[Solved] client looses connection even if keepalive is set

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
prius
OpenVpn Newbie
Posts: 17
Joined: Mon Sep 12, 2016 8:37 am

[Solved] client looses connection even if keepalive is set

Post by prius » Mon Sep 12, 2016 8:48 am

Hi

My client configuration is as folow :

-----------------------
dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote server_public_ip 1194 udp
lport 0
verify-x509-name "my_domain" name
pkcs12 /etc/openvpn/backup1303.p12
tls-auth /etc/openvpn/dfrfw1-udp-1194-backup1303-tls.key 1
ns-cert-type server
comp-lzo yes
keepalive 10 60
---------------------------

I can connect to my openvpn server (pfsense) without any problem.

But after a while, the client disconnects even if the keepalive option is set.
As I understand, the keepalive option monitors the connection using pings to the server. In my case, the public server ip is still pingable (even if the vpn connection is down). That's why the keepalive option doesn't restart the client. Correct me if I'm wrong.

Any idea about how to keep my connection alive ?

Many thanks in advance

Regards

Richard

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7177
Joined: Fri Jun 03, 2016 1:17 pm

Re: client looses connection even if keepalive is set

Post by TinCanTech » Mon Sep 12, 2016 12:41 pm

--keepalive is a server side directive ....

prius
OpenVpn Newbie
Posts: 17
Joined: Mon Sep 12, 2016 8:37 am

Re: client looses connection even if keepalive is set

Post by prius » Mon Sep 12, 2016 2:31 pm

Feeling a bit silly right now :D :D
Thanks very much. added the directive to the server. Hope it works

prius
OpenVpn Newbie
Posts: 17
Joined: Mon Sep 12, 2016 8:37 am

Re: client looses connection even if keepalive is set

Post by prius » Mon Sep 12, 2016 3:54 pm

some news...

the keepalive directive is already implemented by default.
I don't understand why my vpn disconnects when no activity is detected

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7177
Joined: Fri Jun 03, 2016 1:17 pm

Re: client looses connection even if keepalive is set

Post by TinCanTech » Mon Sep 12, 2016 4:03 pm

Please post details of your server config. Also, check your server log for related messages.

prius
OpenVpn Newbie
Posts: 17
Joined: Mon Sep 12, 2016 8:37 am

Re: client looses connection even if keepalive is set

Post by prius » Tue Sep 13, 2016 7:07 am

here's my server config

dev ovpns1
verb 1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 192.168.2.11
tls-server
server 192.168.200.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'donzat.fr' 1 "
lport 1194
management /var/etc/openvpn/server1.sock unix
push "route 192.168.199.0 255.255.255.0"
duplicate-cn
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo yes
persist-remote-ip
float

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7177
Joined: Fri Jun 03, 2016 1:17 pm

Re: client looses connection even if keepalive is set

Post by TinCanTech » Tue Sep 13, 2016 11:20 am

OK .. post your logfiles from server and client after using verb 4 in both configs (remove personal data)

prius
OpenVpn Newbie
Posts: 17
Joined: Mon Sep 12, 2016 8:37 am

Re: client looses connection even if keepalive is set

Post by prius » Thu Sep 15, 2016 7:26 am

Here's my client log :

