[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Followup on "Inactivity timeout"


  • Subject: [Openvpn-users] Followup on "Inactivity timeout"
  • From: "Randolph M. Jones" <rjones@xxxxxxxxxxxx>
  • Date: Tue, 05 Feb 2008 15:56:11 -0500

After months of frustration (and sadly no feedback from this mailing 
list), I have finally solved the problem described in the message 
below.  It turns out the solution was to issue me new certificates and 
replace my .key and .crt files in the config folder.  Now, I have no 
idea *why* this works, but apparently my old key and certificate were 
causing OpenVPN to hang after anywhere from zero to five minutes of 
connection.  If the certificates were corrupt somehow, I would have 
thought that VPN would have failed to work *at all*.  But my symptoms 
were to have a working connection for a random but brief time, and then 
a hang.  Can anybody explain to me why I was able to make this problem 
go away simply by using new certificates?

Many thanks,
Randy Jones

*[Openvpn-users] OpenVPN constantly hangs, restarts with "Inactivity 
timeout"*
From: Randolph M. Jones <rjones@xxxxx> - 2007-07-23 22:01
I live in Maine and work for a company in Michigan. We use OpenVPN for
our VPN connections. Other employees in Florida and North Carolina seem
to have no problems, but my OpenVPN connection constantly hangs.
Sometimes it hangs immediately upon connection, sometimes it hangs after
a few seconds or a couple of minutes. When it is hung, the OpenVPN GUI
reports that it is still connected, and there's nothing indicating the
loss of connection in the OpenVPN log files, but I lose the ability to
reach the Michigan machines. OpenVPN remains hung until I either
disconnect/reconnect manually, or it automatically restarts with an
"inactivity timeout" (according to the log file). It appears to check
every 10 minutes for the inactivity timeouts, because I get a restart
every 10 minutes in the log file (which I don't completely understand,
because I'm told that the server has its keepalive set to "20 300").
For what it's worth, I do realize that this is a long-distance
connection, and I've verified that there's quite often some packet loss
between Maine and Michigan...I'm also suspicious that other employees
are not having the same problem. I've also verified that I had the same
problem when trying to connect from a conference in Vancouver, using a
completely different ISP. I also have the problem whether I'm connected
to the internet wirelessly or wired. I'm pasting in a sample excerpt
from my OpenVPN log file below.

So my most immediate questions are:
1. Why does OpenVPN seem to hang so easily, and is there any way to keep
it from hanging?
2. Failing that, is there a way to get it detect more quickly that it
has hanged, and restart the connection (instead of waiting 10 minutes)?
3. Are there any other suggestions for tests I should run or things I
can try to get this problem solved? I'm getting pretty tired of having
to restart OpenVPN dozens of times a day. Or am I just out of like
trying to maintain a VPN connection over such a long distance?

Thanks in advance!

