[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Mysterious connection problem


  • Subject: [Openvpn-users] Mysterious connection problem
  • From: Hugh <hughcampbell@xxxxxxxxxx>
  • Date: Tue, 14 Dec 2004 22:43:06 +0000

Sorry if this is long.

I have OpenVPN up and running between home and work, and working _VERY_
nicely except for one nagging problem:  every day or two, for no
apparent reason, connection between the two ends is lost, and cannot be
re-established easily.

When this happens, the log shows that the home system ('homebase' in the
log below) is trying once a minute to re-establish the link.

Jul 11 16:45:17 homebase openvpn[7965]: Inactivity timeout
(--ping-restart), restarting
Jul 11 16:45:17 homebase openvpn[7965]: Closing TCP/UDP socket
Jul 11 16:45:17 homebase openvpn[7965]: Closing TUN/TAP device
Jul 11 16:45:17 homebase openvpn[7965]: Static Encrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Jul 11 16:45:17 homebase openvpn[7965]: Static Encrypt: Using 160 bit
message hash 'SHA1' for HMAC authentication
Jul 11 16:45:17 homebase openvpn[7965]: Static Decrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Jul 11 16:45:17 homebase openvpn[7965]: Static Decrypt: Using 160 bit
message hash 'SHA1' for HMAC authentication
Jul 11 16:45:17 homebase openvpn[7965]: LZO compression initialized
Jul 11 16:45:17 homebase openvpn[7965]: TUN/TAP device tun0 opened
Jul 11 16:45:17 homebase openvpn[7965]: /sbin/ifconfig tun0 10.0.0.2
pointopoint 10.0.0.1 mtu 1255
Jul 11 16:45:17 homebase openvpn[7965]: ./home.up tun0 1255 1300
10.0.0.2 10.0.0.1 init
Jul 11 16:45:17 homebase openvpn[7965]: Data Channel MTU parms [ L:1300
D:1300 EF:45 EB:19 ET:0 ]
Jul 11 16:45:17 homebase openvpn[7965]: Local Options String:
'V3,dev-type tun,link-mtu 1300,tun-mtu 1255,proto UDPv4,ifconfig
10.0.0.1 10.0.0.2,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,secret'
Jul 11 16:45:17 homebase openvpn[7965]: Expected Remote Options String:
'V3,dev-type tun,link-mtu 1300,tun-mtu 1255,proto UDPv4,ifconfig
10.0.0.2 10.0.0.1,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,secret'
Jul 11 16:45:17 homebase openvpn[7965]: Local Options hash (VER=V3):
'5d310f7c'
Jul 11 16:45:17 homebase openvpn[7965]: Expected Remote Options hash
(VER=V3): '1fe7a543'
Jul 11 16:45:17 homebase openvpn[7965]: UDPv4 link local (bound):
[undef]:5000
Jul 11 16:45:17 homebase openvpn[7965]: UDPv4 link remote:
204.136.194.22:5000

However, the log shows it doing this once a minute forever, but it
doesn't succeed in reconnecting.  I have to run 'service openvpn stop',
then _several minutes later_ (and that wait is important), run 'service
openvpn start', before it will reconnect correctly.  If I stop and start
the service immediately afterwards, I have no success.  I have to wait
at least a minute or so before I restart the service, and then it runs
perfectly again for another day or so.

When it connects successfully, I get the usual messages above in the
log, but then the next line is also present:

Jul 11 17:01:08 homebase openvpn[25305]: Peer Connection Initiated with
204.136.194.22:5000

I am using OpenVPN 1.5.0 on both ends, but I compiled it for the home
machine which is an Opteron (ie 64 bit) running Mandrake 9.1 for AMD64.
The office end is OpenVPN 1.5.0 running Mandrake 9.0 on an Intel Pentium
(ie 32 bit) installed from an rpm file.

The local and remote options strings and hashes all match up.

Both ends are using the dyndns.org service to map domain names to ip
addresses. I initially suspected a DNS problem, because the problem
became much less severe when I started running a DNS server locally on
the home machine (the problem had previously been occurring once a hour
or more).

However, DNS (and the dyndns service) continue to run fine thoughout the
connection loss - in fact I often use SSH (using my dyndns address) to
get into the opposite machine to restart the OpenVPN service.

Please note also that the VPN can be restarted from either end - either
home or office, either by being physically at the machine or via SSH -
provided that I (1) stop the service at that end, (2) wait a few
minutes, and then (3) restart it.

I have been poking away at this problem for months, but I still can't
pin it down.  Any pointers would be hugely appreciated.

Here is my /etc/openvpn/static-home.conf file with comments removed.
10.0.0.1 is the Office endpoint; 10.0.0.2 is the home endpoint:
- - - - - -
dev tun
remote myoffice.dyndns.org
ifconfig 10.0.0.2 10.0.0.1
up ./home.up
secret static.key
comp-lzo
ping 15
ping-restart 60
verb 5
float
resolv-retry 3600

- - - - - -
Here is my office conf:

dev tun
remote myhome.dyndns.org
ifconfig 10.0.0.1 10.0.0.2
up ./office.up
secret static.key
comp-lzo
ping 15
ping-restart 60
verb 8
resolv-retry 3600
float


Many thanks for any suggestions

Hugh Campbell
Ottawa, Canada


____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users