Code: Select all

Tue Sep 13 21:42:56 2016 us=268213 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Sep 13 21:42:56 2016 us=268252 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 13 21:42:56 2016 us=268266 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Sep 13 21:42:56 2016 us=268280 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 13 21:42:56 2016 us=268317 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Sep 13 22:42:55 2016 us=748083 TLS: tls_process: killed expiring key
Tue Sep 13 22:42:56 2016 us=870415 TLS: soft reset sec=0 bytes=48361/0 pkts=706/0
Tue Sep 13 22:42:59 2016 us=570198 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Tue Sep 13 22:42:59 2016 us=570439 VERIFY OK: nsCertType=SERVER
Tue Sep 13 22:42:59 2016 us=570457 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Tue Sep 13 22:42:59 2016 us=570469 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Tue Sep 13 22:43:00 2016 us=233631 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Sep 13 22:43:00 2016 us=233700 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Sep 13 22:43:00 2016 us=233713 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 13 22:43:00 2016 us=233750 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Sep 13 23:42:57 2016 us=109704 TLS: tls_process: killed expiring key
Tue Sep 13 23:43:00 2016 us=461012 TLS: soft reset sec=0 bytes=48498/0 pkts=708/0
Tue Sep 13 23:43:00 2016 us=542832 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Tue Sep 13 23:43:00 2016 us=543043 VERIFY OK: nsCertType=SERVER
Tue Sep 13 23:43:00 2016 us=543061 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Tue Sep 13 23:43:00 2016 us=543073 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Tue Sep 13 23:43:00 2016 us=688426 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Sep 13 23:43:00 2016 us=688456 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 13 23:43:00 2016 us=688470 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Sep 13 23:43:00 2016 us=688502 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 13 23:43:00 2016 us=688545 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 00:43:00 2016 us=436532 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 00:43:00 2016 us=436789 VERIFY OK: nsCertType=SERVER
Wed Sep 14 00:43:00 2016 us=436808 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 00:43:00 2016 us=436819 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 00:43:00 2016 us=584036 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 00:43:00 2016 us=584097 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 00:43:00 2016 us=584112 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 00:43:00 2016 us=584125 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 00:43:00 2016 us=584163 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 01:43:00 2016 us=219672 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 01:43:00 2016 us=219944 VERIFY OK: nsCertType=SERVER
Wed Sep 14 01:43:00 2016 us=219964 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 01:43:00 2016 us=219975 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 01:43:00 2016 us=365999 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 01:43:00 2016 us=366031 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 01:43:00 2016 us=366045 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 01:43:00 2016 us=366058 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 01:43:00 2016 us=366093 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 02:43:00 2016 us=382421 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 02:43:00 2016 us=382669 VERIFY OK: nsCertType=SERVER
Wed Sep 14 02:43:00 2016 us=382687 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 02:43:00 2016 us=382699 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 02:43:00 2016 us=529335 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 02:43:00 2016 us=529363 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 02:43:00 2016 us=529378 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 02:43:00 2016 us=529391 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 02:43:00 2016 us=529429 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 03:43:00 2016 us=204812 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 03:43:00 2016 us=205062 VERIFY OK: nsCertType=SERVER
Wed Sep 14 03:43:00 2016 us=205081 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 03:43:00 2016 us=205092 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 03:43:00 2016 us=356872 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 03:43:00 2016 us=356901 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 03:43:00 2016 us=356931 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 03:43:00 2016 us=356946 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 03:43:00 2016 us=356981 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 04:43:00 2016 us=750833 TLS: soft reset sec=0 bytes=48498/0 pkts=708/0
Wed Sep 14 04:43:00 2016 us=831774 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 04:43:00 2016 us=831993 VERIFY OK: nsCertType=SERVER
Wed Sep 14 04:43:00 2016 us=832011 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 04:43:00 2016 us=832022 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 04:43:00 2016 us=977342 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 04:43:00 2016 us=977370 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 04:43:00 2016 us=977384 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 04:43:00 2016 us=977397 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 04:43:00 2016 us=977433 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 05:43:00 2016 us=378945 TLS: soft reset sec=0 bytes=48498/0 pkts=708/0
Wed Sep 14 05:43:00 2016 us=460221 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 05:43:00 2016 us=460430 VERIFY OK: nsCertType=SERVER
Wed Sep 14 05:43:00 2016 us=460450 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 05:43:00 2016 us=460461 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 05:43:00 2016 us=605775 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 05:43:00 2016 us=605805 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 05:43:00 2016 us=605819 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 05:43:00 2016 us=605833 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 05:43:00 2016 us=605869 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 06:43:00 2016 us=563475 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 06:43:00 2016 us=563740 VERIFY OK: nsCertType=SERVER
Wed Sep 14 06:43:00 2016 us=563760 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 06:43:00 2016 us=563771 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 06:43:00 2016 us=708676 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 06:43:00 2016 us=708702 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 06:43:00 2016 us=708716 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 06:43:00 2016 us=708729 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 06:43:00 2016 us=708764 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 07:43:00 2016 us=394530 TLS: soft reset sec=0 bytes=48498/0 pkts=708/0
Wed Sep 14 07:43:00 2016 us=475739 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 07:43:00 2016 us=475977 VERIFY OK: nsCertType=SERVER
Wed Sep 14 07:43:00 2016 us=475997 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 07:43:00 2016 us=476009 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 07:43:00 2016 us=620880 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 07:43:00 2016 us=620906 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 07:43:00 2016 us=620920 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 07:43:00 2016 us=620933 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 07:43:00 2016 us=620969 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 08:43:00 2016 us=927699 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 08:43:00 2016 us=927942 VERIFY OK: nsCertType=SERVER
Wed Sep 14 08:43:00 2016 us=927961 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 08:43:00 2016 us=927972 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 08:43:01 2016 us=73516 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 08:43:01 2016 us=73544 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 08:43:01 2016 us=73558 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 08:43:01 2016 us=73571 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 08:43:01 2016 us=73606 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 09:43:00 2016 us=550102 TLS: tls_process: killed expiring key
Wed Sep 14 09:43:01 2016 us=506773 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 09:43:01 2016 us=507000 VERIFY OK: nsCertType=SERVER
