Problems with single client

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
horihel
OpenVpn Newbie
Posts: 4
Joined: Wed Sep 04, 2013 8:44 am

Problems with single client

Post by horihel » Wed Sep 04, 2013 8:59 am

I recently rolled out a few clients with OpenVPN 2.3.2 - server is still on 2.2.1 but it should work anyway - and it did during the testing.

Now I have one client on the road who can't connect. The session start already brings warnings:

Code: Select all

BKULAP-13/212.6.239.93:15463 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1546', remote='link-mtu 1542'
Sep  4 10:43:02 linux-vpngw ovpn-headvpn-udp[997]: BKULAP-13/212.6.239.93:15463 WARNING: 'mtu-dynamic' is present in local config but missing in remote config, local='mtu-dynamic'
Sep  4 10:43:02 linux-vpngw ovpn-headvpn-udp[997]: BKULAP-13/212.6.239.93:15463 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep  4 10:43:02 linux-vpngw ovpn-headvpn-udp[997]: BKULAP-13/212.6.239.93:15463 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep  4 10:43:02 linux-vpngw ovpn-headvpn-udp[997]: BKULAP-13/212.6.239.93:15463 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep  4 10:43:02 linux-vpngw ovpn-headvpn-udp[997]: BKULAP-13/212.6.239.93:15463 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
and the connection itself will not carry valid data - lots of errors:

Code: Select all

Sep  4 10:43:10 linux-vpngw ovpn-headvpn-udp[997]: BKULAP-13/212.6.239.93:15463 Bad LZO decompression header byte: 61
Sep  4 10:43:11 linux-vpngw ovpn-headvpn-udp[997]: BKULAP-13/212.6.239.93:15463 Bad LZO decompression header byte: 61
Sep  4 10:54:44 linux-vpngw ovpn-headvpn-udp[997]: BKULAP-13/212.6.239.93:15463 FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
configuration on the server is this (a little bit cleaned up):

Code: Select all

server 10.253.251.0 255.255.255.0
proto udp
lport 1197
dev tun4
fragment 1300 
mssfix
user nobody
group nogroup
fast-io
comp-lzo adaptive
topology subnet
keepalive 10 60                                                                                                                                      
persist-tun                                                                                                                                          
persist-key
and client is basically

Code: Select all

client
dev tun
<connection>
	remote ip 1197 udp
</connection>
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert cert
key key
ns-cert-type server
comp-lzo adaptive
verb 3
fragment 1300
mssfix
this configuration worked beautifully for several versions of openvpn (and different versions of the client) - and now I get these errors.

Why is link-mtu differing? I've never set link-mtu explicitely and I expect it not to differ with the above configuration.
What is "mtu-dynamic" setting? I didn't find it in the manpage.
Top
horihel
OpenVpn Newbie
Posts: 4
Joined: Wed Sep 04, 2013 8:44 am

Re: Problems with single client

Post by horihel » Wed Sep 04, 2013 9:25 am

turns out this problems happens to all 2.3.2 clients - 2.2.3 clients still work fine with the same configuration.
Top
Post Reply

Return to “Installation Help”