Problems with single client
Posted: Wed Sep 04, 2013 8:59 am
I recently rolled out a few clients with OpenVPN 2.3.2 - server is still on 2.2.1 but it should work anyway - and it did during the testing.
Now I have one client on the road who can't connect. The session start already brings warnings:
and the connection itself will not carry valid data - lots of errors:
configuration on the server is this (a little bit cleaned up):
and client is basically
this configuration worked beautifully for several versions of openvpn (and different versions of the client) - and now I get these errors.
Why is link-mtu differing? I've never set link-mtu explicitely and I expect it not to differ with the above configuration.
What is "mtu-dynamic" setting? I didn't find it in the manpage.
Now I have one client on the road who can't connect. The session start already brings warnings:
Code: Select all
BKULAP-13/212.6.239.93:15463 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1546', remote='link-mtu 1542'
Sep 4 10:43:02 linux-vpngw ovpn-headvpn-udp[997]: BKULAP-13/212.6.239.93:15463 WARNING: 'mtu-dynamic' is present in local config but missing in remote config, local='mtu-dynamic'
Sep 4 10:43:02 linux-vpngw ovpn-headvpn-udp[997]: BKULAP-13/212.6.239.93:15463 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep 4 10:43:02 linux-vpngw ovpn-headvpn-udp[997]: BKULAP-13/212.6.239.93:15463 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sep 4 10:43:02 linux-vpngw ovpn-headvpn-udp[997]: BKULAP-13/212.6.239.93:15463 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sep 4 10:43:02 linux-vpngw ovpn-headvpn-udp[997]: BKULAP-13/212.6.239.93:15463 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authenticationCode: Select all
Sep 4 10:43:10 linux-vpngw ovpn-headvpn-udp[997]: BKULAP-13/212.6.239.93:15463 Bad LZO decompression header byte: 61
Sep 4 10:43:11 linux-vpngw ovpn-headvpn-udp[997]: BKULAP-13/212.6.239.93:15463 Bad LZO decompression header byte: 61
Sep 4 10:54:44 linux-vpngw ovpn-headvpn-udp[997]: BKULAP-13/212.6.239.93:15463 FRAG_IN error flags=0xfa2a187b: FRAG_TEST not implemented
Code: Select all
server 10.253.251.0 255.255.255.0
proto udp
lport 1197
dev tun4
fragment 1300
mssfix
user nobody
group nogroup
fast-io
comp-lzo adaptive
topology subnet
keepalive 10 60
persist-tun
persist-key
Code: Select all
client
dev tun
<connection>
remote ip 1197 udp
</connection>
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert cert
key key
ns-cert-type server
comp-lzo adaptive
verb 3
fragment 1300
mssfix
Why is link-mtu differing? I've never set link-mtu explicitely and I expect it not to differ with the above configuration.
What is "mtu-dynamic" setting? I didn't find it in the manpage.