Wed Sep 14 09:43:01 2016 us=507018 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 09:43:01 2016 us=507030 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 09:43:01 2016 us=663061 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 09:43:01 2016 us=663088 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 09:43:01 2016 us=663102 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 09:43:01 2016 us=663116 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 09:43:01 2016 us=663155 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 10:43:01 2016 us=613952 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 10:43:01 2016 us=614182 VERIFY OK: nsCertType=SERVER
Wed Sep 14 10:43:01 2016 us=614201 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 10:43:01 2016 us=614212 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 10:43:01 2016 us=762141 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 10:43:01 2016 us=762173 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 10:43:01 2016 us=762187 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 10:43:01 2016 us=762201 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 10:43:01 2016 us=762236 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 11:43:01 2016 us=803115 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 11:43:01 2016 us=803369 VERIFY OK: nsCertType=SERVER
Wed Sep 14 11:43:01 2016 us=803389 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 11:43:01 2016 us=803420 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 11:43:01 2016 us=951084 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 11:43:01 2016 us=951110 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 11:43:01 2016 us=951124 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 11:43:01 2016 us=951136 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 11:43:01 2016 us=951171 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 12:43:01 2016 us=703088 TLS: soft reset sec=0 bytes=48498/0 pkts=708/0
Wed Sep 14 12:43:01 2016 us=785667 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 12:43:01 2016 us=785874 VERIFY OK: nsCertType=SERVER
Wed Sep 14 12:43:01 2016 us=785893 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 12:43:01 2016 us=785904 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 12:43:01 2016 us=932345 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 12:43:01 2016 us=932373 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 12:43:01 2016 us=932387 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 12:43:01 2016 us=932401 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 12:43:01 2016 us=932435 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 13:43:01 2016 us=717919 TLS: soft reset sec=0 bytes=48498/0 pkts=708/0
Wed Sep 14 13:43:01 2016 us=801062 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 13:43:01 2016 us=801273 VERIFY OK: nsCertType=SERVER
Wed Sep 14 13:43:01 2016 us=801292 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 13:43:01 2016 us=801304 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 13:43:01 2016 us=950211 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 13:43:01 2016 us=950241 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 13:43:01 2016 us=950256 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 13:43:01 2016 us=950270 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 13:43:01 2016 us=950306 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 14:43:01 2016 us=499682 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 14:43:01 2016 us=499939 VERIFY OK: nsCertType=SERVER
Wed Sep 14 14:43:01 2016 us=499958 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 14:43:01 2016 us=499970 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 14:43:01 2016 us=646398 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 14:43:01 2016 us=646441 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 14:43:01 2016 us=646455 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 14:43:01 2016 us=646469 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 14:43:01 2016 us=646506 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 15:43:01 2016 us=712187 TLS: soft reset sec=0 bytes=48498/0 pkts=708/0
Wed Sep 14 15:43:01 2016 us=796656 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 15:43:01 2016 us=796866 VERIFY OK: nsCertType=SERVER
Wed Sep 14 15:43:01 2016 us=796884 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 15:43:01 2016 us=796895 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 15:43:01 2016 us=943090 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 15:43:01 2016 us=943117 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 15:43:01 2016 us=943131 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 15:43:01 2016 us=943143 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 15:43:01 2016 us=943178 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 16:43:01 2016 us=778432 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 16:43:01 2016 us=778673 VERIFY OK: nsCertType=SERVER
Wed Sep 14 16:43:01 2016 us=778692 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 16:43:01 2016 us=778703 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 16:43:01 2016 us=926584 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 16:43:01 2016 us=926611 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 16:43:01 2016 us=926625 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 16:43:01 2016 us=926638 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 16:43:01 2016 us=926673 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 17:43:01 2016 us=204794 TLS: soft reset sec=0 bytes=48498/0 pkts=708/0
Wed Sep 14 17:43:01 2016 us=286144 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 17:43:01 2016 us=286353 VERIFY OK: nsCertType=SERVER
Wed Sep 14 17:43:01 2016 us=286371 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 17:43:01 2016 us=286383 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 17:43:01 2016 us=431311 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 17:43:01 2016 us=431344 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 17:43:01 2016 us=431359 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 17:43:01 2016 us=431372 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 17:43:01 2016 us=431408 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 18:43:01 2016 us=610240 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 18:43:01 2016 us=610642 VERIFY OK: nsCertType=SERVER
Wed Sep 14 18:43:01 2016 us=610668 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 18:43:01 2016 us=610687 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 18:43:01 2016 us=758123 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 18:43:01 2016 us=758151 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 18:43:01 2016 us=758166 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 18:43:01 2016 us=758205 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 18:43:01 2016 us=758242 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 19:43:01 2016 us=450033 TLS: soft reset sec=0 bytes=48430/0 pkts=707/0
Wed Sep 14 19:43:01 2016 us=664739 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 19:43:01 2016 us=664951 VERIFY OK: nsCertType=SERVER
Wed Sep 14 19:43:01 2016 us=664970 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 19:43:01 2016 us=664981 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 19:43:01 2016 us=996143 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 19:43:01 2016 us=996180 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 19:43:01 2016 us=996195 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 19:43:01 2016 us=996209 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 19:43:01 2016 us=996244 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 20:43:01 2016 us=983002 TLS: soft reset sec=0 bytes=48361/0 pkts=706/0
Wed Sep 14 20:43:02 2016 us=426594 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 20:43:02 2016 us=426845 VERIFY OK: nsCertType=SERVER
Wed Sep 14 20:43:02 2016 us=426866 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 20:43:02 2016 us=426877 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 20:43:03 2016 us=62563 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 20:43:03 2016 us=62624 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 20:43:03 2016 us=62638 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 20:43:03 2016 us=62651 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 20:43:03 2016 us=62689 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 21:43:01 2016 us=476866 TLS: tls_process: killed expiring key
Wed Sep 14 21:43:03 2016 us=576164 TLS: soft reset sec=0 bytes=48224/0 pkts=704/0
Wed Sep 14 21:43:04 2016 us=13093 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 21:43:04 2016 us=13331 VERIFY OK: nsCertType=SERVER
Wed Sep 14 21:43:04 2016 us=13349 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 21:43:04 2016 us=13361 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 21:43:04 2016 us=665174 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 21:43:04 2016 us=665220 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 21:43:04 2016 us=665235 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 21:43:04 2016 us=665249 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 21:43:04 2016 us=665285 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 22:43:03 2016 us=674757 TLS: tls_process: killed expiring key
Wed Sep 14 22:43:04 2016 us=905188 TLS: soft reset sec=0 bytes=48498/0 pkts=708/0
Wed Sep 14 22:43:05 2016 us=340977 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 22:43:05 2016 us=341226 VERIFY OK: nsCertType=SERVER
Wed Sep 14 22:43:05 2016 us=341246 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 22:43:05 2016 us=341282 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 22:43:10 2016 us=333675 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 22:43:10 2016 us=333740 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 22:43:10 2016 us=333754 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 22:43:10 2016 us=333767 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 22:43:10 2016 us=333804 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 14 23:43:04 2016 us=566688 TLS: tls_process: killed expiring key
Wed Sep 14 23:43:10 2016 us=648035 TLS: soft reset sec=0 bytes=48361/0 pkts=706/0
Wed Sep 14 23:43:10 2016 us=729325 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 14 23:43:10 2016 us=729564 VERIFY OK: nsCertType=SERVER
Wed Sep 14 23:43:10 2016 us=729583 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 23:43:10 2016 us=729595 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 14 23:43:10 2016 us=876731 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 23:43:10 2016 us=876791 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 23:43:10 2016 us=876805 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 14 23:43:10 2016 us=876819 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 14 23:43:10 2016 us=876857 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 15 00:43:10 2016 us=538831 TLS: soft reset sec=0 bytes=48498/0 pkts=708/0
Thu Sep 15 00:43:10 2016 us=620153 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Thu Sep 15 00:43:10 2016 us=620394 VERIFY OK: nsCertType=SERVER
Thu Sep 15 00:43:10 2016 us=620413 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Thu Sep 15 00:43:10 2016 us=620424 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Thu Sep 15 00:43:10 2016 us=766650 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 15 00:43:10 2016 us=766728 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 15 00:43:10 2016 us=766746 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 15 00:43:10 2016 us=766761 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 15 00:43:10 2016 us=766802 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 15 01:43:10 2016 us=433760 TLS: soft reset sec=0 bytes=48498/0 pkts=708/0
Thu Sep 15 01:43:10 2016 us=515142 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Thu Sep 15 01:43:10 2016 us=515379 VERIFY OK: nsCertType=SERVER
Thu Sep 15 01:43:10 2016 us=515398 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Thu Sep 15 01:43:10 2016 us=515409 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Thu Sep 15 01:43:10 2016 us=661163 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 15 01:43:10 2016 us=661214 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 15 01:43:10 2016 us=661228 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 15 01:43:10 2016 us=661241 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 15 01:43:10 2016 us=661278 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 15 02:43:10 2016 us=843518 TLS: soft reset sec=0 bytes=48498/0 pkts=708/0
Thu Sep 15 02:43:10 2016 us=924363 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Thu Sep 15 02:43:10 2016 us=924589 VERIFY OK: nsCertType=SERVER
Thu Sep 15 02:43:10 2016 us=924608 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Thu Sep 15 02:43:10 2016 us=924620 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Thu Sep 15 02:43:11 2016 us=69980 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 15 02:43:11 2016 us=70055 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 15 02:43:11 2016 us=70082 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 15 02:43:11 2016 us=70107 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 15 02:43:11 2016 us=70163 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 15 03:43:10 2016 us=798199 TLS: tls_process: killed expiring key
Thu Sep 15 03:43:11 2016 us=687742 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Thu Sep 15 03:43:11 2016 us=687979 VERIFY OK: nsCertType=SERVER
Thu Sep 15 03:43:11 2016 us=687998 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Thu Sep 15 03:43:11 2016 us=688009 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Thu Sep 15 03:43:11 2016 us=834132 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 15 03:43:11 2016 us=834193 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 15 03:43:11 2016 us=834207 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 15 03:43:11 2016 us=834221 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 15 03:43:11 2016 us=834259 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 15 04:43:11 2016 us=466868 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Thu Sep 15 04:43:11 2016 us=467108 VERIFY OK: nsCertType=SERVER
Thu Sep 15 04:43:11 2016 us=467127 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Thu Sep 15 04:43:11 2016 us=467138 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Thu Sep 15 04:43:11 2016 us=612479 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 15 04:43:11 2016 us=612538 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 15 04:43:11 2016 us=612553 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 15 04:43:11 2016 us=612566 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 15 04:43:11 2016 us=612605 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 15 05:43:11 2016 us=616969 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Thu Sep 15 05:43:11 2016 us=617324 VERIFY OK: nsCertType=SERVER
Thu Sep 15 05:43:11 2016 us=617352 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Thu Sep 15 05:43:11 2016 us=617369 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Thu Sep 15 05:43:11 2016 us=763259 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 15 05:43:11 2016 us=763321 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 15 05:43:11 2016 us=763336 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 15 05:43:11 2016 us=763377 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 15 05:43:11 2016 us=763417 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 15 06:43:11 2016 us=997143 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Thu Sep 15 06:43:11 2016 us=997398 VERIFY OK: nsCertType=SERVER
Thu Sep 15 06:43:11 2016 us=997418 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Thu Sep 15 06:43:11 2016 us=997443 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Thu Sep 15 06:43:12 2016 us=142726 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 15 06:43:12 2016 us=142756 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 15 06:43:12 2016 us=142787 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 15 06:43:12 2016 us=142801 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 15 06:43:12 2016 us=142837 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 15 07:43:11 2016 us=817185 TLS: tls_process: killed expiring key
Thu Sep 15 07:43:12 2016 us=233941 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Thu Sep 15 07:43:12 2016 us=234177 VERIFY OK: nsCertType=SERVER
Thu Sep 15 07:43:12 2016 us=234195 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Thu Sep 15 07:43:12 2016 us=234207 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Thu Sep 15 07:43:12 2016 us=379485 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 15 07:43:12 2016 us=379547 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 15 07:43:12 2016 us=379561 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 15 07:43:12 2016 us=379575 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 15 07:43:12 2016 us=379614 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 15 08:43:13 2016 us=94959 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Thu Sep 15 08:43:13 2016 us=95314 VERIFY OK: nsCertType=SERVER
Thu Sep 15 08:43:13 2016 us=95342 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Thu Sep 15 08:43:13 2016 us=95360 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Thu Sep 15 08:43:13 2016 us=244773 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 15 08:43:13 2016 us=244821 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 15 08:43:13 2016 us=244836 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 15 08:43:13 2016 us=244849 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 15 08:43:13 2016 us=244887 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
and my server log

