|
|
After months of frustration (and sadly no feedback from this mailing list), I have finally solved the problem described in the message below. It turns out the solution was to issue me new certificates and replace my .key and .crt files in the config folder. Now, I have no idea *why* this works, but apparently my old key and certificate were causing OpenVPN to hang after anywhere from zero to five minutes of connection. If the certificates were corrupt somehow, I would have thought that VPN would have failed to work *at all*. But my symptoms were to have a working connection for a random but brief time, and then a hang. Can anybody explain to me why I was able to make this problem go away simply by using new certificates? Many thanks, Randy Jones *[Openvpn-users] OpenVPN constantly hangs, restarts with "Inactivity timeout"* From: Randolph M. Jones <rjones@xxxxx> - 2007-07-23 22:01 I live in Maine and work for a company in Michigan. We use OpenVPN for our VPN connections. Other employees in Florida and North Carolina seem to have no problems, but my OpenVPN connection constantly hangs. Sometimes it hangs immediately upon connection, sometimes it hangs after a few seconds or a couple of minutes. When it is hung, the OpenVPN GUI reports that it is still connected, and there's nothing indicating the loss of connection in the OpenVPN log files, but I lose the ability to reach the Michigan machines. OpenVPN remains hung until I either disconnect/reconnect manually, or it automatically restarts with an "inactivity timeout" (according to the log file). It appears to check every 10 minutes for the inactivity timeouts, because I get a restart every 10 minutes in the log file (which I don't completely understand, because I'm told that the server has its keepalive set to "20 300"). For what it's worth, I do realize that this is a long-distance connection, and I've verified that there's quite often some packet loss between Maine and Michigan...I'm also suspicious that other employees are not having the same problem. I've also verified that I had the same problem when trying to connect from a conference in Vancouver, using a completely different ISP. I also have the problem whether I'm connected to the internet wirelessly or wired. I'm pasting in a sample excerpt from my OpenVPN log file below. So my most immediate questions are: 1. Why does OpenVPN seem to hang so easily, and is there any way to keep it from hanging? 2. Failing that, is there a way to get it detect more quickly that it has hanged, and restart the connection (instead of waiting 10 minutes)? 3. Are there any other suggestions for tests I should run or things I can try to get this problem solved? I'm getting pretty tired of having to restart OpenVPN dozens of times a day. Or am I just out of like trying to maintain a VPN connection over such a long distance? Thanks in advance! Randy Jones rjones@xxxxx Mon Jul 23 17:18:43 2007 NOTE: --user option is not implemented on Windows Mon Jul 23 17:18:43 2007 NOTE: --group option is not implemented on Windows Mon Jul 23 17:18:43 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006 Mon Jul 23 17:18:43 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Mon Jul 23 17:18:43 2007 WARNING: No server certificate verification method hasbeen enabled. See http://openvpn.net/howto.html#mitm for more info. Mon Jul 23 17:18:43 2007 LZO compression initialized Mon Jul 23 17:18:43 2007 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Mon Jul 23 17:18:43 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Jul 23 17:18:43 2007 Local Options hash (VER=V4): '41690919' Mon