OpenVPN Support Forum

Posted: **Tue Mar 22, 2011 4:56 pm**

Hi...first post here and was hoping to get some help! Been using OpenVPN for several years now and have never had a problem until now.

I have a server setup and can connect to it with at least one other client with no problems. The server is setup as a backup pc for my files. I have transferred ~30 gig worth of data over the connection and not had a problem.

I have another client pc that I'm trying to get connected to the server. It connects fine. I can browse files on shared folders...everything seems normal until I start transfer data. After beginning some data transfer (via windows explorer copy/paste, synctoy, etc) then anywhere from 1-10 minutes into the transfer activity, my VPN connection goes down. I can't browse any any files or even ping the server through the vpn connection. Then after about 3-5 minutes later, it comes back online.

Please let me know if I can provide any more information to help diagnose my problem. I have included the log file during the time frame of when the connection goes down. I only had it set to verb3, so if more detail is needed, I can up the verb level and repeat the problem.

In the log there are a bunch of authenticate/decrypt packet errors. Not sure if that has anything to do with the problem or if that's just symptom of the VPN going down?

Any help would be awesome...I'm lost here...

Code: Select all

Wed Mar 16 06:01:11 2011 Initialization Sequence Completed
Wed Mar 16 07:01:08 2011 [server] Inactivity timeout (--ping-restart), restarting
Wed Mar 16 07:01:08 2011 TCP/UDP: Closing socket
Wed Mar 16 07:01:08 2011 SIGUSR1[soft,ping-restart] received, process restarting
Wed Mar 16 07:01:08 2011 Restart pause, 2 second(s)
Wed Mar 16 07:01:10 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Mar 16 07:01:10 2011 Re-using SSL/TLS context
Wed Mar 16 07:01:10 2011 LZO compression initialized
Wed Mar 16 07:01:10 2011 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Mar 16 07:01:10 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Mar 16 07:01:11 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Mar 16 07:01:11 2011 Local Options hash (VER=V4): '504e774e'
Wed Mar 16 07:01:11 2011 Expected Remote Options hash (VER=V4): '14168603'
Wed Mar 16 07:01:11 2011 UDPv4 link local: [undef]
Wed Mar 16 07:01:11 2011 UDPv4 link remote: 65.125.140.130:1199
Wed Mar 16 07:01:11 2011 TLS: Initial packet from 65.125.140.130:1199, sid=14dbd839 0b9132db
Wed Mar 16 07:01:11 2011 VERIFY OK: depth=1, /C=US/ST=WY/L=Evanston/O=Sponco/CN=OpenVPN-WY/emailAddress=nate@sponco.biz
Wed Mar 16 07:01:11 2011 VERIFY OK: nsCertType=SERVER
Wed Mar 16 07:01:11 2011 VERIFY OK: depth=0, /C=US/ST=WY/O=Sponco/CN=server/emailAddress=nate@sponco.biz
Wed Mar 16 07:01:11 2011 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #33 / time = (1300280460) Wed Mar 16 07:01:00 2011 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Mar 16 07:01:11 2011 TLS Error: incoming packet authentication failed from 65.125.140.130:1199
Wed Mar 16 07:01:11 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar 16 07:01:11 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 16 07:01:11 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar 16 07:01:11 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 16 07:01:11 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Mar 16 07:01:11 2011 [server] Peer Connection Initiated with 65.125.140.130:1199
Wed Mar 16 07:01:13 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Mar 16 07:01:13 2011 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9'
Wed Mar 16 07:01:13 2011 OPTIONS IMPORT: timers and/or timeouts modified
Wed Mar 16 07:01:13 2011 OPTIONS IMPORT: --ifconfig/up options modified
Wed Mar 16 07:01:13 2011 OPTIONS IMPORT: route options modified
Wed Mar 16 07:01:13 2011 Preserving previous TUN/TAP instance: Local Area Connection 3
Wed Mar 16 07:01:13 2011 Initialization Sequence Completed
Wed Mar 16 08:01:11 2011 TLS: soft reset sec=0 bytes=36755/0 pkts=700/0
Wed Mar 16 08:01:12 2011 [server] Inactivity timeout (--ping-restart), restarting
Wed Mar 16 08:01:12 2011 TCP/UDP: Closing socket
Wed Mar 16 08:01:12 2011 SIGUSR1[soft,ping-restart] received, process restarting
Wed Mar 16 08:01:12 2011 Restart pause, 2 second(s)
Wed Mar 16 08:01:14 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Mar 16 08:01:14 2011 Re-using SSL/TLS context
Wed Mar 16 08:01:14 2011 LZO compression initialized
