It is currently 21.08.2017 02:47


All times are UTC




Post new topic Reply to topic  [ 27 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: OpenVPN suddenly drops connection!
PostPosted: 24.02.2014 11:55 
Tripple-DES
Tripple-DES

Joined: 24.02.2014 11:52
Posts: 18
Hello Guys,

im using Openvpn on an Linux Box running Rhel6. My version is 2.3.2.
Im using Securepoint OpenVPN ver 1.0 as Client Software on my Laptop (WinXP SP3).

I route the whole traffic through the tunnel when i'm at the university.
But sometimes the coinnections drops after a random amount of time.

I've tried to adjust the keepalive settings on server/client but improvement.
Sometimes the connection runs stable for about one hour, then only for many minutes.

My server config:

Code:
port 1194
proto udp
dev tun0
mssfix
fragment 1300
persist-tun
client-to-client
ca keys/ca.crt
cert keys/server.crt
key keys/server.key
dh keys/dh1024.pem
server 172.16.0.0 255.255.255.0
crl-verify keys/crl.pem
user root
group root
status servers/gate/logs/openvpn-status.log
log-append servers/gate/logs/openvpn.log
verb 4
mute 20
max-clients 10
tls-auth keys/ta.key 0
tun-mtu 1500
keepalive 10 120
client-config-dir /etc/openvpn/servers/gate/ccd
comp-lzo
persist-key
persist-tun
client-to-client
ccd-exclusive
cipher AES-256-CBC
push "redirect-gateway def1"
push "ip-win32 dynamic"
push "explicit-exit-notify 3"
push "dhcp-option NTP 192.53.103.108"
push "dhcp-option DNS 172.16.0.1"
push "dhcp-option WINS 172.16.0.1"



My client config:

Code:
client
proto udp
dev tun
ca ca.crt
dh dh1024.pem
cert red-box.crt
key red-box.key
remote FQHN 1194
cipher AES-256-CBC
user nobody
group nobody
verb 3
mute 20
tun-mtu 1500
keepalive 10 120
comp-lzo
persist-key
persist-tun
resolv-retry infinite
nobind
float
tls-auth ta.key 1
mssfix
fragment 1300
persist-tun



Server log before lost connection:

Code:
variation(s) on previous 20 message(s) suppressed by --mute
[red-box] Inactivity timeout (--ping-restart), restarting
SIGUSR1[soft,ping-restart] received, client-instance restarting



Client log before lost connection:

Code:
[server] Inactivity timeout (--ping-restart), restarting
TCP/UDP: Closing socket
SIGUSR1[soft,ping-restart] received, process restarting
Restart pause, 2 second(s)
WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Re-using SSL/TLS context
LZO compression initialized
Control Channel MTU parms [ L:1562 D:166 EF:66 EB:0 ET:0 EL:0 ]
Socket Buffers: R=[8192->8192] S=[8192->8192]
Data Channel MTU parms [ L:1562 D:1300 EF:62 EB:135 ET:0 EL:0 AF:3/1 ]
Fragmentation MTU parms [ L:1562 D:1300 EF:61 EB:135 ET:1 EL:0 AF:3/1 ]
Local Options hash (VER=V4): 'e05aa1c5'
Expected Remote Options hash (VER=V4): '0088baee'
UDPv4 link local: [undef]
UDPv4 link remote: IP_ADDR:1194
ERROR: TLS error! See log for details
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
TCP/UDP: Closing socket
SIGUSR1[soft,tls-error] received, process restarting
Restart pause, 2 second(s)
DisconnectedTimeout[Maybe your cetificates are not valid. Please check if it is revoked], restart pause will be ignored! Shuting down OpenVPN ..


Could that be a DHCP or a Firewall issue?

Antworten auf Deutsch gehen auch!!


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN suddenly drops connection!
PostPosted: 25.02.2014 15:35 
Tripple-DES
Tripple-DES

Joined: 24.02.2014 11:52
Posts: 18
Keiner eine Idee woran es liegen kann?

Has nobody an idea whats the reason for this problem?


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN suddenly drops connection!
PostPosted: 26.02.2014 09:18 
Tripple-DES
Tripple-DES

Joined: 24.02.2014 11:52
Posts: 18
Oder liegt der Fehler vllt. in dem OpenVPN Clienten?


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN suddenly drops connection!
PostPosted: 26.02.2014 14:45 
Tripple-DES
Tripple-DES

Joined: 24.02.2014 11:52
Posts: 18
Am OpenVPN Clienten kann es auch nicht liegen. Mit dem originalen tritt das selbe Problem auf.


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN suddenly drops connection!
PostPosted: 26.02.2014 16:13 
Profi
Profi

Joined: 23.10.2007 12:10
Posts: 2185
Hallo,
1 Server (max) 1 Client, Uhren gehen auch genau, Zertifikate sind korrekt erzeugt ...

was für Client ?? Linux oder (welches) windoof ?


