[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] OpenVPN constantly hangs, restarts with "Inactivity timeout"


  • Subject: [Openvpn-users] OpenVPN constantly hangs, restarts with "Inactivity timeout"
  • From: "Randolph M. Jones" <rjones@xxxxxxxxxxxx>
  • Date: Mon, 23 Jul 2007 18:01:28 -0400

I live in Maine and work for a company in Michigan.  We use OpenVPN for
our VPN connections.  Other employees in Florida and North Carolina seem
to have no problems, but my OpenVPN connection constantly hangs.
Sometimes it hangs immediately upon connection, sometimes it hangs after
a few seconds or a couple of minutes.  When it is hung, the OpenVPN GUI
reports that it is still connected, and there's nothing indicating the
loss of connection in the OpenVPN log files, but I lose the ability to
reach the Michigan machines.  OpenVPN remains hung until I either
disconnect/reconnect manually, or it automatically restarts with an
"inactivity timeout" (according to the log file).  It appears to check
every 10 minutes for the inactivity timeouts, because I get a restart
every 10 minutes in the log file (which I don't completely understand,
because I'm told that the server has its keepalive set to "20 300").
For what it's worth, I do realize that this is a long-distance
connection, and I've verified that there's quite often some packet loss
between Maine and Michigan...I'm also suspicious that other employees
are not having the same problem.  I've also verified that I had the same
problem when trying to connect from a conference in Vancouver, using a
completely different ISP.  I also have the problem whether I'm connected
to the internet wirelessly or wired.  I'm pasting in a sample excerpt
from my OpenVPN log file below.

So my most immediate questions are:
1. Why does OpenVPN seem to hang so easily, and is there any way to keep
it from hanging?
2. Failing that, is there a way to get it detect more quickly that it
has hanged, and restart the connection (instead of waiting 10 minutes)?
3. Are there any other suggestions for tests I should run or things I
can try to get this problem solved?  I'm getting pretty tired of having
to restart OpenVPN dozens of times a day.  Or am I just out of like
trying to maintain a VPN connection over such a long distance?

Thanks in advance!

Randy Jones
rjones@xxxxxxxxxxxx

Mon Jul 23 17:18:43 2007 NOTE: --user option is not implemented on Windows
Mon Jul 23 17:18:43 2007 NOTE: --group option is not implemented on Windows
Mon Jul 23 17:18:43 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on
Oct  1 2006
Mon Jul 23 17:18:43 2007 IMPORTANT: OpenVPN's default port number is now
1194, based on an official port number assignment by IANA.  OpenVPN
2.0-beta16 and earlier used 5000 as the default port.
Mon Jul 23 17:18:43 2007 WARNING: No server certificate verification
method hasbeen enabled.  See http://openvpn.net/howto.html#mitm for more
info.
Mon Jul 23 17:18:43 2007 LZO compression initialized
Mon Jul 23 17:18:43 2007 Control Channel MTU parms [ L:1542 D:138 EF:38
EB:0 ET:0 EL:0 ]
Mon Jul 23 17:18:43 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42
EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jul 23 17:18:43 2007 Local Options hash (VER=V4): '41690919'
Mon Jul 23 17:18:43 2007 Expected Remote Options hash (VER=V4): '530fdded'
Mon Jul 23 17:18:43 2007 UDPv4 link local: [undef]
Mon Jul 23 17:18:43 2007 UDPv4 link remote: 64.9.220.33:1194
Mon Jul 23 17:18:43 2007 TLS: Initial packet from 64.9.220.33:1194,
sid=05fae821 2dc73d39
Mon Jul 23 17:18:44 2007 VERIFY OK: depth=1,
/C=US/ST=MI/L=AnnArbor/O=Soar_Technology/CN=AASoartechVPN/emailAddress=admin@xxxxxxxxxxxx
Mon Jul 23 17:18:44 2007 VERIFY OK: depth=0,
/C=US/ST=MI/O=Soar_Technology/CN=server/emailAddress=admin@xxxxxxxxxxxx
Mon Jul 23 17:18:45 2007 Data Channel Encrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Mon Jul 23 17:18:45 2007 Data Channel Encrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Mon Jul 23 17:18:45 2007 Data Channel Decrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Mon Jul 23 17:18:45 2007 Data Channel Decrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Mon Jul 23 17:18:45 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Jul 23 17:18:45 2007 [server] Peer Connection Initiated with
64.9.220.33:1194
Mon Jul 23 17:18:46 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Jul 23 17:18:46 2007 PUSH: Received control message:
'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 192.168.3.0
255.255.255.0,dhcp-option DNS 192.168.0.1,dhcp-option WINS
192.168.0.103,dhcp-option DOMAIN aa.soartech.com,dhcp-option NTP
192.168.0.1,dhcp-option NBT 8,route 10.120.0.0 255.255.255.0,ping
20,ping-restart 300,ifconfig 10.120.0.154 10.120.0.153'
Mon Jul 23 17:18:46 2007 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jul 23 17:18:46 2007 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jul 23 17:18:46 2007 OPTIONS IMPORT: route options modified
Mon Jul 23 17:18:46 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
Mon Jul 23 17:18:46 2007 TAP-WIN32 device [Local Area Connection 4]
opened: \\.\Global\{B6D173A9-9B1C-4618-8753-EAE874D5DDF6}.tap
Mon Jul 23 17:18:46 2007 TAP-Win32 Driver Version 8.4
Mon Jul 23 17:18:46 2007 TAP-Win32 MTU=1500
Mon Jul 23 17:18:46 2007 Notified TAP-Win32 driver to set a DHCP
IP/netmask of 10.120.0.154/255.255.255.252 on interface
{B6D173A9-9B1C-4618-8753-EAE874D5DDF6}[DHCP-serv: 10.120.0.153,
lease-time: 31536000]
Mon Jul 23 17:18:46 2007 Successful ARP Flush on interface [5]
{B6D173A9-9B1C-4618-8753-EAE874D5DDF6}
Mon Jul 23 17:18:46 2007 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Mon Jul 23 17:18:46 2007 Route: Waiting for TUN/TAP interface to come up...
Mon Jul 23 17:18:47 2007 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Mon Jul 23 17:18:47 2007 Route: Waiting for TUN/TAP interface to come up...
Mon Jul 23 17:18:48 2007 TEST ROUTES: 3/3 succeeded len=3 ret=1 a=0 u/d=up
Mon Jul 23 17:18:48 2007 route ADD 192.168.0.0 MASK 255.255.255.0
10.120.0.153
Mon Jul 23 17:18:48 2007 Route addition via IPAPI succeeded
Mon Jul 23 17:18:48 2007 route ADD 192.168.3.0 MASK 255.255.255.0
10.120.0.153
Mon Jul 23 17:18:48 2007 Route addition via IPAPI succeeded
Mon Jul 23 17:18:48 2007 route ADD 10.120.0.0 MASK 255.255.255.0
10.120.0.153
Mon Jul 23 17:18:48 2007 Route addition via IPAPI succeeded
Mon Jul 23 17:18:48 2007 Initialization Sequence Completed
Mon Jul 23 17:21:47 2007 Replay-window backtrack occurred [1]
Mon Jul 23 17:28:25 2007 [server] Inactivity timeout (--ping-restart),
restarting
Mon Jul 23 17:28:25 2007 TCP/UDP: Closing socket
Mon Jul 23 17:28:25 2007 SIGUSR1[soft,ping-restart] received, process
restarting
Mon Jul 23 17:28:25 2007 Restart pause, 2 second(s)
Mon Jul 23 17:28:27 2007 IMPORTANT: OpenVPN's default port number is now
1194, based on an official port number assignment by IANA.  OpenVPN
2.0-beta16 and earlier used 5000 as the default port.
Mon Jul 23 17:28:27 2007 WARNING: No server certificate verification
method has been enabled.  See http://openvpn.net/howto.html#mitm for
more info.
Mon Jul 23 17:28:27 2007 Re-using SSL/TLS context
Mon Jul 23 17:28:27 2007 LZO compression initialized
Mon Jul 23 17:28:27 2007 Control Channel MTU parms [ L:1542 D:138 EF:38
EB:0 ET:0 EL:0 ]
Mon Jul 23 17:28:28 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42
EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jul 23 17:28:28 2007 Local Options hash (VER=V4): '41690919'
Mon Jul 23 17:28:28 2007 Expected Remote Options hash (VER=V4): '530fdded'
Mon Jul 23 17:28:28 2007 UDPv4 link local: [undef]
Mon Jul 23 17:28:28 2007 UDPv4 link remote: 64.9.220.33:1194
Mon Jul 23 17:28:28 2007 TLS: Initial packet from 64.9.220.33:1194,
sid=ec3423b5 3588edff
Mon Jul 23 17:28:28 2007 VERIFY OK: depth=1,
/C=US/ST=MI/L=AnnArbor/O=Soar_Technology/CN=AASoartechVPN/emailAddress=admin@xxxxxxxxxxxx
Mon Jul 23 17:28:28 2007 VERIFY OK: depth=0,
/C=US/ST=MI/O=Soar_Technology/CN=server/emailAddress=admin@xxxxxxxxxxxx
Mon Jul 23 17:28:30 2007 Data Channel Encrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Mon Jul 23 17:28:30 2007 Data Channel Encrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Mon Jul 23 17:28:30 2007 Data Channel Decrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Mon Jul 23 17:28:30 2007 Data Channel Decrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Mon Jul 23 17:28:30 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Jul 23 17:28:30 2007 [server] Peer Connection Initiated with
64.9.220.33:1194
Mon Jul 23 17:28:30 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Jul 23 17:28:30 2007 PUSH: Received control message:
'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 192.168.3.0
255.255.255.0,dhcp-option DNS 192.168.0.1,dhcp-option WINS
192.168.0.103,dhcp-option DOMAIN aa.soartech.com,dhcp-option NTP
192.168.0.1,dhcp-option NBT 8,route 10.120.0.0 255.255.255.0,ping
20,ping-restart 300,ifconfig 10.120.0.154 10.120.0.153'
Mon Jul 23 17:28:30 2007 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jul 23 17:28:30 2007 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jul 23 17:28:30 2007 OPTIONS IMPORT: route options modified
Mon Jul 23 17:28:30 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
Mon Jul 23 17:28:30 2007 Preserving previous TUN/TAP instance: Local
Area Connection 4
Mon Jul 23 17:28:30 2007 Initialization Sequence Completed
Mon Jul 23 17:38:13 2007 [server] Inactivity timeout (--ping-restart),
restarting
Mon Jul 23 17:38:13 2007 TCP/UDP: Closing socket
Mon Jul 23 17:38:13 2007 SIGUSR1[soft,ping-restart] received, process
restarting
Mon Jul 23 17:38:13 2007 Restart pause, 2 second(s)
Mon Jul 23 17:38:15 2007 IMPORTANT: OpenVPN's default port number is now
1194, based on an official port number assignment by IANA.  OpenVPN
2.0-beta16 and earlier used 5000 as the default port.
Mon Jul 23 17:38:15 2007 WARNING: No server certificate verification
method has been enabled.  See http://openvpn.net/howto.html#mitm for
more info.
Mon Jul 23 17:38:15 2007 Re-using SSL/TLS context
Mon Jul 23 17:38:15 2007 LZO compression initialized
Mon Jul 23 17:38:15 2007 Control Channel MTU parms [ L:1542 D:138 EF:38
EB:0 ET:0 EL:0 ]
Mon Jul 23 17:38:15 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42
EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jul 23 17:38:15 2007 Local Options hash (VER=V4): '41690919'
Mon Jul 23 17:38:15 2007 Expected Remote Options hash (VER=V4): '530fdded'
Mon Jul 23 17:38:15 2007 UDPv4 link local: [undef]
Mon Jul 23 17:38:15 2007 UDPv4 link remote: 64.9.220.33:1194
Mon Jul 23 17:38:15 2007 TLS: Initial packet from 64.9.220.33:1194,
sid=c8f821e3 b566412e
Mon Jul 23 17:38:16 2007 VERIFY OK: depth=1,
/C=US/ST=MI/L=AnnArbor/O=Soar_Technology/CN=AASoartechVPN/emailAddress=admin@xxxxxxxxxxxx
Mon Jul 23 17:38:16 2007 VERIFY OK: depth=0,
/C=US/ST=MI/O=Soar_Technology/CN=server/emailAddress=admin@xxxxxxxxxxxx
Mon Jul 23 17:38:17 2007 Data Channel Encrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Mon Jul 23 17:38:17 2007 Data Channel Encrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Mon Jul 23 17:38:17 2007 Data Channel Decrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Mon Jul 23 17:38:17 2007 Data Channel Decrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Mon Jul 23 17:38:17 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Jul 23 17:38:17 2007 [server] Peer Connection Initiated with
64.9.220.33:1194
Mon Jul 23 17:38:19 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Jul 23 17:38:19 2007 PUSH: Received control message:
'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 192.168.3.0
255.255.255.0,dhcp-option DNS 192.168.0.1,dhcp-option WINS
192.168.0.103,dhcp-option DOMAIN aa.soartech.com,dhcp-option NTP
192.168.0.1,dhcp-option NBT 8,route 10.120.0.0 255.255.255.0,ping
20,ping-restart 300,ifconfig 10.120.0.154 10.120.0.153'
Mon Jul 23 17:38:19 2007 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jul 23 17:38:19 2007 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jul 23 17:38:19 2007 OPTIONS IMPORT: route options modified
Mon Jul 23 17:38:19 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
Mon Jul 23 17:38:19 2007 Preserving previous TUN/TAP instance: Local
Area Connection 4
Mon Jul 23 17:38:19 2007 Initialization Sequence Completed
Mon Jul 23 17:48:00 2007 [server] Inactivity timeout (--ping-restart),
restarting
Mon Jul 23 17:48:00 2007 TCP/UDP: Closing socket
Mon Jul 23 17:48:00 2007 SIGUSR1[soft,ping-restart] received, process
restarting
Mon Jul 23 17:48:00 2007 Restart pause, 2 second(s)
Mon Jul 23 17:48:02 2007 IMPORTANT: OpenVPN's default port number is now
1194, based on an official port number assignment by IANA.  OpenVPN
2.0-beta16 and earlier used 5000 as the default port.
Mon Jul 23 17:48:02 2007 WARNING: No server certificate verification
method has been enabled.  See http://openvpn.net/howto.html#mitm for
more info.
Mon Jul 23 17:48:02 2007 Re-using SSL/TLS context
Mon Jul 23 17:48:02 2007 LZO compression initialized
Mon Jul 23 17:48:02 2007 Control Channel MTU parms [ L:1542 D:138 EF:38
EB:0 ET:0 EL:0 ]
Mon Jul 23 17:48:03 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42
EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jul 23 17:48:03 2007 Local Options hash (VER=V4): '41690919'
Mon Jul 23 17:48:03 2007 Expected Remote Options hash (VER=V4): '530fdded'
Mon Jul 23 17:48:03 2007 UDPv4 link local: [undef]
Mon Jul 23 17:48:03 2007 UDPv4 link remote: 64.9.220.33:1194
Mon Jul 23 17:48:03 2007 TLS: Initial packet from 64.9.220.33:1194,
sid=273a6d35 a2a7df88
Mon Jul 23 17:48:04 2007 VERIFY OK: depth=1,
/C=US/ST=MI/L=AnnArbor/O=Soar_Technology/CN=AASoartechVPN/emailAddress=admin@xxxxxxxxxxxx
Mon Jul 23 17:48:04 2007 VERIFY OK: depth=0,
/C=US/ST=MI/O=Soar_Technology/CN=server/emailAddress=admin@xxxxxxxxxxxx
Mon Jul 23 17:48:06 2007 Data Channel Encrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Mon Jul 23 17:48:06 2007 Data Channel Encrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Mon Jul 23 17:48:06 2007 Data Channel Decrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Mon Jul 23 17:48:06 2007 Data Channel Decrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Mon Jul 23 17:48:06 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Jul 23 17:48:06 2007 [server] Peer Connection Initiated with
64.9.220.33:1194
Mon Jul 23 17:48:07 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Jul 23 17:48:07 2007 PUSH: Received control message:
'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 192.168.3.0
255.255.255.0,dhcp-option DNS 192.168.0.1,dhcp-option WINS
192.168.0.103,dhcp-option DOMAIN aa.soartech.com,dhcp-option NTP
192.168.0.1,dhcp-option NBT 8,route 10.120.0.0 255.255.255.0,ping
20,ping-restart 300,ifconfig 10.120.0.154 10.120.0.153'
Mon Jul 23 17:48:07 2007 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jul 23 17:48:07 2007 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jul 23 17:48:07 2007 OPTIONS IMPORT: route options modified
Mon Jul 23 17:48:07 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
Mon Jul 23 17:48:07 2007 Preserving previous TUN/TAP instance: Local
Area Connection 4
Mon Jul 23 17:48:07 2007 Initialization Sequence Completed















____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users