Can't connect more than 59 clients

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
kaczor1984
OpenVpn Newbie
Posts: 6
Joined: Fri Apr 08, 2011 9:39 am

Can't connect more than 59 clients

Post by kaczor1984 » Fri Apr 08, 2011 10:35 am

We are using openvpn to comunicate with our 'hotspots'. All of them are set the same way and connect to one VPN server. But only 59 of them can connect at once and every next request to connect is rejected.
Our server is Ubuntu (karmic) openvpn 2.1~rc19-1ubuntu2
Clients are Debian (lenny) with custom 2.6.38 kernel, openvpn 2.1~rc11-1
client.conf

Code: Select all

client
dev tun
proto tcp
remote our.vpn.server 80
resolv-retry infinite
nobind
user nobody
persist-key
persist-tun
ca /our_chroot/ca.crt
cert /our_chroot/client.crt
key /our_chroot/client.key

chroot /our_chroot
ns-cert-type server
comp-lzo
verb 3
server.conf

Code: Select all

local IP_of_eth0:1
port 80
proto tcp
dev tun
chroot /etc/openvpn/keys
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh keys/dh1024.pem
server 10.123.28.0 255.255.248.0
ifconfig-pool-persist ipp.txt
keepalive 60 120
comp-lzo
user nobody
persist-key
persist-tun
status openvpn-status.log
verb 4
management localhost 7505

logs of this unsuccessfull association

client

Code: Select all

Apr  8 00:16:03 hostname ovpn-client[3391]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Apr  8 00:16:03 hostname ovpn-client[3391]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr  8 00:16:03 hostname ovpn-client[3391]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Apr  8 00:16:03 hostname ovpn-client[3391]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr  8 00:16:03 hostname ovpn-client[3391]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Apr  8 00:16:03 hostname ovpn-client[3391]: [server] Peer Connection Initiated with IP_of_eth0:1_of_server:80
Apr  8 00:16:04 hostname ovpn-client[3391]: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Apr  8 00:16:04 hostname ovpn-client[3391]: event_wait : Interrupted system call (code=4)
Apr  8 00:16:04 hostname ovpn-client[3391]: TCP/UDP: Closing socket
Apr  8 00:16:04 hostname ovpn-client[3391]: SIGTERM[hard,] received, process exiting
server:

Code: Select all

Apr  8 00:16:30 server-hostname ovpn-server[27504]: MULTI: multi_create_instance called
Apr  8 00:16:30 server-hostname ovpn-server[27504]: Re-using SSL/TLS context
Apr  8 00:16:30 server-hostname ovpn-server[27504]: LZO compression initialized
Apr  8 00:16:30 server-hostname ovpn-server[27504]: Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Apr  8 00:16:30 server-hostname ovpn-server[27504]: Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Apr  8 00:16:30 server-hostname ovpn-server[27504]: Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Apr  8 00:16:30 server-hostname ovpn-server[27504]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Apr  8 00:16:30 server-hostname ovpn-server[27504]: Local Options hash (VER=V4): 'c0103fa8'
Apr  8 00:16:30 server-hostname ovpn-server[27504]: Expected Remote Options hash (VER=V4): '69109d17'
Apr  8 00:16:30 server-hostname ovpn-server[27504]: TCP connection established with hotspot-ip:63427
Apr  8 00:16:30 server-hostname ovpn-server[27504]: Socket Buffers: R=[131072->131072] S=[131072->131072]
Apr  8 00:16:30 server-hostname ovpn-server[27504]: TCPv4_SERVER link local: [undef]
Apr  8 00:16:30 server-hostname ovpn-server[27504]: TCPv4_SERVER link remote: hotspot-ip:63427
Apr  8 00:16:31 server-hostname ovpn-server[27504]: hotspot-ip:63427 TLS: Initial packet from hotspot-ip:63427, sid=2d14156c ccc29df7
Apr  8 00:16:34 server-hostname ovpn-server[27504]: hotspot-ip:63427 VERIFY OK: depth=1, /our_cert_info
Apr  8 00:16:34 server-hostname ovpn-server[27504]: hotspot-ip:63427 VERIFY OK: depth=0, /our_cert_info
Apr  8 00:16:35 server-hostname ovpn-server[27504]: hotspot-ip:63427 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Apr  8 00:16:35 server-hostname ovpn-server[27504]: hotspot-ip:63427 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr  8 00:16:35 server-hostname ovpn-server[27504]: hotspot-ip:63427 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Apr  8 00:16:35 server-hostname ovpn-server[27504]: hotspot-ip:63427 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr  8 00:16:35 server-hostname ovpn-server[27504]: hotspot-ip:63427 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Apr  8 00:16:35 server-hostname ovpn-server[27504]: hotspot-ip:63427 [hotspot1580783] Peer Connection Initiated with hotspot-ip:63427
Apr  8 00:16:35 server-hostname ovpn-server[27504]: hotspot1580783/hotspot-ip:63427 MULTI: Learn: 10.123.34.54 -> hotspot1580783/hotspot-ip:63427
Apr  8 00:16:35 server-hostname ovpn-server[27504]: hotspot1580783/hotspot-ip:63427 MULTI: primary virtual IP for hotspot1580783/hotspot-ip:63427: 10.123.34.54
Apr  8 00:16:36 server-hostname ovpn-server[27504]: hotspot1580783/hotspot-ip:63427 PUSH: Received control message: 'PUSH_REQUEST'
Apr  8 00:16:36 server-hostname ovpn-server[27504]: hotspot1580783/hotspot-ip:63427 SENT CONTROL [hotspot1580783]: 'PUSH_REPLY,route 10.123.28.1,topology net30,ping 60,ping-restart 120,ifconfig 10.123.34.54 10.123.34.53' (status=1)
Apr  8 00:16:36 server-hostname ovpn-server[27504]: hotspot1580783/hotspot-ip:63427 Connection reset, restarting [0]
Apr  8 00:16:36 server-hostname ovpn-server[27504]: hotspot1580783/hotspot-ip:63427 SIGUSR1[soft,connection-reset] received, client-instance restarting
Apr  8 00:16:36 server-hostname ovpn-server[27504]: TCP/UDP: Closing socket
Last edited by kaczor1984 on Sat Apr 09, 2011 9:51 am, edited 2 times in total.
Top
User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:
Contact maikcat

Re: Can't connect more than 59 clients

Post by maikcat » Fri Apr 08, 2011 11:04 am

hi there,

can you set verb 5 on server?
also can you update to 2.1.4 version?

Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"
Top
kaczor1984
OpenVpn Newbie
Posts: 6
Joined: Fri Apr 08, 2011 9:39 am

Re: Can't connect more than 59 clients

Post by kaczor1984 » Fri Apr 08, 2011 11:15 am

Won't this version break anything on ubuntu 9.10 (karmic)?
http://build.openvpn.net/downloads/rele ... _amd64.deb

Edit: link to ubuntu version
Edit2: seems I can't upgrade
dpkg: dependency problems prevent configuration of openvpn:
openvpn depends on libssl0.9.8 (>= 0.9.8k-1); however:
Version of libssl0.9.8 on system is 0.9.8g-16ubuntu3.1.
dpkg: error processing openvpn (--install):
dependency problems - leaving unconfigured
Top
User avatar
maikcat
Forum Team
Posts: 4200
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:
Contact maikcat

Re: Can't connect more than 59 clients

Post by maikcat » Fri Apr 08, 2011 12:05 pm

hi there,

>Won't this version break anything on ubuntu 9.10 (karmic)?

stupid me..
you see i have a test setup with ubuntu 10.10 and it uses 2.1.0 (rc19 is a little bit old)

please set verb 5 and post logs.

ps: ubuntu is not my preferred distro..centos is :)

michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"
Top
Douglas
Forum Team
Posts: 285
Joined: Wed Aug 27, 2008 2:41 am

Re: Can't connect more than 59 clients

Post by Douglas » Fri Apr 08, 2011 12:37 pm

I feel like there is a limit of connections per instance..
Top
User avatar
gladiatr72
Forum Team
Posts: 194
Joined: Mon Dec 13, 2010 3:51 pm
Location: Lawrence, KS

Re: Can't connect more than 59 clients

Post by gladiatr72 » Fri Apr 08, 2011 1:25 pm

Try specifying a larger subnet for your --server directive.