Code: Select all

Sep 13 09:06:17 	openvpn[85046]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1558 192.168.200.1 192.168.200.2 init
Sep 13 09:06:17 	openvpn[85046]: SIGTERM[hard,] received, process exiting
Sep 13 09:06:17 	openvpn[63589]: OpenVPN 2.3.8 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 21 2015
Sep 13 09:06:17 	openvpn[63589]: library versions: OpenSSL 1.0.1l-freebsd 15 Jan 2015, LZO 2.09
Sep 13 09:06:17 	openvpn[64419]: WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Sep 13 09:06:17 	openvpn[64419]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sep 13 09:06:17 	openvpn[64419]: Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
Sep 13 09:06:17 	openvpn[64419]: TUN/TAP device ovpns1 exists previously, keep at program end
Sep 13 09:06:17 	openvpn[64419]: TUN/TAP device /dev/tun1 opened
Sep 13 09:06:17 	openvpn[64419]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Sep 13 09:06:17 	openvpn[64419]: /sbin/ifconfig ovpns1 192.168.200.1 192.168.200.2 mtu 1500 netmask 255.255.255.255 up
Sep 13 09:06:17 	openvpn[64419]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1558 192.168.200.1 192.168.200.2 init
Sep 13 09:06:17 	openvpn[64419]: UDPv4 link local (bound): [AF_INET]192.168.2.11:1194
Sep 13 09:06:17 	openvpn[64419]: UDPv4 link remote: [undef]
Sep 13 09:06:17 	openvpn[64419]: Initialization Sequence Completed
Sep 13 09:07:10 	openvpn[64419]: ipaddress:58816 [backup1303] Peer Connection Initiated with [AF_INET]ipaddress:58816
Sep 13 09:07:11 	openvpn[64419]: ipaddress:65164 [backup1303] Peer Connection Initiated with [AF_INET]ipaddress:65164
Sep 13 09:07:11 	openvpn[64419]: ipaddress:61879 [backup1303] Peer Connection Initiated with [AF_INET]ipaddress:61879
Sep 13 09:07:12 	openvpn[64419]: backup1303/ipaddress:58816 send_push_reply(): safe_cap=940
Sep 13 09:07:12 	openvpn[64419]: ipaddress:58326 [backup1303] Peer Connection Initiated with [AF_INET]ipaddress:58326
Sep 13 09:07:13 	openvpn[64419]: backup1303/ipaddress:61879 send_push_reply(): safe_cap=940
Sep 13 09:07:13 	openvpn[64419]: backup1303/ipaddress:65164 send_push_reply(): safe_cap=940
Sep 13 09:07:13 	openvpn[64419]: ipaddress:58910 [backup1303] Peer Connection Initiated with [AF_INET]ipaddress:58910
Sep 13 09:07:15 	openvpn[64419]: backup1303/ipaddress:58326 send_push_reply(): safe_cap=940
Sep 13 09:07:16 	openvpn[64419]: backup1303/ipaddress:58910 send_push_reply(): safe_cap=940
Sep 13 09:07:18 	openvpn[64419]: ipaddress:52361 [backup1303] Peer Connection Initiated with [AF_INET]ipaddress:52361
Sep 13 09:07:20 	openvpn[64419]: backup1303/ipaddress:52361 send_push_reply(): safe_cap=940
Sep 13 09:17:46 	openvpn[64419]: ipaddress:62032 [backup1303] Peer Connection Initiated with [AF_INET]ipaddress:62032
Sep 13 09:17:48 	openvpn[64419]: backup1303/ipaddress:62032 send_push_reply(): safe_cap=940
Sep 13 09:19:43 	openvpn[64419]: backup1303/ipaddress:58816 [backup1303] Inactivity timeout (--ping-restart), restarting
Sep 13 13:41:32 	openvpn[64419]: ipaddress:58837 [backup1303] Peer Connection Initiated with [AF_INET]ipaddress:58837
Sep 13 13:41:34 	openvpn[64419]: backup1303/ipaddress:58837 send_push_reply(): safe_cap=940
Sep 13 13:42:12 	openvpn[64419]: ipaddress:58880 [backup1303] Peer Connection Initiated with [AF_INET]ipaddress:58880
Sep 13 13:42:14 	openvpn[64419]: backup1303/ipaddress:58880 send_push_reply(): safe_cap=940
Sep 13 13:42:54 	openvpn[64419]: ipaddress:54921 [backup1303] Peer Connection Initiated with [AF_INET]ipaddress:54921
Sep 13 13:42:57 	openvpn[64419]: backup1303/ipaddress:54921 send_push_reply(): safe_cap=940
Sep 13 13:43:31 	openvpn[64419]: backup1303/ipaddress:62032 [backup1303] Inactivity timeout (--ping-restart), restarting
Sep 13 13:44:04 	openvpn[64419]: backup1303/ipaddress:58837 [backup1303] Inactivity timeout (--ping-restart), restarting
Sep 13 13:44:46 	openvpn[64419]: backup1303/ipaddress:58880 [backup1303] Inactivity timeout (--ping-restart), restarting
Sep 14 14:02:25 	openvpn[64419]: 90.63.255.170:19454 [wpa] Peer Connection Initiated with [AF_INET]90.63.255.170:19454
Sep 14 14:02:25 	openvpn[64419]: wpa/90.63.255.170:19454 MULTI_sva: pool returned IPv4=192.168.200.6, IPv6=(Not enabled)
Sep 14 14:02:27 	openvpn[64419]: wpa/90.63.255.170:19454 send_push_reply(): safe_cap=940
Sep 14 14:22:03 	openvpn[64419]: 90.63.255.170:60625 [wpa] Peer Connection Initiated with [AF_INET]90.63.255.170:60625
Sep 14 14:22:03 	openvpn[64419]: wpa/90.63.255.170:60625 MULTI_sva: pool returned IPv4=192.168.200.10, IPv6=(Not enabled)
Sep 14 14:22:05 	openvpn[64419]: wpa/90.63.255.170:60625 send_push_reply(): safe_cap=940
Sep 14 14:22:43 	openvpn[64419]: wpa/90.63.255.170:19454 [wpa] Inactivity timeout (--ping-restart), restarting
Sep 14 18:51:05 	openvpn[64419]: wpa/90.63.255.170:60625 [wpa] Inactivity timeout (--ping-restart), restarting
Sep 15 08:59:14 	openvpn[64419]: 90.63.255.170:21344 [wpa] Peer Connection Initiated with [AF_INET]90.63.255.170:21344
Sep 15 08:59:14 	openvpn[64419]: wpa/90.63.255.170:21344 MULTI_sva: pool returned IPv4=192.168.200.6, IPv6=(Not enabled)
Sep 15 08:59:16 	openvpn[64419]: wpa/90.63.255.170:21344 send_push_reply(): safe_cap=940
please note that my VPN tunnel is down for a while. My client (backup03) has a scheduled daily backup task at 20:00 and it failed yesterday. Means that the vpn tunnel was down on sep 14 20:00.
I didn't restart it yet....however, I can see logs today (sep 15)...strange....

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7177
Joined: Fri Jun 03, 2016 1:17 pm

Re: client looses connection even if keepalive is set

Post by TinCanTech » Thu Sep 15, 2016 11:26 am

Client log:
prius wrote:Tue Sep 13 22:42:55 2016 us=748083 TLS: tls_process: killed expiring key
Tue Sep 13 22:42:56 2016 us=870415 TLS: soft reset sec=0 bytes=48361/0 pkts=706/0
Tue Sep 13 22:42:59 2016 us=570198 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Tue Sep 13 22:42:59 2016 us=570439 VERIFY OK: nsCertType=SERVER
Tue Sep 13 22:42:59 2016 us=570457 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Tue Sep 13 22:42:59 2016 us=570469 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Tue Sep 13 22:43:00 2016 us=233631 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Sep 13 22:43:00 2016 us=233700 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Sep 13 22:43:00 2016 us=233713 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Sep 13 22:43:00 2016 us=233750 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Sep 13 23:42:57 2016 us=109704 TLS: tls_process: killed expiring key
Regular as clockwork: See --reneg-sec in The Manual v23x

Server log:
prius wrote:Sep 13 09:06:17 openvpn[63589]: OpenVPN 2.3.8 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 21 2015
You may want to check for updates.
prius wrote:Sep 13 09:06:17 openvpn[64419]: WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
This warning is here for good reason.

prius
OpenVpn Newbie
Posts: 17
Joined: Mon Sep 12, 2016 8:37 am

Re: client looses connection even if keepalive is set

Post by prius » Fri Sep 16, 2016 7:51 am

TinCanTech wrote:Regular as clockwork: See --reneg-sec in The Manual v23x
Thanks a bunch. Should I enable it on both server and client sides ?

prius
OpenVpn Newbie
Posts: 17
Joined: Mon Sep 12, 2016 8:37 am

Re: client looses connection even if keepalive is set

Post by prius » Fri Sep 16, 2016 8:09 am

enabled reneg-sec 3600 on both sides.
Also disabled the duplicate-cn option on server.

Hope it works

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7177
Joined: Fri Jun 03, 2016 1:17 pm

Re: client looses connection even if keepalive is set

Post by TinCanTech » Fri Sep 16, 2016 10:19 am

prius wrote:enabled reneg-sec 3600 on both sides.
You read the manual and completely misunderstood it ..
The Manual wrote:Renegotiate data channel key after n seconds (default=3600).
prius wrote:Also disabled the duplicate-cn option on server.

Hope it works
Trial and error:
  • Humans learning how to break computers .. :?

prius
OpenVpn Newbie
Posts: 17
Joined: Mon Sep 12, 2016 8:37 am

Re: client looses connection even if keepalive is set

Post by prius » Fri Sep 16, 2016 1:33 pm

Well,, English is not my native language...so...it's possible that I misunderstood the manunal
I understood 3600 is the default value. Then, no need to specify it if I want to set it to 3600. Or maybe set it to 0 on one side and 3600 on the other. Do you agree ?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7177
Joined: Fri Jun 03, 2016 1:17 pm

Re: client looses connection even if keepalive is set

Post by TinCanTech » Fri Sep 16, 2016 4:08 pm

prius wrote:English is not my native language...so...it's possible that I misunderstood the manunal
prius wrote:Tue Sep 13 22:42:59 2016 us=570457 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
The Manual wrote:--reneg-sec n
  • Renegotiate data channel key after n seconds (default=3600).

    When using dual-factor authentication, note that this default value may cause the end user to be challenged to reauthorize once per hour.

    Also, keep in mind that this option can be used on both the client and server, and whichever uses the lower value will be the one to trigger the renegotiation. A common mistake is to set --reneg-sec to a higher value on either the client or server, while the other side of the connection is still using the default value of 3600 seconds, meaning that the renegotiation will still occur once per 3600 seconds. The solution is to increase --reneg-sec on both the client and server, or set it to 0 on one side of the connection (to disable), and to your chosen value on the other side.
Translated by google:
--reneg-s n
  • Renégocier clé de canal de données après n secondes (par défaut = 3600).

    Lorsque vous utilisez l'authentification à deux facteurs, notez que cette valeur par défaut peut entraîner l'utilisateur final soit contestée d'autoriser à nouveau une fois par heure.

    Aussi, gardez à l'esprit que cette option peut être utilisée à la fois sur le client et le serveur, et quelle que soit utilise la valeur inférieure sera celle de déclencher la renégociation. Une erreur commune est de mettre --reneg-s à une valeur plus élevée sur le client ou le serveur, tandis que l'autre côté de la connexion est toujours en utilisant la valeur par défaut de 3600 secondes, ce qui signifie que la renégociation aura toujours lieu une fois par 3600 secondes . La solution est d'augmenter --reneg-sec à la fois sur le client et le serveur, ou mettre à 0 sur un côté de la connexion (pour désactiver), et à votre valeur choisie de l'autre côté.
https://translate.google.co.uk/

prius
OpenVpn Newbie
Posts: 17
Joined: Mon Sep 12, 2016 8:37 am

Re: client looses connection even if keepalive is set

Post by prius » Wed Sep 21, 2016 2:18 pm

Hi again.

Some more tests.

My current configs :

server :

Code: Select all

dev ovpns1
verb 1
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 192.168.2.11
tls-server
server 192.168.200.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'donzat.fr' 1 "
lport 1194
management /var/etc/openvpn/server1.sock unix
push "route 192.168.199.0 255.255.255.0"
duplicate-cn
ca /var/etc/openvpn/server1.ca 
cert /var/etc/openvpn/server1.cert 
key /var/etc/openvpn/server1.key 
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo yes
persist-remote-ip
float
reneg-sec 3600
client

Code: Select all

dev tun
persist-tun
persist-key
cipher AES-128-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote ip_address 1194 udp
lport 0
verify-x509-name "my_company.fr" name
pkcs12 /etc/openvpn/backup1303.p12
tls-auth /etc/openvpn/dfrfw1-udp-1194-backup1303-tls.key 1
ns-cert-type server
comp-lzo yes
reneg-sec 60
log /var/log/openvpn.log
verb 4
client log :

Code: Select all

Wed Sep 21 16:12:45 2016 us=988465 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 21 16:12:45 2016 us=988520 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 21 16:12:45 2016 us=988535 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 21 16:12:45 2016 us=988549 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 21 16:12:45 2016 us=988587 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Sep 21 16:13:45 2016 us=281134 TLS: soft reset sec=0 bytes=276/0 pkts=4/0
Wed Sep 21 16:13:45 2016 us=362189 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=internal-ca
Wed Sep 21 16:13:45 2016 us=362411 VERIFY OK: nsCertType=SERVER
Wed Sep 21 16:13:45 2016 us=362432 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 21 16:13:45 2016 us=362444 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=my_company, emailAddress=root@my_company.fr, CN=my_company.fr
Wed Sep 21 16:13:45 2016 us=507559 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 21 16:13:45 2016 us=507590 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 21 16:13:45 2016 us=507606 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Sep 21 16:13:45 2016 us=507620 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Sep 21 16:13:45 2016 us=507656 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Nothing wrong on server logs

At the moment, I'm able to ping my openvpn client from the LAN. But while connected to the client, I can't ping the LAN through VPN any more.
of course, "service openvpn restart" solved the problem.....temporarily.

prius
OpenVpn Newbie
Posts: 17
Joined: Mon Sep 12, 2016 8:37 am

Re: client looses connection even if keepalive is set

Post by prius » Thu Sep 22, 2016 9:07 am

Same situation today... I can't ping the lan from the openvpn client.
I noticed that someone else initiated a connnection this morning (with a different account, of course). Maybe a possible cause ?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7177
Joined: Fri Jun 03, 2016 1:17 pm

