Works only few seconds after start

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
mantius
OpenVpn Newbie
Posts: 6
Joined: Tue Feb 10, 2015 8:10 pm

Works only few seconds after start

Post by mantius » Tue Feb 10, 2015 10:24 pm

I'm using my server with few openvpn clients on Windows 7 and iOS but have problems with Linux Mint.

Seems like everything is ok, no errors in client or server logs, but connection losses in 0-10 seconds after successful start. Nothing happens, processes stays active, nothing appending in logs just any network activity, even ping, through tun0 stops. When it happens client become unable to ping anything except server external ip until openvpn is stopped.

On same client I have Windows 7 installed and openvpn works fine in it.

How can I solve this problem?

Client config:

Code: Select all

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
client
dev tun
proto tcp
remote serv.ext.ip.addr 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /etc/openvpn/k/ca.crt
cert /etc/openvpn/k/i.crt
key /etc/openvpn/k/i.key
ns-cert-type server
comp-lzo
verb 4
Server config:

Code: Select all

local serv.ext.ip.addr
port 1194
proto tcp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir ccd
route 192.168.1.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 4
Client log:

Code: Select all

Wed Feb 11 01:04:45 2015 us=787189 Current Parameter Settings:
Wed Feb 11 01:04:45 2015 us=787315   config = '/etc/openvpn/c.conf'
Wed Feb 11 01:04:45 2015 us=787341   mode = 0
Wed Feb 11 01:04:45 2015 us=787364   persist_config = DISABLED
Wed Feb 11 01:04:45 2015 us=787387   persist_mode = 1
Wed Feb 11 01:04:45 2015 us=787408   show_ciphers = DISABLED
Wed Feb 11 01:04:45 2015 us=787429   show_digests = DISABLED
Wed Feb 11 01:04:45 2015 us=787451   show_engines = DISABLED
Wed Feb 11 01:04:45 2015 us=787472   genkey = DISABLED
Wed Feb 11 01:04:45 2015 us=787493   key_pass_file = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=787514   show_tls_ciphers = DISABLED
Wed Feb 11 01:04:45 2015 us=787535 Connection profiles [default]:
Wed Feb 11 01:04:45 2015 us=787557   proto = tcp-client
Wed Feb 11 01:04:45 2015 us=787578   local = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=787599   local_port = 0
Wed Feb 11 01:04:45 2015 us=787620   remote = 'serv.ext.ip.addr'
Wed Feb 11 01:04:45 2015 us=787641   remote_port = 1194
Wed Feb 11 01:04:45 2015 us=787688   remote_float = DISABLED
Wed Feb 11 01:04:45 2015 us=787709   bind_defined = DISABLED
Wed Feb 11 01:04:45 2015 us=787730   bind_local = DISABLED
Wed Feb 11 01:04:45 2015 us=787753   connect_retry_seconds = 5
Wed Feb 11 01:04:45 2015 us=787774   connect_timeout = 10
Wed Feb 11 01:04:45 2015 us=787795   connect_retry_max = 0
Wed Feb 11 01:04:45 2015 us=787816   socks_proxy_server = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=787837   socks_proxy_port = 0
Wed Feb 11 01:04:45 2015 us=787859   socks_proxy_retry = DISABLED
Wed Feb 11 01:04:45 2015 us=787880   tun_mtu = 1500
Wed Feb 11 01:04:45 2015 us=787901   tun_mtu_defined = ENABLED
Wed Feb 11 01:04:45 2015 us=787922   link_mtu = 1500
Wed Feb 11 01:04:45 2015 us=787943   link_mtu_defined = DISABLED
Wed Feb 11 01:04:45 2015 us=787964   tun_mtu_extra = 0
Wed Feb 11 01:04:45 2015 us=787986   tun_mtu_extra_defined = DISABLED
Wed Feb 11 01:04:45 2015 us=788007   mtu_discover_type = -1
Wed Feb 11 01:04:45 2015 us=788028   fragment = 0
Wed Feb 11 01:04:45 2015 us=788049   mssfix = 1450
Wed Feb 11 01:04:45 2015 us=788071   explicit_exit_notification = 0
Wed Feb 11 01:04:45 2015 us=788095 Connection profiles END
Wed Feb 11 01:04:45 2015 us=788116   remote_random = DISABLED
Wed Feb 11 01:04:45 2015 us=788138   ipchange = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=788159   dev = 'tun'
Wed Feb 11 01:04:45 2015 us=788181   dev_type = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=788202   dev_node = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=788223   lladdr = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=788245   topology = 1
Wed Feb 11 01:04:45 2015 us=788265   tun_ipv6 = DISABLED
Wed Feb 11 01:04:45 2015 us=788286   ifconfig_local = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=788308   ifconfig_remote_netmask = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=788329   ifconfig_noexec = DISABLED
Wed Feb 11 01:04:45 2015 us=788351   ifconfig_nowarn = DISABLED
Wed Feb 11 01:04:45 2015 us=788372   ifconfig_ipv6_local = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=788394   ifconfig_ipv6_netbits = 0
Wed Feb 11 01:04:45 2015 us=788415   ifconfig_ipv6_remote = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=788436   shaper = 0
Wed Feb 11 01:04:45 2015 us=788457   mtu_test = 0
Wed Feb 11 01:04:45 2015 us=788478   mlock = DISABLED
Wed Feb 11 01:04:45 2015 us=788499   keepalive_ping = 0
Wed Feb 11 01:04:45 2015 us=788520   keepalive_timeout = 0
Wed Feb 11 01:04:45 2015 us=788541   inactivity_timeout = 0
Wed Feb 11 01:04:45 2015 us=788563   ping_send_timeout = 0
Wed Feb 11 01:04:45 2015 us=788584   ping_rec_timeout = 0
Wed Feb 11 01:04:45 2015 us=788605   ping_rec_timeout_action = 0
Wed Feb 11 01:04:45 2015 us=788626   ping_timer_remote = DISABLED
Wed Feb 11 01:04:45 2015 us=788647   remap_sigusr1 = 0
Wed Feb 11 01:04:45 2015 us=788668   persist_tun = ENABLED
Wed Feb 11 01:04:45 2015 us=788689   persist_local_ip = DISABLED
Wed Feb 11 01:04:45 2015 us=788710   persist_remote_ip = DISABLED
Wed Feb 11 01:04:45 2015 us=788731   persist_key = ENABLED
Wed Feb 11 01:04:45 2015 us=788752   passtos = DISABLED
Wed Feb 11 01:04:45 2015 us=788773   resolve_retry_seconds = 1000000000
Wed Feb 11 01:04:45 2015 us=788794   username = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=788815   groupname = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=788836   chroot_dir = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=788856   cd_dir = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=788877   writepid = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=788901   up_script = '/etc/openvpn/update-resolv-conf'
Wed Feb 11 01:04:45 2015 us=788923   down_script = '/etc/openvpn/update-resolv-conf'
Wed Feb 11 01:04:45 2015 us=788944   down_pre = DISABLED
Wed Feb 11 01:04:45 2015 us=788965   up_restart = DISABLED
Wed Feb 11 01:04:45 2015 us=788985   up_delay = DISABLED
Wed Feb 11 01:04:45 2015 us=789006   daemon = DISABLED
Wed Feb 11 01:04:45 2015 us=789027   inetd = 0
Wed Feb 11 01:04:45 2015 us=789048   log = DISABLED
Wed Feb 11 01:04:45 2015 us=789069   suppress_timestamps = DISABLED
Wed Feb 11 01:04:45 2015 us=789090   nice = 0
Wed Feb 11 01:04:45 2015 us=789111   verbosity = 4
Wed Feb 11 01:04:45 2015 us=789132   mute = 0
Wed Feb 11 01:04:45 2015 us=789155   gremlin = 0
Wed Feb 11 01:04:45 2015 us=789176   status_file = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=789197   status_file_version = 1
Wed Feb 11 01:04:45 2015 us=789218   status_file_update_freq = 60
Wed Feb 11 01:04:45 2015 us=789239   occ = ENABLED
Wed Feb 11 01:04:45 2015 us=789260   rcvbuf = 65536
Wed Feb 11 01:04:45 2015 us=789281   sndbuf = 65536
Wed Feb 11 01:04:45 2015 us=789315   mark = 0
Wed Feb 11 01:04:45 2015 us=789336   sockflags = 0
Wed Feb 11 01:04:45 2015 us=789357   fast_io = DISABLED
Wed Feb 11 01:04:45 2015 us=789378   lzo = 7
Wed Feb 11 01:04:45 2015 us=789398   route_script = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=789419   route_default_gateway = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=789440   route_default_metric = 0
Wed Feb 11 01:04:45 2015 us=789461   route_noexec = DISABLED
Wed Feb 11 01:04:45 2015 us=789482   route_delay = 0
Wed Feb 11 01:04:45 2015 us=789503   route_delay_window = 30
Wed Feb 11 01:04:45 2015 us=789524   route_delay_defined = DISABLED
Wed Feb 11 01:04:45 2015 us=789545   route_nopull = DISABLED
Wed Feb 11 01:04:45 2015 us=789566   route_gateway_via_dhcp = DISABLED
Wed Feb 11 01:04:45 2015 us=789588   max_routes = 100
Wed Feb 11 01:04:45 2015 us=789608   allow_pull_fqdn = DISABLED
Wed Feb 11 01:04:45 2015 us=789630   management_addr = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=789651   management_port = 0
Wed Feb 11 01:04:45 2015 us=789672   management_user_pass = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=789693   management_log_history_cache = 250
Wed Feb 11 01:04:45 2015 us=789715   management_echo_buffer_size = 100
Wed Feb 11 01:04:45 2015 us=789736   management_write_peer_info_file = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=789757   management_client_user = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=789779   management_client_group = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=789800   management_flags = 0
Wed Feb 11 01:04:45 2015 us=789821   shared_secret_file = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=789842   key_direction = 0
Wed Feb 11 01:04:45 2015 us=789863   ciphername_defined = ENABLED
Wed Feb 11 01:04:45 2015 us=789884   ciphername = 'BF-CBC'
Wed Feb 11 01:04:45 2015 us=789905   authname_defined = ENABLED
Wed Feb 11 01:04:45 2015 us=789926   authname = 'SHA1'
Wed Feb 11 01:04:45 2015 us=789947   prng_hash = 'SHA1'
Wed Feb 11 01:04:45 2015 us=789968   prng_nonce_secret_len = 16
Wed Feb 11 01:04:45 2015 us=789989   keysize = 0
Wed Feb 11 01:04:45 2015 us=790010   engine = DISABLED
Wed Feb 11 01:04:45 2015 us=790031   replay = ENABLED
Wed Feb 11 01:04:45 2015 us=790052   mute_replay_warnings = DISABLED
Wed Feb 11 01:04:45 2015 us=790073   replay_window = 64
Wed Feb 11 01:04:45 2015 us=790094   replay_time = 15
Wed Feb 11 01:04:45 2015 us=790114   packet_id_file = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=790135   use_iv = ENABLED
Wed Feb 11 01:04:45 2015 us=790156   test_crypto = DISABLED
Wed Feb 11 01:04:45 2015 us=790177   tls_server = DISABLED
Wed Feb 11 01:04:45 2015 us=790197   tls_client = ENABLED
Wed Feb 11 01:04:45 2015 us=790218   key_method = 2
Wed Feb 11 01:04:45 2015 us=790239   ca_file = '/etc/openvpn/k/ca.crt'
Wed Feb 11 01:04:45 2015 us=790260   ca_path = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=790280   dh_file = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=790301   cert_file = '/etc/openvpn/k/i.crt'
Wed Feb 11 01:04:45 2015 us=790321   priv_key_file = '/etc/openvpn/k/i.key'
Wed Feb 11 01:04:45 2015 us=790342   pkcs12_file = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=790363   cipher_list = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=790383   tls_verify = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=790404   tls_export_cert = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=790424   verify_x509_type = 0
Wed Feb 11 01:04:45 2015 us=790445   verify_x509_name = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=790466   crl_file = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=790486   ns_cert_type = 1
Wed Feb 11 01:04:45 2015 us=790507   remote_cert_ku[i] = 0
Wed Feb 11 01:04:45 2015 us=790527   remote_cert_ku[i] = 0
Wed Feb 11 01:04:45 2015 us=790548   remote_cert_ku[i] = 0
Wed Feb 11 01:04:45 2015 us=790568   remote_cert_ku[i] = 0
Wed Feb 11 01:04:45 2015 us=790589   remote_cert_ku[i] = 0
Wed Feb 11 01:04:45 2015 us=790609   remote_cert_ku[i] = 0
Wed Feb 11 01:04:45 2015 us=790630   remote_cert_ku[i] = 0
Wed Feb 11 01:04:45 2015 us=790650   remote_cert_ku[i] = 0
Wed Feb 11 01:04:45 2015 us=790670   remote_cert_ku[i] = 0
Wed Feb 11 01:04:45 2015 us=790690   remote_cert_ku[i] = 0
Wed Feb 11 01:04:45 2015 us=790711   remote_cert_ku[i] = 0