Code:
client
proto udp
dev tun
ca ca.crt
dh dh1024.pem
 ????  cert red-box.crt
????   key red-box.key
remote FQHN 1194
cipher AES-256-CBC
# ? user nobody
# ?group nobody
verb 3
mute 20
tun-mtu 1500
keepalive 10 120
comp-lzo
#persist-key
#persist-tun
resolv-retry infinite
# ?nobind
# ?float
??  tls-auth ta.key 1
#mssfix
#fragment 1300
#persist-tun

ich hab mal fix alles auskomment was ich nicht brauche hier - Falls du Sonderprobleme hast, muss das wieder rein :)
beiden Key ist einiges nicht klar..

IIRR muss man floa auch dem Server sagen ( der selber eigentlich nie floatet) wozu ein Client floaten muss ist etwas... na ja...eher grosse Ausnahme als Regel..
Logs sind so fast unbrauchbar... müsstest schon Client logs mit Serverlog vergleichen
(Alternative: Kaffeesatzlesen )

F.


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN suddenly drops connection!
PostPosted: 27.02.2014 16:50 
Tripple-DES
Tripple-DES

Joined: 24.02.2014 11:52
Posts: 18
Die Logdateien mit Timestamp liefere ich nach. Allerdings bin ich mir mit allen änderungen die du für das Client log vorgeschlagen hast nicht ganz sicher.


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN suddenly drops connection!
PostPosted: 27.02.2014 18:38 
Profi
Profi

Joined: 23.10.2007 12:10
Posts: 2185
Hallo,
clients laufen bei mir so ...
Serverseitig ist die config auch kleiner (weniger Fehlermöglichkeiten ) ...
allse mit "Standardparametern" laufen lassen und nicht ohne Not abändern (manches muss man manchmal)
Müsste nachlesen ... float und/oder nobind muss auch der Server ggfs. kennen...

Ansonsten auch Loglevel hochdrehen und sehen...
Code:
UDPv4 link local: [undef]
UDPv4 link remote: IP_ADDR:1194
ERROR: TLS error! See log for details
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
TCP/UDP: Closing socket

hat einen Grund... im simpelsten Fall eine "falsche" Uhr :)

F.


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN suddenly drops connection!
PostPosted: 04.03.2014 09:48 
Tripple-DES
Tripple-DES

Joined: 24.02.2014 11:52
Posts: 18
So jetzt hier nochmal aktuelle Logs mit Timestamp:

Irgendwann habe ich dann die Verbindung einfach getrennt nachdem nach 5min kein Ping mehr durchkam und er versucht hat sich per DHCP eine neue OpenVPN IP zu beziehen, was er natürlich nicht konnte da die Verbindung nicht mehr bestand.

Vllt. noch ein Hinweis ich baue die Verbindung aus der Uni (DFN) über Wlan auf.

Server:

Code:
Tue Mar  4 10:03:54 2014 us=544143 MULTI: multi_create_instance called
Tue Mar  4 10:03:54 2014 us=544298 129.217.107.164:1470 Re-using SSL/TLS context
Tue Mar  4 10:03:54 2014 us=544396 129.217.107.164:1470 LZO compression initialized
Tue Mar  4 10:03:54 2014 us=544728 129.217.107.164:1470 Control Channel MTU parms [ L:1562 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue Mar  4 10:03:54 2014 us=544851 129.217.107.164:1470 Data Channel MTU parms [ L:1562 D:1300 EF:62 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Mar  4 10:03:54 2014 us=544911 129.217.107.164:1470 Fragmentation MTU parms [ L:1562 D:1300 EF:61 EB:135 ET:1 EL:0 AF:3/1 ]
Tue Mar  4 10:03:54 2014 us=545468 129.217.107.164:1470 Local Options String: 'V4,dev-type tun,link-mtu 1562,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Tue Mar  4 10:03:54 2014 us=545512 129.217.107.164:1470 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1562,tun-mtu 1500,proto UDPv4,comp-lzo,mtu-dynamic,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Tue Mar  4 10:03:54 2014 us=545575 129.217.107.164:1470 Local Options hash (VER=V4): '0088baee'
Tue Mar  4 10:03:54 2014 us=545640 129.217.107.164:1470 Expected Remote Options hash (VER=V4): 'e05aa1c5'
Tue Mar  4 10:03:54 2014 us=545757 129.217.107.164:1470 TLS: Initial packet from [AF_INET]129.217.107.164:1470, sid=3dce0b35 5bde2351
Tue Mar  4 10:03:55 2014 us=199514 129.217.107.164:1470 CRL: CRL keys/defcon_vpn_ca/crl.pem is from a different issuer than the issuer of certificate C=XX, ST=XXX, L=XX, O=FQHN, OU=DCC VPN, CN=OpenVPN-CA, name=changeme, emailAddress=webmaster@FQHN
Tue Mar  4 10:03:55 2014 us=199692 129.217.107.164:1470 VERIFY OK: depth=1, C=XX, ST=XXX, L=XX, O=FQHN, OU=DCC VPN, CN=OpenVPN-CA, name=changeme, emailAddress=webmaster@FQHN
Tue Mar  4 10:03:55 2014 us=200392 129.217.107.164:1470 CRL: CRL keys/defcon_vpn_ca/crl.pem is from a different issuer than the issuer of certificate C=XX, ST=XXX, L=XX, O=DefCon VPN, OU=changeme, CN=red-box, name=changeme, emailAddress=webmaster@FQHN
Tue Mar  4 10:03:55 2014 us=200500 129.217.107.164:1470 VERIFY OK: depth=0, C=XX, ST=XXX, L=XX, O=FQHN, OU=changeme, CN=red-box, name=changeme, emailAddress=webmaster@FQHN
Tue Mar  4 10:03:59 2014 us=689482 129.217.107.164:1470 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Mar  4 10:03:59 2014 us=689560 129.217.107.164:1470 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar  4 10:03:59 2014 us=689595 129.217.107.164:1470 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Mar  4 10:03:59 2014 us=689646 129.217.107.164:1470 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar  4 10:03:59 2014 us=739606 129.217.107.164:1470 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Mar  4 10:03:59 2014 us=739697 129.217.107.164:1470 [red-box] Peer Connection Initiated with [AF_INET]129.217.107.164:1470
Tue Mar  4 10:03:59 2014 us=739800 red-box/129.217.107.164:1470 OPTIONS IMPORT: reading client specific options from: /etc/openvpn/servers/gate/ccd/red-box
Tue Mar  4 10:03:59 2014 us=750293 red-box/129.217.107.164:1470 MULTI_sva: pool returned IPv4=172.16.0.6, IPv6=(Not enabled)
Tue Mar  4 10:03:59 2014 us=750403 red-box/129.217.107.164:1470 MULTI: Learn: 172.16.0.6 -> red-box/129.217.107.164:1470
Tue Mar  4 10:03:59 2014 us=750445 red-box/129.217.107.164:1470 MULTI: primary virtual IP for red-box/129.217.107.164:1470: 172.16.0.6
Tue Mar  4 10:03:59 2014 us=750485 red-box/129.217.107.164:1470 MULTI: internal route 129.217.64.0/18 -> red-box/129.217.107.164:1470
Tue Mar  4 10:03:59 2014 us=750527 red-box/129.217.107.164:1470 MULTI: Learn: 129.217.64.0/18 -> red-box/129.217.107.164:1470
Tue Mar  4 10:04:02 2014 us=108966 red-box/129.217.107.164:1470 PUSH: Received control message: 'PUSH_REQUEST'
Tue Mar  4 10:04:02 2014 us=109057 red-box/129.217.107.164:1470 send_push_reply(): safe_cap=940
Tue Mar  4 10:04:02 2014 us=109150 red-box/129.217.107.164:1470 SENT CONTROL [red-box]: 'PUSH_REPLY,redirect-gateway def1,ip-win32 dynamic,explicit-exit-notify 3,dhcp-option NTP 192.53.103.108,dhcp-option DNS 172.16.0.1,dhcp-option WINS 172.16.0.1,route 172.16.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 172.16.0.6 172.16.0.5' (status=1)
Tue Mar  4 10:04:02 2014 us=785783 red-box/129.217.107.164:1470 MULTI: bad source address from client [::], packet dropped
Tue Mar  4 10:04:02 2014 us=785944 red-box/129.217.107.164:1470 MULTI: bad source address from client [::], packet dropped
Tue Mar  4 10:04:02 2014 us=786905 red-box/129.217.107.164:1470 MULTI: bad source address from client [::], packet dropped
Tue Mar  4 10:04:06 2014 us=817359 red-box/129.217.107.164:1470 MULTI: bad source address from client [fe80::2ff:ccff:fe03:ffd5], packet dropped
Tue Mar  4 10:04:10 2014 us=785213 red-box/129.217.107.164:1470 MULTI: bad source address from client [fe80::2ff:ccff:fe03:ffd5], packet dropped
Tue Mar  4 10:04:10 2014 us=786489 red-box/129.217.107.164:1470 MULTI: bad source address from client [fe80::2ff:ccff:fe03:ffd5], packet dropped
Tue Mar  4 10:04:22 2014 us=896767 red-box/129.217.107.164:1470 MULTI: Learn: 129.217.107.164 -> red-box/129.217.107.164:1470
Tue Mar  4 10:10:02 2014 us=960291 red-box/129.217.107.164:1470 MULTI: Learn: 129.217.107.164 -> red-box/129.217.107.164:1470
Tue Mar  4 10:13:04 2014 us=288069 red-box/129.217.107.164:1470 MULTI: Learn: 129.217.107.164 -> red-box/129.217.107.164:1470
Tue Mar  4 10:16:43 2014 us=33821 red-box/129.217.107.164:1470 MULTI: Learn: 129.217.107.164 -> red-box/129.217.107.164:1470
Tue Mar  4 10:18:49 2014 us=54648 red-box/129.217.107.164:1470 MULTI: Learn: 129.217.107.164 -> red-box/129.217.107.164:1470
Tue Mar  4 10:23:49 2014 us=385312 red-box/129.217.107.164:1470 MULTI: Learn: 129.217.107.164 -> red-box/129.217.107.164:1470
Tue Mar  4 10:33:19 2014 us=388716 red-box/129.217.107.164:1470 [red-box] Inactivity timeout (--ping-restart), restarting
Tue Mar  4 10:33:19 2014 us=388803 red-box/129.217.107.164:1470 SIGUSR1[soft,ping-restart] received, client-instance restarting


