I am running an OpenVPN 2.4.4 on a LEDE Reboot (17.01.4, r3560-79f57e422d) in a Windows 10 Hyper-V container.
The machine has two Ethernet interfaces (LAN / WAN) which are connected to the LEDE system.
There is an OpenVPN client on the LEDE system which connects to an external server.
If I disconnect the WAN cable to the PC for a few seconds and reconnect it, then the tun interface loses its IP addresses during the OpenVPN reconnect and it never will get one assigned.
Before the WAN disconnect:
Code: Select all
tun1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.102.0.114 P-t-P:10.102.0.113 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1030 errors:0 dropped:0 overruns:0 frame:0
TX packets:1304 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:47879 (46.7 KiB) TX bytes:123341 (120.4 KiB)
Code: Select all
tun1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:2230 errors:0 dropped:0 overruns:0 frame:0
TX packets:3419 errors:0 dropped:12 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:104279 (101.8 KiB) TX bytes:276875 (270.3 KiB)
This is a part of the log file when the client reconnects after the WAN is available again:
Code: Select all
Tue Apr 17 18:32:47 2018 daemon.notice openvpn(ctb_client)[1561]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Tue Apr 17 18:32:47 2018 daemon.notice openvpn(ctb_client)[1561]: [VPN Server] Peer Connection Initiated with [AF_INET]151.236.8.117:1206
Tue Apr 17 18:32:48 2018 daemon.notice openvpn(ctb_client)[1561]: SENT CONTROL [VPN Server]: 'PUSH_REQUEST' (status=1)
Tue Apr 17 18:32:48 2018 daemon.notice openvpn(ctb_client)[1561]: PUSH: Received control message: 'PUSH_REPLY,comp-lzo,sndbuf 393216,rcvbuf 393216,route 10.102.0.1,topology net30,ping 9,ping-restart 30,route 10.1.0.0 255.255.0.0,route 10.100.0.0 255.255.0.0,route 10.101.0.0 255.255.0.0,route 10.102.0.0 255.255.0.0,ifconfig 10.102.0.114 10.102.0.113,peer-id 34,cipher AES-256-GCM'
Tue Apr 17 18:32:48 2018 daemon.notice openvpn(ctb_client)[1561]: OPTIONS IMPORT: timers and/or timeouts modified
Tue Apr 17 18:32:48 2018 daemon.notice openvpn(ctb_client)[1561]: OPTIONS IMPORT: compression parms modified
Tue Apr 17 18:32:48 2018 daemon.notice openvpn(ctb_client)[1561]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Tue Apr 17 18:32:48 2018 daemon.notice openvpn(ctb_client)[1561]: Socket Buffers: R=[425984->425984] S=[425984->425984]
Tue Apr 17 18:32:48 2018 daemon.notice openvpn(ctb_client)[1561]: OPTIONS IMPORT: --ifconfig/up options modified
Tue Apr 17 18:32:48 2018 daemon.notice openvpn(ctb_client)[1561]: OPTIONS IMPORT: route options modified
Tue Apr 17 18:32:48 2018 daemon.notice openvpn(ctb_client)[1561]: OPTIONS IMPORT: peer-id set
Tue Apr 17 18:32:48 2018 daemon.notice openvpn(ctb_client)[1561]: OPTIONS IMPORT: adjusting link_mtu to 1629
Tue Apr 17 18:32:48 2018 daemon.notice openvpn(ctb_client)[1561]: OPTIONS IMPORT: data channel crypto options modified
Tue Apr 17 18:32:48 2018 daemon.notice openvpn(ctb_client)[1561]: Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Apr 17 18:32:48 2018 daemon.notice openvpn(ctb_client)[1561]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Apr 17 18:32:48 2018 daemon.notice openvpn(ctb_client)[1561]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Apr 17 18:32:48 2018 daemon.notice openvpn(ctb_client)[1561]: Preserving previous TUN/TAP instance: tun1
Tue Apr 17 18:32:48 2018 daemon.notice openvpn(ctb_client)[1561]: Initialization Sequence Completed
This is a part of the log after the successful re-connection with "persist_tun 0" set:
Code: Select all
