[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] openvpn


  • Subject: [Openvpn-users] openvpn
  • From: Peter Leinen <peter@xxxxxxxxxxxxx>
  • Date: Sun, 3 Jun 2007 21:41:02 +0200

Hi all,

I have set up a openvpn connection beetwen my linux box at home and my machine 
at work, which is also based on linux. Everythink seems fine, even a nfs mount was
succesful (this is what I would like to do)
But after a while I run into a inactivity-restart, independent on the traffic over the tun interface.

Networkproblem? I used ssh connection with no problem over the last two years and also a ssh connection 
in parallel to a vpn connection is possible without any problem.

The host at home is behind a fritz-box dsl-router and is for testing marked as a exposed host 
and has for the same reason at the moment no firewall running. ip_forward is on.

The host at work is reachable over udp only and openend for tcp only for the ssh-port (afaik).
So no answer to ping, for example. This is done at a central level, not on a personal firewall.

As I said already, start and use for a short period is ok. 
But then a restart occurs and a second device tun1 is configured.

Any configuration issues? (the configuration files are from the example session)

Has anybody a look on the information below?
More information needed?

Best regards
  Peter

## the version at the box in the office
	[leinen@<host-at-work>:~]$ openvpn --version
	OpenVPN 2.0.6 i686-pc-linux-gnu [SSL] [LZO] [EPOLL] built on May 29 2007
	Developed by James Yonan
	Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@xxxxxxxxxxx>

## openvpn.conf on the server side
	port 1194
	proto udp
	dev tun
	ca /etc/openvpn/easy-rsa/keys/ca.crt
	cert /etc/openvpn/easy-rsa/keys/server.crt
	key /etc/openvpn/easy-rsa/keys/server.key  # This file should be kept secret
	dh /etc/openvpn/easy-rsa/keys/dh1024.pem
	erver 10.27.27.0 255.255.255.0
	ifconfig-pool-persist ipp.txt
	keepalive 10 120
	comp-lzo
	persist-key
	persist-tun
	status openvpn-status.log
	verb 3

## the version of openvpn at home
	[root@peter:~]# openvpn --version
	OpenVPN 2.1_rc2 i386-redhat-linux-gnu [SSL] [LZO1] [EPOLL] built on Mar  5 2007
	Developed by James Yonan
	Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@xxxxxxxxxxx>

## openvpn.conf on the client side
	client
	dev tun
	proto udp
	remote <fqn-of-host-at-work> 1194
	resolv-retry infinite
	nobind
	ca /etc/openvpn/easy-rsa/keys/ca.crt
	cert /etc/openvpn/easy-rsa/keys/client.crt
	key /etc/openvpn/easy-rsa/keys/client.key
	comp-lzo
	persist-key
	persist-tun
	verb 3

## the routing setup at home
## seems fine, at least for me
## forget about the vmnet1/8
	[root@peter:/var/log]# netstat -rn
	Kernel IP routing table
	Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
	10.27.27.5      0.0.0.0         255.255.255.255 UH        0 0          0 tun0
	10.27.27.1      10.27.27.5      255.255.255.255 UGH       0 0          0 tun0
	192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
	192.168.49.0    0.0.0.0         255.255.255.0   U         0 0          0 vmnet8
	172.16.14.0     0.0.0.0         255.255.255.0   U         0 0          0 vmnet1
	169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
	0.0.0.0         192.168.1.254   0.0.0.0         UG        0 0          0 eth0

## try to ping the server over tun0
## perfect !!!
	[root@peter:/var/log]# ping 10.27.27.1
	PING 10.27.27.1 (10.27.27.1) 56(84) bytes of data.
	64 bytes from 10.27.27.1: icmp_seq=1 ttl=64 time=61.1 ms
	64 bytes from 10.27.27.1: icmp_seq=2 ttl=64 time=62.9 ms
	64 bytes from 10.27.27.1: icmp_seq=3 ttl=64 time=60.5 ms
	64 bytes from 10.27.27.1: icmp_seq=4 ttl=64 time=63.4 ms
	64 bytes from 10.27.27.1: icmp_seq=5 ttl=64 time=62.6 ms
	64 bytes from 10.27.27.1: icmp_seq=6 ttl=64 time=60.6 ms
	64 bytes from 10.27.27.1: icmp_seq=7 ttl=64 time=63.4 ms

	--- 10.27.27.1 ping statistics ---
	7 packets transmitted, 7 received, 0% packet loss, time 5999ms
	rtt min/avg/max/mdev = 60.595/62.132/63.478/1.205 ms