-Stephen
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
Top
kaczor1984
OpenVpn Newbie
Posts: 6
Joined: Fri Apr 08, 2011 9:39 am

Re: Can't connect more than 59 clients

Post by kaczor1984 » Fri Apr 08, 2011 3:42 pm

maikcat
I'll post updated logs when i reach limit again - units restart at night and then they will try to connect again. So probably tomorrow morning.

gladiatr72
My subnet is 2048 IP's isn't it?
Top
User avatar
gladiatr72
Forum Team
Posts: 194
Joined: Mon Dec 13, 2010 3:51 pm
Location: Lawrence, KS

Re: Can't connect more than 59 clients

Post by gladiatr72 » Fri Apr 08, 2011 3:51 pm

Kaczor

Indeed. Failure to read carefully on my part :)

-S
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
Top
User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:
Contact janjust

Re: Can't connect more than 59 clients

Post by janjust » Fri Apr 08, 2011 10:09 pm

a couple of things to try:
* comment out ifconfig-pool-persist to see if it makes a difference
* add 'topology subnet'
* post the server log file when it starts up with 'verb 5' - I'd like to see the part where openvpn declares its internal pool space.
Top
kaczor1984
OpenVpn Newbie
Posts: 6
Joined: Fri Apr 08, 2011 9:39 am

Re: Can't connect more than 59 clients

Post by kaczor1984 » Sat Apr 09, 2011 10:29 am

Logs before making any changes:

Code: Select all

Apr  8 13:11:44 e82-103-142-125s ovpn-server[395]: SIGTERM[hard,] received, process exiting
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]: Current Parameter Settings:
...
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]: Connection profiles [default]:
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   proto = tcp-server
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   local = 'server-ip'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   local_port = 80
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   remote = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   remote_port = 80
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   remote_float = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   bind_defined = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   bind_local = ENABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   connect_retry_seconds = 5
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   connect_timeout = 10
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   connect_retry_max = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   socks_proxy_server = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   socks_proxy_port = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   socks_proxy_retry = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]: Connection profiles END
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   remote_random = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ipchange = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   dev = 'tun'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   dev_type = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   dev_node = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   lladdr = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   topology = 1
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   tun_ipv6 = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ifconfig_local = '10.123.28.1'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ifconfig_remote_netmask = '10.123.28.2'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ifconfig_noexec = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ifconfig_nowarn = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   shaper = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   tun_mtu = 1500
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   tun_mtu_defined = ENABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   link_mtu = 1500
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   link_mtu_defined = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   tun_mtu_extra = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   tun_mtu_extra_defined = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   fragment = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   mtu_discover_type = -1
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   mtu_test = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   mlock = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   keepalive_ping = 60
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   keepalive_timeout = 120
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   inactivity_timeout = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ping_send_timeout = 60
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ping_rec_timeout = 240
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ping_rec_timeout_action = 2
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ping_timer_remote = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   remap_sigusr1 = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   explicit_exit_notification = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   persist_tun = ENABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   persist_local_ip = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   persist_remote_ip = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   persist_key = ENABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   mssfix = 1450
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   passtos = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   resolve_retry_seconds = 1000000000
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   username = 'nobody'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   groupname = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   chroot_dir = '/etc/openvpn/keys'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   cd_dir = '/etc/openvpn'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   writepid = '/var/run/openvpn.server.pid'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   up_script = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   down_script = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   down_pre = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   up_restart = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   up_delay = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   daemon = ENABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   inetd = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   log = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   suppress_timestamps = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   nice = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   verbosity = 5
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   mute = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   gremlin = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   status_file = 'openvpn-status.log'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   status_file_version = 1
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   status_file_update_freq = 60
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   occ = ENABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   rcvbuf = 65536
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   sndbuf = 65536
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   sockflags = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   fast_io = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   lzo = 7
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   route_script = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   route_default_gateway = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   route_default_metric = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   route_noexec = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   route_delay = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   route_delay_window = 30
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   route_delay_defined = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   route_nopull = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   route_gateway_via_dhcp = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   allow_pull_fqdn = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   route 10.123.28.0/255.255.248.0/nil/nil
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   management_addr = 'localhost'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   management_port = 7505
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   management_user_pass = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   management_log_history_cache = 250
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   management_echo_buffer_size = 100
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   management_write_peer_info_file = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   management_client_user = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   management_client_group = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   management_flags = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   shared_secret_file = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   key_direction = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ciphername_defined = ENABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ciphername = 'BF-CBC'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   authname_defined = ENABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   authname = 'SHA1'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   prng_hash = 'SHA1'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   prng_nonce_secret_len = 16
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   keysize = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   engine = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   replay = ENABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   mute_replay_warnings = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   replay_window = 64
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   replay_time = 15
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   packet_id_file = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   use_iv = ENABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   test_crypto = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   tls_server = ENABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   tls_client = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   key_method = 2
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ca_file = 'keys/ca.crt'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ca_path = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   dh_file = 'keys/dh1024.pem'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   cert_file = 'keys/server.crt'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   priv_key_file = 'keys/server.key'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   pkcs12_file = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   cipher_list = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   tls_verify = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   tls_remote = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   crl_file = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ns_cert_type = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   remote_cert_ku[i] = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]: last message repeated 15 times
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   remote_cert_eku = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   tls_timeout = 2
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   renegotiate_bytes = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   renegotiate_packets = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   renegotiate_seconds = 3600
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   handshake_window = 60
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   transition_window = 3600
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   single_session = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   tls_exit = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   tls_auth_file = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   pkcs11_protected_authentication = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]: last message repeated 15 times
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   pkcs11_private_mode = 00000000
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]: last message repeated 15 times
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   pkcs11_cert_private = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]: last message repeated 15 times
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   pkcs11_pin_cache_period = -1
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   pkcs11_id = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   pkcs11_id_management = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   server_network = 10.123.28.0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   server_netmask = 255.255.248.0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   server_bridge_ip = 0.0.0.0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   server_bridge_netmask = 0.0.0.0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   server_bridge_pool_start = 0.0.0.0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   server_bridge_pool_end = 0.0.0.0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   push_list = 'route 10.123.28.1,topology net30,ping 60,ping-restart 120'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ifconfig_pool_defined = ENABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ifconfig_pool_start = 10.123.28.4
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ifconfig_pool_end = 10.123.35.251
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ifconfig_pool_netmask = 0.0.0.0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ifconfig_pool_persist_filename = 'ipp.txt'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ifconfig_pool_persist_refresh_freq = 600
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   n_bcast_buf = 256
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   tcp_queue_limit = 64
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   real_hash_size = 256
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   virtual_hash_size = 256
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   client_connect_script = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   learn_address_script = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   client_disconnect_script = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   client_config_dir = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ccd_exclusive = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   tmp_dir = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   push_ifconfig_defined = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   push_ifconfig_local = 0.0.0.0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   push_ifconfig_remote_netmask = 0.0.0.0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   enable_c2c = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   duplicate_cn = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   cf_max = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   cf_per = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   max_clients = 1024
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   max_routes_per_client = 256
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   auth_user_pass_verify_script = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   auth_user_pass_verify_script_via_file = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   ssl_flags = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   port_share_host = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   port_share_port = 0
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   client = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   pull = DISABLED
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]:   auth_user_pass_file = '[UNDEF]'
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]: OpenVPN 2.1_rc19 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]: RESOLVE: NOTE: localhost resolves to 2 addresses, choosing one by random
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]: MANAGEMENT: TCP Socket listening on 127.0.0.1:7505
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]: WARNING: you are using chroot without specifying user and group -- this may cause the chroot jail to be insecure
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]: Diffie-Hellman initialized with 1024 bit key
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]: WARNING: file 'keys/server.key' is group or others accessible
Apr  8 13:11:45 e82-103-142-125s ovpn-server[10883]: /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10883]: TLS-Auth MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10883]: ROUTE default_gateway=gateway-ip
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10883]: TUN/TAP device tun0 opened
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10883]: TUN/TAP TX queue length set to 100
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10883]: /sbin/ifconfig tun0 10.123.28.1 pointopoint 10.123.28.2 mtu 1500
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10883]: /sbin/route add -net 10.123.28.0 netmask 255.255.248.0 gw 10.123.28.2
Apr  8 13:11:46 e82-103-142-125s kernel: [12495676.082974] tun0: Disabled Privacy Extensions
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10883]: Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10887]: chroot to '/etc/openvpn/keys' and cd to '/' succeeded
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10887]: UID set to nobody
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10887]: Listening for incoming TCP connection on server-ip:80
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10887]: Socket Buffers: R=[87380->131072] S=[16384->131072]
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10887]: TCPv4_SERVER link local (bound): server-ip:80
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10887]: TCPv4_SERVER link local (bound): server-ip:80
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10887]: TCPv4_SERVER link remote: [undef]
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10887]: MULTI: multi_init called, r=256 v=256
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10887]: IFCONFIG POOL: base=10.123.28.4 size=510
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10887]: IFCONFIG POOL LIST
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10887]: hotspot1579485,10.123.28.4
396 more lines
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10887]: hotspot1580749,10.123.34.56
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10887]: MULTI: TCP INIT maxclients=1024 maxevents=1028
Apr  8 13:11:46 e82-103-142-125s ovpn-server[10887]: Initialization Sequence Completed
Apr  8 13:11:49 e82-103-142-125s ovpn-server[10887]: MULTI: multi_create_instance called
failed connecting client:

Code: Select all

Apr  9 06:13:09 server-hostname ovpn-server[10887]: hotspot-ip:34323 TLS: Initial packet from hotspot-ip:34323, sid=f8cd24a7 666065e0
Apr  9 06:13:11 server-hostname ovpn-server[10887]: MULTI: multi_create_instance called
Apr  9 06:13:11 server-hostname ovpn-server[10887]: Re-using SSL/TLS context
Apr  9 06:13:11 server-hostname ovpn-server[10887]: LZO compression initialized
Apr  9 06:13:11 server-hostname ovpn-server[10887]: Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Apr  9 06:13:11 server-hostname ovpn-server[10887]: Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Apr  9 06:13:11 server-hostname ovpn-server[10887]: Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Apr  9 06:13:11 server-hostname ovpn-server[10887]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Apr  9 06:13:11 server-hostname ovpn-server[10887]: Local Options hash (VER=V4): 'c0103fa8'
Apr  9 06:13:11 server-hostname ovpn-server[10887]: Expected Remote Options hash (VER=V4): '69109d17'
Apr  9 06:13:11 server-hostname ovpn-server[10887]: TCP connection established with hotspot-ip:50302
Apr  9 06:13:11 server-hostname ovpn-server[10887]: Socket Buffers: R=[131072->131072] S=[131072->131072]
Apr  9 06:13:11 server-hostname ovpn-server[10887]: TCPv4_SERVER link local: [undef]
Apr  9 06:13:11 server-hostname ovpn-server[10887]: TCPv4_SERVER link remote: hotspot-ip:50302
Apr  9 06:13:12 server-hostname ovpn-server[10887]: hotspot-ip:34323 VERIFY OK: depth=1, /our_cert_info
Apr  9 06:13:12 server-hostname ovpn-server[10887]: hotspot-ip:34323 VERIFY OK: depth=0, /our_cert_info
Apr  9 06:13:12 server-hostname ovpn-server[10887]: hotspot1579004/77.62.176.67:34543 TLS: soft reset sec=0 bytes=6195/0 pkts=118/0
Apr  9 06:13:12 server-hostname ovpn-server[10887]: hotspot-ip:34323 Connection reset, restarting [0]
Apr  9 06:13:12 server-hostname ovpn-server[10887]: hotspot-ip:34323 SIGUSR1[soft,connection-reset] received, client-instance restarting
Apr  9 06:13:12 server-hostname ovpn-server[10887]: TCP/UDP: Closing socket
I'll post tomorrow whether changes helped.
Top
User avatar
Bebop
Forum Team
Posts: 301
Joined: Wed Dec 15, 2010 9:24 pm

Re: Can't connect more than 59 clients

Post by Bebop » Mon Apr 11, 2011 7:43 am

janjust wrote:add 'topology subnet'
My guess, this will solve it.
The cure for boredom is curiosity
Top
kaczor1984
OpenVpn Newbie
Posts: 6
Joined: Fri Apr 08, 2011 9:39 am

Re: Can't connect more than 59 clients

Post by kaczor1984 » Mon Apr 11, 2011 8:46 pm

Huh... I can't check it now. Only ~55 units are connected now and I have no more spare units currently to test. I'll let you know did it work when more units will try to connect.

But thank you for help so far.
Top
kaczor1984
OpenVpn Newbie
Posts: 6
Joined: Fri Apr 08, 2011 9:39 am

Re: Can't connect more than 59 clients

Post by kaczor1984 » Tue Apr 12, 2011 9:28 am

Today 61 units are connected so there is a chance it worked. But we'll see whether there will be no more trouble with that. Thank's for help.
Top
User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:
Contact janjust

Re: Can't connect more than 59 clients

Post by janjust » Tue Apr 12, 2011 9:33 am

in theory you can connect a client several times , provided that it has enough tun/tap adapters; just make sure that only the first instances gets the network routes.
Top
Post Reply

Return to “Server Administration”