Successful (?) Connection every 30 sec, no ping, no network

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
temuco
OpenVpn Newbie
Posts: 7
Joined: Fri Aug 12, 2016 8:03 am

Successful (?) Connection every 30 sec, no ping, no network

Post by temuco » Thu Jun 08, 2017 2:01 am

Hello!

iPad, iOS 10.3.2
OpenVPN Connect 1.1.1 build 212 (iOS 64-bit)

Client configuration file mama.ovpn:

Code: Select all

remote myip.tld 1195
dev tun
proto udp
tun-mtu 1500
client
auth SHA1
cipher AES-256-CBC
comp-lzo yes
redirect-gateway
verb 3

nobind
persist-key
persist-tun
user nobody
group nogroup
resolv-retry infinite

pkcs12 mama-ipad.p12

<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
The configuration file mama.ovpn and the pkcs12 certificate file mama-ipad.p12 were successfully integrated. A connection to the OpenVPN server is also established.

The transfer network is 10.0.0.0/255.255.255.0. This should be routed between client and LAN (192.168.70.0/255.255.255.0).

PCs, laptops and Android tablets work perfectly. The iPad connects, but does not reach any of the networks (neither 10.0.0.0/255.255.255.0 nor 192.168.70.0/255.255.255.0). In addition, I observe that the connection is re-established approximately every 30 seconds.

I have made a lot of changes to the configuration, but no matter what I do, the behavior does not change.

I do not understand this, because other devices such as Windows PCs, laptops or Android work with the same configuration without errors.

I add a part of the log file below. Maybe someone can help me.

Many Thanks!

René

Log file:

Code: Select all

2017-06-08 02:47:26 Connecting to [myip.tld]:1195 (11.22.33.44) via UDPv4
2017-06-08 02:47:26 EVENT: CONNECTING
2017-06-08 02:47:26 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client
2017-06-08 02:47:26 Creds: UsernameEmpty/PasswordEmpty
2017-06-08 02:47:26 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.1.1-212
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_AUTO_SESS=1

2017-06-08 02:47:27 VERIFY OK: depth=1
cert. version    : 3
serial number    : C0:AC:46:33:B6:DB:88:81
issuer name      : C=DE, ST=MY STATE, L="My City", O="My organisation", OU=My-ROOT-CA, CN=My-ROOT-CA, ??=My-ROOT-CA, emailAddress=info@mail.tld
subject name      : C=DE, ST=MY STATE, L="My City", O="My organisation", OU=My-ROOT-CA, CN=My-ROOT-CA, ??=My-ROOT-CA, emailAddress=info@mail.tld
issued  on        : 2015-01-05 08:30:12
expires on        : 2025-01-02 08:30:12
signed using      : RSA with SHA1
RSA key size      : 2048 bits
basic constraints : CA=true

2017-06-08 02:47:27 VERIFY OK: depth=0
cert. version    : 3
serial number    : 01
issuer name      : C=DE, ST=MY STATE, L="My City", O="My organisation", OU=My-ROOT-CA, CN=My-ROOT-CA, ??=My-ROOT-CA, emailAddress=info@mail.tld
subject name      : C=DE, ST=MY STATE, L="My City", O="My organisation", OU=Netzwerk, CN=openvpn.isential.local, ??=openvpn.isential.local, emailAddress=info@mail.tld
issued  on        : 2015-01-05 08:33:00
expires on        : 2025-01-02 08:33:00
signed using      : RSA with SHA-512
RSA key size      : 2048 bits
basic constraints : CA=false
cert. type        : SSL Server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2017-06-08 02:47:27 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
2017-06-08 02:47:27 Session is ACTIVE
2017-06-08 02:47:27 EVENT: GET_CONFIG
2017-06-08 02:47:27 Sending PUSH_REQUEST to server...
2017-06-08 02:47:27 OPTIONS:
0 [redirect-gateway] 
1 [route] [192.168.70.0] [255.255.255.0] 
2 [dhcp-option] [DOMAIN] [isential.local] 
3 [dhcp-option] [DNS] [192.168.70.203] 
4 [dhcp-option] [WINS] [192.168.70.203] 
5 [route] [10.0.0.1] 
6 [topology] [net30] 
7 [ping] [10] 
8 [ping-restart] [60] 
9 [ifconfig] [10.0.0.18] [10.0.0.17] 