Wed Feb 11 01:04:45 2015 us=790731   remote_cert_ku[i] = 0
Wed Feb 11 01:04:45 2015 us=790751   remote_cert_ku[i] = 0
Wed Feb 11 01:04:45 2015 us=790772   remote_cert_ku[i] = 0
Wed Feb 11 01:04:45 2015 us=790792   remote_cert_ku[i] = 0
Wed Feb 11 01:04:45 2015 us=790812   remote_cert_ku[i] = 0
Wed Feb 11 01:04:45 2015 us=790833   remote_cert_eku = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=790854   ssl_flags = 0
Wed Feb 11 01:04:45 2015 us=790874   tls_timeout = 2
Wed Feb 11 01:04:45 2015 us=790895   renegotiate_bytes = 0
Wed Feb 11 01:04:45 2015 us=790915   renegotiate_packets = 0
Wed Feb 11 01:04:45 2015 us=790936   renegotiate_seconds = 3600
Wed Feb 11 01:04:45 2015 us=790957   handshake_window = 60
Wed Feb 11 01:04:45 2015 us=790978   transition_window = 3600
Wed Feb 11 01:04:45 2015 us=790998   single_session = DISABLED
Wed Feb 11 01:04:45 2015 us=791019   push_peer_info = DISABLED
Wed Feb 11 01:04:45 2015 us=791040   tls_exit = DISABLED
Wed Feb 11 01:04:45 2015 us=791060   tls_auth_file = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=791081   pkcs11_protected_authentication = DISABLED
Wed Feb 11 01:04:45 2015 us=791102   pkcs11_protected_authentication = DISABLED
Wed Feb 11 01:04:45 2015 us=791122   pkcs11_protected_authentication = DISABLED
Wed Feb 11 01:04:45 2015 us=791143   pkcs11_protected_authentication = DISABLED
Wed Feb 11 01:04:45 2015 us=791164   pkcs11_protected_authentication = DISABLED
Wed Feb 11 01:04:45 2015 us=791185   pkcs11_protected_authentication = DISABLED
Wed Feb 11 01:04:45 2015 us=791205   pkcs11_protected_authentication = DISABLED
Wed Feb 11 01:04:45 2015 us=791226   pkcs11_protected_authentication = DISABLED
Wed Feb 11 01:04:45 2015 us=791247   pkcs11_protected_authentication = DISABLED
Wed Feb 11 01:04:45 2015 us=791268   pkcs11_protected_authentication = DISABLED
Wed Feb 11 01:04:45 2015 us=791289   pkcs11_protected_authentication = DISABLED
Wed Feb 11 01:04:45 2015 us=791309   pkcs11_protected_authentication = DISABLED
Wed Feb 11 01:04:45 2015 us=791330   pkcs11_protected_authentication = DISABLED
Wed Feb 11 01:04:45 2015 us=791351   pkcs11_protected_authentication = DISABLED
Wed Feb 11 01:04:45 2015 us=791372   pkcs11_protected_authentication = DISABLED
Wed Feb 11 01:04:45 2015 us=791392   pkcs11_protected_authentication = DISABLED
Wed Feb 11 01:04:45 2015 us=791414   pkcs11_private_mode = 00000000
Wed Feb 11 01:04:45 2015 us=791435   pkcs11_private_mode = 00000000
Wed Feb 11 01:04:45 2015 us=791456   pkcs11_private_mode = 00000000
Wed Feb 11 01:04:45 2015 us=791477   pkcs11_private_mode = 00000000
Wed Feb 11 01:04:45 2015 us=791497   pkcs11_private_mode = 00000000
Wed Feb 11 01:04:45 2015 us=791518   pkcs11_private_mode = 00000000
Wed Feb 11 01:04:45 2015 us=791539   pkcs11_private_mode = 00000000
Wed Feb 11 01:04:45 2015 us=791559   pkcs11_private_mode = 00000000
Wed Feb 11 01:04:45 2015 us=791580   pkcs11_private_mode = 00000000
Wed Feb 11 01:04:45 2015 us=791601   pkcs11_private_mode = 00000000
Wed Feb 11 01:04:45 2015 us=791622   pkcs11_private_mode = 00000000
Wed Feb 11 01:04:45 2015 us=791655   pkcs11_private_mode = 00000000
Wed Feb 11 01:04:45 2015 us=791678   pkcs11_private_mode = 00000000
Wed Feb 11 01:04:45 2015 us=791699   pkcs11_private_mode = 00000000
Wed Feb 11 01:04:45 2015 us=791720   pkcs11_private_mode = 00000000
Wed Feb 11 01:04:45 2015 us=791741   pkcs11_private_mode = 00000000
Wed Feb 11 01:04:45 2015 us=791761   pkcs11_cert_private = DISABLED
Wed Feb 11 01:04:45 2015 us=791782   pkcs11_cert_private = DISABLED
Wed Feb 11 01:04:45 2015 us=791803   pkcs11_cert_private = DISABLED
Wed Feb 11 01:04:45 2015 us=791823   pkcs11_cert_private = DISABLED
Wed Feb 11 01:04:45 2015 us=791844   pkcs11_cert_private = DISABLED
Wed Feb 11 01:04:45 2015 us=791864   pkcs11_cert_private = DISABLED
Wed Feb 11 01:04:45 2015 us=791885   pkcs11_cert_private = DISABLED
