Page 1 of 1

OpenVPN tunnel drops on one end?

Posted: Sat Nov 24, 2012 7:16 pm
by gfunkdave
I'm experiencing some weird behavior with a new OpenVPN tunnel, and I'm hoping someone can help explain it. This tunnel uses a static key between two routers running Tomato firmware. I have another tunnel on both routers (connected to a third router) using TLS that does not experience this problem.

The issue is that, after a certain amount of time, usually a few minutes or less, I can suddenly not ping from the server router's network to the client's. But I can still ping just fine from the client to the server. And, once I do so, I can suddenly ping from the server to the client once again for another minute or two.

I understand from the below log in the server that the keepalive directive is timing out; what I don't understand is why I can still always ping from the client to the server.

When this happens, the following lines appear in the server's log:

Code: Select all

Nov 24 13:47:50 router daemon.notice openvpn[2988]: Inactivity timeout (--ping-restart), restarting
Nov 24 13:47:50 router daemon.notice openvpn[2988]: TCP/UDP: Closing socket
Nov 24 13:47:50 router daemon.notice openvpn[2988]: /sbin/route del -net 192.168.1.0 netmask 255.255.255.0
Nov 24 13:47:50 router daemon.notice openvpn[2988]: Closing TUN/TAP interface
Nov 24 13:47:50 router daemon.notice openvpn[2988]: /sbin/ifconfig tun21 0.0.0.0
Nov 24 13:47:50 router daemon.notice openvpn[2988]: SIGUSR1[soft,ping-restart] received, process restarting
Nov 24 13:47:50 router daemon.notice openvpn[2988]: Restart pause, 2 second(s)
And the following lines appear in the client's log:

Code: Select all

Nov 24 12:42:39 router daemon.err openvpn[6653]: read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
Nov 24 12:42:39 router daemon.err openvpn[6653]: read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
Nov 24 12:42:39 router daemon.err openvpn[6653]: read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
Nov 24 12:45:01 router user.info init[1]: VPN_LOG_NOTE: 73: VPN Client 1 already running...
The server's config.ovpn is:

Code: Select all

# Automatically generated configuration
daemon
ifconfig 10.10.0.1 10.10.0.2
proto udp
port 1194
dev tun21
cipher AES-256-CBC
comp-lzo adaptive
keepalive 15 60
verb 3
status-version 2
status status
# Custom Configuration
secret /mnt/STICK/openvpn-keys/home-parents.key
route 192.168.1.0 255.255.255.0
And the client's is:

Code: Select all

# Automatically generated configuration
daemon
dev tun12
proto udp
remote xxx.yyy.com 1194
ifconfig 10.10.0.2 10.10.0.1
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo adaptive
cipher AES-256-CBC
verb 3
status-version 2
status status
# Custom Configuration
secret /jffs/home-parents.key
route 192.168.2.0 255.255.255.0
Any ideas? Thanks for any insight.

Re: OpenVPN tunnel drops on one end?

Posted: Thu Dec 13, 2012 10:18 am
by netbear
Hello.
Did you find solution for your problem? Encountered the same issue.

Thanks for advance.

Re: OpenVPN tunnel drops on one end?

Posted: Thu Dec 13, 2012 2:38 pm
by gfunkdave
Yes, I had to add a ping directive to the client's config file. It's:

Code: Select all

ping 30
This causes the client to keep the tunnel active. Not sure why it wasn't doing so before, or why my TLS-based OpenVPN connection doesn't need it.