2017-06-08 02:47:27 PROTOCOL OPTIONS:
  cipher: AES-256-CBC
  digest: SHA1
  compress: LZO
  peer ID: -1
2017-06-08 02:47:27 EVENT: ASSIGN_IP
2017-06-08 02:47:27 Error parsing dhcp-option: [dhcp-option] [WINS] [192.168.70.203]  : tun_prop_dhcp_option_error: tun_builder_add_wins_server failed
2017-06-08 02:47:27 Connected via tun
2017-06-08 02:47:27 LZO-ASYM init swap=0 asym=0
2017-06-08 02:47:27 EVENT: CONNECTED @myip.tld:1195 (11.22.33.44) via /UDPv4 on tun/10.0.0.18/ gw=[10.0.0.17/]
2017-06-08 02:47:27 SetStatus Connected
2017-06-08 02:47:36 NET Internet:NotReachable/-R tc-----
2017-06-08 02:47:36 OS Event: NET UNAVAILABLE (PAUSE): Internet:NotReachable/-- -------
2017-06-08 02:47:36 UDP send error: send: Can't assign requested address
2017-06-08 02:47:36 Transport Error: EADDRNOTAVAIL: Can't assign requested address
2017-06-08 02:47:36 EVENT: TRANSPORT_ERROR EADDRNOTAVAIL: Can't assign requested address [ERR]
2017-06-08 02:47:36 Client terminated, restarting in 5000 ms...
2017-06-08 02:47:36 TUN reassert
2017-06-08 02:47:36 TUN reset routes
2017-06-08 02:47:36 EVENT: PAUSE
2017-06-08 02:47:37 NET Internet:NotReachable/-- -------
2017-06-08 02:47:39 RECONNECT TEST: Internet:NotReachable/-- -------
2017-06-08 02:47:56 OS Event: NET AVAILABLE (RESUME): Internet:ReachableViaWiFi/-R t------ allow=1
2017-06-08 02:47:57 NET Internet:ReachableViaWiFi/-R t------
2017-06-08 02:47:59 RECONNECT TEST: Internet:ReachableViaWiFi/-R t------
2017-06-08 02:47:59 Client terminated, reconnecting in 1...
2017-06-08 02:48:00 EVENT: RESUME
2017-06-08 02:48:00 EVENT: RECONNECTING
2017-06-08 02:48:00 EVENT: RESOLVE
2017-06-08 02:48:00 Contacting 11.22.33.44:1195 via UDP
2017-06-08 02:48:00 EVENT: WAIT
2017-06-08 02:48:00 SetTunnelSocket returned 1
2017-06-08 02:48:00 Connecting to [myip.tld]:1195 (11.22.33.44) via UDPv4
2017-06-08 02:48:00 EVENT: CONNECTING
2017-06-08 02:48:00 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client
2017-06-08 02:48:00 Creds: UsernameEmpty/PasswordEmpty
2017-06-08 02:48:00 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.1.1-212
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_AUTO_SESS=1

2017-06-08 02:48:00 VERIFY OK: depth=1
cert. version    : 3
serial number    : C0:AC:46:33:B6:DB:88:81
issuer name      : C=DE, ST=MY STATE, L="My City", O="My organisation", OU=My-ROOT-CA, CN=My-ROOT-CA, ??=My-ROOT-CA, emailAddress=info@mail.tld
subject name      : C=DE, ST=MY STATE, L="My City", O="My organisation", OU=My-ROOT-CA, CN=My-ROOT-CA, ??=My-ROOT-CA, emailAddress=info@mail.tld
issued  on        : 2015-01-05 08:30:12
expires on        : 2025-01-02 08:30:12
signed using      : RSA with SHA1
RSA key size      : 2048 bits
basic constraints : CA=true

2017-06-08 02:48:00 VERIFY OK: depth=0
cert. version    : 3
serial number    : 01
issuer name      : C=DE, ST=MY STATE, L="My City", O="My organisation", OU=My-ROOT-CA, CN=My-ROOT-CA, ??=My-ROOT-CA, emailAddress=info@mail.tld
subject name      : C=DE, ST=MY STATE, L="My City", O="My organisation", OU=Netzwerk, CN=openvpn.isential.local, ??=openvpn.isential.local, emailAddress=info@mail.tld
issued  on        : 2015-01-05 08:33:00
expires on        : 2025-01-02 08:33:00
signed using      : RSA with SHA-512
RSA key size      : 2048 bits
basic constraints : CA=false
cert. type        : SSL Server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2017-06-08 02:48:01 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
2017-06-08 02:48:01 Session is ACTIVE
2017-06-08 02:48:01 EVENT: GET_CONFIG
2017-06-08 02:48:01 Sending PUSH_REQUEST to server...
2017-06-08 02:48:01 OPTIONS:
0 [redirect-gateway] 
1 [route] [192.168.70.0] [255.255.255.0] 
2 [dhcp-option] [DOMAIN] [isential.local] 
3 [dhcp-option] [DNS] [192.168.70.203] 
4 [dhcp-option] [WINS] [192.168.70.203] 
5 [route] [10.0.0.1] 
6 [topology] [net30] 
7 [ping] [10] 
8 [ping-restart] [60] 
9 [ifconfig] [10.0.0.18] [10.0.0.17] 

2017-06-08 02:48:01 PROTOCOL OPTIONS:
  cipher: AES-256-CBC
  digest: SHA1
  compress: LZO
  peer ID: -1
2017-06-08 02:48:01 EVENT: ASSIGN_IP
2017-06-08 02:48:01 Error parsing dhcp-option: [dhcp-option] [WINS] [192.168.70.203]  : tun_prop_dhcp_option_error: tun_builder_add_wins_server failed
2017-06-08 02:48:01 Connected via tun
2017-06-08 02:48:01 LZO-ASYM init swap=0 asym=0
2017-06-08 02:48:01 EVENT: CONNECTED @myip.tld:1195 (11.22.33.44) via /UDPv4 on tun/10.0.0.18/ gw=[10.0.0.17/]
2017-06-08 02:48:01 SetStatus Connected
2017-06-08 02:49:01 Session invalidated: KEEPALIVE_TIMEOUT
2017-06-08 02:49:01 Client terminated, restarting in 2000 ms...
2017-06-08 02:49:01 TUN reassert
2017-06-08 02:49:01 TUN reset routes
2017-06-08 02:49:03 EVENT: RECONNECTING
2017-06-08 02:49:03 EVENT: RESOLVE
2017-06-08 02:49:03 Contacting 11.22.33.44:1195 via UDP
2017-06-08 02:49:03 EVENT: WAIT
2017-06-08 02:49:03 SetTunnelSocket returned 1
2017-06-08 02:49:03 Connecting to [myip.tld]:1195 (11.22.33.44) via UDPv4
2017-06-08 02:49:03 EVENT: CONNECTING
2017-06-08 02:49:03 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client
2017-06-08 02:49:03 Creds: UsernameEmpty/PasswordEmpty
2017-06-08 02:49:03 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.1.1-212
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_AUTO_SESS=1

2017-06-08 02:49:03 VERIFY OK: depth=1
cert. version    : 3
serial number    : C0:AC:46:33:B6:DB:88:81
issuer name      : C=DE, ST=MY STATE, L="My City", O="My organisation", OU=My-ROOT-CA, CN=My-ROOT-CA, ??=My-ROOT-CA, emailAddress=info@mail.tld
subject name      : C=DE, ST=MY STATE, L="My City", O="My organisation", OU=My-ROOT-CA, CN=My-ROOT-CA, ??=My-ROOT-CA, emailAddress=info@mail.tld
issued  on        : 2015-01-05 08:30:12
expires on        : 2025-01-02 08:30:12
signed using      : RSA with SHA1
RSA key size      : 2048 bits
basic constraints : CA=true

2017-06-08 02:49:03 VERIFY OK: depth=0
cert. version    : 3
serial number    : 01
issuer name      : C=DE, ST=MY STATE, L="My City", O="My organisation", OU=My-ROOT-CA, CN=My-ROOT-CA, ??=My-ROOT-CA, emailAddress=info@mail.tld
subject name      : C=DE, ST=MY STATE, L="My City", O="My organisation", OU=Netzwerk, CN=openvpn.isential.local, ??=openvpn.isential.local, emailAddress=info@mail.tld
issued  on        : 2015-01-05 08:33:00
expires on        : 2025-01-02 08:33:00
signed using      : RSA with SHA-512
RSA key size      : 2048 bits
basic constraints : CA=false
cert. type        : SSL Server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2017-06-08 02:49:03 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
2017-06-08 02:49:03 Session is ACTIVE
2017-06-08 02:49:03 EVENT: GET_CONFIG
2017-06-08 02:49:03 Sending PUSH_REQUEST to server...
2017-06-08 02:49:03 OPTIONS:
0 [redirect-gateway] 
1 [route] [192.168.70.0] [255.255.255.0] 
2 [dhcp-option] [DOMAIN] [isential.local] 
3 [dhcp-option] [DNS] [192.168.70.203] 
4 [dhcp-option] [WINS] [192.168.70.203] 
5 [route] [10.0.0.1] 
6 [topology] [net30] 
7 [ping] [10] 
8 [ping-restart] [60] 
9 [ifconfig] [10.0.0.18] [10.0.0.17] 

2017-06-08 02:49:03 PROTOCOL OPTIONS:
  cipher: AES-256-CBC
  digest: SHA1
  compress: LZO
  peer ID: -1
2017-06-08 02:49:03 EVENT: ASSIGN_IP
2017-06-08 02:49:03 Error parsing dhcp-option: [dhcp-option] [WINS] [192.168.70.203]  : tun_prop_dhcp_option_error: tun_builder_add_wins_server failed
2017-06-08 02:49:04 Connected via tun
2017-06-08 02:49:04 LZO-ASYM init swap=0 asym=0
2017-06-08 02:49:04 EVENT: CONNECTED @myip.tld:1195 (11.22.33.44) via /UDPv4 on tun/10.0.0.18/ gw=[10.0.0.17/]
2017-06-08 02:49:04 SetStatus Connected
2017-06-08 02:50:04 Session invalidated: KEEPALIVE_TIMEOUT
2017-06-08 02:50:04 Client terminated, restarting in 2000 ms...
2017-06-08 02:50:04 TUN reassert
2017-06-08 02:50:04 TUN reset routes
2017-06-08 02:50:06 EVENT: RECONNECTING
2017-06-08 02:50:06 EVENT: RESOLVE
2017-06-08 02:50:06 Contacting 11.22.33.44:1195 via UDP
2017-06-08 02:50:06 EVENT: WAIT
2017-06-08 02:50:06 SetTunnelSocket returned 1
2017-06-08 02:50:06 Connecting to [myip.tld]:1195 (11.22.33.44) via UDPv4
2017-06-08 02:50:06 EVENT: CONNECTING
2017-06-08 02:50:06 Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client
2017-06-08 02:50:06 Creds: UsernameEmpty/PasswordEmpty
2017-06-08 02:50:06 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.1.1-212
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_AUTO_SESS=1

2017-06-08 02:50:06 VERIFY OK: depth=1
cert. version    : 3
serial number    : C0:AC:46:33:B6:DB:88:81
issuer name      : C=DE, ST=MY STATE, L="My City", O="My organisation", OU=My-ROOT-CA, CN=My-ROOT-CA, ??=My-ROOT-CA, emailAddress=info@mail.tld
subject name      : C=DE, ST=MY STATE, L="My City", O="My organisation", OU=My-ROOT-CA, CN=My-ROOT-CA, ??=My-ROOT-CA, emailAddress=info@mail.tld
issued  on        : 2015-01-05 08:30:12
expires on        : 2025-01-02 08:30:12
signed using      : RSA with SHA1
RSA key size      : 2048 bits
basic constraints : CA=true

2017-06-08 02:50:06 VERIFY OK: depth=0
cert. version    : 3
serial number    : 01
issuer name      : C=DE, ST=MY STATE, L="My City", O="My organisation", OU=My-ROOT-CA, CN=My-ROOT-CA, ??=My-ROOT-CA, emailAddress=info@mail.tld
subject name      : C=DE, ST=MY STATE, L="My City", O="My organisation", OU=Netzwerk, CN=openvpn.isential.local, ??=openvpn.isential.local, emailAddress=info@mail.tld
issued  on        : 2015-01-05 08:33:00
expires on        : 2025-01-02 08:33:00
signed using      : RSA with SHA-512
RSA key size      : 2048 bits
basic constraints : CA=false
cert. type        : SSL Server
key usage        : Digital Signature, Key Encipherment
ext key usage    : TLS Web Server Authentication

2017-06-08 02:50:06 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
2017-06-08 02:50:06 Session is ACTIVE
2017-06-08 02:50:06 EVENT: GET_CONFIG
2017-06-08 02:50:06 Sending PUSH_REQUEST to server...
2017-06-08 02:50:06 OPTIONS:
0 [redirect-gateway] 
1 [route] [192.168.70.0] [255.255.255.0] 
2 [dhcp-option] [DOMAIN] [isential.local] 
3 [dhcp-option] [DNS] [192.168.70.203] 
4 [dhcp-option] [WINS] [192.168.70.203] 
5 [route] [10.0.0.1] 
6 [topology] [net30] 
7 [ping] [10] 
8 [ping-restart] [60] 
9 [ifconfig] [10.0.0.18] [10.0.0.17] 

2017-06-08 02:50:06 PROTOCOL OPTIONS:
  cipher: AES-256-CBC
  digest: SHA1
  compress: LZO
  peer ID: -1
2017-06-08 02:50:06 EVENT: ASSIGN_IP
2017-06-08 02:50:06 Error parsing dhcp-option: [dhcp-option] [WINS] [192.168.70.203]  : tun_prop_dhcp_option_error: tun_builder_add_wins_server failed
2017-06-08 02:50:06 Connected via tun
2017-06-08 02:50:06 LZO-ASYM init swap=0 asym=0
2017-06-08 02:50:06 EVENT: CONNECTED @myip.tld:1195 (11.22.33.44) via /UDPv4 on tun/10.0.0.18/ gw=[10.0.0.17/]
2017-06-08 02:50:06 SetStatus Connected
2017-06-08 02:51:06 Session invalidated: KEEPALIVE_TIMEOUT
2017-06-08 02:51:06 Client terminated, restarting in 2000 ms...
2017-06-08 02:51:06 TUN reassert
2017-06-08 02:51:06 TUN reset routes

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Successful (?) Connection every 30 sec, no ping, no network

Post by TinCanTech » Thu Jun 08, 2017 8:45 am

For now remove

Code: Select all

push "dhcp-option WINS ..."
from your server config.