Client:

Code:
Ethernetadapter OPENVPN:

        Verbindungsspezifisches DNS-Suffix:
        Beschreibung. . . . . . . . . . . : TAP-Windows Adapter V9
        Physikalische Adresse . . . . . . : 00-FF-CC-03-FF-D5
        DHCP aktiviert. . . . . . . . . . : Ja
        Autokonfiguration aktiviert . . . : Ja
        IP-Adresse. . . . . . . . . . . . : 172.16.0.6
        Subnetzmaske. . . . . . . . . . . : 255.255.255.252
        IP-Adresse. . . . . . . . . . . . : fe80::2ff:ccff:fe03:ffd5%7
        Standardgateway . . . . . . . . . : 172.16.0.5
        DHCP-Server . . . . . . . . . . . : 172.16.0.5
        DNS-Server. . . . . . . . . . . . : 172.16.0.1
                                            fec0:0:0:ffff::1%1
                                            fec0:0:0:ffff::2%1
                                            fec0:0:0:ffff::3%1
        Primärer WINS-Server. . . . . . . : 172.16.0.1
        Lease erhalten. . . . . . . . . . : Dienstag, 4. März 2014 10:04:02
        Lease läuft ab. . . . . . . . . . : Mittwoch, 4. März 2015 10:04:02


Code:
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway   Schnittstelle  Anzahl
       172.16.0.0    255.255.255.0       172.16.0.5      172.16.0.6       1
       172.16.0.4  255.255.255.252       172.16.0.6      172.16.0.6       30
       172.16.0.6  255.255.255.255        127.0.0.1       127.0.0.1       30
   172.16.255.255  255.255.255.255       172.16.0.6      172.16.0.6       30
Standardgateway:        172.16.0.5


