[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Connection loss


  • Subject: Re: [Openvpn-users] Connection loss
  • From: Colin Ryan <colinr@xxxxxxxx>
  • Date: Thu, 25 Oct 2007 09:03:53 -0400

What are your server side settings for

*--keepalive n m or --ping restart...etc

If you look at this log you'll see that ping-restart is triggering the 
restart.

Unless looking for fine grained control, use the keepalive option 
instead, it marshals keepalive, ping-restart etc all in one directive.


*
Jeff - wrote:
> My OpenVPN connect will stop working all the time, and then resets.  Below is a copy of my log at verb 3 (IP removed and email changed):
>
> Wed Oct 24 14:28:41 2007 OpenVPN 2.1_rc4 Win32-MinGW [SSL] [LZO2] built on Apr 25 2007
> Wed Oct 24 14:28:41 2007 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
> Wed Oct 24 14:28:41 2007 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
> Wed Oct 24 14:28:41 2007 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
> Wed Oct 24 14:28:41 2007 LZO compression initialized
> Wed Oct 24 14:28:41 2007 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
> Wed Oct 24 14:28:41 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
> Wed Oct 24 14:28:41 2007 Local Options hash (VER=V4): '504e774e'
> Wed Oct 24 14:28:41 2007 Expected Remote Options hash (VER=V4): '14168603'
> Wed Oct 24 14:28:41 2007 Socket Buffers: R=[8192->8192] S=[8192->8192]
> Wed Oct 24 14:28:41 2007 UDPv4 link local: [undef]
> Wed Oct 24 14:28:41 2007 UDPv4 link remote: xx.xx.xx.xx:1194
> Wed Oct 24 14:28:41 2007 TLS: Initial packet from xx.xx.xx.xx:1194, sid=0de374e1 447c8476
> Wed Oct 24 14:28:43 2007 VERIFY OK: depth=1, /C=CA/ST=AB/L=EDMONTON/O=OpenVPN/CN=OpenVPN-CA/emailAddress=support@xxxxxxxxxxx
> Wed Oct 24 14:28:43 2007 VERIFY OK: nsCertType=SERVER
> Wed Oct 24 14:28:43 2007 VERIFY OK: depth=0, /C=CA/ST=AB/O=OpenVPN/CN=server/emailAddress=support@xxxxxxxxxxx
> Wed Oct 24 14:28:44 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
> Wed Oct 24 14:28:44 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
> Wed Oct 24 14:28:44 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
> Wed Oct 24 14:28:44 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
> Wed Oct 24 14:28:44 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
> Wed Oct 24 14:28:44 2007 [server] Peer Connection Initiated with xx.xx.xx.xx:1194
> Wed Oct 24 14:28:45 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
> Wed Oct 24 14:28:45 2007 PUSH: Received control message: 'PUSH_REPLY,route 192.168.150.0 255.255.255.0,dhcp-option DNS 192.168.150.1,route 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
> Wed Oct 24 14:28:45 2007 OPTIONS IMPORT: timers and/or timeouts modified
> Wed Oct 24 14:28:45 2007 OPTIONS IMPORT: --ifconfig/up options modified
> Wed Oct 24 14:28:45 2007 OPTIONS IMPORT: route options modified
> Wed Oct 24 14:28:45 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
> Wed Oct 24 14:28:45 2007 TAP-WIN32 device [Local Area Connection 4] opened: \\.\Global\{E6384365-C8F3-443F-8A45-E050746C2901}.tap
> Wed Oct 24 14:28:45 2007 TAP-Win32 Driver Version 9.3 
> Wed Oct 24 14:28:45 2007 TAP-Win32 MTU=1500
> Wed Oct 24 14:28:45 2007 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {E6384365-C8F3-443F-8A45-E050746C2901} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
> Wed Oct 24 14:28:45 2007 Successful ARP Flush on interface [4] {E6384365-C8F3-443F-8A45-E050746C2901}
> Wed Oct 24 14:28:50 2007 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
> Wed Oct 24 14:28:50 2007 route ADD 192.168.150.0 MASK 255.255.255.0 10.8.0.5
> Wed Oct 24 14:28:50 2007 Route addition via IPAPI succeeded [adaptive]
> Wed Oct 24 14:28:50 2007 route ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
> Wed Oct 24 14:28:50 2007 Route addition via IPAPI succeeded [adaptive]
> Wed Oct 24 14:28:50 2007 Initialization Sequence Completed
> Wed Oct 24 14:32:40 2007 [server] Inactivity timeout (--ping-restart), restarting
> Wed Oct 24 14:32:40 2007 TCP/UDP: Closing socket
> Wed Oct 24 14:32:40 2007 SIGUSR1[soft,ping-restart] received, process restarting
> Wed Oct 24 14:32:40 2007 Restart pause, 2 second(s)
> Wed Oct 24 14:32:42 2007 Re-using SSL/TLS context
> Wed Oct 24 14:32:42 2007 LZO compression initialized
> Wed Oct 24 14:32:42 2007 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
> Wed Oct 24 14:32:42 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
> Wed Oct 24 14:32:42 2007 Local Options hash (VER=V4): '504e774e'
> Wed Oct 24 14:32:42 2007 Expected Remote Options hash (VER=V4): '14168603'
> Wed Oct 24 14:32:42 2007 Socket Buffers: R=[8192->8192] S=[8192->8192]