Wed Mar 16 08:01:14 2011 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Mar 16 08:01:14 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Mar 16 08:01:14 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Mar 16 08:01:14 2011 Local Options hash (VER=V4): '504e774e'
Wed Mar 16 08:01:14 2011 Expected Remote Options hash (VER=V4): '14168603'
Wed Mar 16 08:01:14 2011 UDPv4 link local: [undef]
Wed Mar 16 08:01:14 2011 UDPv4 link remote: 65.125.140.130:1199
Wed Mar 16 08:01:14 2011 TLS: Initial packet from 65.125.140.130:1199, sid=4672d1cd f5cd1fb2
Wed Mar 16 08:01:15 2011 VERIFY OK: depth=1, /C=US/ST=WY/L=Evanston/O=Sponco/CN=OpenVPN-WY/emailAddress=nate@sponco.biz
Wed Mar 16 08:01:15 2011 VERIFY OK: nsCertType=SERVER
Wed Mar 16 08:01:15 2011 VERIFY OK: depth=0, /C=US/ST=WY/O=Sponco/CN=server/emailAddress=nate@sponco.biz
Wed Mar 16 08:01:15 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar 16 08:01:15 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 16 08:01:15 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar 16 08:01:15 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 16 08:01:15 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Mar 16 08:01:15 2011 [server] Peer Connection Initiated with 65.125.140.130:1199
Wed Mar 16 08:01:17 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Mar 16 08:01:17 2011 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9'
Wed Mar 16 08:01:17 2011 OPTIONS IMPORT: timers and/or timeouts modified
Wed Mar 16 08:01:17 2011 OPTIONS IMPORT: --ifconfig/up options modified
Wed Mar 16 08:01:17 2011 OPTIONS IMPORT: route options modified
Wed Mar 16 08:01:17 2011 Preserving previous TUN/TAP instance: Local Area Connection 3
Wed Mar 16 08:01:17 2011 Initialization Sequence Completed
Wed Mar 16 09:01:15 2011 [server] Inactivity timeout (--ping-restart), restarting
Wed Mar 16 09:01:15 2011 TCP/UDP: Closing socket
Wed Mar 16 09:01:15 2011 SIGUSR1[soft,ping-restart] received, process restarting
Wed Mar 16 09:01:15 2011 Restart pause, 2 second(s)
Wed Mar 16 09:01:17 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Mar 16 09:01:17 2011 Re-using SSL/TLS context
Wed Mar 16 09:01:17 2011 LZO compression initialized
Wed Mar 16 09:01:17 2011 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Mar 16 09:01:17 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Mar 16 09:01:18 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Mar 16 09:01:18 2011 Local Options hash (VER=V4): '504e774e'
Wed Mar 16 09:01:18 2011 Expected Remote Options hash (VER=V4): '14168603'
Wed Mar 16 09:01:18 2011 UDPv4 link local: [undef]
Wed Mar 16 09:01:18 2011 UDPv4 link remote: 65.125.140.130:1199
Wed Mar 16 09:01:18 2011 TLS: Initial packet from 65.125.140.130:1199, sid=b29ab5c3 f3062d9b
Wed Mar 16 09:01:18 2011 VERIFY OK: depth=1, /C=US/ST=WY/L=Evanston/O=Sponco/CN=OpenVPN-WY/emailAddress=nate@sponco.biz
Wed Mar 16 09:01:18 2011 VERIFY OK: nsCertType=SERVER
Wed Mar 16 09:01:18 2011 VERIFY OK: depth=0, /C=US/ST=WY/O=Sponco/CN=server/emailAddress=nate@sponco.biz
Wed Mar 16 09:01:18 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar 16 09:01:18 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 16 09:01:18 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar 16 09:01:18 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 16 09:01:18 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Mar 16 09:01:18 2011 [server] Peer Connection Initiated with 65.125.140.130:1199
Wed Mar 16 09:01:20 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Mar 16 09:01:20 2011 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9'
Wed Mar 16 09:01:20 2011 OPTIONS IMPORT: timers and/or timeouts modified
Wed Mar 16 09:01:20 2011 OPTIONS IMPORT: --ifconfig/up options modified
Wed Mar 16 09:01:20 2011 OPTIONS IMPORT: route options modified
Wed Mar 16 09:01:20 2011 Preserving previous TUN/TAP instance: Local Area Connection 3
Wed Mar 16 09:01:20 2011 Initialization Sequence Completed
Wed Mar 16 09:12:27 2011 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #4672 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Mar 16 09:13:58 2011 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #10882 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Mar 16 09:16:02 2011 Replay-window backtrack occurred [1]
Wed Mar 16 09:16:32 2011 Replay-window backtrack occurred [2]
Wed Mar 16 09:18:24 2011 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #34227 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Mar 16 09:18:53 2011 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #40223 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Mar 16 09:19:08 2011 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #43132 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Mar 16 09:19:24 2011 Replay-window backtrack occurred [5]
Wed Mar 16 09:20:18 2011 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #57210 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Mar 16 09:21:04 2011 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #65210 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Mar 16 09:21:27 2011 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #69575 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Mar 16 09:21:30 2011 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #69711 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Mar 16 09:22:43 2011 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #84799 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Mar 16 09:22:50 2011 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #86383 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Mar 16 09:22:59 2011 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #88205 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Mar 16 09:24:19 2011 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #104641 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Mar 16 09:24:28 2011 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #106363 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Mar 16 09:25:29 2011 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #119348 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Mar 16 09:26:55 2011 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #136451 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Mar 16 09:27:53 2011 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #148430 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Wed Mar 16 09:28:50 2011 Replay-window backtrack occurred [7]
Wed Mar 16 09:37:20 2011 [server] Inactivity timeout (--ping-restart), restarting
Wed Mar 16 09:37:20 2011 TCP/UDP: Closing socket
Wed Mar 16 09:37:20 2011 SIGUSR1[soft,ping-restart] received, process restarting
Wed Mar 16 09:37:20 2011 Restart pause, 2 second(s)
Wed Mar 16 09:37:22 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Mar 16 09:37:22 2011 Re-using SSL/TLS context
Wed Mar 16 09:37:22 2011 LZO compression initialized
Wed Mar 16 09:37:22 2011 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Mar 16 09:37:22 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Wed Mar 16 09:37:22 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Mar 16 09:37:22 2011 Local Options hash (VER=V4): '504e774e'
Wed Mar 16 09:37:22 2011 Expected Remote Options hash (VER=V4): '14168603'
Wed Mar 16 09:37:22 2011 UDPv4 link local: [undef]
Wed Mar 16 09:37:22 2011 UDPv4 link remote: 65.125.140.130:1199
Wed Mar 16 09:37:22 2011 TLS: Initial packet from 65.125.140.130:1199, sid=c71354e7 d78b84c9
Wed Mar 16 09:37:22 2011 VERIFY OK: depth=1, /C=US/ST=WY/L=Evanston/O=Sponco/CN=OpenVPN-WY/emailAddress=nate@sponco.biz
Wed Mar 16 09:37:22 2011 VERIFY OK: nsCertType=SERVER
Wed Mar 16 09:37:22 2011 VERIFY OK: depth=0, /C=US/ST=WY/O=Sponco/CN=server/emailAddress=nate@sponco.biz
Wed Mar 16 09:37:23 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar 16 09:37:23 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 16 09:37:23 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Mar 16 09:37:23 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Mar 16 09:37:23 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Mar 16 09:37:23 2011 [server] Peer Connection Initiated with 65.125.140.130:1199
Wed Mar 16 09:37:25 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Mar 16 09:37:25 2011 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.10 10.8.0.9'
Wed Mar 16 09:37:25 2011 OPTIONS IMPORT: timers and/or timeouts modified
Wed Mar 16 09:37:25 2011 OPTIONS IMPORT: --ifconfig/up options modified
Wed Mar 16 09:37:25 2011 OPTIONS IMPORT: route options modified
Wed Mar 16 09:37:25 2011 Preserving previous TUN/TAP instance: Local Area Connection 3
Wed Mar 16 09:37:25 2011 Initialization Sequence Completed

Posted: **Mon Mar 28, 2011 9:05 am**

look like your connection is flakey - can you try playing with the parameter

Code: Select all

--replay-window n t

on the server side, e.g. try adding

Code: Select all

replay-window 128 40

to the server config and then retry transferring some data.

OpenVPN Support Forum

OpenVPN connection going down under traffic

OpenVPN connection going down under traffic

Re: OpenVPN connection going down under traffic