## ssh over tun0 works fine, also a ping back to the box at home
## ping to the host at work from home over internet does not work!?
	[leinen@<host-at-work>:~]$ ping 10.27.27.6
	PING 10.27.27.6 (10.27.27.6) 56(84) bytes of data.
	64 bytes from 10.27.27.6: icmp_seq=1 ttl=64 time=69.9 ms
	64 bytes from 10.27.27.6: icmp_seq=2 ttl=64 time=62.7 ms
	64 bytes from 10.27.27.6: icmp_seq=3 ttl=64 time=61.2 ms
	64 bytes from 10.27.27.6: icmp_seq=4 ttl=64 time=61.6 ms
	64 bytes from 10.27.27.6: icmp_seq=5 ttl=64 time=62.6 ms
	64 bytes from 10.27.27.6: icmp_seq=6 ttl=64 time=72.8 ms
	64 bytes from 10.27.27.6: icmp_seq=7 ttl=64 time=62.2 ms
	64 bytes from 10.27.27.6: icmp_seq=8 ttl=64 time=61.2 ms
	64 bytes from 10.27.27.6: icmp_seq=9 ttl=64 time=62.0 ms
	64 bytes from 10.27.27.6: icmp_seq=10 ttl=64 time=60.9 ms
	64 bytes from 10.27.27.6: icmp_seq=11 ttl=64 time=61.6 ms
	64 bytes from 10.27.27.6: icmp_seq=12 ttl=64 time=61.5 ms
	64 bytes from 10.27.27.6: icmp_seq=13 ttl=64 time=62.1 ms
	64 bytes from 10.27.27.6: icmp_seq=14 ttl=64 time=61.2 ms
	
	--- 10.27.27.6 ping statistics ---
	14 packets transmitted, 14 received, 0% packet loss, time 13020ms
	rtt min/avg/max/mdev = 60.929/63.155/72.812/3.457 ms

## some log entries of the linux machine at work
	20:50:50 office[]: MULTI: multi_create_instance called
	20:50:50 office[]: <ip-of-host-at-home>:62779 Re-using SSL/TLS context
	20:50:50 office[]: <ip-of-host-at-home>:62779 LZO compression initialized
	20:50:50 office[]: <ip-of-host-at-home>:62779 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
	20:50:50 office[]: <ip-of-host-at-home>:62779 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
	20:50:50 office[]: <ip-of-host-at-home>:62779 Local Options hash (VER=V4): '530fdded'
	20:50:50 office[]: <ip-of-host-at-home>:62779 Expected Remote Options hash (VER=V4): '41690919'
	20:50:50 office[]: <ip-of-host-at-home>:62779 TLS: Initial packet from <ip-of-host-at-home>:62779, sid=ee54d1e9 d6f823b9
	20:50:50 office[]: MULTI: multi_create_instance called
	20:50:50 office[]: <ip-of-host-at-home>:62780 Re-using SSL/TLS context
	20:50:50 office[]: <ip-of-host-at-home>:62780 LZO compression initialized
	20:50:50 office[]: <ip-of-host-at-home>:62780 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
	20:50:50 office[]: <ip-of-host-at-home>:62780 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
	20:50:50 office[]: <ip-of-host-at-home>:62780 Local Options hash (VER=V4): '530fdded'
	20:50:50 office[]: <ip-of-host-at-home>:62780 Expected Remote Options hash (VER=V4): '41690919'
	20:50:50 office[]: <ip-of-host-at-home>:62780 TLS: Initial packet from <ip-of-host-at-home>:62780, sid=c1d9a78b c46f217b
	20:50:51 office[]: <ip-of-host-at-home>:62779 VERIFY OK: depth=1, /C=DE/ST=RLP/L=Trier/O=Leinen_VPN/CN=Leinen_VPN_CA/emailAddress=peter.leinen@
	20:50:51 office[]: <ip-of-host-at-home>:62779 VERIFY OK: depth=0, /C=DE/ST=RLP/L=Trier/O=Leinen_VPN/CN=peter/emailAddress=peter.leinen@uni-trie
	20:50:51 office[]: <ip-of-host-at-home>:62780 VERIFY OK: depth=1, /C=DE/ST=RLP/L=Trier/O=Leinen_VPN/CN=Leinen_VPN_CA/emailAddress=peter.leinen@
	20:50:51 office[]: <ip-of-host-at-home>:62780 VERIFY OK: depth=0, /C=DE/ST=RLP/L=Trier/O=Leinen_VPN/CN=peter/emailAddress=peter.leinen@uni-trie
	20:50:51 office[]: <ip-of-host-at-home>:62779 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
	20:50:51 office[]: <ip-of-host-at-home>:62779 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
	20:50:51 office[]: <ip-of-host-at-home>:62779 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
	20:50:51 office[]: <ip-of-host-at-home>:62779 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
	20:50:51 office[]: <ip-of-host-at-home>:62780 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
	20:50:51 office[]: <ip-of-host-at-home>:62780 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
	20:50:51 office[]: <ip-of-host-at-home>:62780 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
	20:50:51 office[]: <ip-of-host-at-home>:62780 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
	20:50:51 office[]: <ip-of-host-at-home>:62779 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
	20:50:51 office[]: <ip-of-host-at-home>:62779 [peter] Peer Connection Initiated with <ip-of-host-at-home>:62779
	20:50:51 office[]: MULTI: new connection by client 'peter' will cause previous active sessions by this client to be dropped.  Remember
	20:50:51 office[]: MULTI: Learn: 10.27.27.6 -> peter/<ip-of-host-at-home>:62779
	20:50:51 office[]: MULTI: primary virtual IP for peter/<ip-of-host-at-home>:62779: 10.27.27.6
	20:50:52 office[]: peter/<ip-of-host-at-home>:62779 PUSH: Received control message: 'PUSH_REQUEST'
	20:50:52 office[]: peter/<ip-of-host-at-home>:62779 SENT CONTROL [peter]: 'PUSH_REPLY,route 10.27.27.1,ping 10,ping-restart 120,ifconfig 10.27.
	20:52:20 office[]: MULTI: multi_create_instance called
	20:52:20 office[]: <ip-of-host-at-home>:62781 Re-using SSL/TLS context
	20:52:20 office[]: <ip-of-host-at-home>:62781 LZO compression initialized
	20:52:20 office[]: <ip-of-host-at-home>:62781 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
	20:52:20 office[]: <ip-of-host-at-home>:62781 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
	20:52:20 office[]: <ip-of-host-at-home>:62781 Local Options hash (VER=V4): '530fdded'
	20:52:20 office[]: <ip-of-host-at-home>:62781 Expected Remote Options hash (VER=V4): '41690919'
	20:52:20 office[]: <ip-of-host-at-home>:62781 TLS: Initial packet from <ip-of-host-at-home>:62781, sid=a3f880dc 1d615d3b

## log mesages of the home box
## start of the vpn service
	20:52:24 home[]: OpenVPN 2.1_rc2 i386-redhat-linux-gnu [SSL] [LZO1] [EPOLL] built on Mar  5 2007
	20:52:24 home[]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
	20:52:24 home[]: LZO compression initialized
	20:52:24 home[]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
	20:52:24 home[]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
	20:52:24 home[]: Local Options hash (VER=V4): '41690919'
	20:52:24 home[]: Expected Remote Options hash (VER=V4): '530fdded'
	20:52:24 home[]: Socket Buffers: R=[109568->131072] S=[109568->131072]
	20:52:24 home[]: UDPv4 link local: [undef]
	20:52:24 home[]: UDPv4 link remote: <ip-of-host-at-work>:1194
	20:52:24 home[]: OpenVPN 2.1_rc2 i386-redhat-linux-gnu [SSL] [LZO1] [EPOLL] built on Mar  5 2007
	20:52:24 home[]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
	20:52:24 home[]: LZO compression initialized
	20:52:24 home[]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
	20:52:24 home[]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
	20:52:24 home[]: Local Options hash (VER=V4): '41690919'
	20:52:24 home[]: Expected Remote Options hash (VER=V4): '530fdded'
	20:52:24 home[]: Socket Buffers: R=[109568->131072] S=[109568->131072]
	20:52:24 home[]: UDPv4 link local: [undef]
	20:52:24 home[]: UDPv4 link remote: <ip-of-host-at-work>:1194
	20:52:24 home[]: TLS: Initial packet from <ip-of-host-at-work>:1194, sid=9e794b89 3d7ef3fb
	20:52:24 home[]: TLS: Initial packet from <ip-of-host-at-work>:1194, sid=030e332f e15fb86d
	20:52:25 home[]: VERIFY OK: depth=1, /C=DE/ST=RLP/L=Trier/O=Leinen_VPN/CN=Leinen_VPN_CA/emailAddress=somebody@somewhere
	20:52:25 home[]: VERIFY OK: depth=0, /C=DE/ST=RLP/L=Trier/O=Leinen_VPN/CN=<host-at-work>/emailAddress=somebody@somewhere
	20:52:25 home[]: VERIFY OK: depth=1, /C=DE/ST=RLP/L=Trier/O=Leinen_VPN/CN=Leinen_VPN_CA/emailAddress=somebody@somewhere
	20:52:25 home[]: VERIFY OK: depth=0, /C=DE/ST=RLP/L=Trier/O=Leinen_VPN/CN=<host-at-work>/emailAddress=somebody@somewhere
	20:52:25 home[]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
	20:52:25 home[]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
	20:52:25 home[]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
	20:52:25 home[]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
	20:52:25 home[]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
	20:52:25 home[]: [<host-at-work>] Peer Connection Initiated with <ip-of-host-at-work>:1194
	20:52:25 home[]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
	20:52:25 home[]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
	20:52:25 home[]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
	20:52:25 home[]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
	20:52:25 home[]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
	20:52:25 home[]: [<host-at-work>] Peer Connection Initiated with <ip-of-host-at-work>:1194
	20:52:26 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:52:26 home[]: PUSH: Received control message: 'PUSH_REPLY,route 10.27.27.1,ping 10,ping-restart 120,ifconfig 10.27.27.6 10.27.27.5'
	20:52:26 home[]: OPTIONS IMPORT: timers and/or timeouts modified
	20:52:26 home[]: OPTIONS IMPORT: --ifconfig/up options modified
	20:52:26 home[]: OPTIONS IMPORT: route options modified
	20:52:26 home[]: TUN/TAP device tun0 opened
	20:52:26 home[]: TUN/TAP TX queue length set to 100
	20:52:26 home[]: /sbin/ip link set dev tun0 up mtu 1500
	20:52:26 home[]: /sbin/ip addr add dev tun0 local 10.27.27.6 peer 10.27.27.5
	20:52:26 home[]: /sbin/ip route add 10.27.27.1/32 via 10.27.27.5
	20:52:26 home[]: Initialization Sequence Completed
	20:52:26 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:52:41 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:52:47 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:52:52 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:52:57 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:53:02 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:53:07 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:53:13 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:53:18 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:53:23 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:53:29 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:53:34 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:53:39 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:53:44 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:53:49 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:53:54 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:53:59 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:54:05 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:54:10 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:54:15 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:54:21 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:54:25 home[]: [<host-at-work>] Inactivity timeout (--ping-restart), restarting
	20:54:25 home[]: TCP/UDP: Closing socket
	20:54:25 home[]: SIGUSR1[soft,ping-restart] received, process restarting
	20:54:25 home[]: Restart pause, 2 second(s)
	20:54:27 home[]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
	20:54:27 home[]: Re-using SSL/TLS context
	20:54:27 home[]: LZO compression initialized
	20:54:27 home[]: Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
	20:54:27 home[]: Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
	20:54:27 home[]: Local Options hash (VER=V4): '41690919'
	20:54:27 home[]: Expected Remote Options hash (VER=V4): '530fdded'
	20:54:27 home[]: Socket Buffers: R=[109568->131072] S=[109568->131072]
	20:54:27 home[]: UDPv4 link local: [undef]
	20:54:27 home[]: UDPv4 link remote: <ip-of-host-at-work>:1194
	20:54:27 home[]: TLS: Initial packet from <ip-of-host-at-work>:1194, sid=92eac5a8 3237068a
	20:54:27 home[]: VERIFY OK: depth=1, /C=DE/ST=RLP/L=Trier/O=Leinen_VPN/CN=Leinen_VPN_CA/emailAddress=somebody@somewhere
	20:54:27 home[]: VERIFY OK: depth=0, /C=DE/ST=RLP/L=Trier/O=Leinen_VPN/CN=<host-at-work>/emailAddress=somebody@somewhere
	20:54:28 home[]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
	20:54:28 home[]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
	20:54:28 home[]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
	20:54:28 home[]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
	20:54:28 home[]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
	20:54:28 home[]: [<host-at-work>] Peer Connection Initiated with <ip-of-host-at-work>:1194
	20:54:29 home[]: SENT CONTROL [<host-at-work>]: 'PUSH_REQUEST' (status=1)
	20:54:29 home[]: PUSH: Received control message: 'PUSH_REPLY,route 10.27.27.1,ping 10,ping-restart 120,ifconfig 10.27.27.6 10.27.27.5'
	20:54:29 home[]: OPTIONS IMPORT: timers and/or timeouts modified______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users