[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Connection loss


  • Subject: Re: [Openvpn-users] Connection loss
  • From: "Jeff -" <unix_core@xxxxxxxxxxxxx>
  • Date: Thu, 25 Oct 2007 12:28:59 -0700

These are the settings in my server.conf (linux)

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.150.0 255.255.255.0"
push "dhcp-option DNS 192.168.150.1"
keepalive 10 120
tls-auth ta.key 0
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log-append  /var/log/openvpn.log
verb 3
mssfix 500




> ----- Original Message -----
> From: "Colin Ryan" <colinr@xxxxxxxx>
> To: "Jeff -" <unix_core@xxxxxxxxxxxxx>
> Subject: Re: [Openvpn-users] Connection loss
> Date: Thu, 25 Oct 2007 09:03:53 -0400
> 
> 
> What are your server side settings for
> 
> *--keepalive n m or --ping restart...etc
> 
> If you look at this log you'll see that ping-restart is triggering 
> the restart.
> 
> Unless looking for fine grained control, use the keepalive option 
> instead, it marshals keepalive, ping-restart etc all in one 
> directive.
> 
> 
> *
> Jeff - wrote:
> > My OpenVPN connect will stop working all the time, and then 
> > resets.  Below is a copy of my log at verb 3 (IP removed and 
> > email changed):
> >
> > Wed Oct 24 14:28:41 2007 OpenVPN 2.1_rc4 Win32-MinGW [SSL] [LZO2] 
> > built on Apr 25 2007
> > Wed Oct 24 14:28:41 2007 Control Channel Authentication: using 
> > 'ta.key' as a OpenVPN static key file
> > Wed Oct 24 14:28:41 2007 Outgoing Control Channel Authentication: 
> > Using 160 bit message hash 'SHA1' for HMAC authentication
> > Wed Oct 24 14:28:41 2007 Incoming Control Channel Authentication: 
> > Using 160 bit message hash 'SHA1' for HMAC authentication
> > Wed Oct 24 14:28:41 2007 LZO compression initialized
> > Wed Oct 24 14:28:41 2007 Control Channel MTU parms [ L:1542 D:166 
> > EF:66 EB:0 ET:0 EL:0 ]
> > Wed Oct 24 14:28:41 2007 Data Channel MTU parms [ L:1542 D:1450 
> > EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
> > Wed Oct 24 14:28:41 2007 Local Options hash (VER=V4): '504e774e'
> > Wed Oct 24 14:28:41 2007 Expected Remote Options hash (VER=V4): '14168603'
> > Wed Oct 24 14:28:41 2007 Socket Buffers: R=[8192->8192] S=[8192->8192]
> > Wed Oct 24 14:28:41 2007 UDPv4 link local: [undef]
> > Wed Oct 24 14:28:41 2007 UDPv4 link remote: xx.xx.xx.xx:1194
> > Wed Oct 24 14:28:41 2007 TLS: Initial packet from 
> > xx.xx.xx.xx:1194, sid=0de374e1 447c8476
> > Wed Oct 24 14:28:43 2007 VERIFY OK: depth=1, 
> > /C=CA/ST=AB/L=EDMONTON/O=OpenVPN/CN=OpenVPN-CA/emailAddress=support@xxxxxxxxxxx
> > Wed Oct 24 14:28:43 2007 VERIFY OK: nsCertType=SERVER
> > Wed Oct 24 14:28:43 2007 VERIFY OK: depth=0, 
> > /C=CA/ST=AB/O=OpenVPN/CN=server/emailAddress=support@xxxxxxxxxxx
> > Wed Oct 24 14:28:44 2007 Data Channel Encrypt: Cipher 'BF-CBC' 
> > initialized with 128 bit key
> > Wed Oct 24 14:28:44 2007 Data Channel Encrypt: Using 160 bit 
> > message hash 'SHA1' for HMAC authentication
> > Wed Oct 24 14:28:44 2007 Data Channel Decrypt: Cipher 'BF-CBC' 
> > initialized with 128 bit key
> > Wed Oct 24 14:28:44 2007 Data Channel Decrypt: Using 160 bit 
> > message hash 'SHA1' for HMAC authentication
> > Wed Oct 24 14:28:44 2007 Control Channel: TLSv1, cipher 
> > TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
> > Wed Oct 24 14:28:44 2007 [server] Peer Connection Initiated with 
> > xx.xx.xx.xx:1194
> > Wed Oct 24 14:28:45 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
> > Wed Oct 24 14:28:45 2007 PUSH: Received control message: 
> > 'PUSH_REPLY,route 192.168.150.0 255.255.255.0,dhcp-option DNS 
> > 192.168.150.1,route 10.8.0.1,ping 10,ping-restart 120,ifconfig 
> > 10.8.0.6 10.8.0.5'
> > Wed Oct 24 14:28:45 2007 OPTIONS IMPORT: timers and/or timeouts modified
> > Wed Oct 24 14:28:45 2007 OPTIONS IMPORT: --ifconfig/up options modified
> > Wed Oct 24 14:28:45 2007 OPTIONS IMPORT: route options modified
> > Wed Oct 24 14:28:45 2007 OPTIONS IMPORT: --ip-win32 and/or 
> > --dhcp-option options modified
> > Wed Oct 24 14:28:45 2007 TAP-WIN32 device [Local Area Connection 
> > 4] opened: \\.\Global\{E6384365-C8F3-443F-8A45-E050746C2901}.tap
> > Wed Oct 24 14:28:45 2007 TAP-Win32 Driver Version 9.3 Wed Oct 24 
> > 14:28:45 2007 TAP-Win32 MTU=1500
> > Wed Oct 24 14:28:45 2007 Notified TAP-Win32 driver to set a DHCP 
> > IP/netmask of 10.8.0.6/255.255.255.252 on interface 
> > {E6384365-C8F3-443F-8A45-E050746C2901} [DHCP-serv: 10.8.0.5, 
> > lease-time: 31536000]
> > Wed Oct 24 14:28:45 2007 Successful ARP Flush on interface [4] 
> > {E6384365-C8F3-443F-8A45-E050746C2901}
> > Wed Oct 24 14:28:50 2007 TEST ROUTES: 2/2 succeeded len=2 ret=1 a=0 u/d=up
> > Wed Oct 24 14:28:50 2007 route ADD 192.168.150.0 MASK 255.255.255.0 10.8.0.5
> > Wed Oct 24 14:28:50 2007 Route addition via IPAPI succeeded [adaptive]
> > Wed Oct 24 14:28:50 2007 route ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
> > Wed Oct 24 14:28:50 2007 Route addition via IPAPI succeeded [adaptive]
> > Wed Oct 24 14:28:50 2007 Initialization Sequence Completed
> > Wed Oct 24 14:32:40 2007 [server] Inactivity timeout 
> > (--ping-restart), restarting
> > Wed Oct 24 14:32:40 2007 TCP/UDP: Closing socket
> > Wed Oct 24 14:32:40 2007 SIGUSR1[soft,ping-restart] received, 
> > process restarting
> > Wed Oct 24 14:32:40 2007 Restart pause, 2 second(s)
> > Wed Oct 24 14:32:42 2007 Re-using SSL/TLS context
> > Wed Oct 24 14:32:42 2007 LZO compression initialized
> > Wed Oct 24 14:32:42 2007 Control Channel MTU parms [ L:1542 D:166 
> > EF:66 EB:0 ET:0 EL:0 ]
> > Wed Oct 24 14:32:42 2007 Data Channel MTU parms [ L:1542 D:1450 
> > EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
> > Wed Oct 24 14:32:42 2007 Local Options hash (VER=V4): '504e774e'
> > Wed Oct 24 14:32:42 2007 Expected Remote Options hash (VER=V4): '14168603'
> > Wed Oct 24 14:32:42 2007 Socket Buffers: R=[8192->8192] S=[8192->8192]
> > Wed Oct 24 14:32:42 2007 UDPv4 link local: [undef]
> > Wed Oct 24 14:32:42 2007 UDPv4 link remote: xx.xx.xx.xx:1194
> > Wed Oct 24 14:32:42 2007 TLS: Initial packet from 
> > xx.xx.xx.xx:1194, sid=77300306 4f1cde58
> > Wed Oct 24 14:32:43 2007 VERIFY OK: depth=1, 
> > /C=CA/ST=AB/L=EDMONTON/O=OpenVPN/CN=OpenVPN-CA/emailAddress=support@xxxxxxxxxxx
> > Wed Oct 24 14:32:43 2007 VERIFY OK: nsCertType=SERVER
> > Wed Oct 24 14:32:43 2007 VERIFY OK: depth=0, 
> > /C=CA/ST=AB/O=OpenVPN/CN=server/emailAddress=support@xxxxxxxxxxx
> > Wed Oct 24 14:32:43 2007 Data Channel Encrypt: Cipher 'BF-CBC' 
> > initialized with 128 bit key
> > Wed Oct 24 14:32:43 2007 Data Channel Encrypt: Using 160 bit 
> > message hash 'SHA1' for HMAC authentication
> > Wed Oct 24 14:32:43 2007 Data Channel Decrypt: Cipher 'BF-CBC' 
> > initialized with 128 bit key
> > Wed Oct 24 14:32:43 2007 Data Channel Decrypt: Using 160 bit 
> > message hash 'SHA1' for HMAC authentication
> > Wed Oct 24 14:32:43 2007 Control Channel: TLSv1, cipher 
> > TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
> > Wed Oct 24 14:32:43 2007 [server] Peer Connection Initiated with 
> > xx.xx.xx.xx:1194
> > Wed Oct 24 14:32:44 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
> > Wed Oct 24 14:32:45 2007 PUSH: Received control message: 
> > 'PUSH_REPLY,route 192.168.150.0 255.255.255.0,dhcp-option DNS 
> > 192.168.150.1,route 10.8.0.1,ping 10,ping-restart 120,ifconfig 
> > 10.8.0.6 10.8.0.5'
> > Wed Oct 24 14:32:45 2007 OPTIONS IMPORT: timers and/or timeouts modified
> > Wed Oct 24 14:32:45 2007 OPTIONS IMPORT: --ifconfig/up options modified
> > Wed Oct 24 14:32:45 2007 OPTIONS IMPORT: route options modified