Wed Feb 11 01:04:45 2015 us=791906   pkcs11_cert_private = DISABLED
Wed Feb 11 01:04:45 2015 us=791929   pkcs11_cert_private = DISABLED
Wed Feb 11 01:04:45 2015 us=791949   pkcs11_cert_private = DISABLED
Wed Feb 11 01:04:45 2015 us=791970   pkcs11_cert_private = DISABLED
Wed Feb 11 01:04:45 2015 us=791991   pkcs11_cert_private = DISABLED
Wed Feb 11 01:04:45 2015 us=792016   pkcs11_cert_private = DISABLED
Wed Feb 11 01:04:45 2015 us=792037   pkcs11_cert_private = DISABLED
Wed Feb 11 01:04:45 2015 us=792058   pkcs11_cert_private = DISABLED
Wed Feb 11 01:04:45 2015 us=792079   pkcs11_cert_private = DISABLED
Wed Feb 11 01:04:45 2015 us=792100   pkcs11_pin_cache_period = -1
Wed Feb 11 01:04:45 2015 us=792122   pkcs11_id = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=792143   pkcs11_id_management = DISABLED
Wed Feb 11 01:04:45 2015 us=792176   server_network = 0.0.0.0
Wed Feb 11 01:04:45 2015 us=792200   server_netmask = 0.0.0.0
Wed Feb 11 01:04:45 2015 us=792232   server_network_ipv6 = ::
Wed Feb 11 01:04:45 2015 us=792254   server_netbits_ipv6 = 0
Wed Feb 11 01:04:45 2015 us=792276   server_bridge_ip = 0.0.0.0
Wed Feb 11 01:04:45 2015 us=792298   server_bridge_netmask = 0.0.0.0
Wed Feb 11 01:04:45 2015 us=792324   server_bridge_pool_start = 0.0.0.0
Wed Feb 11 01:04:45 2015 us=792351   server_bridge_pool_end = 0.0.0.0
Wed Feb 11 01:04:45 2015 us=792374   ifconfig_pool_defined = DISABLED
Wed Feb 11 01:04:45 2015 us=792396   ifconfig_pool_start = 0.0.0.0
Wed Feb 11 01:04:45 2015 us=792419   ifconfig_pool_end = 0.0.0.0
Wed Feb 11 01:04:45 2015 us=792441   ifconfig_pool_netmask = 0.0.0.0
Wed Feb 11 01:04:45 2015 us=792462   ifconfig_pool_persist_filename = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=792483   ifconfig_pool_persist_refresh_freq = 600
Wed Feb 11 01:04:45 2015 us=792504   ifconfig_ipv6_pool_defined = DISABLED
Wed Feb 11 01:04:45 2015 us=792526   ifconfig_ipv6_pool_base = ::
Wed Feb 11 01:04:45 2015 us=792547   ifconfig_ipv6_pool_netbits = 0
Wed Feb 11 01:04:45 2015 us=792568   n_bcast_buf = 256
Wed Feb 11 01:04:45 2015 us=792588   tcp_queue_limit = 64
Wed Feb 11 01:04:45 2015 us=792609   real_hash_size = 256
Wed Feb 11 01:04:45 2015 us=792630   virtual_hash_size = 256
Wed Feb 11 01:04:45 2015 us=792651   client_connect_script = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=792672   learn_address_script = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=792693   client_disconnect_script = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=792714   client_config_dir = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=792735   ccd_exclusive = DISABLED
Wed Feb 11 01:04:45 2015 us=792755   tmp_dir = '/tmp'
Wed Feb 11 01:04:45 2015 us=792776   push_ifconfig_defined = DISABLED
Wed Feb 11 01:04:45 2015 us=792798   push_ifconfig_local = 0.0.0.0
Wed Feb 11 01:04:45 2015 us=792820   push_ifconfig_remote_netmask = 0.0.0.0
Wed Feb 11 01:04:45 2015 us=792844   push_ifconfig_ipv6_defined = DISABLED
Wed Feb 11 01:04:45 2015 us=792867   push_ifconfig_ipv6_local = ::/0
Wed Feb 11 01:04:45 2015 us=792888   push_ifconfig_ipv6_remote = ::
Wed Feb 11 01:04:45 2015 us=792909   enable_c2c = DISABLED
Wed Feb 11 01:04:45 2015 us=792931   duplicate_cn = DISABLED
Wed Feb 11 01:04:45 2015 us=792951   cf_max = 0
Wed Feb 11 01:04:45 2015 us=792972   cf_per = 0
Wed Feb 11 01:04:45 2015 us=792992   max_clients = 1024
Wed Feb 11 01:04:45 2015 us=793013   max_routes_per_client = 256
Wed Feb 11 01:04:45 2015 us=793034   auth_user_pass_verify_script = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=793055   auth_user_pass_verify_script_via_file = DISABLED
Wed Feb 11 01:04:45 2015 us=793076   port_share_host = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=793096   port_share_port = 0
Wed Feb 11 01:04:45 2015 us=793117   client = ENABLED