Randy Jones
rjones@xxxxx

Mon Jul 23 17:18:43 2007 NOTE: --user option is not implemented on Windows
Mon Jul 23 17:18:43 2007 NOTE: --group option is not implemented on Windows
Mon Jul 23 17:18:43 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on
Oct 1 2006
Mon Jul 23 17:18:43 2007 IMPORTANT: OpenVPN's default port number is now
1194, based on an official port number assignment by IANA. OpenVPN
2.0-beta16 and earlier used 5000 as the default port.
Mon Jul 23 17:18:43 2007 WARNING: No server certificate verification
method hasbeen enabled. See http://openvpn.net/howto.html#mitm for more
info.
Mon Jul 23 17:18:43 2007 LZO compression initialized
Mon Jul 23 17:18:43 2007 Control Channel MTU parms [ L:1542 D:138 EF:38
EB:0 ET:0 EL:0 ]
Mon Jul 23 17:18:43 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42
EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jul 23 17:18:43 2007 Local Options hash (VER=V4): '41690919'
Mon Jul 23 17:18:43 2007 Expected Remote Options hash (VER=V4): '530fdded'
Mon Jul 23 17:18:43 2007 UDPv4 link local: [undef]
Mon Jul 23 17:18:43 2007 UDPv4 link remote: 64.9.220.33:1194
Mon Jul 23 17:18:43 2007 TLS: Initial packet from 64.9.220.33:1194,
sid=05fae821 2dc73d39
Mon Jul 23 17:18:44 2007 VERIFY OK: depth=1,
/C=US/ST=MI/L=AnnArbor/O=Soar_Technology/CN=AASoartechVPN/emailAddress=admin@xxxxx
Mon Jul 23 17:18:44 2007 VERIFY OK: depth=0,
/C=US/ST=MI/O=Soar_Technology/CN=server/emailAddress=admin@xxxxx
Mon Jul 23 17:18:45 2007 Data Channel Encrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Mon Jul 23 17:18:45 2007 Data Channel Encrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Mon Jul 23 17:18:45 2007 Data Channel Decrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Mon Jul 23 17:18:45 2007 Data Channel Decrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Mon Jul 23 17:18:45 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Jul 23 17:18:45 2007 [server] Peer Connection Initiated with
64.9.220.33:1194
Mon Jul 23 17:18:46 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Jul 23 17:18:46 2007 PUSH: Received control message:
'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 192.168.3.0
255.255.255.0,dhcp-option DNS 192.168.0.1,dhcp-option WINS
192.168.0.103,dhcp-option DOMAIN aa.soartech.com,dhcp-option NTP
192.168.0.1,dhcp-option NBT 8,route 10.120.0.0 255.255.255.0,ping
20,ping-restart 300,ifconfig 10.120.0.154 10.120.0.153'
Mon Jul 23 17:18:46 2007 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jul 23 17:18:46 2007 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jul 23 17:18:46 2007 OPTIONS IMPORT: route options modified
Mon Jul 23 17:18:46 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
Mon Jul 23 17:18:46 2007 TAP-WIN32 device [Local Area Connection 4]
opened: \\.\Global\{B6D173A9-9B1C-4618-8753-EAE874D5DDF6}.tap
Mon Jul 23 17:18:46 2007 TAP-Win32 Driver Version 8.4
Mon Jul 23 17:18:46 2007 TAP-Win32 MTU=1500
Mon Jul 23 17:18:46 2007 Notified TAP-Win32 driver to set a DHCP
IP/netmask of 10.120.0.154/255.255.255.252 on interface
{B6D173A9-9B1C-4618-8753-EAE874D5DDF6}[DHCP-serv: 10.120.0.153,
lease-time: 31536000]
Mon Jul 23 17:18:46 2007 Successful ARP Flush on interface [5]
{B6D173A9-9B1C-4618-8753-EAE874D5DDF6}
Mon Jul 23 17:18:46 2007 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Mon Jul 23 17:18:46 2007 Route: Waiting for TUN/TAP interface to come up...
Mon Jul 23 17:18:47 2007 TEST ROUTES: 0/0 succeeded len=3 ret=0 a=0 u/d=down
Mon Jul 23 17:18:47 2007 Route: Waiting for TUN/TAP interface to come up...
Mon Jul 23 17:18:48 2007 TEST ROUTES: 3/3 succeeded len=3 ret=1 a=0 u/d=up
Mon Jul 23 17:18:48 2007 route ADD 192.168.0.0 MASK 255.255.255.0
10.120.0.153
Mon Jul 23 17:18:48 2007 Route addition via IPAPI succeeded
Mon Jul 23 17:18:48 2007 route ADD 192.168.3.0 MASK 255.255.255.0
10.120.0.153
Mon Jul 23 17:18:48 2007 Route addition via IPAPI succeeded
Mon Jul 23 17:18:48 2007 route ADD 10.120.0.0 MASK 255.255.255.0
10.120.0.153
Mon Jul 23 17:18:48 2007 Route addition via IPAPI succeeded
Mon Jul 23 17:18:48 2007 Initialization Sequence Completed
Mon Jul 23 17:21:47 2007 Replay-window backtrack occurred [1]
Mon Jul 23 17:28:25 2007 [server] Inactivity timeout (--ping-restart),
restarting
Mon Jul 23 17:28:25 2007 TCP/UDP: Closing socket
Mon Jul 23 17:28:25 2007 SIGUSR1[soft,ping-restart] received, process
restarting
Mon Jul 23 17:28:25 2007 Restart pause, 2 second(s)
Mon Jul 23 17:28:27 2007 IMPORTANT: OpenVPN's default port number is now
1194, based on an official port number assignment by IANA. OpenVPN
2.0-beta16 and earlier used 5000 as the default port.
Mon Jul 23 17:28:27 2007 WARNING: No server certificate verification
method has been enabled. See http://openvpn.net/howto.html#mitm for
more info.
Mon Jul 23 17:28:27 2007 Re-using SSL/TLS context
Mon Jul 23 17:28:27 2007 LZO compression initialized
Mon Jul 23 17:28:27 2007 Control Channel MTU parms [ L:1542 D:138 EF:38
EB:0 ET:0 EL:0 ]
Mon Jul 23 17:28:28 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42
EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jul 23 17:28:28 2007 Local Options hash (VER=V4): '41690919'
Mon Jul 23 17:28:28 2007 Expected Remote Options hash (VER=V4): '530fdded'
Mon Jul 23 17:28:28 2007 UDPv4 link local: [undef]
Mon Jul 23 17:28:28 2007 UDPv4 link remote: 64.9.220.33:1194
Mon Jul 23 17:28:28 2007 TLS: Initial packet from 64.9.220.33:1194,
sid=ec3423b5 3588edff
Mon Jul 23 17:28:28 2007 VERIFY OK: depth=1,
/C=US/ST=MI/L=AnnArbor/O=Soar_Technology/CN=AASoartechVPN/emailAddress=admin@xxxxx
Mon Jul 23 17:28:28 2007 VERIFY OK: depth=0,
/C=US/ST=MI/O=Soar_Technology/CN=server/emailAddress=admin@xxxxx
Mon Jul 23 17:28:30 2007 Data Channel Encrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Mon Jul 23 17:28:30 2007 Data Channel Encrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Mon Jul 23 17:28:30 2007 Data Channel Decrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Mon Jul 23 17:28:30 2007 Data Channel Decrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Mon Jul 23 17:28:30 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Jul 23 17:28:30 2007 [server] Peer Connection Initiated with
64.9.220.33:1194
Mon Jul 23 17:28:30 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Jul 23 17:28:30 2007 PUSH: Received control message:
'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 192.168.3.0
255.255.255.0,dhcp-option DNS 192.168.0.1,dhcp-option WINS
192.168.0.103,dhcp-option DOMAIN aa.soartech.com,dhcp-option NTP
192.168.0.1,dhcp-option NBT 8,route 10.120.0.0 255.255.255.0,ping
20,ping-restart 300,ifconfig 10.120.0.154 10.120.0.153'
Mon Jul 23 17:28:30 2007 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jul 23 17:28:30 2007 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jul 23 17:28:30 2007 OPTIONS IMPORT: route options modified
Mon Jul 23 17:28:30 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
Mon Jul 23 17:28:30 2007 Preserving previous TUN/TAP instance: Local
Area Connection 4
Mon Jul 23 17:28:30 2007 Initialization Sequence Completed
Mon Jul 23 17:38:13 2007 [server] Inactivity timeout (--ping-restart),
restarting
Mon Jul 23 17:38:13 2007 TCP/UDP: Closing socket
Mon Jul 23 17:38:13 2007 SIGUSR1[soft,ping-restart] received, process
restarting
Mon Jul 23 17:38:13 2007 Restart pause, 2 second(s)
Mon Jul 23 17:38:15 2007 IMPORTANT: OpenVPN's default port number is now
1194, based on an official port number assignment by IANA. OpenVPN
2.0-beta16 and earlier used 5000 as the default port.
Mon Jul 23 17:38:15 2007 WARNING: No server certificate verification
method has been enabled. See http://openvpn.net/howto.html#mitm for
more info.
Mon Jul 23 17:38:15 2007 Re-using SSL/TLS context
Mon Jul 23 17:38:15 2007 LZO compression initialized
Mon Jul 23 17:38:15 2007 Control Channel MTU parms [ L:1542 D:138 EF:38
EB:0 ET:0 EL:0 ]
Mon Jul 23 17:38:15 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42
EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jul 23 17:38:15 2007 Local Options hash (VER=V4): '41690919'
Mon Jul 23 17:38:15 2007 Expected Remote Options hash (VER=V4): '530fdded'
Mon Jul 23 17:38:15 2007 UDPv4 link local: [undef]
Mon Jul 23 17:38:15 2007 UDPv4 link remote: 64.9.220.33:1194
Mon Jul 23 17:38:15 2007 TLS: Initial packet from 64.9.220.33:1194,
sid=c8f821e3 b566412e
Mon Jul 23 17:38:16 2007 VERIFY OK: depth=1,
/C=US/ST=MI/L=AnnArbor/O=Soar_Technology/CN=AASoartechVPN/emailAddress=admin@xxxxx
Mon Jul 23 17:38:16 2007 VERIFY OK: depth=0,
/C=US/ST=MI/O=Soar_Technology/CN=server/emailAddress=admin@xxxxx
Mon Jul 23 17:38:17 2007 Data Channel Encrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Mon Jul 23 17:38:17 2007 Data Channel Encrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Mon Jul 23 17:38:17 2007 Data Channel Decrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Mon Jul 23 17:38:17 2007 Data Channel Decrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Mon Jul 23 17:38:17 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Jul 23 17:38:17 2007 [server] Peer Connection Initiated with
64.9.220.33:1194
Mon Jul 23 17:38:19 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Jul 23 17:38:19 2007 PUSH: Received control message:
'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 192.168.3.0
255.255.255.0,dhcp-option DNS 192.168.0.1,dhcp-option WINS
192.168.0.103,dhcp-option DOMAIN aa.soartech.com,dhcp-option NTP
192.168.0.1,dhcp-option NBT 8,route 10.120.0.0 255.255.255.0,ping
20,ping-restart 300,ifconfig 10.120.0.154 10.120.0.153'
Mon Jul 23 17:38:19 2007 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jul 23 17:38:19 2007 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jul 23 17:38:19 2007 OPTIONS IMPORT: route options modified
Mon Jul 23 17:38:19 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
Mon Jul 23 17:38:19 2007 Preserving previous TUN/TAP instance: Local
Area Connection 4
Mon Jul 23 17:38:19 2007 Initialization Sequence Completed
Mon Jul 23 17:48:00 2007 [server] Inactivity timeout (--ping-restart),
restarting
Mon Jul 23 17:48:00 2007 TCP/UDP: Closing socket
Mon Jul 23 17:48:00 2007 SIGUSR1[soft,ping-restart] received, process
restarting
Mon Jul 23 17:48:00 2007 Restart pause, 2 second(s)
Mon Jul 23 17:48:02 2007 IMPORTANT: OpenVPN's default port number is now
1194, based on an official port number assignment by IANA. OpenVPN
2.0-beta16 and earlier used 5000 as the default port.
Mon Jul 23 17:48:02 2007 WARNING: No server certificate verification
method has been enabled. See http://openvpn.net/howto.html#mitm for
more info.
Mon Jul 23 17:48:02 2007 Re-using SSL/TLS context
Mon Jul 23 17:48:02 2007 LZO compression initialized
Mon Jul 23 17:48:02 2007 Control Channel MTU parms [ L:1542 D:138 EF:38
EB:0 ET:0 EL:0 ]
Mon Jul 23 17:48:03 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42
EB:135 ET:0 EL:0 AF:3/1 ]
Mon Jul 23 17:48:03 2007 Local Options hash (VER=V4): '41690919'
Mon Jul 23 17:48:03 2007 Expected Remote Options hash (VER=V4): '530fdded'
Mon Jul 23 17:48:03 2007 UDPv4 link local: [undef]
Mon Jul 23 17:48:03 2007 UDPv4 link remote: 64.9.220.33:1194
Mon Jul 23 17:48:03 2007 TLS: Initial packet from 64.9.220.33:1194,
sid=273a6d35 a2a7df88
Mon Jul 23 17:48:04 2007 VERIFY OK: depth=1,
/C=US/ST=MI/L=AnnArbor/O=Soar_Technology/CN=AASoartechVPN/emailAddress=admin@xxxxx
Mon Jul 23 17:48:04 2007 VERIFY OK: depth=0,
/C=US/ST=MI/O=Soar_Technology/CN=server/emailAddress=admin@xxxxx
Mon Jul 23 17:48:06 2007 Data Channel Encrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Mon Jul 23 17:48:06 2007 Data Channel Encrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Mon Jul 23 17:48:06 2007 Data Channel Decrypt: Cipher 'BF-CBC'
initialized with 128 bit key
Mon Jul 23 17:48:06 2007 Data Channel Decrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Mon Jul 23 17:48:06 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Jul 23 17:48:06 2007 [server] Peer Connection Initiated with
64.9.220.33:1194
Mon Jul 23 17:48:07 2007 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Jul 23 17:48:07 2007 PUSH: Received control message:
'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route 192.168.3.0
255.255.255.0,dhcp-option DNS 192.168.0.1,dhcp-option WINS
192.168.0.103,dhcp-option DOMAIN aa.soartech.com,dhcp-option NTP
192.168.0.1,dhcp-option NBT 8,route 10.120.0.0 255.255.255.0,ping
20,ping-restart 300,ifconfig 10.120.0.154 10.120.0.153'
Mon Jul 23 17:48:07 2007 OPTIONS IMPORT: timers and/or timeouts modified
Mon Jul 23 17:48:07 2007 OPTIONS IMPORT: --ifconfig/up options modified
Mon Jul 23 17:48:07 2007 OPTIONS IMPORT: route options modified
Mon Jul 23 17:48:07 2007 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
Mon Jul 23 17:48:07 2007 Preserving previous TUN/TAP instance: Local
Area Connection 4
Mon Jul 23 17:48:07 2007 Initialization Sequence Completed


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users