OpenVPN client is being disconnected frequently

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
Jamo
OpenVpn Newbie
Posts: 1
Joined: Wed Dec 07, 2022 1:52 pm

OpenVPN client is being disconnected frequently

Post by Jamo » Wed Dec 07, 2022 2:12 pm

Hi All,
we are using OpenVPN for 2 years, and we started to notice that OpenVPN client is being disconnecting and reconnecting frequently.
This happens on all the clients.
if I time the statuses:
  • 1. connected
    2. open SSMS.EXE and query the records in database located on the server in Germany
    3. query is executed in 7 seconds as expected
    4. re-run the same T-SQL query
    5. SMSS.exe reports that connection is lost
    6. OpenVPN reports that connection has been reestablished

Client computer is located in Slovenia, EU, while server is located in around Wurzburg area, Germany.
client settings:
--------------
dev tun
persist-tun
persist-key
cipher AES-256-GCM
auth SHA512
client
resolv-retry infinite
remote 80.154.221.34 1194 udp
lport 0
auth-user-pass
comp-lzo adaptive
<ca>
-----BEGIN CERTIFICATE-----
I have removed the certificate ID value
-----END CERTIFICATE-----
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
I have removed the static key values
-----END OpenVPN Static key V1-----
</tls-auth>
key-direction 1
-----------------------------
------------------------
Log from the client side is:
---
2022-12-07 14:54:30 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-12-07 14:54:30 OpenVPN 2.5.8 [git:none/0357ceb877687faa] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 2 2022
2022-12-07 14:54:30 Windows version 10.0 (Windows 10 or greater) 64bit
2022-12-07 14:54:30 library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10
2022-12-07 14:54:31 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2022-12-07 14:54:31 TCP/UDP: Preserving recently used remote address: [AF_INET]80.154.221.34:1194
2022-12-07 14:54:31 UDP link local (bound): [AF_INET][undef]:0
2022-12-07 14:54:31 UDP link remote: [AF_INET]80.154.221.34:1194
2022-12-07 14:54:31 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2022-12-07 14:54:31 [wk_vpn_server] Peer Connection Initiated with [AF_INET]80.154.221.34:1194
2022-12-07 14:54:33 open_tun
2022-12-07 14:54:33 tap-windows6 device [OpenVPN TAP-Windows6] opened
2022-12-07 14:54:33 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.50.100.18/255.255.255.252 on interface {56C9BAAD-6D10-4B95-B5D4-120C5F052103} [DHCP-serv: 10.50.100.17, lease-time: 31536000]
2022-12-07 14:54:33 Successful ARP Flush on interface [9] {56C9BAAD-6D10-4B95-B5D4-120C5F052103}
2022-12-07 14:54:33 IPv4 MTU set to 1500 on interface 9 using service
2022-12-07 14:54:39 Initialization Sequence Completed
2022-12-07 14:54:39 Register_dns request sent to the service
2022-12-07 14:56:26 [wk_vpn_server] Inactivity timeout (--ping-restart), restarting
2022-12-07 14:56:26 SIGUSR1[soft,ping-restart] received, process restarting
2022-12-07 14:56:31 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2022-12-07 14:56:31 TCP/UDP: Preserving recently used remote address: [AF_INET]80.154.221.34:1194
2022-12-07 14:56:31 UDP link local (bound): [AF_INET][undef]:0
2022-12-07 14:56:31 UDP link remote: [AF_INET]80.154.221.34:1194
2022-12-07 14:56:31 [wk_vpn_server] Peer Connection Initiated with [AF_INET]80.154.221.34:1194
2022-12-07 14:56:32 Preserving previous TUN/TAP instance: OpenVPN TAP-Windows6
2022-12-07 14:56:32 Initialization Sequence Completed
2022-12-07 14:56:32 Register_dns request sent to the service
2022-12-07 14:58:32 SIGHUP[hard,] received, process restarting
2022-12-07 14:58:32 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-12-07 14:58:32 OpenVPN 2.5.8 [git:none/0357ceb877687faa] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 2 2022
2022-12-07 14:58:32 Windows version 10.0 (Windows 10 or greater) 64bit
2022-12-07 14:58:32 library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10
2022-12-07 14:58:37 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2022-12-07 14:58:37 TCP/UDP: Preserving recently used remote address: [AF_INET]80.154.221.34:1194
2022-12-07 14:58:37 UDP link local (bound): [AF_INET][undef]:0
2022-12-07 14:58:37 UDP link remote: [AF_INET]80.154.221.34:1194
2022-12-07 14:58:37 [wk_vpn_server] Peer Connection Initiated with [AF_INET]80.154.221.34:1194
2022-12-07 14:58:38 open_tun
2022-12-07 14:58:38 tap-windows6 device [OpenVPN TAP-Windows6] opened
2022-12-07 14:58:38 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.50.100.18/255.255.255.252 on interface {56C9BAAD-6D10-4B95-B5D4-120C5F052103} [DHCP-serv: 10.50.100.17, lease-time: 31536000]
2022-12-07 14:58:38 Successful ARP Flush on interface [9] {56C9BAAD-6D10-4B95-B5D4-120C5F052103}
2022-12-07 14:58:38 IPv4 MTU set to 1500 on interface 9 using service
2022-12-07 14:58:43 Initialization Sequence Completed
2022-12-07 14:58:43 Register_dns request sent to the service
2022-12-07 15:00:42 [wk_vpn_server] Inactivity timeout (--ping-restart), restarting
2022-12-07 15:00:42 SIGUSR1[soft,ping-restart] received, process restarting
2022-12-07 15:00:47 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2022-12-07 15:00:47 TCP/UDP: Preserving recently used remote address: [AF_INET]80.154.221.34:1194
2022-12-07 15:00:47 UDP link local (bound): [AF_INET][undef]:0
2022-12-07 15:00:47 UDP link remote: [AF_INET]80.154.221.34:1194
2022-12-07 15:00:47 [wk_vpn_server] Peer Connection Initiated with [AF_INET]80.154.221.34:1194
2022-12-07 15:00:48 Preserving previous TUN/TAP instance: OpenVPN TAP-Windows6
2022-12-07 15:00:48 Initialization Sequence Completed
2022-12-07 15:00:48 Register_dns request sent to the service
2022-12-07 15:02:48 [wk_vpn_server] Inactivity timeout (--ping-restart), restarting
2022-12-07 15:02:48 SIGUSR1[soft,ping-restart] received, process restarting
2022-12-07 15:02:53 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2022-12-07 15:02:53 TCP/UDP: Preserving recently used remote address: [AF_INET]80.154.221.34:1194
2022-12-07 15:02:53 UDP link local (bound): [AF_INET][undef]:0
2022-12-07 15:02:53 UDP link remote: [AF_INET]80.154.221.34:1194
2022-12-07 15:02:53 [wk_vpn_server] Peer Connection Initiated with [AF_INET]80.154.221.34:1194
2022-12-07 15:02:54 Preserving previous TUN/TAP instance: OpenVPN TAP-Windows6
2022-12-07 15:02:54 Initialization Sequence Completed
2022-12-07 15:02:54 Register_dns request sent to the service
2022-12-07 15:04:49 [wk_vpn_server] Inactivity timeout (--ping-restart), restarting
2022-12-07 15:04:49 SIGUSR1[soft,ping-restart] received, process restarting
2022-12-07 15:04:54 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2022-12-07 15:04:54 TCP/UDP: Preserving recently used remote address: [AF_INET]80.154.221.34:1194
2022-12-07 15:04:54 UDP link local (bound): [AF_INET][undef]:0
2022-12-07 15:04:54 UDP link remote: [AF_INET]80.154.221.34:1194
2022-12-07 15:04:55 [wk_vpn_server] Peer Connection Initiated with [AF_INET]80.154.221.34:1194
2022-12-07 15:04:56 Preserving previous TUN/TAP instance: OpenVPN TAP-Windows6
2022-12-07 15:04:56 Initialization Sequence Completed
2022-12-07 15:04:56 Register_dns request sent to the service
2022-12-07 15:06:55 [wk_vpn_server] Inactivity timeout (--ping-restart), restarting
2022-12-07 15:06:55 SIGUSR1[soft,ping-restart] received, process restarting
2022-12-07 15:07:00 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2022-12-07 15:07:00 TCP/UDP: Preserving recently used remote address: [AF_INET]80.154.221.34:1194
2022-12-07 15:07:00 UDP link local (bound): [AF_INET][undef]:0
2022-12-07 15:07:00 UDP link remote: [AF_INET]80.154.221.34:1194
2022-12-07 15:07:00 [wk_vpn_server] Peer Connection Initiated with [AF_INET]80.154.221.34:1194
2022-12-07 15:07:01 Preserving previous TUN/TAP instance: OpenVPN TAP-Windows6
2022-12-07 15:07:01 Initialization Sequence Completed
2022-12-07 15:07:01 Register_dns request sent to the service
2022-12-07 15:09:05 [wk_vpn_server] Inactivity timeout (--ping-restart), restarting
2022-12-07 15:09:05 SIGUSR1[soft,ping-restart] received, process restarting
2022-12-07 15:09:10 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2022-12-07 15:09:10 TCP/UDP: Preserving recently used remote address: [AF_INET]80.154.221.34:1194
2022-12-07 15:09:10 UDP link local (bound): [AF_INET][undef]:0
2022-12-07 15:09:10 UDP link remote: [AF_INET]80.154.221.34:1194
2022-12-07 15:09:10 [wk_vpn_server] Peer Connection Initiated with [AF_INET]80.154.221.34:1194
2022-12-07 15:09:11 Preserving previous TUN/TAP instance: OpenVPN TAP-Windows6
2022-12-07 15:09:11 Initialization Sequence Completed
2022-12-07 15:09:11 Register_dns request sent to the service
2022-12-07 15:11:15 [wk_vpn_server] Inactivity timeout (--ping-restart), restarting
2022-12-07 15:11:15 SIGUSR1[soft,ping-restart] received, process restarting
2022-12-07 15:11:20 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2022-12-07 15:11:20 TCP/UDP: Preserving recently used remote address: [AF_INET]80.154.221.34:1194
2022-12-07 15:11:20 UDP link local (bound): [AF_INET][undef]:0
2022-12-07 15:11:20 UDP link remote: [AF_INET]80.154.221.34:1194
2022-12-07 15:11:20 [wk_vpn_server] Peer Connection Initiated with [AF_INET]80.154.221.34:1194
2022-12-07 15:11:21 Preserving previous TUN/TAP instance: OpenVPN TAP-Windows6
2022-12-07 15:11:21 Initialization Sequence Completed
2022-12-07 15:11:21 Register_dns request sent to the service
---------------------------------------

Thanks for any info,
Damjan

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1118
Joined: Tue Feb 16, 2021 10:41 am

Re: OpenVPN client is being disconnected frequently

Post by openvpn_inc » Fri Dec 09, 2022 11:56 am

Hello Damjan,

The logs clearly show that the connection times out constantly and then reestablishes. And it is always immediately after the connection establishes. It is very likely that the underlying connection has serious issues, or there is a serious misconfiguration that breaks the VPN the moment it is established. I would suggest to do analysis of the underlying connection first. And then analysis of routing table and packet flow when VPN is disconnect and connected and compare.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply