Bad ping sequence when connected through vpn

Use this forum to share your network setup and what's been working for you.
Post Reply
franzli
OpenVpn Newbie
Posts: 1
Joined: Thu Dec 18, 2014 5:36 pm

Bad ping sequence when connected through vpn

Post by franzli » Thu Dec 18, 2014 5:57 pm

Hi,
I am suffering a little (very big...) problem. I have a router running tomato shibby in Location1, other two routers also running tomato shibby in Location 2 and Location 3.

Location 1 is configured to use TAP use encryption and disable the compression.
Location 2 connects to Location 1 and pings fine.
Location 3 connects to Location 1 and pings are all messed up.
When I ping directly (no vpn) Location 1 from Location 2 everything is perfect.

Please help me as I don't know anymore what to do.
Thanks,
Franc


You can see the ping results here from Location 3 to Location 1:
64 bytes from 192.168.1.1: icmp_seq=779 ttl=64 time=45329.442 ms
64 bytes from 192.168.1.1: icmp_seq=781 ttl=64 time=43743.148 ms
64 bytes from 192.168.1.1: icmp_seq=819 ttl=64 time=6445.183 ms
64 bytes from 192.168.1.1: icmp_seq=820 ttl=64 time=5851.499 ms
64 bytes from 192.168.1.1: icmp_seq=784 ttl=64 time=46122.360 ms
64 bytes from 192.168.1.1: icmp_seq=825 ttl=64 time=5135.133 ms
64 bytes from 192.168.1.1: icmp_seq=821 ttl=64 time=11862.873 ms
64 bytes from 192.168.1.1: icmp_seq=822 ttl=64 time=11122.574 ms
64 bytes from 192.168.1.1: icmp_seq=794 ttl=64 time=40843.639 ms
64 bytes from 192.168.1.1: icmp_seq=743 ttl=64 time=92494.627 ms
64 bytes from 192.168.1.1: icmp_seq=823 ttl=64 time=15339.680 ms
64 bytes from 192.168.1.1: icmp_seq=835 ttl=64 time=5012.233 ms
64 bytes from 192.168.1.1: icmp_seq=836 ttl=64 time=4556.367 ms
64 bytes from 192.168.1.1: icmp_seq=795 ttl=64 time=47011.706 ms
64 bytes from 192.168.1.1: icmp_seq=796 ttl=64 time=46511.135 ms
64 bytes from 192.168.1.1: icmp_seq=837 ttl=64 time=9696.090 ms
64 bytes from 192.168.1.1: icmp_seq=824 ttl=64 time=24474.142 ms
Request timeout for icmp_seq 849
64 bytes from 192.168.1.1: icmp_seq=840 ttl=64 time=10581.096 ms
Request timeout for icmp_seq 851
64 bytes from 192.168.1.1: icmp_seq=826 ttl=64 time=26163.760 ms
64 bytes from 192.168.1.1: icmp_seq=827 ttl=64 time=25748.635 ms
Request timeout for icmp_seq 854

This is the ping from Location 2 to Location 1:
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: seq=0 ttl=64 time=19.767 ms
64 bytes from 192.168.1.1: seq=1 ttl=64 time=19.077 ms
64 bytes from 192.168.1.1: seq=2 ttl=64 time=19.908 ms
64 bytes from 192.168.1.1: seq=3 ttl=64 time=20.753 ms
64 bytes from 192.168.1.1: seq=4 ttl=64 time=19.012 ms
64 bytes from 192.168.1.1: seq=5 ttl=64 time=20.376 ms

--- 192.168.1.1 ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 19.012/19.815/20.753 ms

And here the ping to the router Location 3 to Location 1:
PING franzli.xxxx.xx (77.xx.xx.213): 56 data bytes
64 bytes from 77.xx.xx.213: icmp_seq=0 ttl=58 time=17.782 ms
64 bytes from 77.xx.xx.213: icmp_seq=1 ttl=58 time=17.768 ms
64 bytes from 77.xx.xx.213: icmp_seq=2 ttl=58 time=23.515 ms
64 bytes from 77.xx.xx.213: icmp_seq=3 ttl=58 time=17.445 ms
64 bytes from 77.xx.xx.213: icmp_seq=4 ttl=58 time=19.642 ms
64 bytes from 77.xx.xx.213: icmp_seq=5 ttl=58 time=21.339 ms
64 bytes from 77.xx.xx.213: icmp_seq=6 ttl=58 time=20.922 ms
64 bytes from 77.xx.xx.213: icmp_seq=7 ttl=58 time=21.326 ms
^C
--- franzli.xxxx.xx ping statistics ---
8 packets transmitted, 8 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 17.445/19.967/23.515/2.040 ms


