[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Hourly disconnects on client


  • Subject: [Openvpn-users] Hourly disconnects on client
  • From: Tim <pwnx@xxxxxxxxx>
  • Date: Wed, 1 Aug 2007 14:11:34 +0200

Hi,

I've been using OpenVPN for some time now, but I get hourly  
disconnects in my current setup. This is quite annoying as I tend to  
use the tunnel for longer periods of time.

My configuration is as follows:
Server neptune is directly connected to the internet, gets an IP via  
DHCP (which is not hourly refreshed, but rather every 40-50 minutes).  
This server runs debian and has openvpn installed as server (config  
and log follow).

Client macbook is connected to the internet via wifi to a modem/ 
router, has a LAN ip (10.0.0.x) from DHCP and runs OS X 10.4.10. I  
have openvpn installed as client with the GUI tunnelblick to easily  
start/stop the tunnel (config and log follow).

Openvpn is configured to route all traffic through the tunnel and  
gives out IP's in the 10.10.x range. Everything works fine except the  
disconnects.

The only thing that appears to happen hourly is key renegotiation,  
but I've changed this to 10 hours, so I reckon this is not the cause  
of the problem. Another possible issue is DHCP leasetime, but the  
server logs show this is not done hourly, and at the time of the  
disconnect the client also had ±20 minutes of leastime left (I  
checked this with netstat -rn on my macbook, since DHCP is not logged  
(or I can't find it))

The last thing I can imagine happening is the dhcp lease of OpenVPN  
itself, but I cannot find anything about this mechanism or possible  
leastimes involved, let alone change it.

Does anyone know what is going on and how I could solve or at least  
debug this? I've searched the internet and fora extensively for this  
problem, but I cannot find anything similar.

Thanks in advance!

Tim

P.S. First time posting to a mailing list, hopefully I honored all  
(un)written rules.

Server log at the time of disconnect:
===========
Jul 27 09:30:56 neptune ovpn-openvpn[404]: macbook.address.com/ 
82.xxx.xxx.xxx:65391 NOTE: --mute triggered...
Jul 27 10:30:41 neptune ovpn-openvpn[404]: 66 variation(s) on  
previous 20 message(s) suppressed by --mute
Jul 27 10:30:41 neptune ovpn-openvpn[404]: read UDPv4 [ECONNREFUSED]:  
Connection refused (code=111)
Jul 27 10:30:41 neptune last message repeated 19 times
Jul 27 10:30:41 neptune ovpn-openvpn[404]: NOTE: --mute triggered...
Jul 27 10:30:42 neptune ovpn-openvpn[404]: 26 variation(s) on  
previous 20 message(s) suppressed by --mute
Jul 27 10:30:42 neptune ovpn-openvpn[404]: MULTI:  
multi_create_instance called
Jul 27 10:30:42 neptune ovpn-openvpn[404]: 82.xxx.xxx.xxx:65409 Re- 
using SSL/TLS context
Jul 27 10:30:42 neptune ovpn-openvpn[404]: 82.xxx.xxx.xxx:65409 LZO  
compression initialized
...<restart of connection>
===========

Client log at the time of disconnect:
===========
Jul 27 10:30:32 Tims-Computer configd[38]: posting notification  
com.apple.system.config.network_change
Jul 27 10:30:32 Tims-Computer openvpn[12916]: MANAGEMENT: TCP send  
error: Broken pipe
Jul 27 10:30:32 Tims-Computer openvpn[12916]: MANAGEMENT: Client  
disconnected
Jul 27 10:30:32 Tims-Computer openvpn[12916]: TCP/UDP: Closing socket
...<routes deleted>
Jul 27 10:30:32 Tims-Computer openvpn[301]: Closing TUN/TAP interface
Jul 27 10:30:32 Tims-Computer openvpn[301]: /Applications/ 
Tunnelblick.app/Conten
ts/Resources/client.down.osx.sh tun0 1500 1542 10.10.0.6 10.10.0.5 init
Jul 27 10:30:32 Tims-Computer openvpn[301]: SIGTERM[hard,] received,  
process exi
ting
Jul 27 10:30:32 Tims-Computer openvpn[619]: Current Parameter Settings:
...<config follows>
...<restart of connection>
===========

neptune dhcp renewal (syslog):
===========
Aug  1 11:46:38 neptune dhclient: bound to neptuneIP -- renewal in  
3064 seconds.
Aug  1 12:37:42 neptune dhclient: bound to neptuneIP -- renewal in  
3250 seconds.
Aug  1 13:31:52 neptune dhclient: bound to neptuneIP -- renewal in  
3184 seconds.

Server config:
===========
port 1194
proto udp

dev tun

ca keys/ca.crt
cert keys/neptune.crt
key keys/neptune.key  # This file should be kept secret

askpass keys/password

dh keys/dh2048.pem

server 10.10.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push "redirect-gateway def1"
push "dhcp-option DNS <NS1>" #IP's hidden
push "dhcp-option DNS <NS2>"
push "dhcp-option DNS <NS3>"
push "dhcp-option DOMAIN domain.com"

client-to-client

keepalive 10 120

tls-auth keys/ta.key 0 # This file is secret

comp-lzo
max-clients 10

user nobody
group nogroup
daemon

persist-key
persist-tun

status openvpn-status.log

verb 6
mute 20

reneg-sec 36000
===========

client config:
===========
client

dev tun
proto udp
remote neptune.address.com 1194

resolv-retry infinite

nobind

user nobody
group nogroup
daemon

persist-key
persist-tun

mute-replay-warnings

ca keys/ca.crt
cert keys/macbook.crt
key keys/macbook.key

askpass
ns-cert-type server

tls-auth keys/ta.key 1

comp-lzo
verb 5
mute 20

reneg-sec 36000
===========____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users