[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] OpenVPN Client Flooding Server with UDP Packets 10, 000 per Second for 30 Second


  • Subject: Re: [Openvpn-users] OpenVPN Client Flooding Server with UDP Packets 10, 000 per Second for 30 Second
  • From: Pasada Khumprakob <khumprp@xxxxxxxxxxx>
  • Date: Mon, 27 Aug 2007 13:42:40 -0400
  • Importance: Normal

One additional piece of information that I just found out...
 
When I add the directive on the server-side --push "redirect-gateway" I do not receive this problem. This leads me to believe that the client may have a routing issue? I'm not sure. Hope that helps someone, though.
 
Thanks!
Pasada Khumprakob



From: khumprp@xxxxxxxxxxx
To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Date: Mon, 27 Aug 2007 13:03:04 -0400
Subject: [Openvpn-users] OpenVPN Client Flooding Server with UDP Packets 10, 000 per Second for 30 Seconds

Hello -

I am having a problem with OpenVPN. I have setup ethernet-bridging and am able to connect ok to the server, and have verified that it works (file transfers, mail, etc). However, after about 1 min or so, the connection gets interrupted. I noticed that I wasn't able to browse the network anymore, or check mail, or file transfers were interrupted.

I ran a 'ping vpnserver.mydomain.com -t' to see what was happening. The ping would run successfully at the begining of the VPN connection, but after about 1 min, it would give me 'request timeout' or 'destination not reachable.'

So I put Wireshark on my box to figure out what was going on the line. After looking at it, I was shocked! When the connection was interrupted, there was a flood of UDP packets coming from the client (on ports around 49xxx). These packets would come in approx 10,000 per second for 30 seconds. I do not know what type of packet they are or what they mean. Here is the information that I can give:


Client: Windows Vista

Client Config File:

tls-client
remote xxx.xxx.xxx.xxx

port xxxx
proto udp
dev tap
dev-node NewOpenVPN

;tls-remote campeche
;tls-exit

tls-auth "C:\\Program Files\\OpenVpn\\Keys\\ta.key" 1
ca "C:\\Program Files\\OpenVpn\\Keys\\ca.crt"
cert "C:\\Program Files\\OpenVpn\\Keys\\client.crt"
key "C:\\Program Files\\OpenVpn\\Keys\\client.key"

nobind

persist-key
persist-tun

route-method exe
route-delay 2

pull
comp-lzo
tun-mtu 1500
tun-mtu-extra 32
fragment 1500

explicit-exit-notify

verb 3


Server: CentOS 5

Server Config File

local vpn.mydomain.com
proto udp

port 8395

dev tap0


;tls-verify server

tls-auth /etc/openvpn/keys/ta.key 0

ca /etc/openvpn/keys/ca.crt

cert /etc/openvpn/keys/mycert.crt

key /etc/openvpn/keys/mycert.key

dh /etc/openvpn/keys/dh1024.pem


server-bridge defaultgw.mydomain.com 255.255.255.0 xxx.xxx.xxx.253 xxx.xxx.xxx.254

client-to-client


push "dhcp-option DNS xxx.xxx.xxx.xxx"

push "dhcp-option DOMAIN mydomain.com"


keepalive 5 120

tun-mtu 1500

tun-mtu-extra 32

fragment 1500

mssfix 1500
comp-lzo

persist-key

persist-tun


status openvpn-status.log

verb 6


 

Thank you for your help in advance...

Pasada Khumprakob