OpenVPN server locks up after authentication

Discussion in 'Tomato Firmware' started by bhall7, Aug 4, 2010.

  1. bhall7

    bhall7 LI Guru Member

    I've been struggling with setting up OpenVPN on my Asus RT-N16 (running Tomato Firmware v1.28.9048 MIPSR2-beta18 K26 USB vpn3.6).

    I'm able to get through the firewall, but apparently something is happening as the client authenticates because the client doesn't connect, and the OpenVPN service on my router gets locked up. The client log shows:

    2010-08-03 18:50:34 TCP connection established with 24.x.x.x:1194
    2010-08-03 18:50:34 Socket Buffers: R=[xxxxxx->xxxxx] S=[xxxxxx->xxxxx]
    2010-08-03 18:50:34 TCPv4_CLIENT link local: [undef]
    2010-08-03 18:50:34 TCPv4_CLIENT link remote: 24.x.x.x:1194
    2010-08-03 18:50:34 
    2010-08-03 18:50:34 
    2010-08-03 18:50:34  sid=xxxxxxxx
    2010-08-03 18:50:36  /C=US/ST=ST/L=City/O=Org/CN=CommonName-CA/
    2010-08-03 18:50:36 VERIFY OK: nsCertType=SERVER
    2010-08-03 18:50:36  /C=US/ST=ST/O=Org/CN=server/
    2010-08-03 18:50:39  restarting [0]
    2010-08-03 18:50:39 TCP/UDP: Closing socket
    2010-08-03 18:50:39  process restarting
    The client repeats this process over and over, but never connects.

    The server log shows that the client connects and recognizes the certificates, but after that, nothing happens:

    Aug  3 18:50:34 tomato daemon.notice openvpn[1140]: TCP connection established with 95.x.x.x:49005
    Aug  3 18:50:34 tomato daemon.notice openvpn[1140]: Socket Buffers: R=[xxxxxx->xxxxxxx] S=[xxxxxxx->xxxxxx]
    Aug  3 18:50:34 tomato daemon.notice openvpn[1140]: TCPv4_SERVER link local: [undef]
    Aug  3 18:50:34 tomato daemon.notice openvpn[1140]: TCPv4_SERVER link remote: 95.x.x.x:49005
    Aug  3 18:50:35 tomato daemon.notice openvpn[1140]: 99.x.x.x:49005 TLS: Initial packet from 95.x.x.x:49005, sid=xxxxxxxxx
    Aug  3 18:50:39 tomato daemon.notice openvpn[1140]: 95.x.x.x:49005 VERIFY OK: depth=1, /C=US/ST=ST/L=City/O=Org/CN=CommonName-CA/
    Aug  3 18:50:39 tomato daemon.notice openvpn[1140]: 95.x.x.x:49005 VERIFY OK: depth=0, /C=US/ST=ST/L=City/O=Org/CN=CommonName-CA/
    At this point, the OpenVPN service seems to terminate and there are no other entries in the log file that indicate the status, but on the VPN Tunneling server page on Tomato, it says that the server is not running.

    So, somehow, the simple act of connecting with these certificates and keys appears to lock up OpenVPN. I think that the next step will be to go through the process of setting up all the certs and keys again. But, before I do that, I'd like to find out if anyone has any suggestions.

  2. gtj0

    gtj0 Networkin' Nut Member

    Grab the latest version (Build 49). It has a fix for the OpenVPN issue.
  3. bhall7

    bhall7 LI Guru Member

    Thanks for the reply! I updated to build 49, and this time it got further than before (which is a relief because that means I don't have to rebuild all of my keys and certs!). However, things are still not quite right. The client is able to connect and receive directives from the server to setup the client connection, but disconnects shortly thereafter

    The client connects and completes the initialization sequence, but then disconnects after it notices a change in the WINS settings (??):

    2010-08-04 07:57:07 Initialization Sequence Completed
    2010-08-04 07:57:12 [B]*Tunnelblick: A network configuration change was detected
                                              WINS configuration has changed:[/B]
                                              --- BEGIN EXPECTED WINS CFG ---
                                              <dictionary> {
                                                Workgroup : Company
                                              ---- END EXPECTED WINS CFG ----
                                              --- BEGIN CURRENT WINS CFG ---
                                              <dictionary> {
                                                NetBIOSName : MachineName
                                                Workgroup : Company
                                              ---- END CURRENT WINS CFG ----
                                              Sending USR1 to OpenVPN PID 2240
    2010-08-04 07:57:13 [B]event_wait : Interrupted system call (code=4)[/B]
    2010-08-04 07:57:13 [B]TCP/UDP: Closing socket[/B]
    2010-08-04 07:57:13 /Applications/ tap0 1500 1576   restart
    As you can see, I'm using Tunnelblick for Mac OS X, and I'm not sure what the whole "WINS configuration change" is about, or why it disconnects at that point.

    The server log shows:

    Aug  4 07:57:21 tomato daemon.notice openvpn[851]: 95.x.x.x:40841 [User] Peer Connection Initiated with 95.x.x.x:40841
    Aug  4 07:57:21 tomato daemon.err openvpn[851]: User/95.x.x.x:40841 MULTI: no dynamic or static remote --ifconfig address is available for User/95.x.x.x:40841
    Aug  4 07:57:23 tomato daemon.notice openvpn[851]: User/95.x.x.x:40841 PUSH: Received control message: 'PUSH_REQUEST'
    Aug  4 07:57:23 tomato daemon.notice openvpn[851]: User/95.x.x.x:40841 SENT CONTROL [User]: 'PUSH_REPLY,dhcp-option DNS,route-gateway,redirect-gateway def1,route-gateway dhcp,ping 15,ping-restart 60' (status=1)
    Aug  4 07:57:24 tomato daemon.err openvpn[851]: [B]User/95.x.x.x:40841 Connection reset, restarting [0][/B]
    Aug  4 07:57:24 tomato daemon.notice openvpn[851]: [B]User/95.x.x.x:40841 SIGUSR1[soft,connection-reset] received, client-instance restarting[/B]
    Aug  4 07:57:24 tomato daemon.notice openvpn[851]: [B]TCP/UDP: Closing socket[/B]
    Also, the Tomato interface seemed to be a little strange, particularly when hitting Refresh on the status of the VPN Tunneling Server page while the client was connecting, it simply showed "ERROR!"

    Any suggestions would be greatly appreciated.

  4. spookyneo

    spookyneo Networkin' Nut Member

    Hum sorry for the dumb question, but I can't find build 49 on tomatousb web's only 48 ... am I missing a link somewhere ??
  5. bhall7

    bhall7 LI Guru Member

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice