no connectivity after reconnection

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
mangoo
OpenVpn Newbie
Posts: 17
Joined: Fri Jun 09, 2017 10:32 pm

no connectivity after reconnection

Post by mangoo » Fri Jun 09, 2017 11:52 pm

When my internet connection is interrupted (i.e. laptop is suspended and then resumed), OpenVPN reconnects, however, there is no connectivity with OpenVPN server anymore. Both server and client are using OpenVPN 2.4.0 on Ubuntu Linux.

Here is a part of client log showing reconnecting was successful:

Code: Select all

Sat Jun 10 08:29:42 2017 write UDP: Network is unreachable (code=101)
Sat Jun 10 08:29:42 2017 Network unreachable, restarting
Sat Jun 10 08:29:42 2017 SIGUSR1[soft,network-unreachable] received, process restarting
Sat Jun 10 08:29:42 2017 Restart pause, 5 second(s)
Sat Jun 10 08:29:47 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]133.23.229.25:1194
Sat Jun 10 08:29:47 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Jun 10 08:29:47 2017 UDP link local: (not bound)
Sat Jun 10 08:29:47 2017 UDP link remote: [AF_INET]133.23.229.25:1194
Sat Jun 10 08:29:48 2017 TLS: Initial packet from [AF_INET]136.243.229.25:1194, sid=1ee5a096 ae728fb0
Sat Jun 10 08:29:48 2017 VERIFY OK: depth=1, C=US, ST=NV, L=LasVegas, O=My LLC, OU=VPN, CN=My LLC CA, name=EasyRSA, emailAddress=postmaster@example.com
Sat Jun 10 08:29:48 2017 VERIFY OK: nsCertType=SERVER
Sat Jun 10 08:29:48 2017 VERIFY OK: depth=0, C=US, ST=NV, L=LasVegas, O=My LLC, OU=VPN, CN=vpn-nv, name=EasyRSA, emailAddress=postmaster@example.com
Sat Jun 10 08:29:48 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Jun 10 08:29:48 2017 [vpn-nv] Peer Connection Initiated with [AF_INET]133.23.229.25:1194
Sat Jun 10 08:29:50 2017 SENT CONTROL [vpn-nv]: 'PUSH_REQUEST' (status=1)
Sat Jun 10 08:29:50 2017 PUSH: Received control message: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,route 10.192.0.0 255.255.0.0,route 10.190.0.0 255.255.255.0,route 10.190.1.0 255.255.255.0,route 10.191.0.0 255.255.255.0,route 10.191.1.0 255.255.255.0,route 52.2.148.82 255.255.255.255,route 52.73.28.177 255.255.255.255,route 10.0.199.1,topology net30,ping 10,ping-restart 120,ifconfig 10.0.199.6 10.0.199.5,peer-id 0,cipher AES-256-GCM'
Sat Jun 10 08:29:50 2017 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jun 10 08:29:50 2017 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jun 10 08:29:50 2017 OPTIONS IMPORT: route options modified
Sat Jun 10 08:29:50 2017 OPTIONS IMPORT: peer-id set
Sat Jun 10 08:29:50 2017 OPTIONS IMPORT: adjusting link_mtu to 1625
Sat Jun 10 08:29:50 2017 OPTIONS IMPORT: data channel crypto options modified
Sat Jun 10 08:29:50 2017 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jun 10 08:29:50 2017 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jun 10 08:29:50 2017 Preserving previous TUN/TAP instance: tun0
Sat Jun 10 08:29:50 2017 Initialization Sequence Completed

Similar on server side:

Code: Select all

Fri Jun  9 22:32:41 2017 me@example.com/61.125.252.215:60762 [me@example.com] Inactivity timeout (--ping-restart), restarting
Fri Jun  9 22:32:41 2017 me@example.com/61.125.252.215:60762 SIGUSR1[soft,ping-restart] received, client-instance restarting
Fri Jun  9 22:33:07 2017 me@example.com/61.125.252.215:34020 [me@example.com] Inactivity timeout (--ping-restart), restarting
Fri Jun  9 22:33:07 2017 me@example.com/61.125.252.215:34020 SIGUSR1[soft,ping-restart] received, client-instance restarting
Fri Jun  9 22:46:34 2017 me@example.com/61.125.252.215:39664 [me@example.com] Inactivity timeout (--ping-restart), restarting
Fri Jun  9 22:46:34 2017 me@example.com/61.125.252.215:39664 SIGUSR1[soft,ping-restart] received, client-instance restarting
Fri Jun  9 23:29:48 2017 61.125.252.215:44264 TLS: Initial packet from [AF_INET]61.125.252.215:44264, sid=051507ea 0d4ab968
Fri Jun  9 23:29:49 2017 61.125.252.215:44264 VERIFY OK: depth=1, C=US, ST=NV, L=LasVegas, O=Mystaff.com LLC, OU=VPN, CN=Mystaff.com LLC CA, name=EasyRSA, emailAddress=postmaster@example.com
Fri Jun  9 23:29:49 2017 61.125.252.215:44264 VERIFY OK: depth=0, C=US, ST=NV, L=LasVegas, O=Mystaff.com LLC, OU=VPN, CN=me@example.com, name=EasyRSA, emailAddress=postmaster@example.com
Fri Jun  9 23:29:49 2017 61.125.252.215:44264 peer info: IV_VER=2.4.0
Fri Jun  9 23:29:49 2017 61.125.252.215:44264 peer info: IV_PLAT=linux
Fri Jun  9 23:29:49 2017 61.125.252.215:44264 peer info: IV_PROTO=2
Fri Jun  9 23:29:49 2017 61.125.252.215:44264 peer info: IV_NCP=2
Fri Jun  9 23:29:49 2017 61.125.252.215:44264 peer info: IV_LZ4=1
Fri Jun  9 23:29:49 2017 61.125.252.215:44264 peer info: IV_LZ4v2=1
Fri Jun  9 23:29:49 2017 61.125.252.215:44264 peer info: IV_LZO=1
Fri Jun  9 23:29:49 2017 61.125.252.215:44264 peer info: IV_COMP_STUB=1
Fri Jun  9 23:29:49 2017 61.125.252.215:44264 peer info: IV_COMP_STUBv2=1
Fri Jun  9 23:29:49 2017 61.125.252.215:44264 peer info: IV_TCPNL=1
Fri Jun  9 23:29:49 2017 61.125.252.215:44264 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Fri Jun  9 23:29:49 2017 61.125.252.215:44264 [me@example.com] Peer Connection Initiated with [AF_INET]61.125.252.215:44264
Fri Jun  9 23:29:49 2017 me@example.com/61.125.252.215:44264 OPTIONS IMPORT: reading client specific options from: ccd/me@example.com
Fri Jun  9 23:29:49 2017 me@example.com/61.125.252.215:44264 MULTI_sva: pool returned IPv4=10.0.199.6, IPv6=(Not enabled)
Fri Jun  9 23:29:49 2017 me@example.com/61.125.252.215:44264 MULTI: Learn: 10.0.199.6 -> me@example.com/61.125.252.215:44264
Fri Jun  9 23:29:49 2017 me@example.com/61.125.252.215:44264 MULTI: primary virtual IP for me@example.com/61.125.252.215:44264: 10.0.199.6
Fri Jun  9 23:29:51 2017 me@example.com/61.125.252.215:44264 PUSH: Received control message: 'PUSH_REQUEST'
Fri Jun  9 23:29:51 2017 me@example.com/61.125.252.215:44264 SENT CONTROL [me@example.com]: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,route 10.192.0.0 255.255.0.0,route 10.190.0.0 255.255.255.0,route 10.190.1.0 255.255.255.0,route 10.191.0.0 255.255.255.0,route 10.191.1.0 255.255.255.0,route 52.2.148.82 255.255.255.255,route 52.73.28.177 255.255.255.255,route 10.0.199.1,topology net30,ping 10,ping-restart 120,ifconfig 10.0.199.6 10.0.199.5,peer-id 0,cipher AES-256-GCM' (status=1)
Fri Jun  9 23:29:51 2017 me@example.com/61.125.252.215:44264 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Fri Jun  9 23:29:51 2017 me@example.com/61.125.252.215:44264 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key


tcpdump shows udp packets on port 1194 being sent from the client, and received on the server. However, it doesn't translate to any packet exchange in the "VPN layer".


Connectivity works correctly when I connect for the first time. It only doesn't work when reconnecting, if the network was interrupted for any reason (i.e. laptop being suspended).

There was connectivity after reconnecting when I was using OpenVPN 2.3.x on the server some time ago. Not sure what options I should be looking at to debug this further.
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: no connectivity after reconnection

Post by TinCanTech » Sat Jun 10, 2017 1:20 pm

Your config files may help ..
Top
mangoo
OpenVpn Newbie
Posts: 17
Joined: Fri Jun 09, 2017 10:32 pm

Re: no connectivity after reconnection

Post by mangoo » Sat Jun 10, 2017 1:27 pm

Client side config:

Code: Select all

client
dev tun
proto udp

remote 1.2.3.4 1194

resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
verb 3
mssfix 1400
ping 10
ping-restart 30

<ca>...</ca>
<cert>...</cert>
<key>...</key>

Server side config:

Code: Select all

port 1194
proto udp
dev tun

ca ca.crt
cert server.crt
key server.key

dh dh2048.pem

server 10.0.199.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push "route 10.0.0.0 255.255.255.0"
push "route 10.192.0.0 255.255.0.0"
push "route 10.190.0.0 255.255.255.0"
push "route 10.190.1.0 255.255.255.0"
push "route 10.191.0.0 255.255.255.0"
push "route 10.191.1.0 255.255.255.0"

client-config-dir ccd
ccd-exclusive
duplicate-cn

keepalive 10 120

comp-lzo

user nobody
group nogroup

persist-key
persist-tun

status openvpn-status.log

log         /var/log/openvpn.log
log-append  /var/log/openvpn.log

verb 3
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: no connectivity after reconnection

Post by TinCanTech » Sat Jun 10, 2017 1:32 pm

Try removing --ping* and --persist-* from your client
and use --keepalive 10 30 in your server.
Top
mangoo
OpenVpn Newbie
Posts: 17
Joined: Fri Jun 09, 2017 10:32 pm

Re: no connectivity after reconnection

Post by mangoo » Sat Jun 10, 2017 1:43 pm

Unfortunately it doesn't help.

Client reconnects successfully, but there is no connectivity with networks behind VPN.

I have to ctrl+c (exit openvpn on client side) and start it again to regain VPN connectivity.
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: no connectivity after reconnection

Post by TinCanTech » Sat Jun 10, 2017 2:00 pm

There are three bug reports for standby problems but they are all closed. Please see if any of the solutions documented work for you.

Otherwise, please document your setup properly so that we can ascertain if this is a new problem.
Please see: HOWTO: Request Help !
Top
Post Reply

Return to “Configuration”