Wed Feb 11 01:04:45 2015 us=793137   pull = ENABLED
Wed Feb 11 01:04:45 2015 us=793157   auth_user_pass_file = '[UNDEF]'
Wed Feb 11 01:04:45 2015 us=793179 OpenVPN 2.3.2 i686-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
Wed Feb 11 01:04:45 2015 us=793327 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Feb 11 01:04:45 2015 us=794107 LZO compression initialized
Wed Feb 11 01:04:45 2015 us=794233 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Feb 11 01:04:45 2015 us=794305 Socket Buffers: R=[87380->131072] S=[16384->131072]
Wed Feb 11 01:04:45 2015 us=794347 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 11 01:04:45 2015 us=794384 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Feb 11 01:04:45 2015 us=794407 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Feb 11 01:04:45 2015 us=794448 Local Options hash (VER=V4): '69109d17'
Wed Feb 11 01:04:45 2015 us=794477 Expected Remote Options hash (VER=V4): 'c0103fa8'
Wed Feb 11 01:04:45 2015 us=794517 Attempting to establish TCP connection with [AF_INET]serv.ext.ip.addr:1194 [nonblock]
Wed Feb 11 01:04:46 2015 us=794821 TCP connection established with [AF_INET]serv.ext.ip.addr:1194
Wed Feb 11 01:04:46 2015 us=794908 TCPv4_CLIENT link local: [undef]
Wed Feb 11 01:04:46 2015 us=794948 TCPv4_CLIENT link remote: [AF_INET]serv.ext.ip.addr:1194
Wed Feb 11 01:04:46 2015 us=852223 TLS: Initial packet from [AF_INET]serv.ext.ip.addr:1194, sid=942e2afc e8fa620b
Wed Feb 11 01:04:47 2015 us=987723 VERIFY OK: depth=1, C=XX, ST=XX, L=XCity, O=XOrg, OU=XUnit, CN=XCN, name=XName, emailAddress=x@x.x
Wed Feb 11 01:04:47 2015 us=988487 VERIFY OK: nsCertType=SERVER
Wed Feb 11 01:04:47 2015 us=988530 VERIFY OK: depth=0, C=XX, ST=XX, L=XCity, O=XOrg, OU=XUnit, CN=server, name=XName, emailAddress=x@x.x
Wed Feb 11 01:04:50 2015 us=94365 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Feb 11 01:04:50 2015 us=94461 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 11 01:04:50 2015 us=94635 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Feb 11 01:04:50 2015 us=94674 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 11 01:04:50 2015 us=94822 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Feb 11 01:04:50 2015 us=94898 [server] Peer Connection Initiated with [AF_INET]serv.ext.ip.addr:1194
Wed Feb 11 01:04:52 2015 us=165341 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Feb 11 01:04:52 2015 us=316951 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.22 10.8.0.21'
Wed Feb 11 01:04:52 2015 us=317107 OPTIONS IMPORT: timers and/or timeouts modified
Wed Feb 11 01:04:52 2015 us=317128 OPTIONS IMPORT: --ifconfig/up options modified
Wed Feb 11 01:04:52 2015 us=317143 OPTIONS IMPORT: route options modified
Wed Feb 11 01:04:52 2015 us=317157 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Feb 11 01:04:52 2015 us=317406 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=wlan0 HWADDR=00:21:63:97:18:da
Wed Feb 11 01:04:52 2015 us=317799 TUN/TAP device tun0 opened
Wed Feb 11 01:04:52 2015 us=317835 TUN/TAP TX queue length set to 100
Wed Feb 11 01:04:52 2015 us=317862 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Feb 11 01:04:52 2015 us=317902 /sbin/ip link set dev tun0 up mtu 1500
Wed Feb 11 01:04:52 2015 us=319881 /sbin/ip addr add dev tun0 local 10.8.0.22 peer 10.8.0.21
Wed Feb 11 01:04:52 2015 us=321473 /etc/openvpn/update-resolv-conf tun0 1500 1544 10.8.0.22 10.8.0.21 init
dhcp-option DNS 8.8.8.8
Wed Feb 11 01:04:52 2015 us=373567 /sbin/ip route add serv.ext.ip.addr/32 via 192.168.1.1
Wed Feb 11 01:04:52 2015 us=374675 /sbin/ip route add 0.0.0.0/1 via 10.8.0.21
Wed Feb 11 01:04:52 2015 us=375799 /sbin/ip route add 128.0.0.0/1 via 10.8.0.21
Wed Feb 11 01:04:52 2015 us=376980 /sbin/ip route add 10.8.0.1/32 via 10.8.0.21
Wed Feb 11 01:04:52 2015 us=378132 Initialization Sequence Completed
And then just hanging.

Server log:

Code: Select all

Wed Feb 11 01:04:31 2015 us=932909 i/client.ext.ip.addr:51313 Connection reset, restarting [-1]
Wed Feb 11 01:04:31 2015 us=932972 i/client.ext.ip.addr:51313 SIGUSR1[soft,connection-reset] received, client-instance restarting
Wed Feb 11 01:04:31 2015 us=933128 TCP/UDP: Closing socket
Wed Feb 11 01:04:33 2015 us=438926 MULTI: multi_create_instance called
Wed Feb 11 01:04:33 2015 us=439007 Re-using SSL/TLS context
Wed Feb 11 01:04:33 2015 us=439033 LZO compression initialized
Wed Feb 11 01:04:33 2015 us=439115 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Feb 11 01:04:33 2015 us=439136 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 11 01:04:33 2015 us=439264 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Feb 11 01:04:33 2015 us=439279 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Feb 11 01:04:33 2015 us=439300 Local Options hash (VER=V4): 'c0103fa8'
Wed Feb 11 01:04:33 2015 us=439318 Expected Remote Options hash (VER=V4): '69109d17'
Wed Feb 11 01:04:33 2015 us=439340 TCP connection established with [AF_INET]client.ext.ip.addr:51319
Wed Feb 11 01:04:33 2015 us=439355 TCPv4_SERVER link local: [undef]
Wed Feb 11 01:04:33 2015 us=439374 TCPv4_SERVER link remote: [AF_INET]client.ext.ip.addr:51319
Wed Feb 11 01:04:34 2015 us=381832 client.ext.ip.addr:51319 TLS: Initial packet from [AF_INET]client.ext.ip.addr:51319, sid=917593ee c2eae78f
Wed Feb 11 01:04:35 2015 us=849938 client.ext.ip.addr:51319 Connection reset, restarting [0]
Wed Feb 11 01:04:35 2015 us=849995 client.ext.ip.addr:51319 SIGUSR1[soft,connection-reset] received, client-instance restarting
Wed Feb 11 01:04:35 2015 us=850069 TCP/UDP: Closing socket
Wed Feb 11 01:04:46 2015 us=97991 MULTI: multi_create_instance called
Wed Feb 11 01:04:46 2015 us=98076 Re-using SSL/TLS context
Wed Feb 11 01:04:46 2015 us=98107 LZO compression initialized
Wed Feb 11 01:04:46 2015 us=98186 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Feb 11 01:04:46 2015 us=98207 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 11 01:04:46 2015 us=98327 Local Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Wed Feb 11 01:04:46 2015 us=98342 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Wed Feb 11 01:04:46 2015 us=98363 Local Options hash (VER=V4): 'c0103fa8'
Wed Feb 11 01:04:46 2015 us=98381 Expected Remote Options hash (VER=V4): '69109d17'
Wed Feb 11 01:04:46 2015 us=98403 TCP connection established with [AF_INET]client.ext.ip.addr:51321
Wed Feb 11 01:04:46 2015 us=98417 TCPv4_SERVER link local: [undef]
Wed Feb 11 01:04:46 2015 us=98431 TCPv4_SERVER link remote: [AF_INET]client.ext.ip.addr:51321
Wed Feb 11 01:04:46 2015 us=888675 client.ext.ip.addr:51321 TLS: Initial packet from [AF_INET]client.ext.ip.addr:51321, sid=fb3b6dc2 4e9cc088
Wed Feb 11 01:04:49 2015 us=91026 client.ext.ip.addr:51321 VERIFY OK: depth=1, C=XX, ST=XX, L=XCity, O=XOrg, OU=XUnit, CN=XCN, name=XName, emailAddress=x@x.x
Wed Feb 11 01:04:49 2015 us=91184 client.ext.ip.addr:51321 VERIFY OK: depth=0, C=XX, ST=XX, L=XCity, O=XOrg, OU=XUnit, CN=i, name=XName, emailAddress=x@x.x
Wed Feb 11 01:04:50 2015 us=42695 client.ext.ip.addr:51321 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Feb 11 01:04:50 2015 us=42732 client.ext.ip.addr:51321 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 11 01:04:50 2015 us=42791 client.ext.ip.addr:51321 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Feb 11 01:04:50 2015 us=42823 client.ext.ip.addr:51321 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 11 01:04:50 2015 us=249450 client.ext.ip.addr:51321 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Feb 11 01:04:50 2015 us=249516 client.ext.ip.addr:51321 [i] Peer Connection Initiated with [AF_INET]client.ext.ip.addr:51321
Wed Feb 11 01:04:50 2015 us=249571 i/client.ext.ip.addr:51321 OPTIONS IMPORT: reading client specific options from: ccd/i
Wed Feb 11 01:04:50 2015 us=249695 i/client.ext.ip.addr:51321 MULTI_sva: pool returned IPv4=10.8.0.22, IPv6=(Not enabled)
Wed Feb 11 01:04:50 2015 us=249741 i/client.ext.ip.addr:51321 MULTI: Learn: 10.8.0.22 -> i/client.ext.ip.addr:51321
Wed Feb 11 01:04:50 2015 us=249756 i/client.ext.ip.addr:51321 MULTI: primary virtual IP for i/client.ext.ip.addr:51321: 10.8.0.22
Wed Feb 11 01:04:50 2015 us=249770 i/client.ext.ip.addr:51321 MULTI: internal route 192.168.1.0/24 -> i/client.ext.ip.addr:51321
Wed Feb 11 01:04:50 2015 us=249785 i/client.ext.ip.addr:51321 MULTI: Learn: 192.168.1.0/24 -> i/client.ext.ip.addr:51321
Wed Feb 11 01:04:52 2015 us=259365 i/client.ext.ip.addr:51321 PUSH: Received control message: 'PUSH_REQUEST'
Wed Feb 11 01:04:52 2015 us=259420 i/client.ext.ip.addr:51321 send_push_reply(): safe_cap=940
Wed Feb 11 01:04:52 2015 us=259456 i/client.ext.ip.addr:51321 SENT CONTROL [i]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.22 10.8.0.21' (status=1)
Wed Feb 11 01:04:52 2015 us=920421 i/client.ext.ip.addr:51321 MULTI: Learn: 192.168.1.46 -> i/client.ext.ip.addr:51321
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Works only few seconds after start

