Unstable OpenVPN

klaos

Hi, Iam have OpenVPN site-to-site Iam access with VNC Linux Host over OpenVPN but every 1 minute iam loss connection VNC

the VPN is not down but problem with VNC

doktornotor

What a wealth of info…

klaos

Sorry my bad

Apr 7 09:45:10 openvpn[90084]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Apr 7 09:45:10 openvpn[90084]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Apr 7 09:45:10 openvpn[90327]: UDPv4 link local (bound): [AF_INET]192.168.200.2
Apr 7 09:45:10 openvpn[90327]: UDPv4 link remote: [AF_INET]200.70.95.32:5069
Apr 7 09:45:10 openvpn[90327]: WARNING: 'ifconfig' is present in remote config but missing in local config, remote='ifconfig 50.0.69.2 50.0.69.1'
Apr 7 09:45:10 openvpn[90327]: [server_rech01] Peer Connection Initiated with [AF_INET]200.70.95.32:5069
Apr 7 09:45:12 openvpn[90327]: TUN/TAP device ovpnc1 exists previously, keep at program end
Apr 7 09:45:12 openvpn[90327]: TUN/TAP device /dev/tun1 opened
Apr 7 09:45:12 openvpn[90327]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
Apr 7 09:45:12 openvpn[90327]: /sbin/ifconfig ovpnc1 50.0.69.2 50.0.69.1 mtu 1500 netmask 255.255.255.255 up
Apr 7 09:45:12 openvpn[90327]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1542 50.0.69.2 50.0.69.1 init
Apr 7 09:45:12 openvpn[90327]: Initialization Sequence Completed
Apr 7 10:45:11 openvpn[90327]: WARNING: 'ifconfig' is present in remote config but missing in local config, remote='ifconfig 50.0.69.2 50.0.69.1'

I'am enable net.inet.ip.fastforwarding to 1 in System –> System Tunnbles

information: https://forums.openvpn.net/topic9934.html

Log Firewall OK all pass

pass
Apr 7 11:20:51 ovpnc1 Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 50.0.69.1:61672 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 192.168.7.100:5901 TCP:S
pass
Apr 7 11:23:32 ovpnc1 Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 50.0.69.1:61726 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 192.168.7.100:5901 TCP:S
pass
Apr 7 11:25:29 ovpnc1 Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 50.0.69.1:49748 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 192.168.7.166:5900 TCP:S
pass
Apr 7 11:26:17 ovpnc1 Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 50.0.69.1:49769 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 192.168.7.166:5900 TCP:S
pass
Apr 7 11:26:36 LAN Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.7.166:1332 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 217.146.26.212:5938 TCP:S
pass
Apr 7 11:26:37 LAN Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.7.166:1333 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 178.77.120.104:5938 TCP:S
pass
Apr 7 11:26:38 LAN Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.7.166:1333 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 178.77.120.104:5938 TCP:S
pass
Apr 7 11:26:39 LAN Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 192.168.7.166:1334 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 88.198.136.212:5938 TCP:S

doktornotor

Looks like your connectivity sucks badly… I'd suggest to undo the "tuning".

klaos

OK Disable ipforwardfast,

in the meantime

add a option:

link-mtu 1400;

now VNC not down maybe say that but

I'am look  in Logs OpenVPN

openvpn[8247]: WARNING: normally if you use –mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1358)
Apr 7 12:26:17 openvpn[8465]: UDPv4 link local (bound): [AF_INET]192.168.200.2
Apr 7 12:26:17 openvpn[8465]: UDPv4 link remote: [AF_INET]200.150.81.211:5069
Apr 7 12:26:17 openvpn[8465]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1400', remote='link-mtu 1542'
Apr 7 12:26:17 openvpn[8465]: WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1358', remote='tun-mtu 1500'

doktornotor

Hmmm, yeah? So, set it consistently on both ends?

klaos

just because u said took a fall VNC and returned, but more fast, believe it is the MTU question the problem

klaos

I'am remove 1400

and add

tun-mtu 1500;

now is work :D

doktornotor

Good… Mainly, these things need to match on both ends.