I am quite a new user of OpenVPN. I would like to establish a VPN Connection between my server (a PC with OpenVPN software behind the home wireless router) and a client (an industrial 3G modem - R3000 Robustel).
Everything is ok until the connection between the client and the server establish. Then, the modem seems hanging or repeatedly reboot.
Maybe it due to the configuration file?
The configuration file on the server side:
Code: Select all
;local a.b.c.d
port 1194
proto udp
dev tun
tun-mtu 1500
fragment 1200
mssfix 1200
dev-node MyTAP
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
cipher BF-CBC # Blowfish (default)
comp-lzo
max-clients 100
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
OpenVPN configuration on the modem
Status on the modem right before hanging:
Code: Select all
70-01-01 07:00:10 <4> router: rtc read failed, errno (Invalid argument)
70-01-01 07:00:10 <0> router: rtc time is larger than 2037, so sytem time use firmware time
70-01-01 07:00:10 <0> router: set RTC time: 2016-01-18 09:16:11
70-01-01 07:00:10 <4> router: rtc set failed, errno (Invalid argument)
16-01-18 09:16:11 <0> router: Firmware version: 1.3.0 Jan 18 2016 09:16:13
16-01-18 09:16:12 <0> router: start dhcpd
16-01-18 09:16:19 <0> router: open /dev/ttyUSB0 successful!
16-01-18 09:16:20 <0> router: sent:ATE0
16-01-18 09:16:20 <0> router: rcvd:ATE0
OK
16-01-18 09:16:21 <0> router: sent:AT+CPIN?
16-01-18 09:16:21 <0> router: rcvd:
+CME ERROR: SIM busy
16-01-18 09:16:21 <3> router: failed 1/5 to check SIM card
16-01-18 09:16:26 <0> router: sent:AT+CPIN?
16-01-18 09:16:26 <0> router: rcvd:
+CPIN: READY
OK
16-01-18 09:16:27 <0> router: sent:AT+CFUN=0
16-01-18 09:16:28 <0> router: rcvd:
OK
16-01-18 09:16:29 <0> router: sent:AT+CFUN=1
16-01-18 09:16:30 <0> router: rcvd:
OK
16-01-18 09:16:31 <0> router: sent:AT^CURC=0
16-01-18 09:16:31 <0> router: rcvd:
OK
16-01-18 09:16:32 <0> router: sent:AT^SYSCFG=2,2,3FFFFFFF,1,2
16-01-18 09:16:32 <0> router: rcvd:
OK
16-01-18 09:16:37 <0> router: sent:AT+CSQ
16-01-18 09:16:37 <0> router: rcvd:
+CSQ: 17,99
OK
16-01-18 09:16:37 <0> router: sent:AT+CREG=2;+CREG?
16-01-18 09:16:37 <0> router: rcvd:
+CREG: 2,1,"56A4","D6CABE",2
OK
16-01-18 09:16:38 <0> router: sent:AT^SYSINFO
16-01-18 09:16:38 <0> router: rcvd:
^SYSINFO: 2,3,0,5,1,,4
OK
16-01-18 09:16:38 <0> router: network mode->3G UMTS
16-01-18 09:16:39 <0> router: sent:AT+COPS=3,2;+COPS?
16-01-18 09:16:39 <0> router: rcvd:
+COPS: 0,2,"45201",2
OK
16-01-18 09:16:39 <0> router: oper: Mobifone
16-01-18 09:16:39 <0> router: apn: m-wap
16-01-18 09:16:39 <0> router: userName: mms
16-01-18 09:16:39 <0> router: passwd: mms
16-01-18 09:16:39 <0> router: sent:AT+CGDCONT=1,"IP","m-wap"
16-01-18 09:16:40 <0> router: rcvd:
OK
16-01-18 09:16:40 <0> router: passed checking module!
16-01-18 09:16:40 <3> router: this modem don't support auto authentication, so to use CHAP
16-01-18 09:16:40 <0> router: sent:AT^NDISDUP=1,1,"m-wap","mms","@passwd",2
16-01-18 09:16:40 <0> router: rcvd:OK
16-01-18 09:16:47 <2> router: change network (Null)->(Cellular - up)
16-01-18 09:16:47 <0> router: system service starting...
16-01-18 09:16:49 <1> router: the cmdPort and the dataPort are the same
16-05-02 12:13:19 <0> router: sent:AT^SYSINFO
16-05-02 12:13:19 <0> router: rcvd:
^SYSINFO: 2,3,0,5,1,,4
OK
16-05-02 12:13:19 <0> router: network mode->3G UMTS
16-05-02 12:13:21 <0> router: set RTC time: 2016-05-02 12:13:18
16-05-02 12:13:22 <0> router: openvpn client 0 start up.
16-05-02 12:13:22 <1> OpenVPN: OpenVPN 2.2.2 arm-linux [SSL] [LZO2] [EPOLL] [eurephia] built on Apr 27 2015
16-05-02 12:13:22 <3> OpenVPN: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
16-05-02 12:13:22 <3> OpenVPN: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
16-05-02 12:13:22 <3> OpenVPN: WARNING: file '/cfg/x509/openvpn/client_0/client.key' is group or others accessible
16-05-02 12:13:22 <1> OpenVPN: LZO compression initialized
16-05-02 12:13:22 <1> OpenVPN: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
16-05-02 12:13:22 <1> OpenVPN: UDPv4 link local: [undef]
16-05-02 12:13:22 <1> OpenVPN: UDPv4 link remote: 115.76.118.197:1194
16-05-02 12:13:28 <1> OpenVPN: [server] Peer Connection Initiated with 115.76.118.197:1194
16-05-02 12:13:30 <1> OpenVPN: TUN/TAP device tun0 opened
16-05-02 12:13:30 <1> OpenVPN: /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
16-05-02 12:13:30 <1> OpenVPN: Send current status message[msg=module=OpenVPN_Tunnel_1;action=up;vLocal=10.8.0.6;vRemote=10.8.0.5;msgend=1].
16-05-02 12:13:30 <1> OpenVPN: GID set to root
16-05-02 12:13:30 <1> OpenVPN: UID set to root
16-05-02 12:13:30 <1> OpenVPN: Initialization Sequence Completed
16-05-02 12:13:32 <0> router: force to stop openvpn_c0
16-05-02 12:13:32 <4> OpenVPN: event_wait : Interrupted system call (code=4)
16-05-02 12:13:32 <1> OpenVPN: Send current status message[msg=module=OpenVPN_Tunnel_1;action=down;msgend=1].
16-05-02 12:13:32 <1> OpenVPN: /sbin/ifconfig tun0 0.0.0.0
16-05-02 12:13:32 <1> OpenVPN: SIGTERM[hard,] received, process exiting
16-05-02 12:13:32 <1> OpenVPN: Send current status message[msg=module=OpenVPN_Tunnel_1;action=exit;msgend=1].
16-05-02 12:13:35 <0> router: openvpn client 0 start up.