Re: client looses connection even if keepalive is set

Post by TinCanTech » Thu Sep 22, 2016 11:24 am

Until you post complete server & client logs at --verb 4, showing these disconnects, I can not help.

prius
OpenVpn Newbie
Posts: 17
Joined: Mon Sep 12, 2016 8:37 am

Re: client looses connection even if keepalive is set

Post by prius » Thu Sep 22, 2016 12:01 pm

Thanks.

client logs :

Code: Select all

Thu Sep 22 10:51:42 2016 us=92457 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 10:51:42 2016 us=92471 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 10:51:42 2016 us=92506 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 22 10:52:43 2016 us=111112 TLS: soft reset sec=-1 bytes=276/0 pkts=4/0
Thu Sep 22 10:52:43 2016 us=193425 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=internal-ca
Thu Sep 22 10:52:43 2016 us=193634 VERIFY OK: nsCertType=SERVER
Thu Sep 22 10:52:43 2016 us=193653 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 10:52:43 2016 us=193677 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 10:52:43 2016 us=341764 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 10:52:43 2016 us=341792 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 10:52:43 2016 us=341806 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 10:52:43 2016 us=341820 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 10:52:43 2016 us=341857 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 22 10:53:43 2016 us=599847 TLS: soft reset sec=0 bytes=344/0 pkts=5/0
Thu Sep 22 10:53:43 2016 us=682407 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=internal-ca
Thu Sep 22 10:53:43 2016 us=682617 VERIFY OK: nsCertType=SERVER
Thu Sep 22 10:53:43 2016 us=682636 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 10:53:43 2016 us=682648 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 10:53:43 2016 us=830189 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 10:53:43 2016 us=830220 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 10:53:43 2016 us=830234 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 10:53:43 2016 us=830248 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 10:53:43 2016 us=830283 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 22 10:54:43 2016 us=140315 TLS: soft reset sec=0 bytes=276/0 pkts=4/0
Thu Sep 22 10:54:43 2016 us=222631 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=internal-ca
Thu Sep 22 10:54:43 2016 us=222883 VERIFY OK: nsCertType=SERVER
Thu Sep 22 10:54:43 2016 us=222905 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 10:54:43 2016 us=222917 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 10:54:43 2016 us=370062 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 10:54:43 2016 us=370104 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 10:54:43 2016 us=370119 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 10:54:43 2016 us=370133 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 10:54:43 2016 us=370169 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 22 10:55:43 2016 us=577387 TLS: soft reset sec=0 bytes=276/0 pkts=4/0
Thu Sep 22 10:55:43 2016 us=665019 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=internal-ca
Thu Sep 22 10:55:43 2016 us=665232 VERIFY OK: nsCertType=SERVER
Thu Sep 22 10:55:43 2016 us=665251 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 10:55:43 2016 us=665263 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 10:55:43 2016 us=820275 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 10:55:43 2016 us=820312 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 10:55:43 2016 us=820328 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 10:55:43 2016 us=820342 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 10:55:43 2016 us=820379 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 22 10:56:43 2016 us=171320 TLS: soft reset sec=0 bytes=344/0 pkts=5/0
Thu Sep 22 10:56:43 2016 us=255023 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=internal-ca
Thu Sep 22 10:56:43 2016 us=255236 VERIFY OK: nsCertType=SERVER
Thu Sep 22 10:56:43 2016 us=255255 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 10:56:43 2016 us=255267 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 10:56:43 2016 us=419607 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 10:56:43 2016 us=419642 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 10:56:43 2016 us=419656 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 10:56:43 2016 us=419671 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 10:56:43 2016 us=419706 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 22 10:57:43 2016 us=366059 TLS: soft reset sec=0 bytes=275/0 pkts=4/0
Thu Sep 22 10:57:43 2016 us=450901 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=internal-ca
Thu Sep 22 10:57:43 2016 us=451166 VERIFY OK: nsCertType=SERVER
Thu Sep 22 10:57:43 2016 us=451185 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 10:57:43 2016 us=451196 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 10:57:43 2016 us=608237 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 10:57:43 2016 us=608297 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 10:57:43 2016 us=608312 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 10:57:43 2016 us=608326 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 10:57:43 2016 us=608363 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 22 10:58:43 2016 us=518206 TLS: soft reset sec=0 bytes=276/0 pkts=4/0
Thu Sep 22 10:58:43 2016 us=602103 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=internal-ca
Thu Sep 22 10:58:43 2016 us=602313 VERIFY OK: nsCertType=SERVER
Thu Sep 22 10:58:43 2016 us=602332 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 10:58:43 2016 us=602344 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 10:58:43 2016 us=752357 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 10:58:43 2016 us=752384 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 10:58:43 2016 us=752399 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 10:58:43 2016 us=752412 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 10:58:43 2016 us=752448 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 22 10:59:43 2016 us=544794 TLS: soft reset sec=0 bytes=344/0 pkts=5/0
Thu Sep 22 10:59:43 2016 us=627822 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=internal-ca
Thu Sep 22 10:59:43 2016 us=628031 VERIFY OK: nsCertType=SERVER
Thu Sep 22 10:59:43 2016 us=628050 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 10:59:43 2016 us=628061 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 10:59:43 2016 us=773904 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 10:59:43 2016 us=773932 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 10:59:43 2016 us=773946 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 10:59:43 2016 us=773960 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 10:59:43 2016 us=773996 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 22 11:00:43 2016 us=334065 TLS: soft reset sec=0 bytes=344/0 pkts=5/0
Thu Sep 22 11:00:43 2016 us=420561 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=internal-ca
Thu Sep 22 11:00:43 2016 us=420772 VERIFY OK: nsCertType=SERVER
Thu Sep 22 11:00:43 2016 us=420791 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 11:00:43 2016 us=420803 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 11:00:43 2016 us=566603 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 11:00:43 2016 us=566631 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 11:00:43 2016 us=566646 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 11:00:43 2016 us=566679 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 11:00:43 2016 us=566728 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 22 11:01:43 2016 us=353566 TLS: soft reset sec=0 bytes=344/0 pkts=5/0
Thu Sep 22 11:01:43 2016 us=435527 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=internal-ca
Thu Sep 22 11:01:43 2016 us=435735 VERIFY OK: nsCertType=SERVER
Thu Sep 22 11:01:43 2016 us=435754 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 11:01:43 2016 us=435766 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 11:01:43 2016 us=581853 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 11:01:43 2016 us=581887 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 11:01:43 2016 us=581901 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 11:01:43 2016 us=581916 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 11:01:43 2016 us=581951 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 22 11:02:43 2016 us=397833 TLS: soft reset sec=0 bytes=344/0 pkts=5/0
Thu Sep 22 11:02:43 2016 us=479925 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=internal-ca
Thu Sep 22 11:02:43 2016 us=480133 VERIFY OK: nsCertType=SERVER
Thu Sep 22 11:02:43 2016 us=480152 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 11:02:43 2016 us=480164 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 11:02:43 2016 us=626378 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 11:02:43 2016 us=626408 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 11:02:43 2016 us=626422 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 11:02:43 2016 us=626436 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 11:02:43 2016 us=626472 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 22 11:03:43 2016 us=91286 TLS: soft reset sec=0 bytes=344/0 pkts=5/0
Thu Sep 22 11:03:43 2016 us=173906 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=internal-ca
Thu Sep 22 11:03:43 2016 us=174113 VERIFY OK: nsCertType=SERVER
Thu Sep 22 11:03:43 2016 us=174132 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 11:03:43 2016 us=174143 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 11:03:43 2016 us=320038 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 11:03:43 2016 us=320066 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 11:03:43 2016 us=320081 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 11:03:43 2016 us=320095 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 11:03:43 2016 us=320131 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 22 11:04:43 2016 us=243839 TLS: soft reset sec=0 bytes=344/0 pkts=5/0
Thu Sep 22 11:04:43 2016 us=327603 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=internal-ca
Thu Sep 22 11:04:43 2016 us=327816 VERIFY OK: nsCertType=SERVER
Thu Sep 22 11:04:43 2016 us=327835 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 11:04:43 2016 us=327847 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 11:04:43 2016 us=478156 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 11:04:43 2016 us=478187 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 11:04:43 2016 us=478202 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 11:04:43 2016 us=478216 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 11:04:43 2016 us=478251 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Sep 22 11:05:43 2016 us=462088 TLS: soft reset sec=0 bytes=344/0 pkts=5/0
Thu Sep 22 11:05:43 2016 us=544377 VERIFY OK: depth=1, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=internal-ca
Thu Sep 22 11:05:43 2016 us=544701 VERIFY OK: nsCertType=SERVER
Thu Sep 22 11:05:43 2016 us=544728 VERIFY X509NAME OK: C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 11:05:43 2016 us=544747 VERIFY OK: depth=0, C=FR, ST=Ile de France, L=Paris, O=Donzat, emailAddress=root@donzat.fr, CN=donzat.fr
Thu Sep 22 11:05:43 2016 us=704766 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 11:05:43 2016 us=704799 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 11:05:43 2016 us=704813 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Sep 22 11:05:43 2016 us=704827 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Sep 22 11:05:43 2016 us=704862 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
server logs:

Code: Select all

Sep 22 07:28:58 	openvpn[99173]: vince/Ip_addr:63767 [vince] Inactivity timeout (--ping-restart), restarting
Sep 22 08:02:59 	openvpn[99173]: Ip_addr:63300 [vince] Peer Connection Initiated with [AF_INET]Ip_addr:63300
Sep 22 08:02:59 	openvpn[99173]: vince/Ip_addr:63300 MULTI_sva: pool returned IPv4=Ip_addr, IPv6=(Not enabled)
Sep 22 08:03:01 	openvpn[99173]: vince/Ip_addr:63300 send_push_reply(): safe_cap=940
As you can see, many logs due to the reneg-sec set to 60s (now changed to 600).
That's a very weird situation as the VPN tunnel is "almost" up. I can ping from the lan to the vpn only. restarting the vpn on the client side solves the problem.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7177
Joined: Fri Jun 03, 2016 1:17 pm

Re: client looses connection even if keepalive is set

Post by TinCanTech » Thu Sep 22, 2016 1:19 pm

prius wrote:As you can see, many logs due to the reneg-sec set to 60s (now changed to 600).
I would leave it as default (3600) as you do not understand it.

I cannot help you when you post random log file snippets.

prius
OpenVpn Newbie
Posts: 17
Joined: Mon Sep 12, 2016 8:37 am

Re: client looses connection even if keepalive is set

Post by prius » Thu Sep 22, 2016 1:47 pm

vpn was ok yesterday between 20:00 and 21:00 . that's why I posted server events since 20:00

here is the server log from yesterday 17:12

Code: Select all

Sep 21 17:12:22 	openvpn[99173]: blv/ip_addr:50942 [blv] Inactivity timeout (--ping-restart), restarting
Sep 22 07:28:58 	openvpn[99173]: vince/ip_addr:63767 [vince] Inactivity timeout (--ping-restart), restarting
Sep 22 08:02:59 	openvpn[99173]: ip_addr:63300 [vince] Peer Connection Initiated with [AF_INET]ip_addr:63300
Sep 22 08:02:59 	openvpn[99173]: vince/ip_addr:63300 MULTI_sva: pool returned IPv4=ip_addr, IPv6=(Not enabled)
Sep 22 08:03:01 	openvpn[99173]: vince/ip_addr:63300 send_push_reply(): safe_cap=940
Sep 22 11:08:50 	openvpn[99173]: ip_addr:51560 [backup1303] Peer Connection Initiated with [AF_INET]ip_addr:51560
Sep 22 11:08:52 	openvpn[99173]: backup1303/ip_addr:51560 send_push_reply(): safe_cap=940
Sep 22 11:10:44 	openvpn[99173]: backup1303/ip_addr:54876 [backup1303] Inactivity timeout (--ping-restart), restarting
The client log is too big (due to the reneg-sec option). I can only post a fragment of it here..sorry

Just set the reneg-sec option to default. Let's wait until it (almost) disconnects again. The log file should be more useable...

Locked