Tue Apr 17 19:17:11 2018 daemon.notice openvpn(ctb_client)[2919]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Tue Apr 17 19:17:11 2018 daemon.notice openvpn(ctb_client)[2919]: [ VPN Server] Peer Connection Initiated with [AF_INET]151.236.8.117:1201
Tue Apr 17 19:17:11 2018 daemon.info odhcpd[1301]: Using a RA lifetime of 0 seconds on br-lan
Tue Apr 17 19:17:11 2018 daemon.notice odhcpd[1301]: Failed to send to ff02::1%br-lan (Address not available)
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: SENT CONTROL [ VPN Server]: 'PUSH_REQUEST' (status=1)
Tue Apr 17 19:17:12 2018 kern.info kernel: [ 3032.520084] br-lan: port 1(eth0) entered forwarding state
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: PUSH: Received control message: 'PUSH_REPLY,comp-lzo,sndbuf 393216,rcvbuf 393216,route 10.102.0.1,topology net30,ping 9,ping-restart 30,route 10.1.0.0 255.255.0.0,route 10.100.0.0 255.255.0.0,route 10.101.0.0 255.255.0.0,route 10.102.0.0 255.255.0.0,ifconfig 10.102.0.114 10.102.0.113,peer-id 34,cipher AES-256-GCM'
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: OPTIONS IMPORT: timers and/or timeouts modified
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: OPTIONS IMPORT: compression parms modified
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: Socket Buffers: R=[425984->425984] S=[425984->425984]
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: OPTIONS IMPORT: --ifconfig/up options modified
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: OPTIONS IMPORT: route options modified
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: OPTIONS IMPORT: peer-id set
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: OPTIONS IMPORT: adjusting link_mtu to 1629
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: OPTIONS IMPORT: data channel crypto options modified
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: TUN/TAP device tun1 opened
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: TUN/TAP TX queue length set to 100
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: /sbin/ifconfig tun1 10.102.0.114 pointopoint 10.102.0.113 mtu 1500
Tue Apr 17 19:17:12 2018 daemon.notice netifd: Interface 'vpn1' is enabled
Tue Apr 17 19:17:12 2018 daemon.notice netifd: Network device 'tun1' link is up
Tue Apr 17 19:17:12 2018 daemon.notice netifd: Interface 'vpn1' has link connectivity
Tue Apr 17 19:17:12 2018 daemon.notice netifd: Interface 'vpn1' is setting up now
Tue Apr 17 19:17:12 2018 daemon.notice netifd: Interface 'vpn1' is now up
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: /sbin/route add -net 10.102.0.1 netmask 255.255.255.255 gw 10.102.0.113
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: /sbin/route add -net 10.1.0.0 netmask 255.255.0.0 gw 10.102.0.113
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: /sbin/route add -net 10.100.0.0 netmask 255.255.0.0 gw 10.102.0.113
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: /sbin/route add -net 10.101.0.0 netmask 255.255.0.0 gw 10.102.0.113
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: /sbin/route add -net 10.102.0.0 netmask 255.255.0.0 gw 10.102.0.113
Tue Apr 17 19:17:12 2018 daemon.notice openvpn(ctb_client)[2919]: Initialization Sequence Completed
Code: Select all
client
float
nobind
persist-key
remote-random
auth-user-pass /etc/openvpn/user.pass
ca /etc/openvpn/ca.crt
cert /etc/openvpn/client.crt
cipher AES-256-CBC
dev tun1
fragment 1344
key /etc/openvpn/client.key
mssfix 1
proto udp
remote vpn1.example.com 1194
remote vpn2.example.com 1194
remote-cert-tls server
reneg-sec 0
resolv-retry infinite
tls-auth /etc/openvpn/VPN_ta.key 1
verb 3