Here is a part of client log showing reconnecting was successful:
Code: Select all
Sat Jun 10 08:29:42 2017 write UDP: Network is unreachable (code=101)
Sat Jun 10 08:29:42 2017 Network unreachable, restarting
Sat Jun 10 08:29:42 2017 SIGUSR1[soft,network-unreachable] received, process restarting
Sat Jun 10 08:29:42 2017 Restart pause, 5 second(s)
Sat Jun 10 08:29:47 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]133.23.229.25:1194
Sat Jun 10 08:29:47 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Jun 10 08:29:47 2017 UDP link local: (not bound)
Sat Jun 10 08:29:47 2017 UDP link remote: [AF_INET]133.23.229.25:1194
Sat Jun 10 08:29:48 2017 TLS: Initial packet from [AF_INET]136.243.229.25:1194, sid=1ee5a096 ae728fb0
Sat Jun 10 08:29:48 2017 VERIFY OK: depth=1, C=US, ST=NV, L=LasVegas, O=My LLC, OU=VPN, CN=My LLC CA, name=EasyRSA, emailAddress=postmaster@example.com
Sat Jun 10 08:29:48 2017 VERIFY OK: nsCertType=SERVER
Sat Jun 10 08:29:48 2017 VERIFY OK: depth=0, C=US, ST=NV, L=LasVegas, O=My LLC, OU=VPN, CN=vpn-nv, name=EasyRSA, emailAddress=postmaster@example.com
Sat Jun 10 08:29:48 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Jun 10 08:29:48 2017 [vpn-nv] Peer Connection Initiated with [AF_INET]133.23.229.25:1194
Sat Jun 10 08:29:50 2017 SENT CONTROL [vpn-nv]: 'PUSH_REQUEST' (status=1)
Sat Jun 10 08:29:50 2017 PUSH: Received control message: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,route 10.192.0.0 255.255.0.0,route 10.190.0.0 255.255.255.0,route 10.190.1.0 255.255.255.0,route 10.191.0.0 255.255.255.0,route 10.191.1.0 255.255.255.0,route 52.2.148.82 255.255.255.255,route 52.73.28.177 255.255.255.255,route 10.0.199.1,topology net30,ping 10,ping-restart 120,ifconfig 10.0.199.6 10.0.199.5,peer-id 0,cipher AES-256-GCM'
Sat Jun 10 08:29:50 2017 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jun 10 08:29:50 2017 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jun 10 08:29:50 2017 OPTIONS IMPORT: route options modified
Sat Jun 10 08:29:50 2017 OPTIONS IMPORT: peer-id set
Sat Jun 10 08:29:50 2017 OPTIONS IMPORT: adjusting link_mtu to 1625
Sat Jun 10 08:29:50 2017 OPTIONS IMPORT: data channel crypto options modified
Sat Jun 10 08:29:50 2017 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jun 10 08:29:50 2017 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jun 10 08:29:50 2017 Preserving previous TUN/TAP instance: tun0
Sat Jun 10 08:29:50 2017 Initialization Sequence Completed
Similar on server side:
Code: Select all
Fri Jun 9 22:32:41 2017 me@example.com/61.125.252.215:60762 [me@example.com] Inactivity timeout (--ping-restart), restarting
Fri Jun 9 22:32:41 2017 me@example.com/61.125.252.215:60762 SIGUSR1[soft,ping-restart] received, client-instance restarting
Fri Jun 9 22:33:07 2017 me@example.com/61.125.252.215:34020 [me@example.com] Inactivity timeout (--ping-restart), restarting
Fri Jun 9 22:33:07 2017 me@example.com/61.125.252.215:34020 SIGUSR1[soft,ping-restart] received, client-instance restarting
Fri Jun 9 22:46:34 2017 me@example.com/61.125.252.215:39664 [me@example.com] Inactivity timeout (--ping-restart), restarting
Fri Jun 9 22:46:34 2017 me@example.com/61.125.252.215:39664 SIGUSR1[soft,ping-restart] received, client-instance restarting
Fri Jun 9 23:29:48 2017 61.125.252.215:44264 TLS: Initial packet from [AF_INET]61.125.252.215:44264, sid=051507ea 0d4ab968
Fri Jun 9 23:29:49 2017 61.125.252.215:44264 VERIFY OK: depth=1, C=US, ST=NV, L=LasVegas, O=Mystaff.com LLC, OU=VPN, CN=Mystaff.com LLC CA, name=EasyRSA, emailAddress=postmaster@example.com
Fri Jun 9 23:29:49 2017 61.125.252.215:44264 VERIFY OK: depth=0, C=US, ST=NV, L=LasVegas, O=Mystaff.com LLC, OU=VPN, CN=me@example.com, name=EasyRSA, emailAddress=postmaster@example.com
Fri Jun 9 23:29:49 2017 61.125.252.215:44264 peer info: IV_VER=2.4.0
Fri Jun 9 23:29:49 2017 61.125.252.215:44264 peer info: IV_PLAT=linux
Fri Jun 9 23:29:49 2017 61.125.252.215:44264 peer info: IV_PROTO=2
Fri Jun 9 23:29:49 2017 61.125.252.215:44264 peer info: IV_NCP=2
Fri Jun 9 23:29:49 2017 61.125.252.215:44264 peer info: IV_LZ4=1
Fri Jun 9 23:29:49 2017 61.125.252.215:44264 peer info: IV_LZ4v2=1
Fri Jun 9 23:29:49 2017 61.125.252.215:44264 peer info: IV_LZO=1
Fri Jun 9 23:29:49 2017 61.125.252.215:44264 peer info: IV_COMP_STUB=1
Fri Jun 9 23:29:49 2017 61.125.252.215:44264 peer info: IV_COMP_STUBv2=1
Fri Jun 9 23:29:49 2017 61.125.252.215:44264 peer info: IV_TCPNL=1
Fri Jun 9 23:29:49 2017 61.125.252.215:44264 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Fri Jun 9 23:29:49 2017 61.125.252.215:44264 [me@example.com] Peer Connection Initiated with [AF_INET]61.125.252.215:44264
Fri Jun 9 23:29:49 2017 me@example.com/61.125.252.215:44264 OPTIONS IMPORT: reading client specific options from: ccd/me@example.com
Fri Jun 9 23:29:49 2017 me@example.com/61.125.252.215:44264 MULTI_sva: pool returned IPv4=10.0.199.6, IPv6=(Not enabled)
Fri Jun 9 23:29:49 2017 me@example.com/61.125.252.215:44264 MULTI: Learn: 10.0.199.6 -> me@example.com/61.125.252.215:44264
Fri Jun 9 23:29:49 2017 me@example.com/61.125.252.215:44264 MULTI: primary virtual IP for me@example.com/61.125.252.215:44264: 10.0.199.6
Fri Jun 9 23:29:51 2017 me@example.com/61.125.252.215:44264 PUSH: Received control message: 'PUSH_REQUEST'
Fri Jun 9 23:29:51 2017 me@example.com/61.125.252.215:44264 SENT CONTROL [me@example.com]: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,route 10.192.0.0 255.255.0.0,route 10.190.0.0 255.255.255.0,route 10.190.1.0 255.255.255.0,route 10.191.0.0 255.255.255.0,route 10.191.1.0 255.255.255.0,route 52.2.148.82 255.255.255.255,route 52.73.28.177 255.255.255.255,route 10.0.199.1,topology net30,ping 10,ping-restart 120,ifconfig 10.0.199.6 10.0.199.5,peer-id 0,cipher AES-256-GCM' (status=1)
Fri Jun 9 23:29:51 2017 me@example.com/61.125.252.215:44264 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Jun 9 23:29:51 2017 me@example.com/61.125.252.215:44264 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
tcpdump shows udp packets on port 1194 being sent from the client, and received on the server. However, it doesn't translate to any packet exchange in the "VPN layer".
Connectivity works correctly when I connect for the first time. It only doesn't work when reconnecting, if the network was interrupted for any reason (i.e. laptop being suspended).
There was connectivity after reconnecting when I was using OpenVPN 2.3.x on the server some time ago. Not sure what options I should be looking at to debug this further.