> > Wed Oct 24 14:32:45 2007 OPTIONS IMPORT: --ip-win32 and/or 
> > --dhcp-option options modified
> > Wed Oct 24 14:32:45 2007 Preserving previous TUN/TAP instance: 
> > Local Area Connection 4
> > Wed Oct 24 14:32:45 2007 Initialization Sequence Completed
> > Wed Oct 24 14:36:34 2007 [server] Inactivity timeout 
> > (--ping-restart), restarting
> > Wed Oct 24 14:36:34 2007 TCP/UDP: Closing socket
> > Wed Oct 24 14:36:34 2007 SIGUSR1[soft,ping-restart] received, 
> > process restarting
> > Wed Oct 24 14:36:34 2007 Restart pause, 2 second(s)
> > Wed Oct 24 14:36:36 2007 Re-using SSL/TLS context
> > Wed Oct 24 14:36:36 2007 LZO compression initialized
> > Wed Oct 24 14:36:36 2007 Control Channel MTU parms [ L:1542 D:166 
> > EF:66 EB:0 ET:0 EL:0 ]
> > Wed Oct 24 14:36:36 2007 Data Channel MTU parms [ L:1542 D:1450 
> > EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
> > Wed Oct 24 14:36:36 2007 Local Options hash (VER=V4): '504e774e'
> > Wed Oct 24 14:36:36 2007 Expected Remote Options hash (VER=V4): '14168603'
> > Wed Oct 24 14:36:36 2007 Socket Buffers: R=[8192->8192] S=[8192->8192]
> > Wed Oct 24 14:36:36 2007 UDPv4 link local: [undef]
> > Wed Oct 24 14:36:36 2007 UDPv4 link remote: xx.xx.xx.xx:1194
> > Wed Oct 24 14:36:36 2007 TLS: Initial packet from 
> > xx.xx.xx.xx:1194, sid=1abeef1b 315d160a
> > Wed Oct 24 14:36:36 2007 VERIFY OK: depth=1, 
> > /C=CA/ST=AB/L=EDMONTON/O=OpenVPN/CN=OpenVPN-CA/emailAddress=support@xxxxxxxxxxx
> > Wed Oct 24 14:36:36 2007 VERIFY OK: nsCertType=SERVER
> > Wed Oct 24 14:36:36 2007 VERIFY OK: depth=0, 
> > /C=CA/ST=AB/O=OpenVPN/CN=server/emailAddress=support@xxxxxxxxxxx
> > Wed Oct 24 14:36:37 2007 Data Channel Encrypt: Cipher 'BF-CBC' 
> > initialized with 128 bit key
> > Wed Oct 24 14:36:37 2007 Data Channel Encrypt: Using 160 bit 
> > message hash 'SHA1' for HMAC authentication
> > Wed Oct 24 14:36:37 2007 Data Channel Decrypt: Cipher 'BF-CBC' 
> > initialized with 128 bit key
> > Wed Oct 24 14:36:37 2007 Data Channel Decrypt: Using 160 bit 
> > message hash 'SHA1' for HMAC authentication
> > Wed Oct 24 14:36:37 2007 Control Channel: TLSv1, cipher 
> > TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
> > Wed Oct 24 14:36:37 2007 [server] Peer Connection Initiated with 
> > xx.xx.xx.xx:1194
> > Wed Oct 24 14:36:38 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
> > Wed Oct 24 14:36:38 2007 PUSH: Received control message: 
> > 'PUSH_REPLY,route 192.168.150.0 255.255.255.0,dhcp-option DNS 
> > 192.168.150.1,route 10.8.0.1,ping 10,ping-restart 120,ifconfig 
> > 10.8.0.6 10.8.0.5'
> > Wed Oct 24 14:36:38 2007 OPTIONS IMPORT: timers and/or timeouts modified
> > Wed Oct 24 14:36:38 2007 OPTIONS IMPORT: --ifconfig/up options modified
> > Wed Oct 24 14:36:38 2007 OPTIONS IMPORT: route options modified
> > Wed Oct 24 14:36:38 2007 OPTIONS IMPORT: --ip-win32 and/or 
> > --dhcp-option options modified
> > Wed Oct 24 14:36:38 2007 Preserving previous TUN/TAP instance: 
> > Local Area Connection 4
> > Wed Oct 24 14:36:38 2007 Initialization Sequence Completed
> >
> >
> > Anyone know why this is happening?  I also have mssfix set to 500 
> > in my server.conf
> >
> > You can see that it stops working almost immediately.  It then 
> > takes a few minutes to reset.  OpenVPN is essentially unusable 
> > right now.  What is wrong?  Any suggestions?
> >
> > =
> > House Payments Fall Again
> > $180,000 Mortgage for $999/mo. See Rates - No Credit Check Required.
> > http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=d5527d2eea0e0b3196f541c7bb7a70e8
> >
> >
> >

>


=
Florida & Montana
Real Estate. Use A Realtor. We Don't List Homes, We Work For You.
http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=9cbae161012b053ccdc8b00875171426

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users