This is what happens on Location 1:
Dec 18 18:28:28 franc-ac68u daemon.err openvpn[7824]: hergiswil/77.xx.xx.37:14180 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #228 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings


This is happening during the connection on Location 1:
Dec 18 18:47:11 franc-ac68u daemon.notice openvpn[7824]: 77.xx.xx.37:28068 TLS: Initial packet from [AF_INET]77.xx.xx.37:28068, sid=57300c38 be3005f0
Dec 18 18:47:17 franc-ac68u daemon.notice openvpn[7824]: 77.xx.xx.37:28068 VERIFY OK: xxxxxx
Dec 18 18:47:17 franc-ac68u daemon.notice openvpn[7824]: 77.xx.xx.37:28068 VERIFY OK: xxxxxx
Dec 18 18:47:18 franc-ac68u daemon.notice openvpn[7824]: 77.xx.xx.37:28068 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Dec 18 18:47:18 franc-ac68u daemon.notice openvpn[7824]: 77.xx.xx.37:28068 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec 18 18:47:18 franc-ac68u daemon.notice openvpn[7824]: 77.xx.xx.37:28068 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Dec 18 18:47:18 franc-ac68u daemon.notice openvpn[7824]: 77.xx.xx.37:28068 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec 18 18:47:18 franc-ac68u daemon.notice openvpn[7824]: 77.xx.xx.37:28068 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Dec 18 18:47:18 franc-ac68u daemon.notice openvpn[7824]: 77.xx.xx.37:28068 [hergiswil] Peer Connection Initiated with [AF_INET]77.58.xx.xx:28068
Dec 18 18:47:18 franc-ac68u daemon.notice openvpn[7824]: MULTI: new connection by client 'hergiswil' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Dec 18 18:47:18 franc-ac68u daemon.notice openvpn[7824]: MULTI_sva: pool returned IPv4=192.168.1.151, IPv6=(Not enabled)
Dec 18 18:47:19 franc-ac68u daemon.notice openvpn[7824]: hergiswil/77.xx.xx.37:28068 PUSH: Received control message: 'PUSH_REQUEST'
Dec 18 18:47:19 franc-ac68u daemon.notice openvpn[7824]: hergiswil/77.xx.xx.37:28068 send_push_reply(): safe_cap=940
Dec 18 18:47:19 franc-ac68u daemon.notice openvpn[7824]: hergiswil/77.xx.xx.37:28068 SENT CONTROL [hergiswil]: 'PUSH_REPLY,route-gateway 192.168.1.1,ping 15,ping-restart 60,ifconfig 192.168.1.151 255.255.255.0' (status=1)
Dec 18 18:47:19 franc-ac68u daemon.notice openvpn[7824]: hergiswil/77.xx.xx.37:28068 MULTI: Learn: bc:8c:cd:8a:65:85 -> hergiswil/77.xx.xx.37:28068
Dec 18 18:47:22 franc-ac68u daemon.notice openvpn[7824]: hergiswil/77.xx.xx.37:28068 MULTI: Learn: e0:3f:49:07:47:18 -> hergiswil/77.xx.xx.37:28068
Dec 18 18:47:27 franc-ac68u daemon.notice openvpn[7824]: hergiswil/77.xx.xx.37:28068 MULTI: Learn: 90:27:e4:f2:c7:1d -> hergiswil/77.xx.xx.37:28068


