Problem with VPN since upgrading to 1.2 final



  • I have a site with a pfsense firewall running as vpn server that has functioned flawlessly for 3 months.  I upgraded to 1.2 from RC4 yesterday and ever since then, I can't keep the connection for longer than 2 mins.

    The ovpn client log shows this:

    Mon Apr 21 22:49:40 2008 us=776852 [server] Inactivity timeout (--ping-restart), restarting
    Mon Apr 21 22:49:40 2008 us=780075 TCP/UDP: Closing socket
    Mon Apr 21 22:49:40 2008 us=780249 SIGUSR1[soft,ping-restart] received, process restarting
    Mon Apr 21 22:49:40 2008 us=780259 Restart pause, 2 second(s)
    Mon Apr 21 22:49:42 2008 us=776825 Re-using SSL/TLS context
    Mon Apr 21 22:49:42 2008 us=777205 LZO compression initialized
    Mon Apr 21 22:49:42 2008 us=777327 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
    Mon Apr 21 22:49:42 2008 us=789017 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
    Mon Apr 21 22:49:42 2008 us=789126 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
    Mon Apr 21 22:49:42 2008 us=789141 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
    Mon Apr 21 22:49:42 2008 us=789162 Local Options hash (VER=V4): '41690919'
    Mon Apr 21 22:49:42 2008 us=789175 Expected Remote Options hash (VER=V4): '530fdded'
    Mon Apr 21 22:49:42 2008 us=789218 Socket Buffers: R=[8192->8192] S=[8192->8192]
    Mon Apr 21 22:49:42 2008 us=790507 UDPv4 link local (bound): [undef]:1194
    Mon Apr 21 22:49:42 2008 us=790520 UDPv4 link remote: xxx.xxx.xxx.xxx:1194
    Mon Apr 21 22:49:42 2008 us=862891 TLS: Initial packet from xxx.xxx.xxx.xxx:1194, sid=25a9d5ac ea6c2e91
    Mon Apr 21 22:49:43 2008 us=202145 VERIFY OK: depth=1, /C=US/ST=KY/L=Louisville/O=pfSense/CN=/root/easyrsa4pfsense/emailAddress=sullrich@gmail.com
    Mon Apr 21 22:49:43 2008 us=202844 VERIFY OK: nsCertType=SERVER
    Mon Apr 21 22:49:43 2008 us=202862 VERIFY OK: depth=0, /C=US/ST=KY/L=Louisville/O=pfSense/CN=server/emailAddress=sullrich@gmail.com
    Mon Apr 21 22:49:43 2008 us=812170 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Mon Apr 21 22:49:43 2008 us=812205 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon Apr 21 22:49:43 2008 us=812285 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
    Mon Apr 21 22:49:43 2008 us=812297 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Mon Apr 21 22:49:43 2008 us=812829 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
    Mon Apr 21 22:49:43 2008 us=812951 [server] Peer Connection Initiated with xxx.xxx.xxx.xxx:1194
    Mon Apr 21 22:49:44 2008 us=927334 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
    Mon Apr 21 22:49:44 2008 us=995762 PUSH: Received control message: 'PUSH_REPLY,route 10.0.0.0 255.255.255.0,dhcp-option DOMAIN network.local,dhcp-option DNS 10.0.0.1,dhcp-option WINS 10.0.0.1,dhcp-option NBT 2,route 10.0.100.1,ping 10,ping-restart 60,ifconfig 10.0.100.6 10.0.100.5'
    Mon Apr 21 22:49:44 2008 us=995889 OPTIONS IMPORT: timers and/or timeouts modified
    Mon Apr 21 22:49:44 2008 us=995902 OPTIONS IMPORT: --ifconfig/up options modified
    Mon Apr 21 22:49:44 2008 us=995913 OPTIONS IMPORT: route options modified
    Mon Apr 21 22:49:44 2008 us=995924 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Mon Apr 21 22:49:44 2008 us=995936 Preserving previous TUN/TAP instance: ovpn
    Mon Apr 21 22:49:44 2008 us=995947 Initialization Sequence Completed
    
    

    PFsense ovpn log looks like this:

    Apr 21 21:37:31 	openvpn[316]: yyy.yyy.yyy.yyy:49760 LZO compression initialized
    Apr 21 21:37:32 	openvpn[316]: yyy.yyy.yyy.yyy:49760 [userid] Peer Connection Initiated with yyy.yyy.yyy.yyy:49760
    Apr 21 21:38:29 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 Re-using SSL/TLS context
    Apr 21 21:38:29 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 LZO compression initialized
    Apr 21 21:38:30 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 [userid] Peer Connection Initiated with xxx.xxx.xxx.xxx3:1194
    Apr 21 21:39:32 	openvpn[316]: yyy.yyy.yyy.yyy:49760 Re-using SSL/TLS context
    Apr 21 21:39:32 	openvpn[316]: yyy.yyy.yyy.yyy:49760 LZO compression initialized
    Apr 21 21:39:33 	openvpn[316]: yyy.yyy.yyy.yyy:49760 [userid] Peer Connection Initiated with yyy.yyy.yyy.yyy:49760
    Apr 21 21:40:33 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 Re-using SSL/TLS context
    Apr 21 21:40:33 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 LZO compression initialized
    Apr 21 21:40:34 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 [userid] Peer Connection Initiated with xxx.xxx.xxx.xxx3:1194
    Apr 21 21:41:36 	openvpn[316]: yyy.yyy.yyy.yyy:49760 Re-using SSL/TLS context
    Apr 21 21:41:36 	openvpn[316]: yyy.yyy.yyy.yyy:49760 LZO compression initialized
    Apr 21 21:41:37 	openvpn[316]: yyy.yyy.yyy.yyy:49760 [userid] Peer Connection Initiated with yyy.yyy.yyy.yyy:49760
    Apr 21 21:42:38 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 Re-using SSL/TLS context
    Apr 21 21:42:38 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 LZO compression initialized
    Apr 21 21:42:39 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 [userid] Peer Connection Initiated with xxx.xxx.xxx.xxx3:1194
    Apr 21 21:43:40 	openvpn[316]: yyy.yyy.yyy.yyy:49760 Re-using SSL/TLS context
    Apr 21 21:43:40 	openvpn[316]: yyy.yyy.yyy.yyy:49760 LZO compression initialized
    Apr 21 21:43:41 	openvpn[316]: yyy.yyy.yyy.yyy:49760 [userid] Peer Connection Initiated with yyy.yyy.yyy.yyy:49760
    Apr 21 21:44:33 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 Re-using SSL/TLS context
    Apr 21 21:44:33 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 LZO compression initialized
    Apr 21 21:44:35 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 [userid] Peer Connection Initiated with xxx.xxx.xxx.xxx3:1194
    Apr 21 21:45:37 	openvpn[316]: yyy.yyy.yyy.yyy:49760 Re-using SSL/TLS context
    Apr 21 21:45:37 	openvpn[316]: yyy.yyy.yyy.yyy:49760 LZO compression initialized
    Apr 21 21:45:38 	openvpn[316]: yyy.yyy.yyy.yyy:49760 [userid] Peer Connection Initiated with yyy.yyy.yyy.yyy:49760
    Apr 21 21:46:40 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 Re-using SSL/TLS context
    Apr 21 21:46:40 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 LZO compression initialized
    Apr 21 21:46:41 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 [userid] Peer Connection Initiated with xxx.xxx.xxx.xxx3:1194
    Apr 21 21:47:44 	openvpn[316]: yyy.yyy.yyy.yyy:49760 Re-using SSL/TLS context
    Apr 21 21:47:44 	openvpn[316]: yyy.yyy.yyy.yyy:49760 LZO compression initialized
    Apr 21 21:47:45 	openvpn[316]: yyy.yyy.yyy.yyy:49760 [userid] Peer Connection Initiated with yyy.yyy.yyy.yyy:49760
    Apr 21 21:48:39 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 Re-using SSL/TLS context
    Apr 21 21:48:39 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 LZO compression initialized
    Apr 21 21:48:40 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 [userid] Peer Connection Initiated with xxx.xxx.xxx.xxx3:1194
    Apr 21 21:49:42 	openvpn[316]: yyy.yyy.yyy.yyy:49760 Re-using SSL/TLS context
    Apr 21 21:49:42 	openvpn[316]: yyy.yyy.yyy.yyy:49760 LZO compression initialized
    Apr 21 21:49:43 	openvpn[316]: yyy.yyy.yyy.yyy:49760 [userid] Peer Connection Initiated with yyy.yyy.yyy.yyy:49760
    Apr 21 21:50:44 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 Re-using SSL/TLS context
    Apr 21 21:50:44 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 LZO compression initialized
    Apr 21 21:50:45 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 [userid] Peer Connection Initiated with xxx.xxx.xxx.xxx3:1194
    Apr 21 21:51:47 	openvpn[316]: yyy.yyy.yyy.yyy:49760 Re-using SSL/TLS context
    Apr 21 21:51:47 	openvpn[316]: yyy.yyy.yyy.yyy:49760 LZO compression initialized
    Apr 21 21:51:48 	openvpn[316]: yyy.yyy.yyy.yyy:49760 [userid] Peer Connection Initiated with yyy.yyy.yyy.yyy:49760
    Apr 21 21:52:44 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 Re-using SSL/TLS context
    Apr 21 21:52:44 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 LZO compression initialized
    Apr 21 21:52:46 	openvpn[316]: xxx.xxx.xxx.xxx3:1194 [userid] Peer Connection Initiated with xxx.xxx.xxx.xxx3:1194
    Apr 21 21:53:47 	openvpn[316]: yyy.yyy.yyy.yyy:49760 Re-using SSL/TLS context
    Apr 21 21:53:47 	openvpn[316]: yyy.yyy.yyy.yyy:49760 LZO compression initialized
    Apr 21 21:53:48 	openvpn[316]: yyy.yyy.yyy.yyy:49760 [userid] Peer Connection Initiated with yyy.yyy.yyy.yyy:49760
    

    Thanks for any help


Locked