torguard VPN and intermittent connectivity failure

This forum is for general conversation and user-user networking.
Post Reply
S1m0n
OpenVpn Newbie
Posts: 3
Joined: Tue Mar 22, 2016 6:22 pm

torguard VPN and intermittent connectivity failure

Post by S1m0n » Tue Mar 22, 2016 7:10 pm

I have an always on VPN connection to the torguard service via my Netgear R7000 router running DD-WRT. Often the service works for 1 or 2 weeks at a time without issue. One such issue happened yesterday. I talked to torguard about it and they said they have a copy of my password and their automated test system says that they can use the password to log into my account and therefore the problem must be on my side. They recommend changing the password to a less complicated one because some scripts don't like special characters. As a software developer with over 30 years experience then I'm not sure that I can agree with this advice. And since no new scripts have been installed on the router then surely there is no reason for the un-updated scripts to fail? What happened was the following: The VPN auth failed. It failed again when I rebooted the router. torguard then offered their advice. And then I rebooted again and everything worked as expected. I have the following questions:

* Which changes can I make to the openvpn client config to help debug these connectivity issues?
* When the openvpn client fails to connect then it just exits and the router continues with the ISP supplied IP. How can I make openvpn try to connect again automatically? I tried "auth-retry no interact" but this didn't work and just went into an endless loop :-(

Yesterday evening the VPN appeared to be flaky and finally failed at 00:24:16. I finally rebooted the router at 09:08:18 this morning. Please see log snippet below. I notice the following:

* 76.164.234.138 is the VPN IP, and 173.180.66.116 is the ISP IP.
* The router reverts to the ISP IP at 20:36:45, 21:39:52 and 23:24:18. Why? On each occasion openvpn just logs "Closing TUN/TAP interface" without any explanation.
* torguard says that the various warnings and HMAC auth fails are nothing to worry about. Is that true? If not, how to get rid of them?
* How can this occur? "kernel: br0: received packet on eth1 with own address as source address". Do I need to worry about that?

Thanks in advance!

