Constant connect/disconnect

[cjs127]

Can anyone help with the constant connecting/disconnecting i'm seeing in my DD-WRT openvpn client? Server is OpenVPN built into an Orbi RBR50 router.

Here is the client log:

[olog]Clientlog:
20211109 15:57:41 I Attempting to establish TCP connection with [AF_INET]24.51.185.179:12974 [nonblock]
20211109 15:57:41 I TCP connection established with [AF_INET]24.51.185.179:12974
20211109 15:57:41 W --mtu-disc is not supported on this OS
20211109 15:57:41 I TCP_CLIENT link local: (not bound)
20211109 15:57:41 I TCP_CLIENT link remote: [AF_INET]24.51.185.179:12974
20211109 15:57:41 TLS: Initial packet from [AF_INET]24.51.185.179:12974 sid=05b0533d 2ae46a69
20211109 15:57:41 VERIFY KU OK
20211109 15:57:41 Validating certificate extended key usage
20211109 15:57:41 NOTE: --mute triggered...
20211109 15:57:41 4 variation(s) on previous 3 message(s) suppressed by --mute
20211109 15:57:41 I [netgear] Peer Connection Initiated with [AF_INET]24.51.185.179:12974
20211109 15:57:43 SENT CONTROL [netgear]: 'PUSH_REQUEST' (status=1)
20211109 15:57:43 PUSH: Received control message: 'PUSH_REPLY ping 10 ping-restart 120 route-delay 10 route-gateway 10.0.0.1 redirect-gateway def1 peer-id 0 cipher AES-256-GCM'
20211109 15:57:43 OPTIONS IMPORT: timers and/or timeouts modified
20211109 15:57:43 NOTE: --mute triggered...
20211109 15:57:43 5 variation(s) on previous 3 message(s) suppressed by --mute
20211109 15:57:43 Data Channel: using negotiated cipher 'AES-256-GCM'
20211109 15:57:43 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
20211109 15:57:43 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
20211109 15:57:43 I Preserving previous TUN/TAP instance: tap0
20211109 15:57:43 I Initialization Sequence Completed
20211109 16:00:11 I [netgear] Inactivity timeout (--ping-restart) restarting
20211109 16:00:11 I SIGUSR1[soft ping-restart] received process restarting
20211109 16:00:11 Restart pause 5 second(s)
20211109 16:00:16 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20211109 16:00:16 I TCP/UDP: Preserving recently used remote address: [AF_INET]24.51.185.179:12974
20211109 16:00:16 Socket Buffers: R=[87380->360448] S=[16384->360448]
20211109 16:00:16 I Attempting to establish TCP connection with [AF_INET]24.51.185.179:12974 [nonblock]
20211109 16:02:17 N TCP: connect to [AF_INET]24.51.185.179:12974 failed: Operation timed out
20211109 16:02:17 I SIGUSR1[connection failed(soft) init_instance] received process restarting
20211109 16:02:17 Restart pause 5 second(s)
20211109 16:02:22 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20211109 16:02:22 I TCP/UDP: Preserving recently used remote address: [AF_INET]24.51.185.179:12974
20211109 16:02:22 Socket Buffers: R=[87380->360448] S=[16384->360448]
20211109 16:02:22 I Attempting to establish TCP connection with [AF_INET]24.51.185.179:12974 [nonblock]
20211109 16:02:22 I TCP connection established with [AF_INET]24.51.185.179:12974
20211109 16:02:22 W --mtu-disc is not supported on this OS
20211109 16:02:22 I TCP_CLIENT link local: (not bound)
20211109 16:02:22 I TCP_CLIENT link remote: [AF_INET]24.51.185.179:12974
20211109 16:02:22 TLS: Initial packet from [AF_INET]24.51.185.179:12974 sid=0d7906e9 3a8dd5e5
20211109 16:02:23 VERIFY KU OK
20211109 16:02:23 Validating certificate extended key usage
20211109 16:02:23 NOTE: --mute triggered...
20211109 16:02:23 4 variation(s) on previous 3 message(s) suppressed by --mute
20211109 16:02:23 I [netgear] Peer Connection Initiated with [AF_INET]24.51.185.179:12974
20211109 16:02:24 SENT CONTROL [netgear]: 'PUSH_REQUEST' (status=1)
20211109 16:02:24 PUSH: Received control message: 'PUSH_REPLY ping 10 ping-restart 120 route-delay 10 route-gateway 10.0.0.1 redirect-gateway def1 peer-id 0 cipher AES-256-GCM'
20211109 16:02:24 OPTIONS IMPORT: timers and/or timeouts modified
20211109 16:02:24 NOTE: --mute triggered...
20211109 16:02:24 5 variation(s) on previous 3 message(s) suppressed by --mute
20211109 16:02:24 Data Channel: using negotiated cipher 'AES-256-GCM'
20211109 16:02:24 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
20211109 16:02:24 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
20211109 16:02:24 I Preserving previous TUN/TAP instance: tap0
20211109 16:02:24 I Initialization Sequence Completed
20211109 16:05:20 I [netgear] Inactivity timeout (--ping-restart) restarting
20211109 16:05:20 I SIGUSR1[soft ping-restart] received process restarting
20211109 16:05:20 Restart pause 5 second(s)
20211109 16:05:25 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20211109 16:05:25 I TCP/UDP: Preserving recently used remote address: [AF_INET]24.51.185.179:12974
20211109 16:05:25 Socket Buffers: R=[87380->360448] S=[16384->360448]
20211109 16:05:25 I Attempting to establish TCP connection with [AF_INET]24.51.185.179:12974 [nonblock]
20211109 16:07:27 N TCP: connect to [AF_INET]24.51.185.179:12974 failed: Operation timed out
20211109 16:07:27 I SIGUSR1[connection failed(soft) init_instance] received process restarting
20211109 16:07:27 Restart pause 5 second(s)
20211109 16:07:32 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20211109 16:07:32 I TCP/UDP: Preserving recently used remote address: [AF_INET]24.51.185.179:12974
20211109 16:07:32 Socket Buffers: R=[87380->360448] S=[16384->360448]
20211109 16:07:32 I Attempting to establish TCP connection with [AF_INET]24.51.185.179:12974 [nonblock]
20211109 16:07:32 I TCP connection established with [AF_INET]24.51.185.179:12974
20211109 16:07:32 W --mtu-disc is not supported on this OS
20211109 16:07:32 I TCP_CLIENT link local: (not bound)
20211109 16:07:32 I TCP_CLIENT link remote: [AF_INET]24.51.185.179:12974
20211109 16:07:32 TLS: Initial packet from [AF_INET]24.51.185.179:12974 sid=db9a7808 000f2189
20211109 16:07:32 VERIFY KU OK
20211109 16:07:32 Validating certificate extended key usage
20211109 16:07:32 NOTE: --mute triggered...
20211109 16:07:32 4 variation(s) on previous 3 message(s) suppressed by --mute
20211109 16:07:32 I [netgear] Peer Connection Initiated with [AF_INET]24.51.185.179:12974
20211109 16:07:33 SENT CONTROL [netgear]: 'PUSH_REQUEST' (status=1)
20211109 16:07:33 PUSH: Received control message: 'PUSH_REPLY ping 10 ping-restart 120 route-delay 10 route-gateway 10.0.0.1 redirect-gateway def1 peer-id 0 cipher AES-256-GCM'
20211109 16:07:33 OPTIONS IMPORT: timers and/or timeouts modified
20211109 16:07:33 NOTE: --mute triggered...
20211109 16:07:33 5 variation(s) on previous 3 message(s) suppressed by --mute
20211109 16:07:33 Data Channel: using negotiated cipher 'AES-256-GCM'
20211109 16:07:33 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
20211109 16:07:33 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
20211109 16:07:33 I Preserving previous TUN/TAP instance: tap0
20211109 16:07:33 I Initialization Sequence Completed
20211109 16:08:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20211109 16:08:18 D MANAGEMENT: CMD 'state'
20211109 16:08:18 MANAGEMENT: Client disconnected
20211109 16:08:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20211109 16:08:18 D MANAGEMENT: CMD 'state'
20211109 16:08:18 MANAGEMENT: Client disconnected
20211109 16:08:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20211109 16:08:18 D MANAGEMENT: CMD 'status 2'
20211109 16:08:18 MANAGEMENT: Client disconnected
20211109 16:08:18 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20211109 16:08:18 D MANAGEMENT: CMD 'log 500'
19691231 19:00:00[/olog]

