Unstable OpenVPN



  • Hi, Iam have OpenVPN site-to-site Iam access with VNC Linux Host over OpenVPN but every 1 minute iam loss connection VNC

    the VPN is not down but problem with VNC


  • Banned

    What a wealth of info…



  • Sorry my bad

    Apr 7 09:45:10 openvpn[90084]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Apr 7 09:45:10 openvpn[90084]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Apr 7 09:45:10 openvpn[90327]: UDPv4 link local (bound): [AF_INET]192.168.200.2
    Apr 7 09:45:10 openvpn[90327]: UDPv4 link remote: [AF_INET]200.70.95.32:5069
    Apr 7 09:45:10 openvpn[90327]: WARNING: 'ifconfig' is present in remote config but missing in local config, remote='ifconfig 50.0.69.2 50.0.69.1'
    Apr 7 09:45:10 openvpn[90327]: [server_rech01] Peer Connection Initiated with [AF_INET]200.70.95.32:5069
    Apr 7 09:45:12 openvpn[90327]: TUN/TAP device ovpnc1 exists previously, keep at program end
    Apr 7 09:45:12 openvpn[90327]: TUN/TAP device /dev/tun1 opened
    Apr 7 09:45:12 openvpn[90327]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
    Apr 7 09:45:12 openvpn[90327]: /sbin/ifconfig ovpnc1 50.0.69.2 50.0.69.1 mtu 1500 netmask 255.255.255.255 up
    Apr 7 09:45:12 openvpn[90327]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1542 50.0.69.2 50.0.69.1 init
    Apr 7 09:45:12 openvpn[90327]: Initialization Sequence Completed
    Apr 7 10:45:11 openvpn[90327]: WARNING: 'ifconfig' is present in remote config but missing in local config, remote='ifconfig 50.0.69.2 50.0.69.1'

    I'am enable net.inet.ip.fastforwarding to 1 in System –> System Tunnbles

    information: https://forums.openvpn.net/topic9934.html

    Log Firewall OK all pass

    pass
    Apr 7 11:20:51 ovpnc1 Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 50.0.69.1:61672 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 192.168.7.100:5901 TCP:S
    pass
    Apr 7 11:23:32 ovpnc1 Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 50.0.69.1:61726 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 192.168.7.100:5901 TCP:S
    pass
    Apr 7 11:25:29 ovpnc1 Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 50.0.69.1:49748 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 192.168.7.166:5900 TCP:S
    pass
    Apr 7 11:26:17 ovpnc1 Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 50.0.69.1:49769 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 192.168.7.166:5900 TCP:S
    pass
    Apr 7 11:26:36 LAN Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.7.166:1332 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 217.146.26.212:5938 TCP:S
    pass
    Apr 7 11:26:37 LAN Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.7.166:1333 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 178.77.120.104:5938 TCP:S
    pass
    Apr 7 11:26:38 LAN Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.7.166:1333 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 178.77.120.104:5938 TCP:S
    pass
    Apr 7 11:26:39 LAN Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.7.166:1334 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 88.198.136.212:5938 TCP:S



  • Banned

    Looks like your connectivity sucks badly… I'd suggest to undo the "tuning".



  • OK Disable ipforwardfast,

    in the meantime

    add a option:

    link-mtu 1400;

    now VNC not down maybe say that but

    I'am look  in Logs OpenVPN

    openvpn[8247]: WARNING: normally if you use –mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1358)
    Apr 7 12:26:17 openvpn[8465]: UDPv4 link local (bound): [AF_INET]192.168.200.2
    Apr 7 12:26:17 openvpn[8465]: UDPv4 link remote: [AF_INET]200.150.81.211:5069
    Apr 7 12:26:17 openvpn[8465]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1400', remote='link-mtu 1542'
    Apr 7 12:26:17 openvpn[8465]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1358', remote='tun-mtu 1500'


  • Banned

    Hmmm, yeah? So, set it consistently on both ends?



  • just because u said took a fall VNC and returned, but more fast, believe it is the MTU question the problem



  • I'am remove 1400

    and add

    tun-mtu 1500;

    now is work :D


  • Banned

    Good… Mainly, these things need to match on both ends.


Log in to reply