Hi, i can't get openvpn 2.1.2 to mantain the tunnel for more than 7 minutes, because the connection of my computer, the client, dies. The server is WIndows Vista 32, and the client Windows XP Pro SP3 32. I set up openvpn in principle just for gaming (i'm aware of better solutions wich i have tried, such as hamachi), but i plan to do other things as well, as join to the tunnel a linux machine to do some stuff. I have tried with warcraft III and counter-strike source, and can play really well for about 5 minutes but later the connection dies, the client connection dies.
I'm using ethernet bridging, and after this happens i can't access internet, i have to reset the bridge interface, by disabling and enabling it. I've tried to change the value of MTU, in both, the config file and the tap device of each machine, to 1500,1400, 1492, 1300, 1200, 1100 but still the same thing happen. Something that i noticed in the client machine after this happens, is that the bridge interface sends a huge amount of bytes, but don't receive that much (like if it's sending a file), and the router looks like it's sending something.
My computer connect to the internet trough a modem/router, maybe that's part of the problem. I really can't figure out what's happenning.
Here are the config files:
server.ovpn:
port 1194
proto udp
dev tap
dev-node tap-bridge
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh384.pem
ifconfig-pool-persist ipp.txt
server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
keepalive 10 120
comp-lzo
max-clients 10
persist-key
persist-tup
status openvpn-status.log
verb 3
fragment 1500
mssfix
client.ovpn:
client
dev tap
proto udp
remote xxx.xxx.xxx.xxx 1194
ca ca.crt
cert cliente.crt
key cliente.key
ns-cert-type server
persist-key
persist-tup
fragment 1500
mssfix
comp-lzo
verb 3
Sorry for my english
Thanks in advance
Connection dies after 4-7 minutes. Client
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
medleev
- OpenVpn Newbie
- Posts: 7
- Joined: Sat Aug 28, 2010 11:08 pm
-
krzee
- Forum Team
- Posts: 728
- Joined: Fri Aug 29, 2008 5:42 pm
Re: Connection dies after 4-7 minutes. Client
try removing fragment / mssfix from each side, and add mtu-test to the client
that will run some MTU tests, then you know how to configure your MTU settings (or if you even need to)
is your dh params really only 384? thats small
that will run some MTU tests, then you know how to configure your MTU settings (or if you even need to)
is your dh params really only 384? thats small
-
medleev
- OpenVpn Newbie
- Posts: 7
- Joined: Sat Aug 28, 2010 11:08 pm
Re: Connection dies after 4-7 minutes. Client
See the post below
Last edited by medleev on Mon Aug 30, 2010 8:37 pm, edited 1 time in total.
-
medleev
- OpenVpn Newbie
- Posts: 7
- Joined: Sat Aug 28, 2010 11:08 pm
Re: Connection dies after 4-7 minutes. Client
I've made what you told me, this is what i get in the status:
NOTE: Empirical MTU test completed [Tried,Actual] local->remote=[1573,1573] remote->local=[1573,1573]
What that means?. I tried with "fragment 1573" (altough that value is above the maximum, isn't?) with no luck, but i think it lasted between 9-10 minutes.
I tried this time with openvpn 2.1.3
Here is the log:
I noticed this in the log:
Sun Aug 29 17:17:30 2010 us=703000 TAP-WIN32 device [Local Area Connection 5] opened: \\.\Global\{C35891B2-D928-4B74-9564-D10CF993B582}.tap
Sun Aug 29 17:17:30 2010 us=703000 NOTE: could not get adapter index for {C35891B2-D928-4B74-9564-D10CF993B582}
Thanks
NOTE: Empirical MTU test completed [Tried,Actual] local->remote=[1573,1573] remote->local=[1573,1573]
What that means?. I tried with "fragment 1573" (altough that value is above the maximum, isn't?) with no luck, but i think it lasted between 9-10 minutes.
Yeah, we changed a lot of things trying to get it to work, with no success. It was for testing purposes only.krzee wrote:is your dh params really only 384? thats small
I tried this time with openvpn 2.1.3
Here is the log:
Code: Select all
Sun Aug 29 17:17:27 2010 OpenVPN 2.1.3 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Aug 20 2010
Sun Aug 29 17:17:27 2010 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sun Aug 29 17:17:27 2010 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sun Aug 29 17:17:27 2010 us=140000 LZO compression initialized
Sun Aug 29 17:17:27 2010 us=140000 Control Channel MTU parms [ L:1578 D:138 EF:38 EB:0 ET:0 EL:0 ]
Sun Aug 29 17:17:27 2010 us=140000 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Aug 29 17:17:27 2010 us=156000 Data Channel MTU parms [ L:1578 D:1574 EF:46 EB:135 ET:32 EL:0 AF:3/1 ]
Sun Aug 29 17:17:27 2010 us=156000 Fragmentation MTU parms [ L:1578 D:1574 EF:45 EB:135 ET:33 EL:0 AF:3/1 ]
Sun Aug 29 17:17:27 2010 us=156000 Local Options String: 'V4,dev-type tap,link-mtu 1578,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
Sun Aug 29 17:17:27 2010 us=156000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1578,tun-mtu 1532,proto UDPv4,comp-lzo,mtu-dynamic,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
Sun Aug 29 17:17:27 2010 us=156000 Local Options hash (VER=V4): '9a22532e'
Sun Aug 29 17:17:27 2010 us=156000 Expected Remote Options hash (VER=V4): 'e2a912d8'
Sun Aug 29 17:17:27 2010 us=156000 UDPv4 link local (bound): [undef]:1194
Sun Aug 29 17:17:27 2010 us=156000 UDPv4 link remote: xxx.xxx.xxx.xxx:1194
Sun Aug 29 17:17:27 2010 us=250000 TLS: Initial packet from xxx.xxx.xxx.xxx:1194, sid=c6c90baf 4eb1abbd
Sun Aug 29 17:17:27 2010 us=656000 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=OpenVPN/CN=sassyftp/emailAddress=mail@host.domain
Sun Aug 29 17:17:27 2010 us=656000 VERIFY OK: nsCertType=SERVER
Sun Aug 29 17:17:27 2010 us=656000 VERIFY OK: depth=0, /C=US/ST=CA/O=OpenVPN/CN=sassyftp/emailAddress=mail@host.domain
Sun Aug 29 17:17:28 2010 us=531000 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Aug 29 17:17:28 2010 us=531000 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Aug 29 17:17:28 2010 us=531000 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Sun Aug 29 17:17:28 2010 us=531000 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Aug 29 17:17:28 2010 us=531000 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 384 bit RSA
Sun Aug 29 17:17:28 2010 us=531000 [sassyftp] Peer Connection Initiated with xxx.xxx.xxx.xxx:1194
Sun Aug 29 17:17:30 2010 us=562000 SENT CONTROL [sassyftp]: 'PUSH_REQUEST' (status=1)
Sun Aug 29 17:17:30 2010 us=687000 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.0.4,ping 10,ping-restart 120,ifconfig 10.8.0.50 255.255.255.0'
Sun Aug 29 17:17:30 2010 us=687000 OPTIONS IMPORT: timers and/or timeouts modified
Sun Aug 29 17:17:30 2010 us=687000 OPTIONS IMPORT: --ifconfig/up options modified
Sun Aug 29 17:17:30 2010 us=687000 OPTIONS IMPORT: route-related options modified
Sun Aug 29 17:17:30 2010 us=703000 TAP-WIN32 device [Local Area Connection 5] opened: \\.\Global\{C35891B2-D928-4B74-9564-D10CF993B582}.tap
Sun Aug 29 17:17:30 2010 us=703000 NOTE: could not get adapter index for {C35891B2-D928-4B74-9564-D10CF993B582}
Sun Aug 29 17:17:30 2010 us=703000 TAP-Win32 Driver Version 9.7
Sun Aug 29 17:17:30 2010 us=703000 TAP-Win32 MTU=1500
Sun Aug 29 17:17:30 2010 us=703000 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.50/255.255.255.0 on interface {C35891B2-D928-4B74-9564-D10CF993B582} [DHCP-serv: 10.8.0.0, lease-time: 31536000]
Sun Aug 29 17:17:35 2010 us=750000 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Sun Aug 29 17:17:35 2010 us=750000 Initialization Sequence CompletedSun Aug 29 17:17:30 2010 us=703000 TAP-WIN32 device [Local Area Connection 5] opened: \\.\Global\{C35891B2-D928-4B74-9564-D10CF993B582}.tap
Sun Aug 29 17:17:30 2010 us=703000 NOTE: could not get adapter index for {C35891B2-D928-4B74-9564-D10CF993B582}
Thanks
-
krzee
- Forum Team
- Posts: 728
- Joined: Fri Aug 29, 2008 5:42 pm
Re: Connection dies after 4-7 minutes. Client
when you keep all fragment / mssfix /mtu settings out of both configs, do you still get disconnected?
When the numbers match like that you should not need to optimize mtu settings as far as i understand
When the numbers match like that you should not need to optimize mtu settings as far as i understand
-
medleev
- OpenVpn Newbie
- Posts: 7
- Joined: Sat Aug 28, 2010 11:08 pm
Re: Connection dies after 4-7 minutes. Client
I forgot to tell you that. Yes, without fragment/mssfix i still get disconnected
-
krzee
- Forum Team
- Posts: 728
- Joined: Fri Aug 29, 2008 5:42 pm
Re: Connection dies after 4-7 minutes. Client
are you running a firewall in between the connection?
maybe you have a firewall trying to keep state on UDP connections... since udp has no state, firewalls that attempt to keep state on udp connections sometimes get fubar'ed
maybe your ISP is screwing it up, if the above is not true, see if tcp works for you
(we always recommend udp when possible, but trying tcp could be worth a shot)
maybe you have a firewall trying to keep state on UDP connections... since udp has no state, firewalls that attempt to keep state on udp connections sometimes get fubar'ed
maybe your ISP is screwing it up, if the above is not true, see if tcp works for you
(we always recommend udp when possible, but trying tcp could be worth a shot)
-
medleev
- OpenVpn Newbie
- Posts: 7
- Joined: Sat Aug 28, 2010 11:08 pm
Re: Connection dies after 4-7 minutes. Client
HI, we disabled all our firewalls and that is still happenning. Something that now i notice, is that when the connection dies, and i go to the control panel and disable the bridge, the tap device suddenly enables.
Now i waited and this is what i get in the log:
Now i waited and this is what i get in the log:
Code: Select all
Fri Sep 03 23:01:02 2010 us=625000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=625000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=625000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=625000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=625000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=625000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=625000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=625000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=625000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=625000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=625000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=625000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=625000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=625000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=625000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=640000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=640000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=640000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=640000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=640000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=640000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=640000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=640000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=640000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=640000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=640000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=640000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=640000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=640000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=656000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=656000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=656000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=656000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=656000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=656000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=656000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=656000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=671000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:02 2010 us=687000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:07 2010 us=921000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:13 2010 us=46000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:14 2010 us=875000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:14 2010 us=875000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:14 2010 us=890000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:15 2010 us=828000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:16 2010 us=828000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)
Fri Sep 03 23:01:17 2010 us=828000 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)-
medleev
- OpenVpn Newbie
- Posts: 7
- Joined: Sat Aug 28, 2010 11:08 pm
Re: Connection dies after 4-7 minutes. Client
Recently tested with 2.1.0 in debian squeeze up to date, and the connection remains when there is no game (i tested with counter strike source and warcraft iii under wine) the contrary to windows, but, when i try with a lan game it happens the same thing...the connection dies between 14 - 20 min after initiated. There is nothing in the log, verb = 4
Someone tried and got it working?
Someone tried and got it working?
-
medleev
- OpenVpn Newbie
- Posts: 7
- Joined: Sat Aug 28, 2010 11:08 pm
Re: Connection dies after 4-7 minutes. Client
Well, it turned out that we forgot something really basic 
. Changing the mtu value of the bridge interface to 1492 solved the problem, although under linux, in windows still the same thing happens. But that's not a problem, because now we can say: goodbye windows! 
Hope it helps someone
. Changing the mtu value of the bridge interface to 1492 solved the problem, although under linux, in windows still the same thing happens. But that's not a problem, because now we can say: goodbye windows! Hope it helps someone
Last edited by medleev on Fri Oct 08, 2010 7:37 pm, edited 1 time in total.