Mar 21 17:39:55 76.164.234.138 openvpn: TLS: soft reset sec=0 bytes=629301065/0 pkts=1175513/0
Mar 21 17:39:55 76.164.234.138 openvpn: VERIFY OK: depth=1, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
Mar 21 17:39:55 76.164.234.138 openvpn: Validating certificate key usage
Mar 21 17:39:55 76.164.234.138 openvpn: ++ Certificate has key usage 00a0, expects 00a0
Mar 21 17:39:55 76.164.234.138 openvpn: VERIFY KU OK
Mar 21 17:39:55 76.164.234.138 openvpn: NOTE: --mute triggered...
Mar 21 17:39:56 76.164.234.138 openvpn: 4 variation(s) on previous 5 message(s) suppressed by --mute
Mar 21 17:39:56 76.164.234.138 openvpn: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1442', remote='link-mtu 1574'
Mar 21 17:39:56 76.164.234.138 openvpn: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1400', remote='tun-mtu 1532'
Mar 21 17:39:56 76.164.234.138 openvpn: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mar 21 17:39:56 76.164.234.138 openvpn: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 21 17:39:56 76.164.234.138 openvpn: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mar 21 17:39:56 76.164.234.138 openvpn: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 21 17:39:56 76.164.234.138 openvpn: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mar 21 17:43:34 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:43:34 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:43:42 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:44:01 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:44:02 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:44:02 76.164.234.138 openvpn: NOTE: --mute triggered...
Mar 21 17:44:13 76.164.234.138 openvpn: 3 variation(s) on previous 5 message(s) suppressed by --mute
Mar 21 17:44:13 76.164.234.138 openvpn: tun packet too large on write (tried=1401,max=1400)
Mar 21 17:44:17 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:44:20 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:44:20 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:44:25 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:44:25 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:44:26 76.164.234.138 openvpn: NOTE: --mute triggered...
Mar 21 17:46:08 76.164.234.138 openvpn: 10 variation(s) on previous 5 message(s) suppressed by --mute
Mar 21 17:46:08 76.164.234.138 openvpn: tun packet too large on write (tried=1401,max=1400)
Mar 21 17:46:09 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:46:10 76.164.234.138 openvpn: tun packet too large on write (tried=1401,max=1400)
Mar 21 17:46:12 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:46:13 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:46:14 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:46:15 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:46:15 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:46:16 76.164.234.138 openvpn: NOTE: --mute triggered...
Mar 21 17:46:25 76.164.234.138 openvpn: 2 variation(s) on previous 5 message(s) suppressed by --mute
Mar 21 17:46:25 76.164.234.138 openvpn: tun packet too large on write (tried=1401,max=1400)
Mar 21 17:46:26 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:46:27 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:46:27 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:46:32 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:46:35 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:46:36 76.164.234.138 openvpn: NOTE: --mute triggered...
Mar 21 17:48:40 76.164.234.138 openvpn: 14 variation(s) on previous 5 message(s) suppressed by --mute
Mar 21 17:48:40 76.164.234.138 openvpn: tun packet too large on write (tried=1401,max=1400)
Mar 21 17:48:44 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:48:44 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:48:50 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:48:50 76.164.234.138 openvpn: tun packet too large on write (tried=1402,max=1400)
Mar 21 17:48:52 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:48:52 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:48:58 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:49:04 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:49:04 76.164.234.138 openvpn: Authenticate/Decrypt packet error: packet HMAC authentication failed
Mar 21 17:49:06 76.164.234.138 openvpn: NOTE: --mute triggered...
Mar 21 18:39:55 76.164.234.138 openvpn: 33 variation(s) on previous 5 message(s) suppressed by --mute
Mar 21 18:39:55 76.164.234.138 openvpn: TLS: tls_process: killed expiring key
Mar 21 18:39:56 76.164.234.138 openvpn: TLS: soft reset sec=0 bytes=593715473/0 pkts=1527133/0
Mar 21 18:39:56 76.164.234.138 openvpn: VERIFY OK: depth=1, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