Also check your server log for errors.

temuco
OpenVpn Newbie
Posts: 7
Joined: Fri Aug 12, 2016 8:03 am

Re: Successful (?) Connection every 30 sec, no ping, no network

Post by temuco » Thu Jun 08, 2017 11:30 am

Thank you very much!

I will make further tests later, because it is currently working with VPN server. I can not restart OpenVPN for testing, as long as colleagues still work on it.

Until then I can provide the configuration file and the logs of the server here. Maybe someone can give me a tip using this information.

Thanks again!

René

server.ovpn

Code: Select all

cd "C:/Program Files/OpenVPN/config/"

dev tun
dev-node OpenVPN-TUN1

port 1195
proto udp

tun-mtu 1500
fragment 1300
mssfix

mode server
server 10.0.0.0 255.255.255.0

push "route 192.168.70.0 255.255.255.0"

keepalive 10 60

ifconfig-pool-persist ipp-ip.txt

# Only on Windows
push "dhcp-option DOMAIN isential.local"
push "dhcp-option DNS 192.168.70.203"
push "dhcp-option WINS 192.168.70.203"

tls-server	
auth SHA1

dh dh2048.pem

cipher AES-256-CBC

ca certs/ca.crt
cert certs/openvpn.isential.local.crt
key private/openvpn.isential.local.key

comp-lzo yes

verb 3
Part of the log file:

Code: Select all

Thu Jun 08 13:24:06 2017 11.22.33.44:59452 TLS: Initial packet from [AF_INET]11.22.33.44:59452, sid=02de4eed 97558b76
Thu Jun 08 13:24:06 2017 11.22.33.44:59452 VERIFY OK: depth=1, C=DE, ST=My State, L="My City", O="My Company", OU=trossingen-isential-de-ROOT-CA, CN=trossingen-isential-de-ROOT-CA, name=trossingen-isential-de-ROOT-CA, emailAddress=info@my-email.tld
Thu Jun 08 13:24:06 2017 11.22.33.44:59452 VERIFY OK: depth=0, C=DE, ST=My State, L="My City", O="My Company", OU=mama, CN=mama-ipad, name=mama-ipad, emailAddress=info@my-email.tld
Thu Jun 08 13:24:06 2017 11.22.33.44:59452 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1562', remote='link-mtu 1558'
Thu Jun 08 13:24:06 2017 11.22.33.44:59452 WARNING: 'mtu-dynamic' is present in local config but missing in remote config, local='mtu-dynamic'
Thu Jun 08 13:24:06 2017 11.22.33.44:59452 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 08 13:24:06 2017 11.22.33.44:59452 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 08 13:24:06 2017 11.22.33.44:59452 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 08 13:24:06 2017 11.22.33.44:59452 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 08 13:24:06 2017 11.22.33.44:59452 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Jun 08 13:24:06 2017 11.22.33.44:59452 [mama-ipad] Peer Connection Initiated with [AF_INET]11.22.33.44:59452
Thu Jun 08 13:24:06 2017 MULTI: new connection by client 'mama-ipad' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Jun 08 13:24:06 2017 MULTI_sva: pool returned IPv4=10.0.0.18, IPv6=(Not enabled)
Thu Jun 08 13:24:06 2017 MULTI: Learn: 10.0.0.18 -> mama-ipad/11.22.33.44:59452
Thu Jun 08 13:24:06 2017 MULTI: primary virtual IP for mama-ipad/11.22.33.44:59452: 10.0.0.18
Thu Jun 08 13:24:06 2017 mama-ipad/11.22.33.44:59452 PUSH: Received control message: 'PUSH_REQUEST'
Thu Jun 08 13:24:06 2017 mama-ipad/11.22.33.44:59452 send_push_reply(): safe_cap=940
Thu Jun 08 13:24:06 2017 mama-ipad/11.22.33.44:59452 SENT CONTROL [mama-ipad]: 'PUSH_REPLY,route 192.168.70.0 255.255.255.0,dhcp-option DOMAIN isential.local,dhcp-option DNS 192.168.70.203,dhcp-option WINS 192.168.70.203,route 10.0.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.0.0.18 10.0.0.17' (status=1)
Thu Jun 08 13:24:07 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 44
Thu Jun 08 13:24:07 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 44
Thu Jun 08 13:24:07 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 44
Thu Jun 08 13:24:07 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 59
Thu Jun 08 13:24:07 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 60
Thu Jun 08 13:24:07 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 71
Thu Jun 08 13:24:07 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 55
Thu Jun 08 13:24:07 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 63
Thu Jun 08 13:24:08 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 59
Thu Jun 08 13:24:08 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 60
Thu Jun 08 13:24:08 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 71
Thu Jun 08 13:24:08 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 55
Thu Jun 08 13:24:08 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 63
Thu Jun 08 13:24:09 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 44
Thu Jun 08 13:24:09 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 44
Thu Jun 08 13:24:09 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 44
Thu Jun 08 13:24:10 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 59
Thu Jun 08 13:24:10 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 60
Thu Jun 08 13:24:10 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 71
Thu Jun 08 13:24:10 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 55
Thu Jun 08 13:24:10 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 63
Thu Jun 08 13:24:13 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 68
Thu Jun 08 13:24:13 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 44
Thu Jun 08 13:24:13 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 44
Thu Jun 08 13:24:13 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 44
Thu Jun 08 13:24:14 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 68
Thu Jun 08 13:24:14 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 59
Thu Jun 08 13:24:14 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 60
Thu Jun 08 13:24:14 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 71
Thu Jun 08 13:24:14 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 55
Thu Jun 08 13:24:14 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 63
Thu Jun 08 13:24:16 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 68
Thu Jun 08 13:24:20 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 68
Thu Jun 08 13:24:21 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 44
Thu Jun 08 13:24:21 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 44
Thu Jun 08 13:24:21 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 44
Thu Jun 08 13:24:22 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 59
Thu Jun 08 13:24:22 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 60
Thu Jun 08 13:24:22 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 71
Thu Jun 08 13:24:22 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 55
Thu Jun 08 13:24:22 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 63
Thu Jun 08 13:24:28 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 68
Thu Jun 08 13:24:37 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 44
Thu Jun 08 13:24:37 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 44
Thu Jun 08 13:24:37 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 44
Thu Jun 08 13:24:38 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 59
Thu Jun 08 13:24:38 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 60
Thu Jun 08 13:24:38 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 55
Thu Jun 08 13:24:38 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 63
Thu Jun 08 13:24:44 2017 mama-ipad/11.22.33.44:59452 Bad LZO decompression header byte: 68
Thu Jun 08 13:24:54 2017 mama-ipad/11.22.33.44:59452 FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
Thu Jun 08 13:25:04 2017 mama-ipad/11.22.33.44:59452 FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
Thu Jun 08 13:25:08 2017 11.22.33.44:51328 TLS: Initial packet from [AF_INET]11.22.33.44:51328, sid=7be84ddb a1df22dd
Thu Jun 08 13:25:09 2017 11.22.33.44:51328 VERIFY OK: depth=1, C=DE, ST=My State, L="My City", O="My Company", OU=trossingen-isential-de-ROOT-CA, CN=trossingen-isential-de-ROOT-CA, name=trossingen-isential-de-ROOT-CA, emailAddress=info@my-email.tld
Thu Jun 08 13:25:09 2017 11.22.33.44:51328 VERIFY OK: depth=0, C=DE, ST=My State, L="My City", O="My Company", OU=mama, CN=mama-ipad, name=mama-ipad, emailAddress=info@my-email.tld
Thu Jun 08 13:25:09 2017 11.22.33.44:51328 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1562', remote='link-mtu 1558'
Thu Jun 08 13:25:09 2017 11.22.33.44:51328 WARNING: 'mtu-dynamic' is present in local config but missing in remote config, local='mtu-dynamic'
Thu Jun 08 13:25:09 2017 11.22.33.44:51328 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 08 13:25:09 2017 11.22.33.44:51328 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 08 13:25:09 2017 11.22.33.44:51328 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Jun 08 13:25:09 2017 11.22.33.44:51328 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 08 13:25:09 2017 11.22.33.44:51328 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Jun 08 13:25:09 2017 11.22.33.44:51328 [mama-ipad] Peer Connection Initiated with [AF_INET]11.22.33.44:51328
Thu Jun 08 13:25:09 2017 MULTI: new connection by client 'mama-ipad' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Thu Jun 08 13:25:09 2017 MULTI_sva: pool returned IPv4=10.0.0.18, IPv6=(Not enabled)
Thu Jun 08 13:25:09 2017 MULTI: Learn: 10.0.0.18 -> mama-ipad/11.22.33.44:51328
Thu Jun 08 13:25:09 2017 MULTI: primary virtual IP for mama-ipad/11.22.33.44:51328: 10.0.0.18
Thu Jun 08 13:25:09 2017 mama-ipad/11.22.33.44:51328 PUSH: Received control message: 'PUSH_REQUEST'
Thu Jun 08 13:25:09 2017 mama-ipad/11.22.33.44:51328 send_push_reply(): safe_cap=940
Thu Jun 08 13:25:09 2017 mama-ipad/11.22.33.44:51328 SENT CONTROL [mama-ipad]: 'PUSH_REPLY,route 192.168.70.0 255.255.255.0,dhcp-option DOMAIN isential.local,dhcp-option DNS 192.168.70.203,dhcp-option WINS 192.168.70.203,route 10.0.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.0.0.18 10.0.0.17' (status=1)
Thu Jun 08 13:25:09 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 44
Thu Jun 08 13:25:09 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 44
Thu Jun 08 13:25:09 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 44
Thu Jun 08 13:25:10 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 59
Thu Jun 08 13:25:10 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 60
Thu Jun 08 13:25:10 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 55
Thu Jun 08 13:25:10 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 63
Thu Jun 08 13:25:11 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 59
Thu Jun 08 13:25:11 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 60
Thu Jun 08 13:25:11 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 55
Thu Jun 08 13:25:11 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 63
Thu Jun 08 13:25:11 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 44
Thu Jun 08 13:25:11 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 44
Thu Jun 08 13:25:11 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 44
Thu Jun 08 13:25:13 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 59
Thu Jun 08 13:25:13 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 60
Thu Jun 08 13:25:13 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 55
Thu Jun 08 13:25:13 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 63
Thu Jun 08 13:25:15 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 68
Thu Jun 08 13:25:15 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 44
Thu Jun 08 13:25:15 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 44
Thu Jun 08 13:25:15 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 44
Thu Jun 08 13:25:16 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 68
Thu Jun 08 13:25:17 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 59
Thu Jun 08 13:25:17 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 60
Thu Jun 08 13:25:17 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 55
Thu Jun 08 13:25:17 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 63
Thu Jun 08 13:25:18 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 68
Thu Jun 08 13:25:22 2017 mama-ipad/11.22.33.44:51328 Bad LZO decompression header byte: 68
Thu Jun 08 13:25:23 2017 mama-ipad/11.22.33.44:51328 FRAG_IN error flags=0xfa287f34: spurrious FRAG_WHOLE flags

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Successful (?) Connection every 30 sec, no ping, no network

Post by TinCanTech » Thu Jun 08, 2017 8:31 pm

You need --comp-lzo yes to be the same on both sides.

temuco
OpenVpn Newbie
Posts: 7
Joined: Fri Aug 12, 2016 8:03 am

Re: Successful (?) Connection every 30 sec, no ping, no network

Post by temuco » Fri Jun 09, 2017 1:57 pm

It is also so. Both on the server and on the client. I will do more tests at the weekend. Yesterday it was no longer possible.

Post Reply