxxxxxx>
To: "Bruno Cruvelier" <bcruvelier@xxxxxxxxxxxx>
Cc: <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
Sent: Wednesday, April 05, 2006 11:13 AM
Subject: Re: [Openvpn-users] connection works intermittently


Den mandag 3.apr kl. 16:43 skrev Bruno Cruvelier:

Hi

I've got a little problem with my VPN connection

The VPN connection works intermittently. I'm not sure but I think I have to wait 24h to reconnect after a connection.
When the connection doesn't work


The problem can be fixed by restarting the DSL connection on the server (which is stranger because it's a fixed IP) but it's tiresome and I can't do it everyday.


Have I forgot an option in one of my configs ?
Have you ever heard of a problem like this ?


no, never



Here are all the details :
- DSL connexion with fixed IP on server side
- DSL connexion with dynamic IP on client side

- SERVER : Linux Debian
config :

dev tun1
local 213.X.X.X
port 8147
proto udp
server 10.4.0.0 255.255.255.0
client-to-client
dh /etc/ssl/dh1024.pem
ca /etc/ssl/certs/autorite-ca.crt
cert /etc/ssl/server.crt
key /etc/ssl/private/serverPrivate.key
tun-mtu 1500
mssfix
auth-user-pass-verify /etc/openvpn/validateUser.sh via-file
comp-lzo
verb 5
log-append /var/log/openvpn.log
keepalive 10 120
push "route 192.168.1.0 255.255.255.0"
persist-key
persist-tun
persist-local-ip


try adding a
float
directive to the server.conf

I'll try it but the openvpn's man says that float is the default if --remote is not used, so do I need to specify it ?


log :
The server doesn't log anything when the connection doesn't work (it logs when it's working)
- CLIENT : Windows XP
config :

remote 213.X.X.X
client
port 8147
dev tun
ca C:\\OpenVPN\\easy-rsa\\keys\\autorite-ca.crt
cert C:\\OpenVPN\\easy-rsa\\keys\\xxxxx.crt
key C:\\OpenVPN\\easy-rsa\\keys\\xxxxx.key
auth-user-pass
reneg-sec 3600
ping 10
comp-lzo
verb 5
ip-win32 dynamic
dhcp-option DNS 192.1.2.3


the client config seems fine.


log :
Here is a part of the log of the client when the connection doesn't  work

Mon Apr 03 16:33:03 2006 us=834667 OpenVPN 2.0.5 Win32-MinGW [SSL] [LZO] built on Nov 2 2005
Mon Apr 03 16:33:08 2006 us=371465 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/ howto.html#mitm for more info.
Mon Apr 03 16:33:08 2006 us=404158 LZO compression initialized
Mon Apr 03 16:33:08 2006 us=404370 Control Channel MTU parms [ L: 1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Apr 03 16:33:08 2006 us=409642 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Apr 03 16:33:08 2006 us=409710 Local Options String: 'V4,dev- type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF- CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Mon Apr 03 16:33:08 2006 us=409727 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp- lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Mon Apr 03 16:33:08 2006 us=409943 Local Options hash (VER=V4): '41690919'
Mon Apr 03 16:33:08 2006 us=409983 Expected Remote Options hash (VER=V4): '530fdded'
Mon Apr 03 16:33:08 2006 us=410056 Socket Buffers: R=[8192->8192] S= [8192->8192]
Mon Apr 03 16:33:08 2006 us=410096 UDPv4 link local (bound): [undef]:8147
Mon Apr 03 16:33:08 2006 us=410117 UDPv4 link remote: 213.41.176.174:8147Mon Apr 03 16:34:08 2006 us=747482 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Apr 03 16:34:08 2006 us=747531 TLS Error: TLS handshake failed
Mon Apr 03 16:34:08 2006 us=747966 TCP/UDP: Closing socket
Mon Apr 03 16:34:08 2006 us=748108 SIGUSR1[soft,tls-error] received, process restarting
Mon Apr 03 16:34:08 2006 us=748130 Restart pause, 2 second(s) 

it might be a firewall between the client and server?


The server is a firewall, here is the rule I've put on IPtables :

iptables -A INPUT -i ppp+ -p udp -m udp --dport 8147 -j ACCEPT
iptables -A INPUT -i tun1 -j ACCEPT
iptables -A OUTPUT -o ppp+ -p udp -m udp --sport 8147 -j ACCEPT
iptables -A OUTPUT -o tun1 -j ACCEPT


thx for your answer 


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users


Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-04/msg00082.html on line 293

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-04/msg00082.html on line 293