Sorry for posting that many details but I've been looking for a solution for some month and my frustration level is rather high. I hope to get some help here.
I'm using the OpenVPN client on my WHS 2003 to setup a VPN connection to the anonymisation service TUVPN.com. The WHS is the only connection to the internet for my entire private network, thus working as a 24/7 router.
My problem is that every 1 to 4 days the VPN connection drops and doesn't reconnect automatically. Of course as a result the internet connection in my private network is lost. I understand that such connection is not stayable for ever but at least I would expect an automatic reconnection after such disconnect.
Typically the failure log starts with
Code: Select all
TLS: soft reset sec=0 bytes=1580961486/0 pkts=6378702/0
Code: Select all
Cannot resolve host address: amsterdam1.tuvpn.com: [NO_DATA] The requested name is valid but does not have an IP address
Code: Select all
Sat Mar 31 10:04:00 2012 OpenVPN 2.1.4 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 2 2010
Sat Mar 31 10:04:00 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Mar 31 10:04:00 2012 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Sat Mar 31 10:04:00 2012 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 31 10:04:00 2012 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 31 10:04:00 2012 LZO compression initialized
Sat Mar 31 10:04:00 2012 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Mar 31 10:04:00 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Mar 31 10:04:00 2012 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Mar 31 10:04:00 2012 Local Options hash (VER=V4): '9e7066d2'
Sat Mar 31 10:04:00 2012 Expected Remote Options hash (VER=V4): '162b04de'
Sat Mar 31 10:04:00 2012 UDPv4 link local: [undef]
Sat Mar 31 10:04:00 2012 UDPv4 link remote: 85.17.122.3:1194
Sat Mar 31 10:04:00 2012 TLS: Initial packet from 85.17.122.3:1194, sid=30f8c516 1a97b0ca
Sat Mar 31 10:04:00 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Mar 31 10:04:00 2012 VERIFY OK: depth=1, /C=TU/ST=TUVPN/L=TUVPN/O=TUVPN/CN=TUVPN_CA/emailAddress=contacto@tuvpn.com
Sat Mar 31 10:04:00 2012 VERIFY OK: nsCertType=SERVER
Sat Mar 31 10:04:00 2012 VERIFY OK: depth=0, /C=TU/ST=TUVPN/L=TUVPN/O=TUVPN/CN=server/emailAddress=contacto@tuvpn.com
Sat Mar 31 10:04:01 2012 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Mar 31 10:04:01 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 31 10:04:01 2012 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Mar 31 10:04:01 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Mar 31 10:04:01 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sat Mar 31 10:04:01 2012 [server] Peer Connection Initiated with 85.17.122.3:1194
Sat Mar 31 10:04:03 2012 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Mar 31 10:04:03 2012 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.10.10.21,route 10.71.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.71.0.14 10.71.0.13'
Sat Mar 31 10:04:03 2012 OPTIONS IMPORT: timers and/or timeouts modified
Sat Mar 31 10:04:03 2012 OPTIONS IMPORT: --ifconfig/up options modified
Sat Mar 31 10:04:03 2012 OPTIONS IMPORT: route options modified
Sat Mar 31 10:04:03 2012 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Mar 31 10:04:03 2012 ROUTE default_gateway=192.168.2.1
Sat Mar 31 10:04:03 2012 TAP-WIN32 device [OpenVPN] opened: \\.\Global\{E584BC35-671E-4A69-AA82-195C7BA2FDA6}.tap
Sat Mar 31 10:04:03 2012 TAP-Win32 Driver Version 9.6
Sat Mar 31 10:04:03 2012 TAP-Win32 MTU=1500
Sat Mar 31 10:04:03 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.71.0.14/255.255.255.252 on interface {E584BC35-671E-4A69-AA82-195C7BA2FDA6} [DHCP-serv: 10.71.0.13, lease-time: 31536000]
Sat Mar 31 10:04:03 2012 Successful ARP Flush on interface [2] {E584BC35-671E-4A69-AA82-195C7BA2FDA6}
Sat Mar 31 10:04:05 2012 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Sat Mar 31 10:04:05 2012 Route: Waiting for TUN/TAP interface to come up...
Sat Mar 31 10:04:08 2012 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Sat Mar 31 10:04:08 2012 Route: Waiting for TUN/TAP interface to come up...
Sat Mar 31 10:04:09 2012 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Sat Mar 31 10:04:09 2012 C:\WINDOWS\system32\route.exe ADD 85.17.122.3 MASK 255.255.255.255 192.168.2.1
Sat Mar 31 10:04:09 2012 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.71.0.13
Sat Mar 31 10:04:09 2012 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.71.0.13
Sat Mar 31 10:04:09 2012 C:\WINDOWS\system32\route.exe ADD 10.71.0.1 MASK 255.255.255.255 10.71.0.13
Sat Mar 31 10:04:09 2012 Initialization Sequence Completed
Sat Mar 31 21:51:49 2012 Authenticate/Decrypt packet error: packet HMAC authentication failed
Sun Apr 01 16:27:08 2012 Replay-window backtrack occurred [1]
Sun Apr 01 16:30:24 2012 Authenticate/Decrypt packet error: packet HMAC authentication failed
Sun Apr 01 17:53:36 2012 Replay-window backtrack occurred [2]
--- Problem starts here --------------
Mon Apr 02 10:04:01 2012 TLS: soft reset sec=0 bytes=1580961486/0 pkts=6378702/0
Mon Apr 02 10:04:01 2012 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Apr 02 10:04:01 2012 VERIFY OK: depth=1, /C=TU/ST=TUVPN/L=TUVPN/O=TUVPN/CN=TUVPN_CA/emailAddress=contacto@tuvpn.com
Mon Apr 02 10:04:01 2012 VERIFY OK: nsCertType=SERVER
Mon Apr 02 10:04:01 2012 VERIFY OK: depth=0, /C=TU/ST=TUVPN/L=TUVPN/O=TUVPN/CN=server/emailAddress=contacto@tuvpn.com
Mon Apr 02 10:04:02 2012 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Apr 02 10:04:02 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr 02 10:04:02 2012 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Apr 02 10:04:02 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Apr 02 10:04:02 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Apr 02 10:10:47 2012 [server] Inactivity timeout (--ping-restart), restarting
Mon Apr 02 10:10:47 2012 TCP/UDP: Closing socket
Mon Apr 02 10:10:47 2012 SIGUSR1[soft,ping-restart] received, process restarting
Mon Apr 02 10:10:47 2012 Restart pause, 2 second(s)
Mon Apr 02 10:10:49 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Mon Apr 02 10:10:49 2012 Re-using SSL/TLS context
Mon Apr 02 10:10:49 2012 LZO compression initialized
Mon Apr 02 10:10:49 2012 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Mon Apr 02 10:10:49 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Apr 02 10:11:01 2012 RESOLVE: Cannot resolve host address: amsterdam1.tuvpn.com: [NO_DATA] The requested name is valid but does not have an IP address.
Mon Apr 02 10:11:01 2012 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Apr 02 10:11:01 2012 Local Options hash (VER=V4): '9e7066d2'
Mon Apr 02 10:11:01 2012 Expected Remote Options hash (VER=V4): '162b04de'
Mon Apr 02 10:11:13 2012 RESOLVE: Cannot resolve host address: amsterdam1.tuvpn.com: [NO_DATA] The requested name is valid but does not have an IP address.
Mon Apr 02 10:11:30 2012 RESOLVE: Cannot resolve host address: amsterdam1.tuvpn.com: [NO_DATA] The requested name is valid but does not have an IP address.
Mon Apr 02 10:11:47 2012 RESOLVE: Cannot resolve host address: amsterdam1.tuvpn.com: [NO_DATA] The requested name is valid but does not have an IP address.
