Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN suddenly won't stay connected.

    OpenVPN
    1
    1
    3201
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      skent last edited by

      Been using OpenVPN without a bit of trouble for well over a year.  Suddenly last night it won't stay connected.

      Log file

      Wed 12/31/69 07:00 PM: SUCCESS: pid=652
      Wed 12/31/69 07:00 PM: SUCCESS: real-time state notification set to ON
      Wed 12/31/69 07:00 PM: SUCCESS: real-time log notification set to ON
      Wed 02/04/09 09:12 PM:   management_client_user = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   management_client_group = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   management_flags = 6
      Wed 02/04/09 09:12 PM:   shared_secret_file = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   key_direction = 0
      Wed 02/04/09 09:12 PM:   ciphername_defined = ENABLED
      Wed 02/04/09 09:12 PM:   ciphername = 'BF-CBC'
      Wed 02/04/09 09:12 PM:   authname_defined = ENABLED
      Wed 02/04/09 09:12 PM:   authname = 'SHA1'
      Wed 02/04/09 09:12 PM:   prng_hash = 'SHA1'
      Wed 02/04/09 09:12 PM:   prng_nonce_secret_len = 16
      Wed 02/04/09 09:12 PM:   keysize = 0
      Wed 02/04/09 09:12 PM:   engine = DISABLED
      Wed 02/04/09 09:12 PM:   replay = ENABLED
      Wed 02/04/09 09:12 PM:   mute_replay_warnings = DISABLED
      Wed 02/04/09 09:12 PM:   replay_window = 64
      Wed 02/04/09 09:12 PM:   replay_time = 15
      Wed 02/04/09 09:12 PM:   packet_id_file = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   use_iv = ENABLED
      Wed 02/04/09 09:12 PM:   test_crypto = DISABLED
      Wed 02/04/09 09:12 PM:   tls_server = DISABLED
      Wed 02/04/09 09:12 PM:   tls_client = ENABLED
      Wed 02/04/09 09:12 PM:   key_method = 2
      Wed 02/04/09 09:12 PM:   ca_file = '/Users/stephen/Library/openvpn/DMVPN/ca.crt'
      Wed 02/04/09 09:12 PM:   ca_path = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   dh_file = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   cert_file = '/Users/stephen/Library/openvpn/DMVPN/swkdelmck.crt'
      Wed 02/04/09 09:12 PM:   priv_key_file = '/Users/stephen/Library/openvpn/DMVPN/swkdelmck.key'
      Wed 02/04/09 09:12 PM:   pkcs12_file = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   cipher_list = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   tls_verify = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   tls_remote = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   crl_file = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   ns_cert_type = 64
      Wed 02/04/09 09:12 PM:   remote_cert_ku[i] = 0
      Wed 02/04/09 09:12 PM:   remote_cert_ku[i] = 0
      Wed 02/04/09 09:12 PM:   remote_cert_ku[i] = 0
      Wed 02/04/09 09:12 PM:   remote_cert_ku[i] = 0
      Wed 02/04/09 09:12 PM:   remote_cert_ku[i] = 0
      Wed 02/04/09 09:12 PM:   remote_cert_ku[i] = 0
      Wed 02/04/09 09:12 PM:   remote_cert_ku[i] = 0
      Wed 02/04/09 09:12 PM:   remote_cert_ku[i] = 0
      Wed 02/04/09 09:12 PM:   remote_cert_ku[i] = 0
      Wed 02/04/09 09:12 PM:   remote_cert_ku[i] = 0
      Wed 02/04/09 09:12 PM:   remote_cert_ku[i] = 0
      Wed 02/04/09 09:12 PM:   remote_cert_ku[i] = 0
      Wed 02/04/09 09:12 PM:   remote_cert_ku[i] = 0
