Openvpn random reconnects with error TUN write error:cannot identify IP version for prefix

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
MattB
OpenVpn Newbie
Posts: 4
Joined: Mon Nov 07, 2022 7:10 pm

Openvpn random reconnects with error TUN write error:cannot identify IP version for prefix

Post by MattB » Mon Nov 07, 2022 8:20 pm

I have about 10 MacOS-based BYOD users. They all are having this issue. Running different versions of the OpenVPN Client and MacOS. OpenVPN seems to randomly reconnect the VPN connection. It doesn't happen at a fixed time at random like sometimes 10 times in 5minutes.

When i check the logs in the OpenVPN connect client i can see the following TUN error:
TUN write error: cannot identify IP version for prefix
TUN Error: TUN I/O error
EVENT: TUN_ERROR TUN I/O error
Client terminated, restarting in 5000 ms...
SetupClient: transmitting tun destroy request to /var/run/agent_ovpnconnect.sock
GET unix://[/var/run/agent_ovpnconnect.sock]/tun-destroy : 200 OK
/sbin/ifconfig utun2 down
MacDNSAction: FLAGS=F

Issue has reoccurred for the third time today(Nov 7). Two weeks ago the issue occurred twice. Oct 24 for three hours, then Oct 26 for 30 min. Have been running fine for almost two years.

Windows based users do not seem to be affected (possibly just seeing more lag, due to the constant reconnects of the Mac OS users)

I am using OpenVPN on my Untangle Firewall. Firewall is up-to-date, and using all the defaults for server and client config.

server
mode server
multihome
ca data/ca.crt
cert data/server.crt
key data/server.key
dh data/dh.pem
client-config-dir ccd
keepalive 2 10
user nobody
group nogroup
tls-server
compress
status openvpn-status.log
log /var/log/openvpn.log
verb 1
dev tun0
max-clients 2048
ccd-exclusive
persist-key
persist-tun
mute 20
ifconfig-pool-persist /etc/openvpn/address-pool-assignments.txt
push "register-dns"

client
resolv-retry 20
keepalive 2 10
nobind
mute-replay-warnings
remote-cert-tls server
compress
verb 1
persist-key
persist-tun
explicit-exit-notify 1
dev tun
auth-user-pass
proto udp
port 1194
cipher AES-128-CBC
remote *.*.*.* 1194 # public address
remote *.*.*.* 1194 # static WAN 1
Last edited by MattB on Tue Nov 08, 2022 1:05 am, edited 2 times in total.

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Openvpn random reconnects with error TUN write error:cannot identify IP version for prefix

Post by Pippin » Mon Nov 07, 2022 8:52 pm

Hi,

Code: Select all

compress
What does the server have?
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

MattB
OpenVpn Newbie
Posts: 4
Joined: Mon Nov 07, 2022 7:10 pm

Re: Openvpn random reconnects with error TUN write error:cannot identify IP version for prefix

Post by MattB » Tue Nov 08, 2022 12:02 am

compress is blank.
Pippin wrote:
Mon Nov 07, 2022 8:52 pm
Hi,

Code: Select all

compress
What does the server have?

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Openvpn random reconnects with error TUN write error:cannot identify IP version for prefix

Post by Pippin » Tue Nov 08, 2022 3:21 pm

Remove it server and client side, then see how it goes.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

MattB
OpenVpn Newbie
Posts: 4
Joined: Mon Nov 07, 2022 7:10 pm

Re: Openvpn random reconnects with error TUN write error:cannot identify IP version for prefix

Post by MattB » Tue Nov 08, 2022 4:15 pm

Ok. I tried excluding it from just the server side last night, but it ended up kicking everyone off and not able to connect back in till i reenabled it. With Untangle, i cant seem to delete the defaults, just exclude. I will try to test what happens if i remove it from windows client and exclude from the server side late tonight when there is no production and see if it functions and work from there.

MattB
OpenVpn Newbie
Posts: 4
Joined: Mon Nov 07, 2022 7:10 pm

Re: Openvpn random reconnects with error TUN write error:cannot identify IP version for prefix

Post by MattB » Wed Nov 09, 2022 3:32 am

Yup looks like clients and server have to have compress removed for the VPN to work. If only one side has compress, VPN doesn't work.
Would have to test when the issue reoccurs to see if it makes a difference, dangerous test tho, as it would cut everyone off and would have to manually have each client update their existing profile. I have also been told to try a different client VPN app as issue might stem with using OpenVPN Connect Client with the community version of OpenVPN.

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Openvpn random reconnects with error TUN write error:cannot identify IP version for prefix

Post by Pippin » Wed Nov 09, 2022 3:51 pm

OpenVPN is moving away from compression.
Better do it now I would think.

Also see here:
https://community.openvpn.net/openvpn/w ... tedOptions
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

Post Reply