Why did my OpenVPN connection get intrrupted?



  • Hi Everyone,

    I noticed my SSH terminal not responding and noticed this (running pfSense v.1.2.3 on Alix board):

    Fri Jan 14 12:17:06 2011 Replay-window backtrack occurred [1]
    Fri Jan 14 12:41:16 2011 Replay-window backtrack occurred [2]
    Fri Jan 14 12:46:03 2011 TLS: tls_process: killed expiring key
    Fri Jan 14 12:46:04 2011 TLS: soft reset sec=0 bytes=3771796/0 pkts=13553/0
    Fri Jan 14 12:46:04 2011 VERIFY OK: depth=1, /C=CA/ST=PR/L=CITY/O=XYZ/CN=XYZ_CA/emailAddress=support@XYZ.ca
    Fri Jan 14 12:46:04 2011 VERIFY OK: depth=0, /C=CA/ST=PR/L=CITY/O=XYZ/CN=server/emailAddress=support@XYZ.ca
    Fri Jan 14 12:46:04 2011 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Fri Jan 14 12:46:04 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authenticatiPR
    Fri Jan 14 12:46:04 2011 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
    Fri Jan 14 12:46:04 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authenticatiPR
    Fri Jan 14 12:46:04 2011 CPRtrol Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Fri Jan 14 13:26:12 2011 write UDPv4: Interrupted system call (WSAEINTR) (code=10004)

    Any clue what that means?

    Thanks


  • Rebel Alliance Developer Netgate

    So which time corresponds to the broken connection?  There is an almost 45 minute gap between the last two log messages.

    Though the last message is probably the fatal one. Could be about anything though. Is that the client log? Anything from the same time period on the server side? (Or if that is the server log, anything on the client?)



  • This is from client side. Probably the problem happens more often that I have noticed. If I am not wrong I should be worried about both:

    Fri Jan 14 12:17:06 2011 Replay-window backtrack occurred [1]
    

    AND

    Fri Jan 14 13:26:12 2011 write UDPv4: Interrupted system call (WSAEINTR) (code=10004)
    

    I think the expiring key is part of the normal process?!

    The server side is the pfSense logs. I think it's over-written by now.

    Thanks


  • Rebel Alliance Developer Netgate

    Looks like that error just means that packets were received out of order. Could be from a lossy WAN connection or some other kind of problem with the connection between where the client are server reside.

    The interrupted system call could be an issue with the router at the client site, but it's hard to say. Google shows lots of hits on that exact error that may be enlightening.


Locked