Re: [Openvpn-users] OpenVPN frequent renegociation and sometimes downtime

2020-07-24 Thread tincanteksup 

Hi Marc,

not sure how you have your configs setup (maybe post further details) but ..

Using --verb 4 may help with extra log details.

Regards.


On 24/07/2020 22:20, Marc SCHAEFER wrote:

Hello,

I have an OpenVPN server on a fixed IP address, using the CA mode.
I have 3 clients, two on dynamic IP and behind CGNAT, and one on
fixed IP.

I observe frequent downtimes, that's why I have investigated a bit.
They heal by themselves, but sometimes they last more than 10 minutes,
which triggers an alarm on my monitoring system. I run the Debian buster
version of OpenVPN everywhere.

I tried the server config:

keepalive 10 60

However, it did not really help: I have frequent downtimes of all of
the clients.  AFAIK this command also set ping on the clients.

Thinking that the problem could be NAT related, at least partly,
I tried just a simple `ping 10' on the server. It did not help.

I have now configured a ping 10 on the server and one of the client
to see what happens.

My question: is it normal that the key exchange / negociation is very
frequent ?

See: (every minute): that one is on fixed IP

Jul 24 23:04:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:04:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:05:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:05:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:06:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:06:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:07:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:07:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:08:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:08:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:09:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:09:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:10:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:10:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:11:46 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:11:46 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:12:46 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:12:46 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:13:46 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:13:46 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:14:46 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:14:46 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

However, the others (on NAT) also do the same every minute.

But the `Peer Connection Initiated' is much more rare (e.g. once a day).

So far I have not seen any specific error message when the connection ceases to 
work or starts again.

Any idea ?

Thank you :)


___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users




___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

[Openvpn-users] OpenVPN frequent renegociation and sometimes downtime

2020-07-24 Thread Marc SCHAEFER 
Hello,

I have an OpenVPN server on a fixed IP address, using the CA mode.
I have 3 clients, two on dynamic IP and behind CGNAT, and one on
fixed IP.

I observe frequent downtimes, that's why I have investigated a bit.
They heal by themselves, but sometimes they last more than 10 minutes,
which triggers an alarm on my monitoring system. I run the Debian buster
version of OpenVPN everywhere.

I tried the server config: 

   keepalive 10 60

However, it did not really help: I have frequent downtimes of all of
the clients.  AFAIK this command also set ping on the clients.

Thinking that the problem could be NAT related, at least partly,
I tried just a simple `ping 10' on the server. It did not help.

I have now configured a ping 10 on the server and one of the client
to see what happens.

My question: is it normal that the key exchange / negociation is very
frequent ?

See: (every minute): that one is on fixed IP

Jul 24 23:04:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:04:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:05:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:05:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:06:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:06:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:07:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:07:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:08:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:08:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:09:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:09:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:10:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:10:45 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:11:46 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:11:46 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:12:46 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:12:46 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:13:46 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:13:46 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:14:46 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Jul 24 23:14:46 virtual ovpn-multiple[6235]: client05/some-fixed-IP:4998 
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

However, the others (on NAT) also do the same every minute.

But the `Peer Connection Initiated' is much more rare (e.g. once a day).

So far I have not seen any specific error message when the connection ceases to 
work or starts again.

Any idea ?

Thank you :)


___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users