Re: [Openvpn-users] Re: OpenVPN losing connection

  • Subject: Re: [Openvpn-users] Re: OpenVPN losing connection
  • From: Charles Duffy <cduffy@xxxxxxxxxxx>
  • Date: Fri, 19 May 2006 09:29:30 -0500

Chris Mason wrote:
Does the tunnel stay up, but stop transmitting data?
Not sure, how do tell?
Does the tunnel go down, but the service stay up?
Again, not sure.

See, if the OpenVPN server detects a client being down and you don't have persist-tun specified, it will close and reopen the tun/tap device. If this happens, an attached ethereal instance (or such) will be forced to exit -- and there'll be relevant log messages from OpenVPN itself.

Is there anything in the logs directly surrounding the point when the tunnel goes down?
The firewall starts rejecting packets for 1194. I am using shorewall.

Reeeally? That's interesting; it makes me wonder if the remote host is having a new IP address assigned (such that it's no longer in the connection state table). Are the packets being rejected coming in the external interface and heading for the VPN server? Are they coming from the same IP address the client originally connected from? What does your rule allowing incoming traffic on port 1194 look like?

Such said, it's the OpenVPN log output I was referring to (with a verbosity level of 3 or 4).

BTW, please send (or at least CC) followup email to the list. Posting your OpenVPN config files wouldn't hurt, either.

