SIGUSR1[soft,connection-reset] received, process restarting. constantly! every 5 seconds

[tihon]

I have a good working Openvpn Server 2.5.5. on Ubuntu 22.04.1 LTS and a lot of clients (Ubuntu 18.04 Openvpn 2.4.4) with the same key.
All clients are good, but one client stopped working accidentally
it constantly change ip from server
ip addr | grep 'inet.*tun0' | cut -d ' ' -f 6 - every some seconds - new ip
I don't know how to fix, HELP!!
persist-remote-ip
persist-local-ip - not helped

##.##.##.## - real server ip

client.log: <during 5 sec> (--verb 5)
TCP connection established with [AF_INET]##.##.##.##:1194
TCP_CLIENT link local: (not bound)
TCP_CLIENT link remote: [AF_INET]##.##.##.##:1194
TLS: Initial packet from [AF_INET]##.##.##.##:1194, sid=86b15108 ccdb6028
VERIFY OK: depth=1, CN=server
VERIFY KU OK
Validating certificate extended key usage
++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
VERIFY EKU OK
VERIFY OK: depth=0, CN=server
Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
[server] Peer Connection Initiated with [AF_INET]##.##.##.##:1194
SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
PUSH: Received control message: 'PUSH_REPLY,route 10.100.0.0 255.255.0.0,topology net30,ping 10,ping-restart 120,ifconfig 10.100.4.174 10.100.4.173,peer-id 0,ci
OPTIONS IMPORT: timers and/or timeouts modified
OPTIONS IMPORT: --ifconfig/up options modified
OPTIONS IMPORT: route options modified
OPTIONS IMPORT: peer-id set
OPTIONS IMPORT: adjusting link_mtu to 1627
OPTIONS IMPORT: data channel crypto options modified
Data Channel: using negotiated cipher 'AES-256-GCM'
Data Channel MTU parms [ L:1555 D:1450 EF:55 EB:406 ET:0 EL:3 ]
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Preserving previous TUN/TAP instance: tun0
NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
/sbin/ip route del 10.100.0.0/16
Closing TUN/TAP interface
/sbin/ip addr del dev tun0 local 10.100.4.134 peer 10.100.4.133
ROUTE_GATEWAY 192.168.8.1/255.255.255.0 IFACE=enx0c5b8f279a64 HWADDR=0c:5b:8f:27:9a:64
TUN/TAP device tun0 opened
TUN/TAP TX queue length set to 100
do_ifconfig, tt->did_ifconfig_ipv6_setup=0
/sbin/ip link set dev tun0 up mtu 1500
/sbin/ip addr add dev tun0 local 10.100.4.174 peer 10.100.4.173
/sbin/ip route add 10.100.0.0/16 via 10.100.4.173
Initialization Sequence Completed
Connection reset, restarting [-1]
TCP/UDP: Closing socket
SIGUSR1[soft,connection-reset] received, process restarting
Restart pause, 5 second(s)

server.log:<every 9 seconds> (--verb 5)
WRwRwrWRRwrWR2023-08-07 19:55:05 us=271626 pak/##.##.##.##:42742 [pak] Inactivity timeout (--ping-restart), restarting
2023-08-07 19:55:05 us=271656 pak/##.##.##.##:42742 SIGUSR1[soft,ping-restart] received, client-instance restarting

View Originalclient.conf

1

#

2

3

client

4

5

dev tun

6

7

proto tcp

8

9

remote ##.##.##.## 1194

10

11

resolv-retry infinite

12

13

user nobody

14

15

group nobody

16

17

persist-key

18

19

persist-tun

20

21

ca ca.crt

22

23

cert pak.crt

24

25

key pak.key

26

27

remote-cert-tls server

28

29

tls-auth ta.key 1

30

31

cipher AES-256-CBC

32

33

comp-lzo

34

35

verb 5

36

37

mute 10

38

1

client

2

dev tun

3

proto tcp

4

remote

5

resolv-retry infinite

6

user nobody

7

group nobody

8

persist-key

9

persist-tun

10

ca ca.crt

11

cert pak.crt

12

key pak.key

13

remote-cert-tls server

14

tls-auth ta.key 1

15

cipher AES-256-CBC

16

comp-lzo

17

verb 5

18

mute 10

View Originalserver.conf

1

#

2

3

port 1194

4

5

proto tcp

6

7

dev tun

8

9

ca ca.crt

10

11

cert server.crt

12

13

key server.key

14

15

dh dh.pem

16

17

server 10.100.0.0 255.255.0.0

18

19

ifconfig-pool-persist /var/log/openvpn/ipp.txt

20

21

client-to-client

22

23

duplicate-cn

24

25

keepalive 10 120

26

27

tls-auth ta.key 0

28

29

cipher AES-256-CBC

30

31

comp-lzo

32

33

max-clients 2048

34

35

user nobody

36

37

group nogroup

38

39

persist-key

40

41

persist-tun

42

43

status /var/log/openvpn/openvpn-status.log

44

45

log /var/log/openvpn/openvpn.log

46

47

verb 5

48

1

port 1194

2

proto tcp

3

dev tun

4

ca ca.crt

5

cert server.crt

6

key server.key

7

dh dh.pem

8

server 10.100.0.0 255.255.0.0

9

ifconfig-pool-persist /var/log/openvpn/ipp.txt

10

client-to-client

11

duplicate-cn

12

keepalive 10 120

13

tls-auth ta.key 0

14

cipher AES-256-CBC

15

comp-lzo

16

max-clients 2048

17

user nobody

18

group nogroup

19

persist-key

20

persist-tun

21

status /var/log/openvpn/openvpn-status.log

22

log /var/log/openvpn/openvpn.log

23

verb 5

[ronnie.utas]

Old issue "workaround" that might help someone, This happens to me as well on one specific customer. Probably a newer version of Open VPN would solve this problem but I'm "stucked" with what my customers uses. In my case I switch between working from home and from the office and my guess is that the Open VPN server stores something based on my my last successful connection and then when i connect from my other worksite, OpenVpn have to do soft reset every 5 seconds because my Outgoing IP adress does not match with what is stored on the server side. I tried most things on the client side via a lot of tips on google but nothing worked. My solution was to change the .open file configuration setting and set proto tcp to proto udp and try to connect again. It did not work in my case because the server side did not allow udp. However the server seams to have erased it's settings for my tcp connection because when i switched back to proto tcp and retried my connection it stopped doing this soft resets every 5 seconds and it worked just fine for hours. At least Until next time i change working-site. But then I can try this again as a workaround until my customer upgrades Open VPN Server on his side.