OpenVPN stops working

Torsten · Post by **Torsten** » Thu Feb 28, 2013 3:59 pm

Hello

i use OpenVPN for more then a year server Linux, Client Windows.

sometimes the TUN Interface get no IP
Ethernet-Adapter LAN-Verbindung:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : TAP-Windows Adapter V9
Physische Adresse . . . . . . . . : 00-FF-DD-B8-AF-67
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja

otherwise it get's an IP
IPv4-Adresse . . . . . . . . . . : 10.8.0.6(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.252
Lease erhalten. . . . . . . . . . : Donnerstag, 28. Februar 2013 16:35:17
Lease läuft ab. . . . . . . . . . : Freitag, 28. Februar 2014 16:35:17
Standardgateway . . . . . . . . . :
DHCP-Server . . . . . . . . . . . : 10.8.0.5
NetBIOS über TCP/IP . . . . . . . : Aktiviert

But i can not Ping the VPN Server or contact the server behind.

All works fine for more than a year. In the last weeks 3 clients are not able to contact a Server behind the tunnel.

Client GUI log:
Thu Feb 28 16:35:13 2013 OpenVPN 2.3.0 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Jan 8 2013
Thu Feb 28 16:35:13 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Feb 28 16:35:13 2013 Need hold release from management interface, waiting...
Thu Feb 28 16:35:14 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Feb 28 16:35:14 2013 MANAGEMENT: CMD 'state on'
Thu Feb 28 16:35:14 2013 MANAGEMENT: CMD 'log all on'
Thu Feb 28 16:35:14 2013 MANAGEMENT: CMD 'hold off'
Thu Feb 28 16:35:14 2013 MANAGEMENT: CMD 'hold release'
Thu Feb 28 16:35:14 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Feb 28 16:35:14 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Feb 28 16:35:14 2013 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Feb 28 16:35:14 2013 MANAGEMENT: >STATE:1362065714,RESOLVE,,,
Thu Feb 28 16:35:14 2013 UDPv4 link local: [undef]
Thu Feb 28 16:35:14 2013 UDPv4 link remote: [AF_INET]77.220.96.226:1194
Thu Feb 28 16:35:14 2013 MANAGEMENT: >STATE:1362065714,WAIT,,,
Thu Feb 28 16:35:14 2013 MANAGEMENT: >STATE:1362065714,AUTH,,,
Thu Feb 28 16:35:14 2013 TLS: Initial packet from [AF_INET]77.220.96.226:1194, sid=6cb75e26 65326cc4
Thu Feb 28 16:35:14 2013 VERIFY OK: depth=1, C=AT, ST=NOE, L=Wr. Neustadt, O=Taoweb consulting, CN=Taoweb consulting CA, emailAddress=office@taoweb.at
Thu Feb 28 16:35:14 2013 VERIFY OK: depth=0, C=AT, ST=NOE, L=Wr. Neustadt, O=Taoweb consulting, CN=server, emailAddress=office@taoweb.at
Thu Feb 28 16:35:15 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Feb 28 16:35:15 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 28 16:35:15 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Feb 28 16:35:15 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 28 16:35:15 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Feb 28 16:35:15 2013 [server] Peer Connection Initiated with [AF_INET]77.220.96.226:1194
Thu Feb 28 16:35:16 2013 MANAGEMENT: >STATE:1362065716,GET_CONFIG,,,
Thu Feb 28 16:35:17 2013 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Thu Feb 28 16:35:17 2013 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Thu Feb 28 16:35:17 2013 OPTIONS IMPORT: timers and/or timeouts modified
Thu Feb 28 16:35:17 2013 OPTIONS IMPORT: --ifconfig/up options modified
Thu Feb 28 16:35:17 2013 OPTIONS IMPORT: route options modified
Thu Feb 28 16:35:17 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Feb 28 16:35:17 2013 MANAGEMENT: >STATE:1362065717,ASSIGN_IP,,10.8.0.6,
Thu Feb 28 16:35:17 2013 open_tun, tt->ipv6=0
Thu Feb 28 16:35:17 2013 TAP-WIN32 device [LAN-Verbindung] opened: \\.\Global\{DDB8AF67-7749-4F2F-84A9-75550B3EBA48}.tap
Thu Feb 28 16:35:17 2013 TAP-Windows Driver Version 9.9
Thu Feb 28 16:35:17 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {DDB8AF67-7749-4F2F-84A9-75550B3EBA48} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Thu Feb 28 16:35:17 2013 Successful ARP Flush on interface [17] {DDB8AF67-7749-4F2F-84A9-755_运_运Vñјü_<7|b3ü[3ü[3VѦïߍñõÊN
Thu Feb 28 16:35:22 2013 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Thu Feb 28 16:35:22 2013 C:\WINDOWS\system32\route.exe ADD 77.220.96.226 MASK 255.255.255.255 10.0.0.138
Thu Feb 28 16:35:22 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Thu Feb 28 16:35:22 2013 Route addition via IPAPI succeeded [adaptive]
Thu Feb 28 16:35:22 2013 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Thu Feb 28 16:35:22 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Thu Feb 28 16:35:22 2013 Route addition via IPAPI succeeded [adaptive]
Thu Feb 28 16:35:22 2013 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Thu Feb 28 16:35:22 2013 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=30 and dwForwardType=4
Thu Feb 28 16:35:22 2013 Route addition via IPAPI succeeded [adaptive]
Thu Feb 28 16:35:22 2013 MANAGEMENT: >STATE:1362065722,ADD_ROUTES,,,
Thu Feb 28 16:35:22 2013 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Thu Feb 28 16:35:22 2013 Route addition via IPAPI succeeded [adaptive]
Thu Feb 28 16:35:22 2013 Initialization Sequence Completed
Thu Feb 28 16:35:22 2013 MANAGEMENT: >STATE:1362065722,CONNECTED,SUCCESS,10.8.0.6,77.220.96.226

server config:
port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
;push "route 192.168.0.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
keepalive 10 120
comp-lzo
;user nobody
;group nobody
persist-key
persist-tun
status openvpn-status.log

client conf:
client
float
dev tun
proto udp
remote triplex.y.com 1194
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo
verb 3

The OpenVPN GUI shows the green Monitor an say client now connected
but i cann't PING the tun0 interface 10.0.8.1 and also no access to the 182.168.0.0 net

Last Sunday it worked perfect but this week not

the client routing table from route PRINT:
IPv4-Routentabelle
===========================================================================
Aktive Routen:
Netzwerkziel Netzwerkmaske Gateway Schnittstelle Metrik
0.0.0.0 0.0.0.0 10.0.0.138 10.0.0.2 30
0.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 30
10.0.0.0 255.255.255.0 Auf Verbindung 10.0.0.2 286
10.0.0.2 255.255.255.255 Auf Verbindung 10.0.0.2 286
10.0.0.138 255.255.255.255 10.0.0.138 10.0.0.2 30
10.0.0.255 255.255.255.255 Auf Verbindung 10.0.0.2 286
10.8.0.1 255.255.255.255 10.8.0.5 10.8.0.6 30
10.8.0.4 255.255.255.252 Auf Verbindung 10.8.0.6 286
10.8.0.6 255.255.255.255 Auf Verbindung 10.8.0.6 286
10.8.0.7 255.255.255.255 Auf Verbindung 10.8.0.6 286
77.220.96.226 255.255.255.255 10.0.0.138 10.0.0.2 30
127.0.0.0 255.0.0.0 Auf Verbindung 127.0.0.1 306
127.0.0.1 255.255.255.255 Auf Verbindung 127.0.0.1 306
127.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
128.0.0.0 128.0.0.0 10.8.0.5 10.8.0.6 30
224.0.0.0 240.0.0.0 Auf Verbindung 127.0.0.1 306
224.0.0.0 240.0.0.0 Auf Verbindung 10.8.0.6 286
224.0.0.0 240.0.0.0 Auf Verbindung 10.0.0.2 286
255.255.255.255 255.255.255.255 Auf Verbindung 127.0.0.1 306
255.255.255.255 255.255.255.255 Auf Verbindung 10.8.0.6 286
255.255.255.255 255.255.255.255 Auf Verbindung 10.0.0.2 286
===========================================================================

Best Regards
Torsten