Why did my OpenVPN connection get intrrupted?

torontob · Jan 14, 2011, 6:30 PM

Hi Everyone,

I noticed my SSH terminal not responding and noticed this (running pfSense v.1.2.3 on Alix board):

Fri Jan 14 12:17:06 2011 Replay-window backtrack occurred [1]
Fri Jan 14 12:41:16 2011 Replay-window backtrack occurred [2]
Fri Jan 14 12:46:03 2011 TLS: tls_process: killed expiring key
Fri Jan 14 12:46:04 2011 TLS: soft reset sec=0 bytes=3771796/0 pkts=13553/0
Fri Jan 14 12:46:04 2011 VERIFY OK: depth=1, /C=CA/ST=PR/L=CITY/O=XYZ/CN=XYZ_CA/emailAddress=support@XYZ.ca
Fri Jan 14 12:46:04 2011 VERIFY OK: depth=0, /C=CA/ST=PR/L=CITY/O=XYZ/CN=server/emailAddress=support@XYZ.ca
Fri Jan 14 12:46:04 2011 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Jan 14 12:46:04 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authenticatiPR
Fri Jan 14 12:46:04 2011 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Fri Jan 14 12:46:04 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authenticatiPR
Fri Jan 14 12:46:04 2011 CPRtrol Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Jan 14 13:26:12 2011 write UDPv4: Interrupted system call (WSAEINTR) (code=10004)

Any clue what that means?

Thanks

jimp · Jan 17, 2011, 4:36 PM

So which time corresponds to the broken connection? There is an almost 45 minute gap between the last two log messages.

Though the last message is probably the fatal one. Could be about anything though. Is that the client log? Anything from the same time period on the server side? (Or if that is the server log, anything on the client?)

torontob · Jan 17, 2011, 4:45 PM

This is from client side. Probably the problem happens more often that I have noticed. If I am not wrong I should be worried about both:

Fri Jan 14 12:17:06 2011 Replay-window backtrack occurred [1]

AND

Fri Jan 14 13:26:12 2011 write UDPv4: Interrupted system call (WSAEINTR) (code=10004)

I think the expiring key is part of the normal process?!

The server side is the pfSense logs. I think it's over-written by now.

Thanks

jimp · Jan 17, 2011, 5:09 PM

Looks like that error just means that packets were received out of order. Could be from a lossy WAN connection or some other kind of problem with the connection between where the client are server reside.

The interrupted system call could be an issue with the router at the client site, but it's hard to say. Google shows lots of hits on that exact error that may be enlightening.