Jul 23 17:18:43 2007 Expected Remote Options hash (VER=V4): '530fdded' Mon Jul 23 17:18:43 2007 UDPv4 link local: [undef] Mon Jul 23 17:18:43 2007 UDPv4 link remote: 64.9.220.33:1194 Mon Jul 23 17:18:43 2007 TLS: Initial packet from 64.9.220.33:1194, sid=05fae821 2dc73d39 Mon Jul 23 17:18:44 2007 VERIFY OK: depth=1, /C=US/ST=MI/L=AnnArbor/O=Soar_Technology/CN=AASoartechVPN/emailAddress=admin@xxxxx Mon Jul 23 17:18:44 2007 VERIFY OK: depth=0, /C=US/ST=MI/O=Soar_Technology/CN=server/emailAddress=admin@xxxxx Mon Jul 23 17:18:45 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Jul 23 17:18:45 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Jul 23 17:18:45 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Jul 23 17:18:45 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Jul 23 17:18:45 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Mon Jul 23 17:18:45 2007 [server] Peer Connection Initiated with 64.9.220.33:1194 Mon Jul 23 17:18:46 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Mon Jul 23 17:18:46 2007 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 192.168.3.0 255.255.255.0,dhcp-option DNS 192.168.0.1,dhcp-option WINS 192.168.0.103,dhcp-option DOMAIN aa.soartech.com,dhcp-option NTP 192.168.0.1,dhcp-option NBT 8,route 10.120.0.0 255.255.255.0,ping 20,ping-restart 300,ifconfig 10.120.0.154 10.120.0.153' Mon Jul 23 17:18:46 2007 OPTIONS IMPORT: timers and/or timeouts modified Mon Jul 23 17:18:46 2007 OPTIONS IMPORT: --ifconfig/up options modified Mon Jul 23 17:18:46 2007 OPTIONS IMPORT: route options modified Mon Jul 23 17:18:46 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Mon Jul 23 17:18:46 2007 TAP-WIN32 device [Local Area Connection 4] opened: \\.\Global\{B6D173A9-9B1C-4618-8753-EAE874D5DDF6}.tap Mon Jul 23 17:18:46 2007 TAP-Win32 Driver Version 8.4 Mon Jul 23 17:18:46 2007 TAP-Win32 MTU=1500 Mon Jul 23 17:18:46 2007 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.120.0.154/255.255.255.252 on interface {B6D173A9-9B1C-4618-8753-EAE874D5DDF6}[DHCP-serv: 10.120.0.153, lease-time: 31536000] Mon Jul 23 17:18:46 2007 Successful ARP Flush on interface [5] {B6D173A9-9B1C-4618-8753-EAE874D5DDF6} Mon Jul 23 17:18:46 2007 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down Mon Jul 23 17:18:46 2007 Route: Waiting for TUN/TAP interface to come up... Mon Jul 23 17:18:47 2007 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down Mon Jul 23 17:18:47 2007 Route: Waiting for TUN/TAP interface to come up... Mon Jul 23 17:18:48 2007 TEST ROUTES: 3/3 succeeded len=3 ret=1 a=0 u/d=up Mon Jul 23 17:18:48 2007 route ADD 192.168.0.0 MASK 255.255.255.0 10.120.0.153 Mon Jul 23 17:18:48 2007 Route addition via IPAPI succeeded Mon Jul 23 17:18:48 2007 route ADD 192.168.3.0 MASK 255.255.255.0 10.120.0.153 Mon Jul 23 17:18:48 2007 Route addition via IPAPI succeeded Mon Jul 23 17:18:48 2007 route ADD 10.120.0.0 MASK 255.255.255.0 10.120.0.153 Mon Jul 23 17:18:48 2007 Route addition via IPAPI succeeded Mon Jul 23 17:18:48 2007 Initialization Sequence Completed Mon Jul 23 17:21:47 2007 Replay-window backtrack occurred [1] Mon Jul 23 17:28:25 2007 [server] Inactivity timeout (--ping-restart), restarting Mon Jul 23 17:28:25 2007 TCP/UDP: Closing socket Mon Jul 23 17:28:25 2007 SIGUSR1[soft,ping-restart] received, process restarting Mon Jul 23 17:28:25 2007 Restart pause, 2 second(s) Mon Jul 23 17:28:27 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Mon Jul 23 17:28:27 2007 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Mon Jul 23 17:28:27 2007 Re-using SSL/TLS context Mon Jul 23 17:28:27 2007 LZO compression initialized Mon Jul 23 17:28:27 2007 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Mon Jul 23 17:28:28 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Jul 23 17:28:28 2007 Local Options hash (VER=V4): '41690919' Mon Jul 23 17:28:28 2007 Expected Remote Options hash (VER=V4): '530fdded' Mon Jul 23 17:28:28 2007 UDPv4 link local: [undef] Mon Jul 23 17:28:28 2007 UDPv4 link remote: 64.9.220.33:1194 Mon Jul 23 17:28:28 2007 TLS: Initial packet from 64.9.220.33:1194, sid=ec3423b5 3588edff Mon Jul 23 17:28:28 2007 VERIFY OK: depth=1, /C=US/ST=MI/L=AnnArbor/O=Soar_Technology/CN=AASoartechVPN/emailAddress=admin@xxxxx Mon Jul 23 17:28:28 2007 VERIFY OK: depth=0, /C=US/ST=MI/O=Soar_Technology/CN=server/emailAddress=admin@xxxxx Mon Jul 23 17:28:30 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Jul 23 17:28:30 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Jul 23 17:28:30 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Jul 23 17:28:30 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Jul 23 17:28:30 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Mon Jul 23 17:28:30 2007 [server] Peer Connection Initiated with 64.9.220.33:1194 Mon Jul 23 17:28:30 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Mon Jul 23 17:28:30 2007 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 192.168.3.0 255.255.255.0,dhcp-option DNS 192.168.0.1,dhcp-option WINS 192.168.0.103,dhcp-option DOMAIN aa.soartech.com,dhcp-option NTP 192.168.0.1,dhcp-option NBT 8,route 10.120.0.0 255.255.255.0,ping 20,ping-restart 300,ifconfig 10.120.0.154 10.120.0.153' Mon Jul 23 17:28:30 2007 OPTIONS IMPORT: timers and/or timeouts modified Mon Jul 23 17:28:30 2007 OPTIONS IMPORT: --ifconfig/up options modified Mon Jul 23 17:28:30 2007 OPTIONS IMPORT: route options modified Mon Jul 23 17:28:30 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Mon Jul 23 17:28:30 2007 Preserving previous TUN/TAP instance: Local Area Connection 4 Mon Jul 23 17:28:30 2007 Initialization Sequence Completed Mon Jul 23 17:38:13 2007 [server] Inactivity timeout (--ping-restart), restarting Mon Jul 23 17:38:13 2007 TCP/UDP: Closing socket Mon Jul 23 17:38:13 2007 SIGUSR1[soft,ping-restart] received, process restarting Mon Jul 23 17:38:13 2007 Restart pause, 2 second(s) Mon Jul 23 17:38:15 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Mon Jul 23 17:38:15 2007 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Mon Jul 23 17:38:15 2007 Re-using SSL/TLS context Mon Jul 23 17:38:15 2007 LZO compression initialized Mon Jul 23 17:38:15 2007 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Mon Jul 23 17:38:15 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Jul 23 17:38:15 2007 Local Options hash (VER=V4): '41690919' Mon Jul 23 17:38:15 2007 Expected Remote Options hash (VER=V4): '530fdded' Mon Jul 23 17:38:15 2007 UDPv4 link local: [undef] Mon Jul 23 17:38:15 2007 UDPv4 link remote: 64.9.220.33:1194 Mon Jul 23 17:38:15 2007 TLS: Initial packet from 64.9.220.33:1194, sid=c8f821e3 b566412e Mon Jul 23 17:38:16 2007 VERIFY OK: depth=1, /C=US/ST=MI/L=AnnArbor/O=Soar_Technology/CN=AASoartechVPN/emailAddress=admin@xxxxx Mon Jul 23 17:38:16 2007 VERIFY OK: depth=0, /C=US/ST=MI/O=Soar_Technology/CN=server/emailAddress=admin@xxxxx Mon Jul 23 17:38:17 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Jul 23 17:38:17 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Jul 23 17:38:17 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Jul 23 17:38:17 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Jul 23 17:38:17 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Mon Jul 23 17:38:17 2007 [server] Peer Connection Initiated with 64.9.220.33:1194 Mon Jul 23 17:38:19 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Mon Jul 23 17:38:19 2007 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 192.168.3.0 255.255.255.0,dhcp-option DNS 192.168.0.1,dhcp-option WINS 192.168.0.103,dhcp-option DOMAIN aa.soartech.com,dhcp-option NTP 192.168.0.1,dhcp-option NBT 8,route 10.120.0.0 255.255.255.0,ping 20,ping-restart 300,ifconfig 10.120.0.154 10.120.0.153' Mon Jul 23 17:38:19 2007 OPTIONS IMPORT: timers and/or timeouts modified Mon Jul 23 17:38:19 2007 OPTIONS IMPORT: --ifconfig/up options modified Mon Jul 23 17:38:19 2007 OPTIONS IMPORT: route options modified Mon Jul 23 17:38:19 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Mon Jul 23 17:38:19 2007 Preserving previous TUN/TAP instance: Local Area Connection 4 Mon Jul 23 17:38:19 2007 Initialization Sequence Completed Mon Jul 23 17:48:00 2007 [server] Inactivity timeout (--ping-restart), restarting Mon Jul 23 17:48:00 2007 TCP/UDP: Closing socket Mon Jul 23 17:48:00 2007 SIGUSR1[soft,ping-restart] received, process restarting Mon Jul 23 17:48:00 2007 Restart pause, 2 second(s) Mon Jul 23 17:48:02 2007 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port. Mon Jul 23 17:48:02 2007 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Mon Jul 23 17:48:02 2007 Re-using SSL/TLS context Mon Jul 23 17:48:02 2007 LZO compression initialized Mon Jul 23 17:48:02 2007 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Mon Jul 23 17:48:03 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ] Mon Jul 23 17:48:03 2007 Local Options hash (VER=V4): '41690919' Mon Jul 23 17:48:03 2007 Expected Remote Options hash (VER=V4): '530fdded' Mon Jul 23 17:48:03 2007 UDPv4 link local: [undef] Mon Jul 23 17:48:03 2007 UDPv4 link remote: 64.9.220.33:1194 Mon Jul 23 17:48:03 2007 TLS: Initial packet from 64.9.220.33:1194, sid=273a6d35 a2a7df88 Mon Jul 23 17:48:04 2007 VERIFY OK: depth=1, /C=US/ST=MI/L=AnnArbor/O=Soar_Technology/CN=AASoartechVPN/emailAddress=admin@xxxxx Mon Jul 23 17:48:04 2007 VERIFY OK: depth=0, /C=US/ST=MI/O=Soar_Technology/CN=server/emailAddress=admin@xxxxx Mon Jul 23 17:48:06 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Jul 23 17:48:06 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Jul 23 17:48:06 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Mon Jul 23 17:48:06 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Mon Jul 23 17:48:06 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Mon Jul 23 17:48:06 2007 [server] Peer Connection Initiated with 64.9.220.33:1194 Mon Jul 23 17:48:07 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Mon Jul 23 17:48:07 2007 PUSH: Received control message: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 192.168.3.0 255.255.255.0,dhcp-option DNS 192.168.0.1,dhcp-option WINS 192.168.0.103,dhcp-option DOMAIN aa.soartech.com,dhcp-option NTP 192.168.0.1,dhcp-option NBT 8,route 10.120.0.0 255.255.255.0,ping 20,ping-restart 300,ifconfig 10.120.0.154 10.120.0.153' Mon Jul 23 17:48:07 2007 OPTIONS IMPORT: timers and/or timeouts modified Mon Jul 23 17:48:07 2007 OPTIONS IMPORT: --ifconfig/up options modified Mon Jul 23 17:48:07 2007 OPTIONS IMPORT: route options modified Mon Jul 23 17:48:07 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Mon Jul 23 17:48:07 2007 Preserving previous TUN/TAP instance: Local Area Connection 4 Mon Jul 23 17:48:07 2007 Initialization Sequence Completed ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2008-02/msg00053.html on line 470 Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2008-02/msg00053.html on line 470 |