This is the log when starting up at Location 3:
Dec 18 18:47:09 hergiswil-ac66 daemon.notice openvpn[21733]: OpenVPN 2.3.4 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Oct 15 2014
Dec 18 18:47:09 hergiswil-ac66 daemon.notice openvpn[21733]: library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.06
Dec 18 18:47:09 hergiswil-ac66 daemon.warn openvpn[21733]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for m
ore info.
Dec 18 18:47:09 hergiswil-ac66 daemon.notice openvpn[21733]: Socket Buffers: R=[114688->131072] S=[114688->131072]
Dec 18 18:47:09 hergiswil-ac66 daemon.notice openvpn[21740]: UDPv4 link local: [undef]
Dec 18 18:47:09 hergiswil-ac66 daemon.notice openvpn[21740]: UDPv4 link remote: [AF_INET]77.xx.xx.213:1120
Dec 18 18:47:11 hergiswil-ac66 daemon.notice openvpn[21740]: TLS: Initial packet from [AF_INET]77.xx.xx.213:1120, sid=8ff0c596 fcb2a8cf
Dec 18 18:47:13 hergiswil-ac66 daemon.err openvpn[21740]: event_wait : Interrupted system call (code=4)
Dec 18 18:47:13 hergiswil-ac66 daemon.notice openvpn[21740]: OpenVPN STATISTICS
Dec 18 18:47:13 hergiswil-ac66 daemon.notice openvpn[21740]: Updated,Thu Dec 18 18:47:13 2014
Dec 18 18:47:13 hergiswil-ac66 daemon.notice openvpn[21740]: TUN/TAP read bytes,0
Dec 18 18:47:13 hergiswil-ac66 daemon.notice openvpn[21740]: TUN/TAP write bytes,0
Dec 18 18:47:13 hergiswil-ac66 daemon.notice openvpn[21740]: TCP/UDP read bytes,62
Dec 18 18:47:13 hergiswil-ac66 daemon.notice openvpn[21740]: TCP/UDP write bytes,383
Dec 18 18:47:13 hergiswil-ac66 daemon.notice openvpn[21740]: Auth read bytes,0
Dec 18 18:47:13 hergiswil-ac66 daemon.notice openvpn[21740]: END
Dec 18 18:47:15 hergiswil-ac66 daemon.notice openvpn[21740]: VERIFY OK: xxxxx
name=Francesco Rossi, emailAddress=icilio.rossi@gmail.com
Dec 18 18:47:15 hergiswil-ac66 daemon.notice openvpn[21740]: VERIFY OK: xxxxx
Dec 18 18:47:18 hergiswil-ac66 daemon.notice openvpn[21740]: Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Dec 18 18:47:18 hergiswil-ac66 daemon.notice openvpn[21740]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec 18 18:47:18 hergiswil-ac66 daemon.notice openvpn[21740]: Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Dec 18 18:47:18 hergiswil-ac66 daemon.notice openvpn[21740]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec 18 18:47:18 hergiswil-ac66 daemon.notice openvpn[21740]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Dec 18 18:47:18 hergiswil-ac66 daemon.notice openvpn[21740]: [lugano01] Peer Connection Initiated with [AF_INET]77.xx.xx.213:1120
Dec 18 18:47:20 hergiswil-ac66 daemon.notice openvpn[21740]: SENT CONTROL [lugano01]: 'PUSH_REQUEST' (status=1)
Dec 18 18:47:20 hergiswil-ac66 daemon.notice openvpn[21740]: PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.1.1,ping 15,ping-restart 60,ifconfig 192.168.1
.151 255.255.255.0'
Dec 18 18:47:20 hergiswil-ac66 daemon.notice openvpn[21740]: OPTIONS IMPORT: timers and/or timeouts modified
Dec 18 18:47:20 hergiswil-ac66 daemon.notice openvpn[21740]: OPTIONS IMPORT: --ifconfig/up options modified
Dec 18 18:47:20 hergiswil-ac66 daemon.notice openvpn[21740]: OPTIONS IMPORT: route-related options modified
Dec 18 18:47:20 hergiswil-ac66 daemon.notice openvpn[21740]: TUN/TAP device tap11 opened
Dec 18 18:47:20 hergiswil-ac66 daemon.notice openvpn[21740]: TUN/TAP TX queue length set to 100
Dec 18 18:47:20 hergiswil-ac66 daemon.notice openvpn[21740]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Dec 18 18:47:20 hergiswil-ac66 daemon.notice openvpn[21740]: /sbin/ifconfig tap11 192.168.1.151 netmask 255.255.255.0 mtu 1500 broadcast 192.168.1.255
Dec 18 18:47:20 hergiswil-ac66 daemon.notice openvpn[21740]: Initialization Sequence Completed

User avatar
maikcat
Forum Team
Posts: 4199
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Bad ping sequence when connected through vpn

Post by maikcat » Fri Dec 19, 2014 7:15 am

configs?

Michael.

Post Reply