Mon Apr 02 10:12:04 2012 RESOLVE: Cannot resolve host address: amsterdam1.tuvpn.com: [NO_DATA] The requested name is valid but does not have an IP address.
Mon Apr 02 10:12:21 2012 RESOLVE: Cannot resolve host address: amsterdam1.tuvpn.com: [NO_DATA] The requested name is valid but does not have an IP address.
...
Code: Select all
client
dev tun
proto udp
remote amsterdam1.tuvpn.com 1194
reneg-sec 172800
resolv-retry infinite
nobind
persist-key
persist-tun
route-method exe
route-delay 2
ca ca.crt
cert usuario.crt
key usuario.key
ns-cert-type server
tls-auth ta.key 1
cipher AES-256-CBC
comp-lzo
explicit-exit-notify 2
verb 3
auth-user-pass pass.txt
inactive 86400
my ipconfig /all:
Code: Select all
Windows-IP-Konfiguration
Hostname . . . . . . . . . . . . : whs
Primäres DNS-Suffix . . . . . . . :
Knotentyp . . . . . . . . . . . . : Unbekannt
IP-Routing aktiviert . . . . . . : Ja
WINS-Proxy aktiviert . . . . . . : Nein
Ethernet-Adapter OpenVPN:
Verbindungsspezifisches DNS-Suffix:
Beschreibung . . . . . . . . . . : TAP-Win32 Adapter V9
Physikalische Adresse . . . . . . : 00-GF-E5-85-BD-35
DHCP aktiviert . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
IP-Adresse. . . . . . . . . . . . : 10.71.0.38
Subnetzmaske . . . . . . . . . . : 255.255.255.252
Standardgateway . . . . . . . . . : 10.71.0.37
DHCP-Server . . . . . . . . . . . : 10.71.0.37
DNS-Server . . . . . . . . . . . : 10.10.10.21
Lease erhalten . . . . . . . . . : Montag, 2. April 2012 22:30:40
Lease läuft ab . . . . . . . . . : Dienstag, 2. April 2013 22:30:40
Ethernet-Adapter Intel (LAN):
Verbindungsspezifisches DNS-Suffix:
Beschreibung . . . . . . . . . . : Intel(R) Gigabit CT Desktop Adapter
Physikalische Adresse . . . . . . : 68-0G-CA-06-46-BD
DHCP aktiviert . . . . . . . . . : Nein
IP-Adresse. . . . . . . . . . . . : 192.168.1.1
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Standardgateway . . . . . . . . . :
Ethernet-Adapter Realtek (WAN):
Verbindungsspezifisches DNS-Suffix:
Beschreibung . . . . . . . . . . : Realtek RTL8169/8110 Family Gigabit Ethernet NIC
Physikalische Adresse . . . . . . : 00-1E-2A-DB-83-FA
DHCP aktiviert . . . . . . . . . : Nein
IP-Adresse. . . . . . . . . . . . : 192.168.2.2
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Standardgateway . . . . . . . . . : 192.168.2.1
DNS-Server . . . . . . . . . . . : 208.67.222.222
1.) Start OpenVPN GUI 1.0.3 with administrator rights.
2.) Right mouse click on OpenVPN icon in task menue to select server to connect to.
3.) Once connected I setup NAT via RRAS Setup Wizard to connect OpenVPN adapter to private network.
I contacted TUVPN.com already for a solution but I'm neither sure that their response is correct nor such manual workaround is want I'm looking for. They wrote:
> This is most likely happening due to the network routes getting
> corrupted pushed by OpenVPN at the client machine.
> This can be resolve by disabling and re-enabling the TAP adapter, this
> can be found control panel -> network and configuration -> change
> adapter settings -> and look for device name read as TAP-win32
> adapter (if it doesn't show please choose 'change your view' and
> select details)
The cable modem keeps connection to my ISP and does not show any failure or disconnects from my ISP. I tried WHS 2011 already with the same behaviour.
Any advise ?
Regards
Klaus F