Mar 21 18:39:56 76.164.234.138 openvpn: Validating certificate key usage
Mar 21 18:39:56 76.164.234.138 openvpn: ++ Certificate has key usage 00a0, expects 00a0
Mar 21 18:39:56 76.164.234.138 openvpn: NOTE: --mute triggered...
Mar 21 18:39:57 76.164.234.138 openvpn: 5 variation(s) on previous 5 message(s) suppressed by --mute
Mar 21 18:39:57 76.164.234.138 openvpn: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1442', remote='link-mtu 1574'
Mar 21 18:39:57 76.164.234.138 openvpn: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1400', remote='tun-mtu 1532'
Mar 21 18:39:57 76.164.234.138 openvpn: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mar 21 18:39:57 76.164.234.138 openvpn: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 21 18:39:57 76.164.234.138 openvpn: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mar 21 18:39:57 76.164.234.138 openvpn: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 21 18:39:57 76.164.234.138 openvpn: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mar 21 19:39:56 76.164.234.138 openvpn: NOTE: --mute triggered...
Mar 21 19:39:58 76.164.234.138 openvpn: 10 variation(s) on previous 5 message(s) suppressed by --mute
Mar 21 19:39:58 76.164.234.138 openvpn: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1442', remote='link-mtu 1574'
Mar 21 19:39:58 76.164.234.138 openvpn: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1400', remote='tun-mtu 1532'
Mar 21 19:39:58 76.164.234.138 openvpn: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mar 21 19:39:58 76.164.234.138 openvpn: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 21 19:39:58 76.164.234.138 openvpn: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mar 21 19:39:58 76.164.234.138 openvpn: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 21 19:39:58 76.164.234.138 openvpn: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mar 21 20:36:45 173.180.66.116 openvpn: Closing TUN/TAP interface
Mar 21 20:36:45 173.180.66.116 openvpn: /sbin/ifconfig tun0 0.0.0.0
Mar 21 20:36:45 173.180.66.116 openvpn: /tmp/torguard/route-down.sh tun0 1400 1442 10.9.0.22 10.9.0.21 init
Mar 21 20:36:46 173.180.66.116 openvpn: ROUTE_GATEWAY 173.180.64.1/255.255.252.0 IFACE=vlan2 HWADDR=e4:f4:c6:05:32:fd
Mar 21 20:36:46 173.180.66.116 openvpn: TUN/TAP device tun0 opened
Mar 21 20:36:46 173.180.66.116 openvpn: TUN/TAP TX queue length set to 100
Mar 21 20:36:46 173.180.66.116 openvpn: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mar 21 20:36:46 173.180.66.116 openvpn: /sbin/ifconfig tun0 10.9.0.10 pointopoint 10.9.0.9 mtu 1400
Mar 21 20:36:46 173.180.66.116 openvpn: /sbin/route add -net 76.164.234.138 netmask 255.255.255.255 gw 173.180.64.1
Mar 21 20:36:46 173.180.66.116 openvpn: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.9.0.9
Mar 21 20:36:46 173.180.66.116 openvpn: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.9.0.9
Mar 21 20:36:46 76.164.234.138 openvpn: /sbin/route add -net 10.9.0.1 netmask 255.255.255.255 gw 10.9.0.9
Mar 21 20:36:46 76.164.234.138 openvpn: Initialization Sequence Completed
Mar 21 20:51:08 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 20:51:22 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 20:51:31 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 20:51:52 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 20:52:01 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 20:52:08 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 20:52:14 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:01:15 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:02:58 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:03:04 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:03:11 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:03:18 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:03:25 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:03:39 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:06:05 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:06:58 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:07:13 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:07:20 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:07:38 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:07:45 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:07:55 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:08:38 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:10:38 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:11:38 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:11:45 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:12:18 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:12:47 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:13:05 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:14:33 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:14:39 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:14:51 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:15:02 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:15:34 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:24:39 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:29:57 76.164.234.138 openvpn: 4 variation(s) on previous 5 message(s) suppressed by --mute