[TinCanTech]

See your server log.

[cjs127]

Thanks, but I don't have a server log. Running Orbi RBR50 built in server.

[TinCanTech]

Then ask Orbi how you are supposed to debug problems.

[300000]

20211109 16:05:20 I [netgear] Inactivity timeout (--ping-restart) restarting


You need ping back server to keep connection alive .

Open your openvpn client and add this into it

ping 190


This will cause client auto connect to server again when add into your client config. So just try it will keep your client auto connect and should work for you.

remap-usr1 SIGHUP

[TinCanTech]

You need ping back server to keep connection alive

Received control message: 'PUSH_REPLY ping 10 ping-restart 120

[cjs127]

Then ask Orbi how you are supposed to debug problems.

What in the heck kind of response is this? If you can't be helpful, or better yet, choose not to be, please don't say anything at all. I though this was a "help" or "support" forum. You aren't offering either. I'm truly sorry my ignorance on OpenVPN technology is such a bother to you that you feel the need to insult an individual over it.

[300000]

Is this working for you or openvpn client stil have disconnected when not in use? If it work just let other know your trouble have gone and you are happy now as everything is working.

[TinCanTech]

If you can't be helpful, or better yet, choose not to be, please don't say anything at all

I will say what I like ..

And I bet there is an openvpn log on your server, you just have not bothered to find it.

[cjs127]

I will say what I like ..

What a clown. You think because you have some expertise with this technology you can be a total moron to those that don't. I hope that makes you feel better about yourself.

And I bet there is an openvpn log on your server, you just have not bothered to find it.

There is a log on the server and it's worthless. No detailed output whatsoever. So yeah, I did find it and chose not include because the feedback is garbage.

[TinCanTech]

I will say what-ever I want to, whether you like it or not ..

Freedom of speech.

You have not found your server log ..

[david@nicholsoft.ca]

Hi,
I know this is an old post but I have had random disconnects about every 1 to 2 minutes.
It turns out my public ports (443 and 1194) for OpenVPN where being attacked by 100's of IP's trying to brute force log ins.
Add the necessary rules to block all ip's from these ports and allow rules for the remote site's ip's.
Stabilized my connections a lot.

[zigma99]

How did you add the rules to block all IPs

[Salty]

Anyone finding this - don't set firewall rules! Use tls-auth. See https://openvpn.net/community-resources ... -security/