Code:
Tue Mar 04 10:03:51 2014 OpenVPN 2.3.2 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Enter Management Password:
Tue Mar 04 10:03:51 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Mar 04 10:03:51 2014 Need hold release from management interface, waiting...
Tue Mar 04 10:03:51 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Mar 04 10:03:51 2014 MANAGEMENT: CMD 'state on'
Tue Mar 04 10:03:51 2014 MANAGEMENT: CMD 'log all on'
Tue Mar 04 10:03:51 2014 MANAGEMENT: CMD 'hold off'
Tue Mar 04 10:03:51 2014 MANAGEMENT: CMD 'hold release'
Tue Mar 04 10:03:52 2014 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Mar 04 10:03:52 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 04 10:03:52 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 04 10:03:52 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Mar 04 10:03:52 2014 MANAGEMENT: >STATE:1393923832,RESOLVE,,,
Tue Mar 04 10:03:52 2014 UDPv4 link local: [undef]
Tue Mar 04 10:03:52 2014 UDPv4 link remote: [AF_INET]178.6.233.83:1194
Tue Mar 04 10:03:52 2014 MANAGEMENT: >STATE:1393923832,WAIT,,,
Tue Mar 04 10:03:52 2014 MANAGEMENT: >STATE:1393923832,AUTH,,,
Tue Mar 04 10:03:52 2014 TLS: Initial packet from [AF_INET]178.6.233.83:1194, sid=b159e4c0 340298e8
Tue Mar 04 10:03:52 2014 VERIFY OK: depth=1, C=XX, ST=XXX, L=XX, O=FQHN, OU=DCC VPN, CN=OpenVPN-CA, name=changeme, emailAddress=webmaster@FQHN
Tue Mar 04 10:03:52 2014 Validating certificate key usage
Tue Mar 04 10:03:52 2014 ++ Certificate has key usage  00a0, expects 00a0
Tue Mar 04 10:03:52 2014 VERIFY KU OK
Tue Mar 04 10:03:52 2014 Validating certificate extended key usage
Tue Mar 04 10:03:52 2014 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Mar 04 10:03:52 2014 VERIFY EKU OK
Tue Mar 04 10:03:52 2014 VERIFY OK: depth=0, C=XX, ST=XXX, L=XX, O=FQHN, OU=changeme, CN=server, name=changeme, emailAddress=webmaster@FQHN
Tue Mar 04 10:03:57 2014 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Mar 04 10:03:57 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 04 10:03:57 2014 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Mar 04 10:03:57 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 04 10:03:57 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Mar 04 10:03:57 2014 [server] Peer Connection Initiated with [AF_INET]178.6.233.83:1194
Tue Mar 04 10:03:58 2014 MANAGEMENT: >STATE:1393923838,GET_CONFIG,,,
Tue Mar 04 10:03:59 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Mar 04 10:03:59 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,ip-win32 dynamic,explicit-exit-notify 3,dhcp-option NTP 192.53.103.108,dhcp-option DNS 172.16.0.1,dhcp-option WINS 172.16.0.1,route 172.16.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 172.16.0.6 172.16.0.5'
Tue Mar 04 10:03:59 2014 OPTIONS IMPORT: timers and/or timeouts modified
Tue Mar 04 10:03:59 2014 OPTIONS IMPORT: explicit notify parm(s) modified
Tue Mar 04 10:03:59 2014 OPTIONS IMPORT: --ifconfig/up options modified
Tue Mar 04 10:03:59 2014 OPTIONS IMPORT: route options modified
Tue Mar 04 10:03:59 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Mar 04 10:03:59 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Mar 04 10:03:59 2014 MANAGEMENT: >STATE:1393923839,ASSIGN_IP,,172.16.0.6,
Tue Mar 04 10:03:59 2014 open_tun, tt->ipv6=0
Tue Mar 04 10:03:59 2014 TAP-WIN32 device [OPENVPN] opened: \\.\Global\{CC03FFD5-FE83-44D2-BFD8-A1C7F211B7C1}.tap
Tue Mar 04 10:03:59 2014 TAP-Windows Driver Version 9.9
Tue Mar 04 10:03:59 2014 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.16.0.6/255.255.255.252 on interface {CC03FFD5-FE83-44D2-BFD8-A1C7F211B7C1} [DHCP-serv: 172.16.0.5, lease-time: 31536000]
Tue Mar 04 10:03:59 2014 Successful ARP Flush on interface [65542] {CC03FFD5-FE83-44D2-BFD8-A1C7F211B7C1}