      Wed 02/04/09 09:12 PM:   remote_cert_ku[i] = 0
      Wed 02/04/09 09:12 PM:   remote_cert_ku[i] = 0
      Wed 02/04/09 09:12 PM:   remote_cert_ku[i] = 0
      Wed 02/04/09 09:12 PM:   remote_cert_eku = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   tls_timeout = 2
      Wed 02/04/09 09:12 PM:   renegotiate_bytes = 0
      Wed 02/04/09 09:12 PM:   renegotiate_packets = 0
      Wed 02/04/09 09:12 PM:   renegotiate_seconds = 3600
      Wed 02/04/09 09:12 PM:   handshake_window = 60
      Wed 02/04/09 09:12 PM:   transition_window = 3600
      Wed 02/04/09 09:12 PM:   single_session = DISABLED
      Wed 02/04/09 09:12 PM:   tls_exit = DISABLED
      Wed 02/04/09 09:12 PM:   tls_auth_file = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   server_network = 0.0.0.0
      Wed 02/04/09 09:12 PM:   server_netmask = 0.0.0.0
      Wed 02/04/09 09:12 PM:   server_bridge_ip = 0.0.0.0
      Wed 02/04/09 09:12 PM:   server_bridge_netmask = 0.0.0.0
      Wed 02/04/09 09:12 PM:   server_bridge_pool_start = 0.0.0.0
      Wed 02/04/09 09:12 PM:   server_bridge_pool_end = 0.0.0.0
      Wed 02/04/09 09:12 PM:   ifconfig_pool_defined = DISABLED
      Wed 02/04/09 09:12 PM:   ifconfig_pool_start = 0.0.0.0
      Wed 02/04/09 09:12 PM:   ifconfig_pool_end = 0.0.0.0
      Wed 02/04/09 09:12 PM:   ifconfig_pool_netmask = 0.0.0.0
      Wed 02/04/09 09:12 PM:   ifconfig_pool_persist_filename = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   ifconfig_pool_persist_refresh_freq = 600
      Wed 02/04/09 09:12 PM:   n_bcast_buf = 256
      Wed 02/04/09 09:12 PM:   tcp_queue_limit = 64
      Wed 02/04/09 09:12 PM:   real_hash_size = 256
      Wed 02/04/09 09:12 PM:   virtual_hash_size = 256
      Wed 02/04/09 09:12 PM:   client_connect_script = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   learn_address_script = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   client_disconnect_script = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   client_config_dir = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   ccd_exclusive = DISABLED
      Wed 02/04/09 09:12 PM:   tmp_dir = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   push_ifconfig_defined = DISABLED
      Wed 02/04/09 09:12 PM:   push_ifconfig_local = 0.0.0.0
      Wed 02/04/09 09:12 PM:   push_ifconfig_remote_netmask = 0.0.0.0
      Wed 02/04/09 09:12 PM:   enable_c2c = DISABLED
      Wed 02/04/09 09:12 PM:   duplicate_cn = DISABLED
      Wed 02/04/09 09:12 PM:   cf_max = 0
      Wed 02/04/09 09:12 PM:   cf_per = 0
      Wed 02/04/09 09:12 PM:   max_clients = 1024
      Wed 02/04/09 09:12 PM:   max_routes_per_client = 256
      Wed 02/04/09 09:12 PM:   auth_user_pass_verify_script = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   auth_user_pass_verify_script_via_file = DISABLED
      Wed 02/04/09 09:12 PM:   ssl_flags = 0
      Wed 02/04/09 09:12 PM:   port_share_host = '[UNDEF]'
      Wed 02/04/09 09:12 PM:   port_share_port = 0
      Wed 02/04/09 09:12 PM:   client = DISABLED
      Wed 02/04/09 09:12 PM:   pull = ENABLED
      Wed 02/04/09 09:12 PM:   auth_user_pass_file = '[UNDEF]'
      Wed 02/04/09 09:12 PM: OpenVPN 2.1_rc15 i386-apple-darwin9.5.0 [SSL] [LZO2] built on Nov 19 2008
      Wed 02/04/09 09:12 PM: MANAGEMENT: TCP Socket listening on 127.0.0.1:1337
      Wed 02/04/09 09:12 PM:  waiting...
      Wed 02/04/09 09:12 PM: MANAGEMENT: Client connected from 127.0.0.1:1337
      Wed 12/31/69 07:00 PM: END
      Wed 12/31/69 07:00 PM: SUCCESS: hold release succeeded
      Wed 02/04/09 09:12 PM: WARNING: --ping should normally be used with --ping-restart or --ping-exit
      Wed 02/04/09 09:12 PM: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Wed 02/04/09 09:12 PM: WARNING: file '/Users/stephen/Library/openvpn/DMVPN/swkdelmck.key' is group or others accessible
      Wed 02/04/09 09:12 PM: LZO compression initialized
      Wed 02/04/09 09:12 PM: Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
      Wed 02/04/09 09:12 PM: Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
      Wed 02/04/09 09:12 PM: tls-client'
      Wed 02/04/09 09:12 PM: tls-server'
      Wed 02/04/09 09:12 PM: Local Options hash (VER=V4): '69109d17'
      Wed 02/04/09 09:12 PM: Expected Remote Options hash (VER=V4): 'c0103fa8'
      Wed 02/04/09 09:12 PM: Attempting to establish TCP connection with ***.***.***.***:1194 [nonblock]
      Wed 02/04/09 09:12 PM: 
      Wed 02/04/09 09:12 PM: TCP connection established with ***.***.***.***:1194
      Wed 02/04/09 09:12 PM: Socket Buffers: R=[525624->65536] S=[131768->65536]
      Wed 02/04/09 09:12 PM: TCPv4_CLIENT link local: [undef]
      Wed 02/04/09 09:12 PM: TCPv4_CLIENT link remote: ***.***.***.***:1194
      Wed 02/04/09 09:12 PM: 
      Wed 02/04/09 09:12 PM: 
      Wed 02/04/09 09:12 PM:  sid=1d8d082f cc397870
      Wed 02/04/09 09:12 PM:  /C=US/ST=KY/L=Louisville/O=pfSense/CN=/root/easyrsa4pfsense/emailAddress=sullrich@gmail.com
      Wed 02/04/09 09:12 PM: VERIFY OK: nsCertType=SERVER
      Wed 02/04/09 09:12 PM:  /C=US/ST=KY/L=Louisville/O=pfSense/CN=server/emailAddress=sullrich@gmail.com
      Wed 02/04/09 09:12 PM: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
      Wed 02/04/09 09:12 PM: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Wed 02/04/09 09:12 PM: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
      Wed 02/04/09 09:12 PM: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Wed 02/04/09 09:12 PM:  1024 bit RSA
      Wed 02/04/09 09:12 PM: [server] Peer Connection Initiated with ***.***.***.***:1194
      Wed 02/04/09 09:12 PM: 
      Wed 02/04/09 09:12 PM: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
      Wed 02/04/09 09:12 PM: ifconfig 10.0.100.6 10.0.100.5'
      Wed 02/04/09 09:12 PM: OPTIONS IMPORT: timers and/or timeouts modified
      Wed 02/04/09 09:12 PM: OPTIONS IMPORT: --ifconfig/up options modified
      Wed 02/04/09 09:12 PM: OPTIONS IMPORT: route options modified
      Wed 02/04/09 09:12 PM: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
      Wed 02/04/09 09:12 PM: ROUTE default_gateway=192.168.0.1
      Wed 02/04/09 09:12 PM: TUN/TAP device /dev/tun0 opened
      Wed 02/04/09 09:12 PM: 
      Wed 02/04/09 09:12 PM: /sbin/ifconfig tun0 delete
      Wed 02/04/09 09:12 PM: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
      Wed 02/04/09 09:12 PM: /sbin/ifconfig tun0 10.0.100.6 10.0.100.5 mtu 1500 netmask 255.255.255.255 up
      Wed 02/04/09 09:12 PM: /Applications/Tunnelblick.app/Contents/Resources/client.up.osx.sh tun0 1500 1544 10.0.100.6 10.0.100.5 init
      Wed 02/04/09 09:12 PM: 