16-05-02 12:13:35 <1> OpenVPN: OpenVPN 2.2.2 arm-linux [SSL] [LZO2] [EPOLL] [eurephia] built on Apr 27 2015
16-05-02 12:13:35 <3> OpenVPN: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
16-05-02 12:13:35 <3> OpenVPN: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
16-05-02 12:13:35 <3> OpenVPN: WARNING: file '/cfg/x509/openvpn/client_0/client.key' is group or others accessible
16-05-02 12:13:35 <1> OpenVPN: LZO compression initialized
16-05-02 12:13:35 <1> OpenVPN: NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
16-05-02 12:13:35 <1> OpenVPN: UDPv4 link local: [undef]
16-05-02 12:13:35 <1> OpenVPN: UDPv4 link remote: 115.76.118.197:1194
16-05-02 12:13:37 <1> OpenVPN: [server] Peer Connection Initiated with 115.76.118.197:1194
Code: Select all
Mon May 02 12:13:15 2016 NOTE: --user option is not implemented on Windows
Mon May 02 12:13:15 2016 NOTE: --group option is not implemented on Windows
Mon May 02 12:13:15 2016 OpenVPN 2.3.10 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Mar 10 2016
Mon May 02 12:13:15 2016 Windows version 6.1 (Windows 7)
Mon May 02 12:13:15 2016 library versions: OpenSSL 1.0.1s 1 Mar 2016, LZO 2.09
Mon May 02 12:13:15 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon May 02 12:13:15 2016 Need hold release from management interface, waiting...
Mon May 02 12:13:16 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon May 02 12:13:16 2016 MANAGEMENT: CMD 'state on'
Mon May 02 12:13:16 2016 MANAGEMENT: CMD 'log all on'
Mon May 02 12:13:16 2016 MANAGEMENT: CMD 'hold off'
Mon May 02 12:13:16 2016 MANAGEMENT: CMD 'hold release'
Mon May 02 12:13:16 2016 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that use the same subnet.
Mon May 02 12:13:16 2016 Diffie-Hellman initialized with 1024 bit key
Mon May 02 12:13:16 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon May 02 12:13:16 2016 ROUTE_GATEWAY 192.168.1.100/255.255.255.0 I=10 HWADDR=d0:67:e5:0a:1c:2b
Mon May 02 12:13:16 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon May 02 12:13:16 2016 MANAGEMENT: >STATE:1462165996,ASSIGN_IP,,10.8.0.1,
Mon May 02 12:13:16 2016 open_tun, tt->ipv6=0
Mon May 02 12:13:16 2016 TAP-WIN32 device [MyTAP] opened: \\.\Global\{5D2B8B6E-05EC-47AC-9599-9C74C178E3AA}.tap
Mon May 02 12:13:16 2016 TAP-Windows Driver Version 9.21
Mon May 02 12:13:16 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.1/255.255.255.252 on interface {5D2B8B6E-05EC-47AC-9599-9C74C178E3AA} [DHCP-serv: 10.8.0.2, lease-time: 31536000]
Mon May 02 12:13:16 2016 Sleeping for 10 seconds...
Mon May 02 12:13:26 2016 Successful ARP Flush on interface [15] {5D2B8B6E-05EC-47AC-9599-9C74C178E3AA}
Mon May 02 12:13:26 2016 MANAGEMENT: >STATE:1462166006,ADD_ROUTES,,,
Mon May 02 12:13:26 2016 C:\Windows\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.2
Mon May 02 12:13:26 2016 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Mon May 02 12:13:26 2016 Route addition via IPAPI succeeded [adaptive]
Mon May 02 12:13:26 2016 UDPv4 link local (bound): [undef]
Mon May 02 12:13:26 2016 UDPv4 link remote: [undef]
Mon May 02 12:13:26 2016 MULTI: multi_init called, r=256 v=256
Mon May 02 12:13:26 2016 IFCONFIG POOL: base=10.8.0.4 size=62, ipv6=0
Mon May 02 12:13:26 2016 ifconfig_pool_read(), in='client01,10.8.0.4', TODO: IPv6
Mon May 02 12:13:26 2016 succeeded -> ifconfig_pool_set()
Mon May 02 12:13:26 2016 IFCONFIG POOL LIST
Mon May 02 12:13:26 2016 client01,10.8.0.4
Mon May 02 12:13:26 2016 Initialization Sequence Completed
Mon May 02 12:13:26 2016 MANAGEMENT: >STATE:1462166006,CONNECTED,SUCCESS,10.8.0.1,
Mon May 02 12:13:26 2016 113.187.16.80:20305 TLS: Initial packet from [AF_INET]113.187.16.80:20305, sid=20027cf2 cdaba7e9
Mon May 02 12:13:28 2016 113.187.16.80:20305 VERIFY OK: depth=1, C=VN, ST=HCM, L=HCM, O=OpenVPN, OU=OpenVPN, CN=OpenVPN-ITS, name=OpenVPN, emailAddress=itsserver@hcmut.edu.vn
Mon May 02 12:13:28 2016 113.187.16.80:20305 VERIFY OK: depth=0, C=VN, ST=HCM, L=HCM, O=OpenVPN, OU=OpenVPN, CN=client01, name=OpenVPN, emailAddress=itsserver@hcmut.edu.vn
Mon May 02 12:13:28 2016 113.187.16.80:20305 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon May 02 12:13:28 2016 113.187.16.80:20305 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May 02 12:13:28 2016 113.187.16.80:20305 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon May 02 12:13:28 2016 113.187.16.80:20305 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May 02 12:13:28 2016 113.187.16.80:20305 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon May 02 12:13:28 2016 113.187.16.80:20305 [client01] Peer Connection Initiated with [AF_INET]113.187.16.80:20305
Mon May 02 12:13:28 2016 client01/113.187.16.80:20305 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Mon May 02 12:13:28 2016 client01/113.187.16.80:20305 MULTI: Learn: 10.8.0.6 -> client01/113.187.16.80:20305
Mon May 02 12:13:28 2016 client01/113.187.16.80:20305 MULTI: primary virtual IP for client01/113.187.16.80:20305: 10.8.0.6
Mon May 02 12:13:30 2016 client01/113.187.16.80:20305 PUSH: Received control message: 'PUSH_REQUEST'
Mon May 02 12:13:30 2016 client01/113.187.16.80:20305 send_push_reply(): safe_cap=940
Mon May 02 12:13:30 2016 client01/113.187.16.80:20305 SENT CONTROL [client01]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
Mon May 02 12:13:36 2016 113.187.16.80:10983 TLS: Initial packet from [AF_INET]113.187.16.80:10983, sid=608babcf 4e118cc0
Mon May 02 12:13:37 2016 113.187.16.80:10983 VERIFY OK: depth=1, C=VN, ST=HCM, L=HCM, O=OpenVPN, OU=OpenVPN, CN=OpenVPN-ITS, name=OpenVPN, emailAddress=itsserver@hcmut.edu.vn
Mon May 02 12:13:37 2016 113.187.16.80:10983 VERIFY OK: depth=0, C=VN, ST=HCM, L=HCM, O=OpenVPN, OU=OpenVPN, CN=client01, name=OpenVPN, emailAddress=itsserver@hcmut.edu.vn
Mon May 02 12:13:37 2016 113.187.16.80:10983 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon May 02 12:13:37 2016 113.187.16.80:10983 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May 02 12:13:37 2016 113.187.16.80:10983 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon May 02 12:13:37 2016 113.187.16.80:10983 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon May 02 12:13:37 2016 113.187.16.80:10983 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon May 02 12:13:37 2016 113.187.16.80:10983 [client01] Peer Connection Initiated with [AF_INET]113.187.16.80:10983
Mon May 02 12:13:37 2016 MULTI: new connection by client 'client01' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Mon May 02 12:13:37 2016 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Mon May 02 12:13:37 2016 MULTI: Learn: 10.8.0.6 -> client01/113.187.16.80:10983
Mon May 02 12:13:37 2016 MULTI: primary virtual IP for client01/113.187.16.80:10983: 10.8.0.6
Mon May 02 12:13:40 2016 client01/113.187.16.80:10983 PUSH: Received control message: 'PUSH_REQUEST'
Mon May 02 12:13:40 2016 client01/113.187.16.80:10983 send_push_reply(): safe_cap=940
Mon May 02 12:13:40 2016 client01/113.187.16.80:10983 SENT CONTROL [client01]: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)