I have about 10 MacOS-based BYOD users. They all are having this issue. Running different versions of the OpenVPN Client and MacOS. OpenVPN seems to randomly reconnect the VPN connection. It doesn't happen at a fixed time at random like sometimes 10 times in 5minutes.
When i check the logs in the OpenVPN connect client i can see the following TUN error:
TUN write error: cannot identify IP version for prefix
TUN Error: TUN I/O error
EVENT: TUN_ERROR TUN I/O error
Client terminated, restarting in 5000 ms...
SetupClient: transmitting tun destroy request to /var/run/agent_ovpnconnect.sock
GET unix://[/var/run/agent_ovpnconnect.sock]/tun-destroy : 200 OK
/sbin/ifconfig utun2 down
MacDNSAction: FLAGS=F
Issue has reoccurred for the third time today(Nov 7). Two weeks ago the issue occurred twice. Oct 24 for three hours, then Oct 26 for 30 min. Have been running fine for almost two years.
Windows based users do not seem to be affected (possibly just seeing more lag, due to the constant reconnects of the Mac OS users)
I am using OpenVPN on my Untangle Firewall. Firewall is up-to-date, and using all the defaults for server and client config.
server
mode server
multihome
ca data/ca.crt
cert data/server.crt
key data/server.key
dh data/dh.pem
client-config-dir ccd
keepalive 2 10
user nobody
group nogroup
tls-server
compress
status openvpn-status.log
log /var/log/openvpn.log
verb 1
dev tun0
max-clients 2048
ccd-exclusive
persist-key
persist-tun
mute 20
ifconfig-pool-persist /etc/openvpn/address-pool-assignments.txt
push "register-dns"
client
resolv-retry 20
keepalive 2 10
nobind
mute-replay-warnings
remote-cert-tls server
compress
verb 1
persist-key
persist-tun
explicit-exit-notify 1
dev tun
auth-user-pass
proto udp
port 1194
cipher AES-128-CBC
remote *.*.*.* 1194 # public address
remote *.*.*.* 1194 # static WAN 1
Openvpn random reconnects with error TUN write error:cannot identify IP version for prefix
-
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Nov 07, 2022 7:10 pm
Openvpn random reconnects with error TUN write error:cannot identify IP version for prefix
Last edited by MattB on Tue Nov 08, 2022 1:05 am, edited 2 times in total.
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Openvpn random reconnects with error TUN write error:cannot identify IP version for prefix
Hi,
What does the server have?
Code: Select all
compress
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
-
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Nov 07, 2022 7:10 pm
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Openvpn random reconnects with error TUN write error:cannot identify IP version for prefix
Remove it server and client side, then see how it goes.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
-
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Nov 07, 2022 7:10 pm
Re: Openvpn random reconnects with error TUN write error:cannot identify IP version for prefix
Ok. I tried excluding it from just the server side last night, but it ended up kicking everyone off and not able to connect back in till i reenabled it. With Untangle, i cant seem to delete the defaults, just exclude. I will try to test what happens if i remove it from windows client and exclude from the server side late tonight when there is no production and see if it functions and work from there.
-
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Nov 07, 2022 7:10 pm
Re: Openvpn random reconnects with error TUN write error:cannot identify IP version for prefix
Yup looks like clients and server have to have compress removed for the VPN to work. If only one side has compress, VPN doesn't work.
Would have to test when the issue reoccurs to see if it makes a difference, dangerous test tho, as it would cut everyone off and would have to manually have each client update their existing profile. I have also been told to try a different client VPN app as issue might stem with using OpenVPN Connect Client with the community version of OpenVPN.
Would have to test when the issue reoccurs to see if it makes a difference, dangerous test tho, as it would cut everyone off and would have to manually have each client update their existing profile. I have also been told to try a different client VPN app as issue might stem with using OpenVPN Connect Client with the community version of OpenVPN.
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: Openvpn random reconnects with error TUN write error:cannot identify IP version for prefix
OpenVPN is moving away from compression.
Better do it now I would think.
Also see here:
https://community.openvpn.net/openvpn/w ... tedOptions
Better do it now I would think.
Also see here:
https://community.openvpn.net/openvpn/w ... tedOptions
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp