1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenVPN connection drops on one side

Discussion in 'Tomato Firmware' started by gfunkdave, Nov 24, 2012.

  1. gfunkdave

    gfunkdave LI Guru Member

    I'm experiencing some weird behavior with a new OpenVPN tunnel, and I'm hoping someone can help explain it. This tunnel uses a static key between two routers running Tomato. I have another tunnel on both routers (connected to a third router) using TLS that does not experience this problem.

    The issue is that, after a certain amount of time, usually a few minutes or less, I can suddenly not ping from the server router's network to the client's. But I can still ping just fine from the client to the server. And, once I do so, I can suddenly ping from the server to the client once again for another minute or two.

    I understand from the below log in the server that the keepalive directive is timing out; what I don't understand is why.

    When this happens, the following lines appear in the server's log:

    Code:
    Nov 24 13:47:50 router daemon.notice openvpn[2988]: Inactivity timeout (--ping-restart), restarting
    Nov 24 13:47:50 router daemon.notice openvpn[2988]: TCP/UDP: Closing socket
    Nov 24 13:47:50 router daemon.notice openvpn[2988]: /sbin/route del -net 192.168.1.0 netmask 255.255.255.0
    Nov 24 13:47:50 router daemon.notice openvpn[2988]: Closing TUN/TAP interface
    Nov 24 13:47:50 router daemon.notice openvpn[2988]: /sbin/ifconfig tun21 0.0.0.0
    Nov 24 13:47:50 router daemon.notice openvpn[2988]: SIGUSR1[soft,ping-restart] received, process restarting
    Nov 24 13:47:50 router daemon.notice openvpn[2988]: Restart pause, 2 second(s)
    
    And the following lines appear in the client's log:
    Code:
    Nov 24 12:42:39 router daemon.err openvpn[6653]: read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
    Nov 24 12:42:39 router daemon.err openvpn[6653]: read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
    Nov 24 12:42:39 router daemon.err openvpn[6653]: read UDPv4 [ECONNREFUSED]: Connection refused (code=146)
    Nov 24 12:45:01 router user.info init[1]: VPN_LOG_NOTE: 73: VPN Client 1 already running...
    The server's config.ovpn is:
    Code:
    # Automatically generated configuration
    daemon
    ifconfig 10.10.0.1 10.10.0.2
    proto udp
    port 1194
    dev tun21
    cipher AES-256-CBC
    comp-lzo adaptive
    keepalive 15 60
    verb 3
    status-version 2
    status status
    # Custom Configuration
    secret /mnt/STICK/openvpn-keys/home-parents.key
    route 192.168.1.0 255.255.255.0
    And the client's is:
    Code:
    # Automatically generated configuration
    daemon
    dev tun12
    proto udp
    remote xxx.yyy.com 1194
    ifconfig 10.10.0.2 10.10.0.1
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    comp-lzo adaptive
    cipher AES-256-CBC
    verb 3
    status-version 2
    status status
    # Custom Configuration
    secret /jffs/home-parents.key
    route 192.168.2.0 255.255.255.0
    
    Any ideas? Thanks for any insight.
     
  2. gfunkdave

    gfunkdave LI Guru Member

    Update: while I haven't figured out why this is happening, I did figure out how to keep the connection up. I added a ping 30 directive to the client's config. I can now maintain two-way connectivity.
     

Share This Page