Community Ed. client v2.5.7 randomly disconnects for one user ONLY on Ethernet

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Aideux_
OpenVpn Newbie
Posts: 1
Joined: Tue Sep 13, 2022 6:54 pm

Community Ed. client v2.5.7 randomly disconnects for one user ONLY on Ethernet

Post by Aideux_ » Wed Sep 14, 2022 3:17 pm

Hello,

I've been working with one of our users who has been experiencing client disconnects ONLY when connected via Ethernet. This behavior is not present when the user is connected to WiFi. Looking at the server logs, I can see that the user successfully authenticates with the OpenVPN server and remains connected for close to two hours, but then randomly disconnects due to an authentication failure:

Code: Select all

   Sep 12 11:33:18 openvpnSRV openvpn[1292459]: xx.xxx.xx.xxx:57205 TLS: Username/Password authentication succeeded for username 'USERNAME'   #indicating initial successful connection to OpenVPN server
   Sep 12 13:27:37 openvpnSRV openvpn[1292459]: AUTH-PAM: BACKGROUND: user 'USERNAME' failed to authenticate: Authentication failure
   Sep 12 13:27:37 openvpnSRV openvpn[1292459]: xx.xxx.xx.xxx:52273 PLUGIN_CALL: POST /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so/PLUGIN_AUTH_USER_PASS_VERIFY status=1
   Sep 12 13:27:37 openvpnSRV openvpn[1292459]: xx.xxx.xx.xxx:52273 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so
   Sep 12 13:27:37 openvpnSRV openvpn[1292459]: xx.xxx.xx.xxx:52273 TLS Auth Error: Auth Username/Password verification failed for peer
I'm struggling to understand why the user would be able to connect and remain connected for a significant amount of time, only to be kicked out for authentication reasons. We have dozens of users utilizing this same authentication method, yet the issue is only present for this one person. I've already fully moved them to a new machine, and the issue is still present, so it doesn't appear to be machine- or client-related, though I would expect to see more widespread issues if the problem was server-side. It's also worth noting that when the user is disconnected, it prevents all inbound and outbound internet traffic from reaching their destination. So, for example, if the user is in a conference call, the OpenVPN drop causes not only disconnection from the call, but prevents the user from utilizing any network (internet or private) until fully disconnecting the client. When the issue is observed, it appears as though the client enters a 'standby' state (yellow icon) where it is neither connected nor disconnected. Can someone please assist in shining some light onto the root of the issue, or help put me on the right path? Your help is much appreciated!

User avatar
ordex
OpenVPN Inc.
Posts: 444
Joined: Wed Dec 28, 2016 2:32 am
Location: IRC #openvpn-devel @ libera.chat

Re: Community Ed. client v2.5.7 randomly disconnects for one user ONLY on Ethernet

Post by ordex » Wed Sep 14, 2022 9:37 pm

I would suggest to increase the server verbosity to 4 (--verb 4) in order to see if there is any extra hint coming through the log.
At first glance it seems the failure is related to a different client port (52273) compared to the successful connection (57205).

May this be related to NAT timeout on the client side? The client may be getting a new port and the server is unable to match it so it expects a full new connection.

Regarding nothing working while the VPN reconnects: it sounds like you have --persist-tun on the client side. That will keep the VPN interface up and configured even when the VPN connection is down (some people want this behaviour).

Post Reply