Post by Traffic » Wed Feb 11, 2015 8:52 am

Please try specifying: --dev tun0 (tun Zero) instead of --dev tun
Top
mantius
OpenVpn Newbie
Posts: 6
Joined: Tue Feb 10, 2015 8:10 pm

Re: Works only few seconds after start

Post by mantius » Wed Feb 11, 2015 9:17 am

Traffic wrote:Please try specifying: --dev tun0 (tun Zero) instead of --dev tun
Thank you. Unfortunately, nothing changes=(
Top
mantius
OpenVpn Newbie
Posts: 6
Joined: Tue Feb 10, 2015 8:10 pm

Re: Works only few seconds after start

Post by mantius » Wed Feb 11, 2015 1:46 pm

I think that server addr in ifconfig is wrong:

Code: Select all

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.22  P-t-P:10.8.0.21  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:48 errors:0 dropped:0 overruns:0 frame:0
          TX packets:159 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:15123 (15.1 KB)  TX bytes:17153 (17.1 KB)
P-t-P:10.8.0.21 - never reachable, real server ip in VPN is 10.8.0.1. When I changing it manually with "ifconfig tun0 pointopoint 10.8.0.1" i got this:

Code: Select all

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.22  P-t-P:10.8.0.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:35 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:3054 (3.0 KB)  TX bytes:2435 (2.4 KB)
But all traffic starts to bypass tun0 throught my default interface like when openvpn is off.
Top
mantius
OpenVpn Newbie
Posts: 6
Joined: Tue Feb 10, 2015 8:10 pm

Re: Works only few seconds after start

Post by mantius » Wed Feb 11, 2015 6:18 pm

Now I've created openvpn connection with network-manager-openvpn where I set custom port 1194. After saving, this options displays as inactive but VPN-connection started in Network Manager works well without disconnections!
I need more time for tests but now I can say that problem is partially solved.
Top
mantius
OpenVpn Newbie
Posts: 6
Joined: Tue Feb 10, 2015 8:10 pm

Re: Works only few seconds after start

Post by mantius » Sat Feb 14, 2015 2:48 pm

After few days of normal work today I faced same problem. Now I've tried different options and multiple reconnects and nothing seems to be working. Then I've saved last working config and made one more reconnect after which it started to work again.
UPD: Nope, disconnects again. I'll try UDP.
UPD2: UDP works much better: no disconnects and stable ping. Problem that on same PC in Windows VPN through UDP causes many losses. Seems like both problems are hardware.
Top
mantius
OpenVpn Newbie
Posts: 6
Joined: Tue Feb 10, 2015 8:10 pm

Re: Works only few seconds after start

Post by mantius » Fri Feb 27, 2015 2:06 pm

After many experiments I've found that problem appears only with my ISP - when I connecting through same router to phone with 3G I have no openvpn disconnects. Then I've read that ISP recommends MTU under 1400, now I've reduced it in my OS from 1500 to 1200 and I think that this is finally solved my problem.
Top
User avatar
Traffic
OpenVPN Protagonist
Posts: 4066
Joined: Sat Aug 09, 2014 11:24 am

Re: Works only few seconds after start

Post by Traffic » Fri Feb 27, 2015 3:14 pm

mantius wrote:I've read that ISP recommends MTU under 1400, now I've reduced it in my OS from 1500 to 1200 and I think that this is finally solved my problem.
Good news.
mantius wrote:I think that server addr in ifconfig is wrong:
Code:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.22 P-t-P:10.8.0.21 Mask:255.255.255.255
This is normal for topology net30

Note also, 10.8.0.21 is not ping-able by design.

See --topology in The Manual v23x
Top
adamf663
OpenVpn Newbie
Posts: 1
Joined: Tue Dec 27, 2016 4:49 am

Re: Works only few seconds after start

Post by adamf663 » Fri Aug 19, 2022 2:11 am

For what it's worth, I had a similar problem. The connection would hang then eventually close.
On the server side, OpenVPN was hosted by pfsense.
The problem was that 'allow multiple sessions for same user' wasn't enabled.
Top
Post Reply

Return to “Server Administration”