Mar 21 21:29:57 76.164.234.138 openvpn: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1442', remote='link-mtu 1574'
Mar 21 21:29:57 76.164.234.138 openvpn: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1400', remote='tun-mtu 1532'
Mar 21 21:29:57 76.164.234.138 openvpn: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mar 21 21:29:57 76.164.234.138 openvpn: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 21 21:29:57 76.164.234.138 openvpn: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mar 21 21:29:57 76.164.234.138 openvpn: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 21 21:29:57 76.164.234.138 openvpn: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mar 21 21:29:57 76.164.234.138 openvpn: [TG-OVPN-CA] Peer Connection Initiated with [AF_INET]76.164.234.138:443
Mar 21 21:29:59 76.164.234.138 openvpn: SENT CONTROL [TG-OVPN-CA]: 'PUSH_REQUEST' (status=1)
Mar 21 21:29:59 76.164.234.138 openvpn: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.9.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.9.0.10 10.9.0.9'
Mar 21 21:29:59 76.164.234.138 openvpn: OPTIONS IMPORT: timers and/or timeouts modified
Mar 21 21:29:59 76.164.234.138 openvpn: OPTIONS IMPORT: --ifconfig/up options modified
Mar 21 21:29:59 76.164.234.138 openvpn: OPTIONS IMPORT: route options modified
Mar 21 21:29:59 76.164.234.138 openvpn: NOTE: --mute triggered...
Mar 21 21:29:59 76.164.234.138 openvpn: 1 variation(s) on previous 5 message(s) suppressed by --mute
Mar 21 21:29:59 76.164.234.138 openvpn: Preserving previous TUN/TAP instance: tun0
Mar 21 21:29:59 76.164.234.138 openvpn: Initialization Sequence Completed
Mar 21 21:30:47 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:39:52 173.180.66.116 openvpn: Closing TUN/TAP interface
Mar 21 21:39:52 173.180.66.116 openvpn: /sbin/ifconfig tun0 0.0.0.0
Mar 21 21:39:52 173.180.66.116 openvpn: /tmp/torguard/route-down.sh tun0 1400 1442 10.9.0.10 10.9.0.9 init
Mar 21 21:39:53 173.180.66.116 openvpn: ROUTE_GATEWAY 173.180.64.1/255.255.252.0 IFACE=vlan2 HWADDR=e4:f4:c6:05:32:fd
Mar 21 21:39:53 173.180.66.116 openvpn: TUN/TAP device tun0 opened
Mar 21 21:39:53 173.180.66.116 openvpn: TUN/TAP TX queue length set to 100
Mar 21 21:39:53 173.180.66.116 openvpn: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mar 21 21:39:53 173.180.66.116 openvpn: /sbin/ifconfig tun0 10.9.0.26 pointopoint 10.9.0.25 mtu 1400
Mar 21 21:39:53 173.180.66.116 openvpn: /sbin/route add -net 76.164.234.138 netmask 255.255.255.255 gw 173.180.64.1
Mar 21 21:39:53 173.180.66.116 openvpn: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.9.0.25
Mar 21 21:39:53 173.180.66.116 openvpn: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.9.0.25
Mar 21 21:39:53 76.164.234.138 openvpn: /sbin/route add -net 10.9.0.1 netmask 255.255.255.255 gw 10.9.0.25
Mar 21 21:39:53 76.164.234.138 openvpn: Initialization Sequence Completed
Mar 21 21:45:27 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:56:22 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:57:17 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:57:30 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:58:07 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 21:58:32 76.164.234.138 kernel: br0: received packet on eth1 with own address as source address
Mar 21 22:17:24 76.164.234.138 kernel: nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.
Mar 21 22:39:50 76.164.234.138 openvpn: TLS: soft reset sec=0 bytes=1965217460/0 pkts=2418478/0
Mar 21 22:39:50 76.164.234.138 openvpn: VERIFY OK: depth=1, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
Mar 21 22:39:50 76.164.234.138 openvpn: Validating certificate key usage
Mar 21 22:39:50 76.164.234.138 openvpn: ++ Certificate has key usage 00a0, expects 00a0
Mar 21 22:39:50 76.164.234.138 openvpn: VERIFY KU OK
Mar 21 22:39:50 76.164.234.138 openvpn: NOTE: --mute triggered...
Mar 21 22:39:51 76.164.234.138 openvpn: 4 variation(s) on previous 5 message(s) suppressed by --mute
Mar 21 22:39:51 76.164.234.138 openvpn: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1442', remote='link-mtu 1574'
Mar 21 22:39:51 76.164.234.138 openvpn: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1400', remote='tun-mtu 1532'
Mar 21 22:39:51 76.164.234.138 openvpn: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mar 21 22:39:51 76.164.234.138 openvpn: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 21 22:39:51 76.164.234.138 openvpn: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mar 21 22:39:51 76.164.234.138 openvpn: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 21 22:39:51 76.164.234.138 openvpn: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mar 21 23:24:18 173.180.66.116 openvpn: Closing TUN/TAP interface
Mar 21 23:24:18 173.180.66.116 openvpn: /sbin/ifconfig tun0 0.0.0.0
Mar 21 23:24:18 173.180.66.116 openvpn: /tmp/torguard/route-down.sh tun0 1400 1442 10.9.0.26 10.9.0.25 init
Mar 21 23:24:19 173.180.66.116 openvpn: ROUTE_GATEWAY 173.180.64.1/255.255.252.0 IFACE=vlan2 HWADDR=e4:f4:c6:05:32:fd
Mar 21 23:24:19 173.180.66.116 openvpn: TUN/TAP device tun0 opened
Mar 21 23:24:19 173.180.66.116 openvpn: TUN/TAP TX queue length set to 100
Mar 21 23:24:19 173.180.66.116 openvpn: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mar 21 23:24:19 173.180.66.116 openvpn: /sbin/ifconfig tun0 10.9.0.14 pointopoint 10.9.0.13 mtu 1400
Mar 21 23:24:19 173.180.66.116 openvpn: /sbin/route add -net 76.164.234.138 netmask 255.255.255.255 gw 173.180.64.1
Mar 21 23:24:19 173.180.66.116 openvpn: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.9.0.13
Mar 21 23:24:19 173.180.66.116 openvpn: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.9.0.13
Mar 21 23:24:19 76.164.234.138 openvpn: /sbin/route add -net 10.9.0.1 netmask 255.255.255.255 gw 10.9.0.13
Mar 21 23:24:19 76.164.234.138 openvpn: Initialization Sequence Completed
Mar 21 23:59:46 76.164.234.138 syslog: ttraff: data for 21-3-2016 commited to nvram
Mar 22 00:24:16 76.164.234.138 openvpn: TLS: soft reset sec=0 bytes=2441688173/0 pkts=2769274/0
Mar 22 00:24:16 76.164.234.138 openvpn: VERIFY OK: depth=1, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
Mar 22 00:24:16 76.164.234.138 openvpn: Validating certificate key usage
Mar 22 00:24:16 76.164.234.138 openvpn: ++ Certificate has key usage 00a0, expects 00a0
Mar 22 00:24:16 76.164.234.138 openvpn: VERIFY KU OK
Mar 22 00:24:16 76.164.234.138 openvpn: NOTE: --mute triggered...
Mar 22 00:24:16 76.164.234.138 openvpn: 4 variation(s) on previous 5 message(s) suppressed by --mute
Mar 22 00:24:16 76.164.234.138 openvpn: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1442', remote='link-mtu 1574'
Mar 22 00:24:16 76.164.234.138 openvpn: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1400', remote='tun-mtu 1532'
Mar 22 00:24:16 76.164.234.138 openvpn: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mar 22 00:24:16 76.164.234.138 openvpn: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 22 00:24:16 76.164.234.138 openvpn: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mar 22 00:24:16 76.164.234.138 openvpn: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 22 00:24:16 76.164.234.138 openvpn: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mar 22 09:08:18 173.180.66.116 syslog: klogd : klog daemon successfully started
...
Mar 22 09:08:38 173.180.66.116 openvpn: [TG-OVPN-CA] Peer Connection Initiated with [AF_INET]76.164.234.138:443
Mar 22 09:08:40 173.180.66.116 openvpn: SENT CONTROL [TG-OVPN-CA]: 'PUSH_REQUEST' (status=1)
Mar 22 09:08:40 173.180.66.116 openvpn: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.9.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.9.0.22 10.9.0.21'
Mar 22 09:08:40 173.180.66.116 openvpn: OPTIONS IMPORT: timers and/or timeouts modified
Mar 22 09:08:40 173.180.66.116 openvpn: OPTIONS IMPORT: --ifconfig/up options modified
Mar 22 09:08:40 173.180.66.116 openvpn: OPTIONS IMPORT: route options modified
Mar 22 09:08:40 173.180.66.116 openvpn: NOTE: --mute triggered...
Mar 22 09:08:40 173.180.66.116 openvpn: 1 variation(s) on previous 5 message(s) suppressed by --mute
Mar 22 09:08:40 173.180.66.116 openvpn: ROUTE_GATEWAY 173.180.64.1/255.255.252.0 IFACE=vlan2 HWADDR=e4:f4:c6:05:32:fd
Mar 22 09:08:40 173.180.66.116 openvpn: TUN/TAP device tun0 opened
Mar 22 09:08:40 173.180.66.116 openvpn: TUN/TAP TX queue length set to 100
Mar 22 09:08:40 173.180.66.116 openvpn: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mar 22 09:08:40 173.180.66.116 openvpn: /sbin/ifconfig tun0 10.9.0.22 pointopoint 10.9.0.21 mtu 1400
Mar 22 09:08:40 173.180.66.116 openvpn: /sbin/route add -net 76.164.234.138 netmask 255.255.255.255 gw 173.180.64.1
Mar 22 09:08:40 173.180.66.116 openvpn: /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.9.0.21
Mar 22 09:08:40 173.180.66.116 openvpn: /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.9.0.21
Mar 22 09:08:40 76.164.234.138 openvpn: /sbin/route add -net 10.9.0.1 netmask 255.255.255.255 gw 10.9.0.21
Mar 22 09:08:40 76.164.234.138 openvpn: Initialization Sequence Completed

User avatar
Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: torguard VPN and intermittent connectivity failure

Post by Traffic » Tue Mar 22, 2016 8:56 pm

S1m0n wrote:When the openvpn client fails to connect then it just exits and the router continues with the ISP supplied IP. How can I make openvpn try to connect again automatically?
By using --ping-restart .. which is being pushed by the server:
S1m0n wrote:Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.9.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.9.0.10 10.9.0.9'
However:
S1m0n wrote:Why? On each occasion openvpn just logs "Closing TUN/TAP interface" without any explanation.
Is very likely due to your vpn session being terminated by the server deliberately.

You can remove --mute from your config for full logs and --verb 4 is usually sufficient.

I would also advise that you keep your version of openvpn up to date:
S1m0n wrote:Mar 21 17:39:56 76.164.234.138 openvpn: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1442', remote='link-mtu 1574'
Mar 21 17:39:56 76.164.234.138 openvpn: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1400', remote='tun-mtu 1532'
this error can be caused by older versions being run.

S1m0n
OpenVpn Newbie
Posts: 3
Joined: Tue Mar 22, 2016 6:22 pm

Re: torguard VPN and intermittent connectivity failure

Post by S1m0n » Thu Mar 24, 2016 1:29 am

Thanks for the reply.

So if ping-restart is being used but the VPN did not restart then this means that my version of openvpn is too old / buggy?

I have removed --mute and set --verb 4 as suggested.

I'm reluctant to upgrade the router software because the version of the router software I'm currently using is said to be particularly stable. How far behind is my current version? "OpenVPN 2.3.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jun 6 2014"

User avatar
Traffic
OpenVPN Protagonist
Posts: 4081
Joined: Sat Aug 09, 2014 11:24 am

Re: torguard VPN and intermittent connectivity failure

Post by Traffic » Thu Mar 24, 2016 1:59 pm

S1m0n wrote:So if ping-restart is being used but the VPN did not restart then this means that my version of openvpn is too old / buggy?
No .. if ping-restart is being used but the VPN did not restart then this means (most likely) that the server has terminated your session deliberately.
S1m0n wrote:my current version? "OpenVPN 2.3.2 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jun 6 2014"
Coming up to two years out of date .. you decide what you want to do about that.

I suggest you post your config file ..

gomezrichieg
OpenVpn Newbie
Posts: 1
Joined: Fri Aug 25, 2017 10:12 pm

Re: torguard VPN and intermittent connectivity failure

Post by gomezrichieg » Fri Aug 25, 2017 10:19 pm

S1m0n wrote: * torguard says that the various warnings and HMAC auth fails are nothing to worry about. Is that true? If not, how to get rid of them?
Where did you get the info that HMAC auth failure warnings 'are nothing to worry about'?
We've seen a .1% HMAC failures and looking to understand this better.

Thanks

Post Reply