[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Openvpn loses connection with no activity


  • Subject: Re: [Openvpn-users] Openvpn loses connection with no activity
  • From: J Silverman <g1powermac@xxxxxxxxx>
  • Date: Thu, 12 Jul 2007 15:19:32 -0700 (PDT)

Hi All,

I did some more testing and debugging of my system.  I eventually figured out it was the keepalive directive on the server's config that was causing it to reconnect.  I'm not 100% sure why having some traffic over the tunnel was satisfying the keepalive, but it seemed to.  I then decided to put a keepalive on the client's config and that stopped the reconnects.  However, I read that you wouldn't need to have two keepalives as openvpn should setup a responding ping on the client without having to specify it in the client's config.  So I decided to set keepalive's equivalent component directives (ping and ping-restart) on both the server and client and it's working fine with that. 

So, from what I can tell, it seems the server isn't 'pushing' the ping and ping-restart commands to the client when using keepalive.  Would anyone know why it isn't doing this?

Thanks,
J Silverman

J Silverman <g1powermac@xxxxxxxxx> wrote:
Hi All,

Here's my situation.  I setup a bridged pre-shared key Openvpn system between two Openwrt running routers (have to do the bridged system for the applications that will be used over the network) which are currently both behind another router on my lan for testing and setup purposes.  One router is setup as a server and the other as the client.  The client connects successfully to the server and I can ping a computer on the server side from a computer on the client side and vice versa.  However, every so often, the server will lose connection with the client.  During this point, I can't ping anything on the client side, and I get this on the server:

Thu Jul 12 13:06:31 2007 Inactivity timeout (--ping-restart), restarting
Thu Jul 12 13:06:31 2007 TCP/UDP: Closing socket
Thu Jul 12 13:06:31 2007 Closing TUN/TAP interface
Thu Jul 12 13:06:31 2007 SIGUSR1[soft,ping-restart] received, process restarting
Thu Jul 12 13:06:31 2007 Restart pause, 2 second(s)
Thu Jul 12 13:06:33 2007 Static Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jul 12 13:06:33 2007 Static Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 12 13:06:33 2007 Static Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Jul 12 13:06:33 2007 Static Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 12 13:06:33 2007 TUN/TAP device tap0 opened
Thu Jul 12 13:06:33 2007 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:4 ET:32 EL:0 ]
Thu Jul 12 13:06:33 2007 Local Options hash (VER=V4): '8b888ddc'
Thu Jul 12 13:06:33 2007 Expected Remote Options hash (VER=V4): '8b888ddc'
Thu Jul 12 13:06:33 2007 UDPv4 link local (bound): [undef]:1194
Thu Jul 12 13:06:33 2007 UDPv4 link remote: [undef]

Now, if I try to ping the server from the client, it will reconnect on its own and I then get these two messages on the server:

Thu Jul 12 13:06:57 2007 Peer Connection Initiated with 192.168.0.5:2052
Thu Jul 12 13:06:58 2007 Initialization Sequence Completed

It will sometimes reconnect without any pinging as well.  Now, the really strange part of this is, if lets say I setup a network share over the vpn tunnel from a server machine to a client machine behind the router, it won't lose connection (as of this point, it's been running with no reconnects for quite a while).  Obviously by having the network share setup, it sends a bit of traffic over the tunnel every so often.  Is there some form of configuration option that tells openvpn to reconnect if there's no traffic over the tunnel?  Or is there something else going on here?

Also, to give you more of an idea of my setup, I'm using a combination of these two tutorials:

http://wiki.openwrt.org/OpenVPNHowTo
http://www.linux.com/articles/58336

My setup consists mostly all of the first one except I used the second's suggestion to setup the bridge on both the server and the client routers.

Thanks for the help!
J Silverman


Building a website is a piece of cake.
Yahoo! Small Business gives you all the tools to get online.-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users


Choose the right car based on your needs. Check out Yahoo! Autos new Car Finder tool.