> Wed Oct 24 14:32:42 2007 UDPv4 link local: [undef]
> Wed Oct 24 14:32:42 2007 UDPv4 link remote: xx.xx.xx.xx:1194
> Wed Oct 24 14:32:42 2007 TLS: Initial packet from xx.xx.xx.xx:1194, sid=77300306 4f1cde58
> Wed Oct 24 14:32:43 2007 VERIFY OK: depth=1, /C=CA/ST=AB/L=EDMONTON/O=OpenVPN/CN=OpenVPN-CA/emailAddress=support@xxxxxxxxxxx
> Wed Oct 24 14:32:43 2007 VERIFY OK: nsCertType=SERVER
> Wed Oct 24 14:32:43 2007 VERIFY OK: depth=0, /C=CA/ST=AB/O=OpenVPN/CN=server/emailAddress=support@xxxxxxxxxxx
> Wed Oct 24 14:32:43 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
> Wed Oct 24 14:32:43 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
> Wed Oct 24 14:32:43 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
> Wed Oct 24 14:32:43 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
> Wed Oct 24 14:32:43 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
> Wed Oct 24 14:32:43 2007 [server] Peer Connection Initiated with xx.xx.xx.xx:1194
> Wed Oct 24 14:32:44 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
> Wed Oct 24 14:32:45 2007 PUSH: Received control message: 'PUSH_REPLY,route 192.168.150.0 255.255.255.0,dhcp-option DNS 192.168.150.1,route 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
> Wed Oct 24 14:32:45 2007 OPTIONS IMPORT: timers and/or timeouts modified
> Wed Oct 24 14:32:45 2007 OPTIONS IMPORT: --ifconfig/up options modified
> Wed Oct 24 14:32:45 2007 OPTIONS IMPORT: route options modified
> Wed Oct 24 14:32:45 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
> Wed Oct 24 14:32:45 2007 Preserving previous TUN/TAP instance: Local Area Connection 4
> Wed Oct 24 14:32:45 2007 Initialization Sequence Completed
> Wed Oct 24 14:36:34 2007 [server] Inactivity timeout (--ping-restart), restarting
> Wed Oct 24 14:36:34 2007 TCP/UDP: Closing socket
> Wed Oct 24 14:36:34 2007 SIGUSR1[soft,ping-restart] received, process restarting
> Wed Oct 24 14:36:34 2007 Restart pause, 2 second(s)
> Wed Oct 24 14:36:36 2007 Re-using SSL/TLS context
> Wed Oct 24 14:36:36 2007 LZO compression initialized
> Wed Oct 24 14:36:36 2007 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
> Wed Oct 24 14:36:36 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
> Wed Oct 24 14:36:36 2007 Local Options hash (VER=V4): '504e774e'
> Wed Oct 24 14:36:36 2007 Expected Remote Options hash (VER=V4): '14168603'
> Wed Oct 24 14:36:36 2007 Socket Buffers: R=[8192->8192] S=[8192->8192]
> Wed Oct 24 14:36:36 2007 UDPv4 link local: [undef]
> Wed Oct 24 14:36:36 2007 UDPv4 link remote: xx.xx.xx.xx:1194
> Wed Oct 24 14:36:36 2007 TLS: Initial packet from xx.xx.xx.xx:1194, sid=1abeef1b 315d160a
> Wed Oct 24 14:36:36 2007 VERIFY OK: depth=1, /C=CA/ST=AB/L=EDMONTON/O=OpenVPN/CN=OpenVPN-CA/emailAddress=support@xxxxxxxxxxx
> Wed Oct 24 14:36:36 2007 VERIFY OK: nsCertType=SERVER
> Wed Oct 24 14:36:36 2007 VERIFY OK: depth=0, /C=CA/ST=AB/O=OpenVPN/CN=server/emailAddress=support@xxxxxxxxxxx
> Wed Oct 24 14:36:37 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
> Wed Oct 24 14:36:37 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
> Wed Oct 24 14:36:37 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
> Wed Oct 24 14:36:37 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
> Wed Oct 24 14:36:37 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
> Wed Oct 24 14:36:37 2007 [server] Peer Connection Initiated with xx.xx.xx.xx:1194
> Wed Oct 24 14:36:38 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
> Wed Oct 24 14:36:38 2007 PUSH: Received control message: 'PUSH_REPLY,route 192.168.150.0 255.255.255.0,dhcp-option DNS 192.168.150.1,route 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
> Wed Oct 24 14:36:38 2007 OPTIONS IMPORT: timers and/or timeouts modified
> Wed Oct 24 14:36:38 2007 OPTIONS IMPORT: --ifconfig/up options modified
> Wed Oct 24 14:36:38 2007 OPTIONS IMPORT: route options modified
> Wed Oct 24 14:36:38 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
> Wed Oct 24 14:36:38 2007 Preserving previous TUN/TAP instance: Local Area Connection 4
> Wed Oct 24 14:36:38 2007 Initialization Sequence Completed
>
>
> Anyone know why this is happening?  I also have mssfix set to 500 in my server.conf
>
> You can see that it stops working almost immediately.  It then takes a few minutes to reset.  OpenVPN is essentially unusable right now.  What is wrong?  Any suggestions?
>
> =
> House Payments Fall Again
> $180,000 Mortgage for $999/mo. See Rates - No Credit Check Required.
> http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=d5527d2eea0e0b3196f541c7bb7a70e8
>
>
>   

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users