      Wed 02/04/09 09:12 PM: /sbin/route add -net 10.0.0.0 10.0.100.5 255.255.255.0
      Wed 02/04/09 09:12 PM: /sbin/route add -net 10.0.100.1 10.0.100.5 255.255.255.255
      Wed 02/04/09 09:12 PM: Initialization Sequence Completed
      Wed 02/04/09 09:12 PM: ***.***.***.***
      Wed 02/04/09 09:13 PM:  restarting [0]
      Wed 02/04/09 09:13 PM: TCP/UDP: Closing socket
      Wed 02/04/09 09:13 PM:  process restarting
      Wed 02/04/09 09:13 PM: 
      Wed 12/31/69 07:00 PM: SUCCESS: hold release succeeded
      Wed 02/04/09 09:13 PM: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Wed 02/04/09 09:13 PM: Re-using SSL/TLS context
      Wed 02/04/09 09:13 PM: LZO compression initialized
      Wed 02/04/09 09:13 PM: Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
      Wed 02/04/09 09:13 PM: Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
      Wed 02/04/09 09:13 PM: tls-client'
      Wed 02/04/09 09:13 PM: tls-server'
      Wed 02/04/09 09:13 PM: Local Options hash (VER=V4): '69109d17'
      Wed 02/04/09 09:13 PM: Expected Remote Options hash (VER=V4): 'c0103fa8'
      Wed 02/04/09 09:13 PM: Attempting to establish TCP connection with ***.***.***.***:1194 [nonblock]
      Wed 02/04/09 09:13 PM: 
      Wed 02/04/09 09:13 PM: TCP connection established with ***.***.***.***:1194
      Wed 02/04/09 09:13 PM: Socket Buffers: R=[525624->65536] S=[131768->65536]
      Wed 02/04/09 09:13 PM: TCPv4_CLIENT link local: [undef]
      Wed 02/04/09 09:13 PM: TCPv4_CLIENT link remote: ***.***.***.***:1194
      Wed 02/04/09 09:13 PM: 
      Wed 02/04/09 09:13 PM: 
      Wed 02/04/09 09:13 PM:  sid=2ff8656e 33de7b9f
      Wed 02/04/09 09:13 PM:  /C=US/ST=KY/L=Louisville/O=pfSense/CN=/root/easyrsa4pfsense/emailAddress=sullrich@gmail.com
      Wed 02/04/09 09:13 PM: VERIFY OK: nsCertType=SERVER
      Wed 02/04/09 09:13 PM:  /C=US/ST=KY/L=Louisville/O=pfSense/CN=server/emailAddress=sullrich@gmail.com
      Wed 02/04/09 09:13 PM: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
      Wed 02/04/09 09:13 PM: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Wed 02/04/09 09:13 PM: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
      Wed 02/04/09 09:13 PM: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Wed 02/04/09 09:13 PM:  1024 bit RSA
      Wed 02/04/09 09:13 PM: [server] Peer Connection Initiated with ***.***.***.***:1194
      Wed 02/04/09 09:13 PM: 
      Wed 02/04/09 09:13 PM: SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
      Wed 02/04/09 09:13 PM: ifconfig 10.0.100.6 10.0.100.5'
      Wed 02/04/09 09:13 PM: OPTIONS IMPORT: timers and/or timeouts modified
      Wed 02/04/09 09:13 PM: OPTIONS IMPORT: --ifconfig/up options modified
      Wed 02/04/09 09:13 PM: OPTIONS IMPORT: route options modified
      Wed 02/04/09 09:13 PM: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
      Wed 02/04/09 09:13 PM: Preserving previous TUN/TAP instance: tun0
      Wed 02/04/09 09:13 PM: Initialization Sequence Completed
      Wed 02/04/09 09:13 PM: ***.***.***.***
      
      This is from tunnelblick on my mac but I get the same constant disconnects from windows with openvpn-gui.
      
      Thanks for any insight you can offer.[/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i]
      
      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy