Arbitrary VPN connection dropouts

[theruss]

Hi folks,

I've been grappling with this on and off for a few weeks - I'm wanting to connect to my office's network (about 100km away) from home and am gettiing arbitrary dropouts where I connect to the net, and to servers on the office LAN,but the connection drops after 20-30s with no errors in var/log/messages and am unable to connect either the net or the office LAN

I'm on Fedora 16, OpenVPN 2.2.1, NM 0.9.4-3.

I have a colleague able to connect from his home without issue (He's on Ubuntu) and we both have the same certs/config as we recived our configs from the same sysadmin, so I can only imagine it's something specific to my system.

I have tried the following, mentioned in other forum posts, but to no avail:

Disabled SELinux
Matched client MTU settings with those of server (Used to get an error about this, but no longer)
Increase verbosity of client log (5) = nothing in /var/log/messages
Upgraded NetWorkManager
Disabled Wifi (But using wired connection)

Here's my client.conf

Code: Select all

client
dev tun
proto udp
remote router.myoffice.com 1194
tun-mtu 1500
link-mtu 1558
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert mycert.crt
key mykey.key
tls-auth ta.key 1
cipher AES-256-CBC
comp-lzo
verb 5

NOTE: I added the 2 mtu lines, to resolve a mismatched MTU error - which has since gone. Other than that, my client.conf is the same as my colleague who can connect OK.

Does anyone have any other ideas of what I can try?

Thanks for your time
Russ

[janjust]

might very well be your local router/switch that is dropping UDP traffic - try switching to 'mode tcp' to see if that helps; whilst TCP mode is not ideal it _IS_ a quick&dirty way of finding out if the problem is with your local router/switch.

[theruss]

Thanks a lot for your response, I'll check my router and I'll try to let you know how I go.

Cheers
Russ

[theruss]

@janjust thanks but no dice.

I changed proto udp to proto tcp, tried disabling the firewall on my router. All to no avail.

There doesn't seem to be a setting in my router (DLink DSL-526B) to use/not use UDP.

I also notice that (perhaps expected) that once the VPN connection is established, the IP that my router sits at (192.168.1.1) is no longer accessible via a browser, that is - the router UI isn't accessbile, presumably I'm now acccesing an unused IP on the office network for the duration of the connection prior to dropout, and not my home network.

This reminds me to say that I _used_ to get IP/subnet conflict errors on var/log/messages whenever this dropout happened - where the office IP/subnet range was the same as my own. However, not only is my IP range pretty standard for home networking AFIKT, my colleague who is able to access OK from his Ubuntu machine, also hasn't adjusted his router to accommodate the office network.

I'm keen to solve this, but what you read here, is about the limit o f my networking and routing knowledge

Thanks for your help regardless
Russ

[janjust]

I also notice that (perhaps expected) that once the VPN connection is established, the IP that my router sits at (192.168.1.1) is no longer accessible via a browser,

that is a hint that there is a routing issue... check the routing table before and after OpenVPN connects; if the local network is the same as the remote network (both 192.168.1.0/24) then you'd also see this issue.

A quick&dirty solution might be to add

Code: Select all

route 192.168.1.0 255.255.255.0 net_gateway

to the client config.