Openvpn random reconnects with error TUN write error:cannot identify IP version for prefix
Posted: Mon Nov 07, 2022 8:20 pm
I have about 10 MacOS-based BYOD users. They all are having this issue. Running different versions of the OpenVPN Client and MacOS. OpenVPN seems to randomly reconnect the VPN connection. It doesn't happen at a fixed time at random like sometimes 10 times in 5minutes.
When i check the logs in the OpenVPN connect client i can see the following TUN error:
TUN write error: cannot identify IP version for prefix
TUN Error: TUN I/O error
EVENT: TUN_ERROR TUN I/O error
Client terminated, restarting in 5000 ms...
SetupClient: transmitting tun destroy request to /var/run/agent_ovpnconnect.sock
GET unix://[/var/run/agent_ovpnconnect.sock]/tun-destroy : 200 OK
/sbin/ifconfig utun2 down
MacDNSAction: FLAGS=F
Issue has reoccurred for the third time today(Nov 7). Two weeks ago the issue occurred twice. Oct 24 for three hours, then Oct 26 for 30 min. Have been running fine for almost two years.
Windows based users do not seem to be affected (possibly just seeing more lag, due to the constant reconnects of the Mac OS users)
I am using OpenVPN on my Untangle Firewall. Firewall is up-to-date, and using all the defaults for server and client config.
server
mode server
multihome
ca data/ca.crt
cert data/server.crt
key data/server.key
dh data/dh.pem
client-config-dir ccd
keepalive 2 10
user nobody
group nogroup
tls-server
compress
status openvpn-status.log
log /var/log/openvpn.log
verb 1
dev tun0
max-clients 2048
ccd-exclusive
persist-key
persist-tun
mute 20
ifconfig-pool-persist /etc/openvpn/address-pool-assignments.txt
push "register-dns"
client
resolv-retry 20
keepalive 2 10
nobind
mute-replay-warnings
remote-cert-tls server
compress
verb 1
persist-key
persist-tun
explicit-exit-notify 1
dev tun
auth-user-pass
proto udp
port 1194
cipher AES-128-CBC
remote *.*.*.* 1194 # public address
remote *.*.*.* 1194 # static WAN 1
When i check the logs in the OpenVPN connect client i can see the following TUN error:
TUN write error: cannot identify IP version for prefix
TUN Error: TUN I/O error
EVENT: TUN_ERROR TUN I/O error
Client terminated, restarting in 5000 ms...
SetupClient: transmitting tun destroy request to /var/run/agent_ovpnconnect.sock
GET unix://[/var/run/agent_ovpnconnect.sock]/tun-destroy : 200 OK
/sbin/ifconfig utun2 down
MacDNSAction: FLAGS=F
Issue has reoccurred for the third time today(Nov 7). Two weeks ago the issue occurred twice. Oct 24 for three hours, then Oct 26 for 30 min. Have been running fine for almost two years.
Windows based users do not seem to be affected (possibly just seeing more lag, due to the constant reconnects of the Mac OS users)
I am using OpenVPN on my Untangle Firewall. Firewall is up-to-date, and using all the defaults for server and client config.
server
mode server
multihome
ca data/ca.crt
cert data/server.crt
key data/server.key
dh data/dh.pem
client-config-dir ccd
keepalive 2 10
user nobody
group nogroup
tls-server
compress
status openvpn-status.log
log /var/log/openvpn.log
verb 1
dev tun0
max-clients 2048
ccd-exclusive
persist-key
persist-tun
mute 20
ifconfig-pool-persist /etc/openvpn/address-pool-assignments.txt
push "register-dns"
client
resolv-retry 20
keepalive 2 10
nobind
mute-replay-warnings
remote-cert-tls server
compress
verb 1
persist-key
persist-tun
explicit-exit-notify 1
dev tun
auth-user-pass
proto udp
port 1194
cipher AES-128-CBC
remote *.*.*.* 1194 # public address
remote *.*.*.* 1194 # static WAN 1