Tue Mar 04 10:04:04 2014 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Tue Mar 04 10:04:04 2014 C:\WINDOWS\system32\route.exe ADD 178.6.233.83 MASK 255.255.255.255 129.217.127.254
Tue Mar 04 10:04:04 2014 Route addition via IPAPI succeeded [adaptive]
Tue Mar 04 10:04:04 2014 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.16.0.5
Tue Mar 04 10:04:04 2014 Route addition via IPAPI succeeded [adaptive]
Tue Mar 04 10:04:04 2014 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.16.0.5
Tue Mar 04 10:04:04 2014 Route addition via IPAPI succeeded [adaptive]
Tue Mar 04 10:04:04 2014 MANAGEMENT: >STATE:1393923844,ADD_ROUTES,,,
Tue Mar 04 10:04:04 2014 C:\WINDOWS\system32\route.exe ADD 172.16.0.0 MASK 255.255.255.0 172.16.0.5
Tue Mar 04 10:04:04 2014 Route addition via IPAPI succeeded [adaptive]
Tue Mar 04 10:04:04 2014 Initialization Sequence Completed
Tue Mar 04 10:04:04 2014 MANAGEMENT: >STATE:1393923844,CONNECTED,SUCCESS,172.16.0.6,178.6.233.83
Tue Mar 04 10:35:13 2014 [server] Inactivity timeout (--ping-restart), restarting
Tue Mar 04 10:35:13 2014 SIGUSR1[soft,ping-restart] received, process restarting
Tue Mar 04 10:35:13 2014 MANAGEMENT: >STATE:1393925713,RECONNECTING,ping-restart,,
Tue Mar 04 10:35:13 2014 Restart pause, 2 second(s)
Tue Mar 04 10:35:15 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Mar 04 10:35:15 2014 MANAGEMENT: >STATE:1393925715,RESOLVE,,,
Tue Mar 04 10:35:30 2014 RESOLVE: Cannot resolve host address: FQHN: Der angegebene Host ist unbekannt.
Tue Mar 04 10:35:30 2014 MANAGEMENT: >STATE:1393925730,RESOLVE,,,
Tue Mar 04 10:35:45 2014 RESOLVE: Cannot resolve host address: FQHN: Der angegebene Host ist unbekannt.
Tue Mar 04 10:36:05 2014 RESOLVE: Cannot resolve host address: FQHN: Der angegebene Host ist unbekannt.
Tue Mar 04 10:36:25 2014 RESOLVE: Cannot resolve host address: FQHN: Der angegebene Host ist unbekannt.
Tue Mar 04 10:36:45 2014 RESOLVE: Cannot resolve host address: FQHN: Der angegebene Host ist unbekannt.
Tue Mar 04 10:37:05 2014 RESOLVE: Cannot resolve host address: FQHN: Der angegebene Host ist unbekannt.
Tue Mar 04 10:37:25 2014 RESOLVE: Cannot resolve host address: FQHN: Der angegebene Host ist unbekannt.
Tue Mar 04 10:37:45 2014 RESOLVE: Cannot resolve host address: FQHN: Der angegebene Host ist unbekannt.
Tue Mar 04 10:38:05 2014 RESOLVE: Cannot resolve host address: FQHN: Der angegebene Host ist unbekannt.
Tue Mar 04 10:38:25 2014 RESOLVE: Cannot resolve host address: FQHN: Der angegebene Host ist unbekannt.
Tue Mar 04 10:38:45 2014 RESOLVE: Cannot resolve host address: FQHN: Der angegebene Host ist unbekannt.
Tue Mar 04 10:39:05 2014 RESOLVE: Cannot resolve host address: FQHN: Der angegebene Host ist unbekannt.
Tue Mar 04 10:39:25 2014 RESOLVE: signal received during DNS resolution attempt
Tue Mar 04 10:39:25 2014 C:\WINDOWS\system32\route.exe DELETE 172.16.0.0 MASK 255.255.255.0 172.16.0.5
Tue Mar 04 10:39:25 2014 Route deletion via IPAPI succeeded [adaptive]
Tue Mar 04 10:39:25 2014 C:\WINDOWS\system32\route.exe DELETE 178.6.233.83 MASK 255.255.255.255 129.217.127.254
Tue Mar 04 10:39:25 2014 ROUTE: route deletion failed using DeleteIpForwardEntry: Falscher Parameter. 
Tue Mar 04 10:39:25 2014 Route deletion via IPAPI failed [adaptive]
Tue Mar 04 10:39:25 2014 Route deletion fallback to route.exe
Tue Mar 04 10:39:25 2014 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Tue Mar 04 10:39:25 2014 C:\WINDOWS\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 172.16.0.5
Tue Mar 04 10:39:25 2014 Route deletion via IPAPI succeeded [adaptive]
Tue Mar 04 10:39:25 2014 C:\WINDOWS\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 172.16.0.5
Tue Mar 04 10:39:25 2014 Route deletion via IPAPI succeeded [adaptive]
Tue Mar 04 10:39:25 2014 Closing TUN/TAP interface
Tue Mar 04 10:39:25 2014 SIGTERM[hard,init_instance] received, process exiting
Tue Mar 04 10:39:25 2014 MANAGEMENT: >STATE:1393925965,EXITING,init_instance,,


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN suddenly drops connection!
PostPosted: 04.03.2014 14:20 
Tripple-DES
Tripple-DES

Joined: 24.02.2014 11:52
Posts: 18
Hier noch ein Log das ich mit dem Securepoint-Clienten aufgenommen habe. Das vorherige wurde von dem OpenVpn-Clienten erstellt.

Code:
Try to start OpenVPN connection red-box
Tue Mar 04 15:01:15 2014 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built on Dec 15 2011
Tue Mar 04 15:01:15 2014 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Mar 04 15:01:15 2014 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Tue Mar 04 15:01:15 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Mar 04 15:01:15 2014 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Tue Mar 04 15:01:15 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 04 15:01:15 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 04 15:01:15 2014 LZO compression initialized
Tue Mar 04 15:01:15 2014 Control Channel MTU parms [ L:1562 D:166 EF:66 EB:0 ET:0 EL:0 ]
Tue Mar 04 15:01:15 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Mar 04 15:01:15 2014 Data Channel MTU parms [ L:1562 D:1300 EF:62 EB:135 ET:0 EL:0 AF:3/1 ]
Tue Mar 04 15:01:15 2014 Fragmentation MTU parms [ L:1562 D:1300 EF:61 EB:135 ET:1 EL:0 AF:3/1 ]
Tue Mar 04 15:01:15 2014 Local Options hash (VER=V4): 'e05aa1c5'
Tue Mar 04 15:01:15 2014 Expected Remote Options hash (VER=V4): '0088baee'
Tue Mar 04 15:01:15 2014 UDPv4 link local (bound): [undef]:1194
Tue Mar 04 15:01:15 2014 UDPv4 link remote: 178.6.233.83:1194
Tue Mar 04 15:01:15 2014 TLS: Initial packet from 178.6.233.83:1194, sid=54e1878e f03393c9
Tue Mar 04 15:01:15 2014 VERIFY OK: depth=1, /C=XX/ST=XXX/L=XX/O=FQHN/OU=DCC_VPN/CN=OpenVPN-CA/name=changeme/emailAddress=webmaster@FQHN
Tue Mar 04 15:01:15 2014 VERIFY OK: depth=0, /C=XX/ST=XXX/L=XX/O=FQHN/OU=changeme/CN=server/name=changeme/emailAddress=webmaster@FQHN
Tue Mar 04 15:01:16 2014 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Mar 04 15:01:16 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 04 15:01:16 2014 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Mar 04 15:01:16 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Mar 04 15:01:16 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Mar 04 15:01:16 2014 [server] Peer Connection Initiated with 178.6.233.83:1194
Tue Mar 04 15:01:18 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Mar 04 15:01:18 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,ip-win32 dynamic,explicit-exit-notify 3,dhcp-option NTP 192.53.103.108,dhcp-option DNS 172.16.0.1,dhcp-option WINS 172.16.0.1,route 172.16.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 172.16.0.6 172.16.0.5'
Tue Mar 04 15:01:18 2014 OPTIONS IMPORT: timers and/or timeouts modified
Tue Mar 04 15:01:18 2014 OPTIONS IMPORT: explicit notify parm(s) modified
Tue Mar 04 15:01:18 2014 OPTIONS IMPORT: --ifconfig/up options modified
Tue Mar 04 15:01:18 2014 OPTIONS IMPORT: route options modified
Tue Mar 04 15:01:18 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Mar 04 15:01:18 2014 ROUTE default_gateway=129.217.127.254
Tue Mar 04 15:01:18 2014 TAP-WIN32 device [OPENVPN] opened: \\.\Global\{CC03FFD5-FE83-44D2-BFD8-A1C7F211B7C1}.tap
Tue Mar 04 15:01:18 2014 TAP-Win32 Driver Version 9.9
Tue Mar 04 15:01:18 2014 TAP-Win32 MTU=1500
Tue Mar 04 15:01:18 2014 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.16.0.6/255.255.255.252 on interface {CC03FFD5-FE83-44D2-BFD8-A1C7F211B7C1} [DHCP-serv: 172.16.0.5, lease-time: 31536000]
Tue Mar 04 15:01:18 2014 Successful ARP Flush on interface [65542] {CC03FFD5-FE83-44D2-BFD8-A1C7F211B7C1}
Tue Mar 04 15:01:23 2014 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Tue Mar 04 15:01:23 2014 C:\WINDOWS\system32\route.exe ADD 178.6.233.83 MASK 255.255.255.255 129.217.127.254
Tue Mar 04 15:01:23 2014 Route addition via IPAPI succeeded [adaptive]
Tue Mar 04 15:01:23 2014 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.16.0.5
Tue Mar 04 15:01:23 2014 Route addition via IPAPI succeeded [adaptive]
Tue Mar 04 15:01:23 2014 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.16.0.5
Tue Mar 04 15:01:23 2014 Route addition via IPAPI succeeded [adaptive]
Tue Mar 04 15:01:23 2014 C:\WINDOWS\system32\route.exe ADD 172.16.0.0 MASK 255.255.255.0 172.16.0.5
Tue Mar 04 15:01:23 2014 Route addition via IPAPI succeeded [adaptive]
Tue Mar 04 15:01:23 2014 Initialization Sequence Completed
Tue Mar 04 15:01:18 2014 ROUTE default_gateway=129.217.127.254
Tue Mar 04 15:01:18 2014 TAP-WIN32 device [OPENVPN] opened: \\.\Global\{CC03FFD5-FE83-44D2-BFD8-A1C7F211B7C1}.tap
Tue Mar 04 15:01:18 2014 TAP-Win32 Driver Version 9.9
Tue Mar 04 15:01:18 2014 TAP-Win32 MTU=1500
Tue Mar 04 15:01:18 2014 Notified TAP-Win32 driver to set a DHCP IP/netmask of 172.16.0.6/255.255.255.252 on interface {CC03FFD5-FE83-44D2-BFD8-A1C7F211B7C1} [DHCP-serv: 172.16.0.5, lease-time: 31536000]
Tue Mar 04 15:01:18 2014 Successful ARP Flush on interface [65542] {CC03FFD5-FE83-44D2-BFD8-A1C7F211B7C1}
Tue Mar 04 15:14:09 2014 Replay-window backtrack occurred [2]
Tue Mar 04 15:14:10 2014 Replay-window backtrack occurred [4]
Tue Mar 04 15:14:10 2014 Replay-window backtrack occurred [5]
Tue Mar 04 15:14:10 2014 Replay-window backtrack occurred [6]
Tue Mar 04 15:14:10 2014 Replay-window backtrack occurred [10]
ERROR: No Route to Host!
See log for detailsTue Mar 04 15:16:39 2014 write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN suddenly drops connection!
PostPosted: 04.03.2014 17:10 
Profi
Profi

Joined: 23.10.2007 12:10
Posts: 2185
Code:
Tue Mar 04 10:35:30 2014 RESOLVE: Cannot resolve host address: FQHN: Der angegebene Host ist unbekannt.
Tue Mar 04 10:35:30 2014 MANAGEMENT: >STATE:1393925730,RESOLVE,,,
Tue Mar 04 10:35:45 2014 RESOLVE: Cannot resolve host address: FQHN: Der angegebene Host ist unbekannt.
Tue Mar 04 10:36:05 2014 RESOLVE: Cannot resolve host address: FQHN: Der angegebene Host ist unbekannt.
Tue Mar 04 10:36:25 2014 RESOLVE: Cannot resolve host address: FQHN: Der angegebene Host ist unbekannt.
Tu

hat welche Ursache ??


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN suddenly drops connection!
PostPosted: 04.03.2014 19:50 
Tripple-DES
Tripple-DES

Joined: 24.02.2014 11:52
Posts: 18
Zu dem Zeitpunkt ist ja dieVerbindung schon weg. Hab die ganze Zeit Ping mit laufen lassen. Da er bei bestehender VPN Verbindung einen DNS-Server aus dem VPN nimmt, allerdings eine gewisse Zeit braucht bis er merkt das die Verbindung abgebrochen ist, kann er das scheinbar schon den Hostnamen auflösen, erreicht aber den DNS Server nicht mehr. So ist meine Theorie.

Aber das ist nicht der grund warum die Verbindung abbricht.


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN suddenly drops connection!
PostPosted: 05.03.2014 12:20 
Profi
Profi

Joined: 23.10.2007 12:10
Posts: 2185
Crashdemon wrote:
Zu dem Zeitpunkt ist ja dieVerbindung schon weg. Hab die ganze Zeit Ping mit laufen lassen. Da er bei bestehender VPN Verbindung einen DNS-Server aus dem VPN nimmt, allerdings eine gewisse Zeit braucht bis er merkt das die Verbindung abgebrochen ist, kann er das scheinbar schon den Hostnamen auflösen, erreicht aber den DNS Server nicht mehr. So ist meine Theorie.

Aber das ist nicht der grund warum die Verbindung abbricht.

lauf client.conf aber genau der Grund!
wenn du dort einen Namen einträgst muss der immer korrekt da sein!
Sonst ist der Tunnel weg (der geht ja nicht von alleine)
Wie er Namen auflöst ist (eigentlich) egal..es muss nur immer korrekt passieren, zumindest solange irgendwo im Prozess Namen verwendet werden.
Kannst alles mit konkreten IPs machen, dann muss die Namensauflösung nicht unbedingt gehen.
Im Beispiel(log) verhinderst du sicher den Tunnelneuaufbau :)
Code:
Tue Mar 04 10:36:05 2014 RESOLVE: Cannot resolve host address: FQHN: Der angegebene Host ist unbekannt.


wenn das so der Plan ist .. :)

F.
ps: ansonsten -> wie funktioniert openVPN ? -> zum nachlesen...


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN suddenly drops connection!
PostPosted: 05.03.2014 13:22 
Tripple-DES
Tripple-DES

Joined: 24.02.2014 11:52
Posts: 18
dl5ym wrote:
Kannst alles mit konkreten IPs machen, dann muss die Namensauflösung nicht unbedingt gehen.


Problem ist der OpenVPN-Server läuft auf einem Rechner der per Dyndns im Netz (DSL-Zangstrennung alle 24h) hängt. Dann müsste ich mir jedesmal die neue IP des Servers in die Client Log eintragen.

Außerdem löst ja mein interner DNS-Server den Fully Qualified Hostname auf die selbe IP auf wie ein externer.

Ich habe auch nochmal einen Tunnel von einem Kollegen aus aufgebaut und da lief die verbindung für 1,5std ohne Probleme bis ich sie getrennt habe, in der Uni hat das so noch nie geklappt.


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN suddenly drops connection!
PostPosted: 05.03.2014 13:49 
Tripple-DES
Tripple-DES

Joined: 24.02.2014 11:52
Posts: 18
Außderdem stehen in der Windoof Ereignisanzeige auch meißt folgende Einträge:

Code:
Die IP-Adresslease 172.16.0.6 für die Netzwerkkarte mit der Netzwerkadresse 00FFCC03FFD5 wurde durch den DHCP-Server 172.16.0.5 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).


Außerdem ist mir noch folgende Meldung im Client-Log aufgefallen.

Code:
write UDPv4: No Route to Host (WSAEHOSTUNREACH) (code=10065)


Ich baue jetzt auch mal eine Verbindung mit meinem Android-Smartphone (FeatVPN) auf und schaue mal wielange dort die Verbindung bestehen bleibt.


Top
Offline Profile  
Reply with quote  
 Post subject: Re: OpenVPN suddenly drops connection!
PostPosted: 05.03.2014 14:45 
Tripple-DES
Tripple-DES

Joined: 24.02.2014 11:52
Posts: 18
Kann es vllt. sein, dass der sich mit dem DHCP-Lease der WLAN-Karte in gehege kommt. Da der Tunnel ja über WLAN läuft und die Adresse alle 10min neu gehölt wird?

Code:
Ethernetadapter WLAN:

        Verbindungsspezifisches DNS-Suffix: itmc.tu-dortmund.de
        Beschreibung. . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
        Physikalische Adresse . . . . . . : 00-21-5D-7E-C6-EE
        DHCP aktiviert. . . . . . . . . . : Ja
        Autokonfiguration aktiviert . . . : Ja
        IP-Adresse. . . . . . . . . . . . : 129.217.107.164
        Subnetzmaske. . . . . . . . . . . : 255.255.192.0
        IP-Adresse. . . . . . . . . . . . : fe80::221:5dff:fe7e:c6ee%4
        Standardgateway . . . . . . . . . : 129.217.127.254
        DHCP-Server . . . . . . . . . . . : 129.217.131.57
        DNS-Server. . . . . . . . . . . . : 129.217.129.42
                                            fec0:0:0:ffff::1%3
                                            fec0:0:0:ffff::2%3
                                            fec0:0:0:ffff::3%3
        Lease erhalten. . . . . . . . . . : Mittwoch, 5. März 2014 15:39:14
        Lease läuft ab. . . . . . . . . . : Mittwoch, 5. März 2014 15:49:14


Top
Offline Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 27 posts ]  Moderator: Moderators Go to page 1, 2  Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Theme created StylerBB.net