Hi all, Has anyone seen openvpn regularly restarting its connection?
I have two connections. On one, I'm the server and a remote connects to me (from QSR), on the other I'm the server and I connect to a remote (at work). Generally, I have "ping 1;ping-restart 10". That works for me since the links are pretty good and if do a real ping (I know that openvpn does a UDP "ping" to port 1194, so it's not a *real* ping), I never get 91% error except when my internet really is down. On the one where I'm the client connecting to openvpn at work, I see this": >>>>>>>>>>> Yes, we're multi-homed, 3 different remote IPs work Fri Mar 10 08:35:27 2006 us=205621 Initialization Sequence Completed Fri Mar 10 08:45:06 2006 us=555648 TLS Error: local/remote TLS keys are out of sync: 203.x.x.x:1194 [0] <snip> Fri Mar 10 08:45:26 2006 us=507563 Initialization Sequence Completed Fri Mar 10 08:55:06 2006 us=46132 TLS Error: local/remote TLS keys are out of sync: 202.x.x.x:1194 [0] <snip> Fri Mar 10 08:55:26 2006 us=542646 Initialization Sequence Completed Fri Mar 10 09:05:15 2006 us=782523 [server] Inactivity timeout (--ping-restart), restarting Fri Mar 10 09:05:15 2006 us=783062 TCP/UDP: Closing socket Fri Mar 10 09:05:15 2006 us=783122 SIGUSR1[soft,ping-restart] received, process restarting <snip> Fri Mar 10 09:05:44 2006 us=912327 Initialization Sequence Completed Fri Mar 10 09:15:05 2006 us=813502 TLS Error: local/remote TLS keys are out of sync: 202.x.x.x:1194 [0] <snip> Fri Mar 10 09:15:26 2006 us=661194 Initialization Sequence Completed <<<<<<<<<<<<< If you notice, the link is going down every 10 minutes or so. the regularity is *freaky*. I sometimes see it going down every 20 minutes instead, or 10, then 20, then 10, then 10, then 20, etc. but it's still freaky. Now, those remote IPs are not connected to my ISP, I think they're Meridian, PLDT, Digitel. The remote server is Linux (debian, I think). Now, for the other connection, where the remote (at QSR) connects to me: >>>>>>>>>>>>>>>>> Fri Mar 10 08:37:44 2006 Initialization Sequence Completed Fri Mar 10 08:39:46 2006 [server] Inactivity timeout (--ping-restart), restartin Fri Mar 10 08:39:46 2006 TCP/UDP: Closing socket Fri Mar 10 08:39:46 2006 SIGUSR1[soft,ping-restart] received, process restarting Fri Mar 10 08:39:46 2006 Restart pause, 2 second(s) Fri Mar 10 08:40:13 2006 Initialization Sequence Completed Fri Mar 10 08:44:48 2006 [server] Inactivity timeout (--ping-restart), restartin Fri Mar 10 08:44:49 2006 TCP/UDP: Closing socket <snip> Fri Mar 10 08:45:07 2006 Initialization Sequence Completed Fri Mar 10 09:19:47 2006 [server] Inactivity timeout (--ping-restart), restartin Fri Mar 10 09:19:48 2006 TCP/UDP: Closing socket <snip> Fri Mar 10 09:20:03 2006 Initialization Sequence Completed Fri Mar 10 09:24:46 2006 [server] Inactivity timeout (--ping-restart), restartin Fri Mar 10 09:24:46 2006 TCP/UDP: Closing socket <snip> Fri Mar 10 09:24:52 2006 Initialization Sequence Completed <<<<<<<<<<<<< So I've still got the restarts. this other openvpn connection is on the same ISP as I am, so it's surprising that the restarts are less stable and often closer together than the 10-20 minute restarts with different ISPs. Since my computer is an endpoint for both, it *could* be something running on my computer. I don't see anything that might be doing that in crontab though. Nor do I see anything at the remotes. Has anyone seen this? The connection restarts sometimes with just Inactivity timeout (I use "ping 1;ping-restart 10"). but sometimes I get TLS key out of sync errors and from what I've read online, that happens when either the server or the client kills the connection. Since i'm monitoring the TLS key out of sync on the client, I think that means the server is killing the connection (perhaps because of keepalive 1 60 noticing that the link went down). but generally, when i do a real ping, I just don't see that kind of timeout happening (where not a single ping gets through and comes back after 60 seconds or so, or even after 20 seconds). tiger -- Gerald Timothy Quimpo [EMAIL PROTECTED] [EMAIL PROTECTED] http://bopolissimus.blogspot.com http://monotremetech.blogspot.com Public Key: "gpg --keyserver pgp.mit.edu --recv-keys 672F4C78" Extensibility -- Design for the future, because it will be here sooner than you think. -- http://www.faqs.org/docs/artu/ch01s06.html#id2879112 _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
