[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Why do I get 'Connection reset by peer' with multi-client ?


  • Subject: [Openvpn-users] Why do I get 'Connection reset by peer' with multi-client ?
  • From: Timothy Madden <terminatorul@xxxxxxxxx>
  • Date: Sat, 25 Aug 2007 05:23:54 +0300

Hello

I tried to configure an OpenVPN multi-client server.
I have two computers at home, and I also used a
VMware virtual machine as the third computer, as I
need at least 3 computers to test a multi-client
server. Lets name them Server S, Workstation  W
and Virtual Machine VM.

S has many IP addresses:
     89.137.181.195   - internet gateway
    192.168.0.1          - LAN
    192.168.65.1        - WMware
    192.168.83.1        - WMware

W has address
    192.168.0.4

VM has address
    192.168.65.128

These are real addresses, prior to OpenVPN
Now when W connects to S I get  a message
that packets from 192.168.0.1 are ignored unless
I use float. My remote for all clients is allways
89.137.181.195. Why does the server answer
from 192.168.0.1 ?

I tried to use local 89.137.181.195 on the server,
with no change. In the end I give up and I set
float on the workstation, so W now initiates the
connection to 89.137.181.195, but in the end
establishes it to 192.168.0.1.

Now S and W can ping each other and see
their samba shares.

VM now connects to S, and S responds normaly
from 89.137.181.195, and VM connects.

VM and S can ping each other, and can see
each other's samba shares.

S now also has address 10.3.5.1,
W also has address 10.3.5.2,
VM also has address 10.3.5.3

I want my clients to see each other, and I have
'client-to-client' and 'dev tap' in my config file on
S. I also have 'keepalive 300 600' in all config
files.

My problem is after a few minutes of inactivity,
or as soon as W tries to ping VM, I get this
message in the server console:

89.137.181.195:1108 Re-using SSL/TLS context
89.137.181.195:1108 LZO compression initialized
89.137.181.195:1108 [Mihai] Peer Connection Initiated with 
89.137.181.195:1108
89.137.181.195:1161 Re-using SSL/TLS context
89.137.181.195:1161 LZO compression initialized
89.137.181.195:1161 [Mihai] Peer Connection Initiated with 
89.137.181.195:1161
read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)
read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)


and VM gets disconnected and ping from W immediately fails.
In the VM console there is no error message, event with verb 4
(I am afraid more than 4 for verb would make the output hardly
readable for me).

Do you know what could be wrong ?
After a few tries it stayed connected for a few minutes, with ping 
working, but
in the end it still disconnects.

I guess my certificates and security settings are ok, since I get 
connected for a
minute or two.

Could it be something about packet fragmentation or MTU  size ?

Any help would be appreciated,
Thank you,
Timothy Madden,
Romania.

Here are my config files:

Server.ovpn
# Configuration file for OpenVPN multi-client server

comp-lzo
nice -1
mlock
#ping 600
keepalive 300 600

tls-auth handshake_up.key 0
tls-auth handshake_down.key 1

#ns-cert-type client
tls-cipher DHE-RSA-AES256-SHA

ca ca.crt
dh dh2048.pem
cert batman.crt
key batman.key

reneg-sec 900
tls-server

local 89.137.181.195
replay-persist replays_state.txt
# explicit-exit-notify (only for clients)
connect-freq 1 3
#duplicate-cn
client-to-client
ifconfig-pool-persist file ip_db.txt
server 10.3.5.0 255.255.255.0

dev tap
port 5000
mode server



Mihai.ovpn (on WM)
 # Configuration file for OpenVPN client

# Enable compression
comp-lzo

#Increase process priority
nice -1

#Lock memory pages holding encription keys
mlock

#Ping at every 10 min in no traffic
#ping 600
keepalive 300 600

#Static keys to protect TLS handshaking
tls-auth handshake_up.key 1
tls-auth handshake_down.key 0

#Only connect to servers
ns-cert-type server

#Only accept the best cipher
tls-cipher DHE-RSA-AES256-SHA

#My certificate, key and cert authority
pkcs12 Mihai.p12
#ca
#cert
#key

# Create new encription keys every 15 min
reneg-sec 900

# Assume client role to a multi-client VPN server
tls-client

# Keep cipher state to improve security
replay-persist replays_state.txt

#Let the server know when OpenVPN exits
explicit-exit-notify

#Encapsulate Ethernet protocol
dev tap

port 5000

#Server IP when it boots Windows
remote 89.137.181.195

#Server IP when it boots Solaris
remote 89.136.127.37

# Assume client role to a multi-client VPN server
client


______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users