VPN dies easily at an unstable network

2003-09-21
2003-09-22
  • Terence Parker
    Terence Parker
    2003-09-21

    Thank you so much for replying my previous question.  You were right turns out my Gentoo didn't have tun compiled into the kernel.  Anyhow that has been fixed.

    So far I am quite pleased with amvpn on its stability and reliability.  However, still need some advise!

    At my home network, I have a really rubbish internet connection the internet line (a Pacbell 1.5mb ATM) gets disconnected every few minutes and reconnects back.  Despite my complaints, the line is still very rubbish, which I have to live with.

    As a result, the VPN connection from home to the office dies quite frequently.  It does however, usually able to successfully reconnect without problems.  Usually after the VPN is disconnected and reconnected a few times, the VPN link will officially die, as in results in errors and unable to reconnect.

    reconnect delay is set to 10 seconds while number of retries is set to -1 for obvious reasons on this unstable network.

    On the client side amvpn often returns the following error:

    From the client:
    /sbin/amvpn[5825]: vpn_socket_open: Could not connect to server - xxx.xx.xx.xx:7172. System Status: Connection Refused
    /sbin/amvpn[5825]: main_task: Socket open failed. System Status: Connection refused

    or

    /sbin/amvpn[2599]: vpn_socket_open: Connection Succeeded to Server xxx.xx.xx.xx:7171
    /sbin/amvpn[2599]: vpn_ssl_open: SSL connect failed. SSL error: System call error

    On the server side, the error would be:
    /sbin/amvpn[18594]: vpn_socket_open: Connection accepted from: 67.120.114.18:4442
    /sbin/amvpn[18594]: main_task: Active connection exists! Dropped the last accepted connection.

    [amvpn] vpn_socket_open: Connection accepted from: 67.120.114.18:4229
    [amvpn] main_task: Active connection exists! Dropped the last accepted connection.

    Thank you so much for replying my previous question.  You were right turns out my Gentoo didn't have tun compiled into the kernel.  Anyhow that has been fixed.

    So far I am quite pleased with amvpn on its stability and reliability.  However, still need some advise!

    At my home network, I have a really rubbish internet connection the internet line (a Pacbell 1.5mb ATM) gets disconnected every few minutes and reconnects back.  Despite my complaints, the line is still very rubbish, which I have to live with.

    As a result, the VPN connection from home to the office dies quite frequently.  It does however, usually able to successfully reconnect without problems.  Usually after the VPN is disconnected and reconnected a few times, the VPN link will officially die, as in results in errors and unable to reconnect.

    reconnect delay is set to 10 seconds while number of retries is set to -1 for obvious reasons on this unstable network.

    On the client side amvpn often returns the following error:

    From the client:
    /sbin/amvpn[5825]: vpn_socket_open: Could not connect to server - xxx.xx.xx.xx:7172. System Status: Connection Refused
    /sbin/amvpn[5825]: main_task: Socket open failed. System Status: Connection refused

    or

    /sbin/amvpn[2599]: vpn_socket_open: Connection Succeeded to Server xxx.xx.xx.xx:7171
    /sbin/amvpn[2599]: vpn_ssl_open: SSL connect failed. SSL error: System call error

    On the server side, the error would be:
    /sbin/amvpn[18594]: vpn_socket_open: Connection accepted from: 67.120.114.18:4442
    /sbin/amvpn[18594]: main_task: Active connection exists! Dropped the last accepted connection.

    [amvpn] vpn_socket_open: Connection accepted from: 67.120.114.18:4229
    [amvpn] main_task: Active connection exists! Dropped the last accepted connection.

    Perhaps someone can advise how to avoid such errors.  As long as the VPN can keep alive and reconnect without problems no matter how many network downtimes, then it is good enough!

    Thank you so much.  Great product there you have!

    DL

     
    • Terence Parker
      Terence Parker
      2003-09-21

      Sorry for the repeated messages, was a copy and paste error (tried saving what I typed and accidentally pasted too many times)

      Here is one error from the server that I forgot to post:

      [/sbin/amvpn] vpn_relay_inbound: SSL read failed. System status: Success, SSL error: System call error
      [/sbin/amvpn] vpn_socket_open: Connection accepted from: 67.120.114.18:4229

      Any advise is appreciated!

       
    • Jayaraj
      Jayaraj
      2003-09-21

      Hi,
      From your report the problem seems to be that the machine running amvpn server seems to believe that the connection is still active while it has been dropped by the client-side because of break in the Internet connection.  If the server becomes aware that the client has dropped the connection then it'll be ready to wait for the next incoming connection.

      You could try this:

      At the server-side as a cron job have a program regularly sending some type of keepalive messages to the client-side.  This will cause server to detect connection drop without delay.  You could use 'ping' with the '-w' option to generate the keepalive messages.  The result of the ping can be ignored because the only purpose is to generate some traffic from server-side to client-side. 

      This idea comes from another user who was facing a similar problem (not quite the same, though).  We'll be
      incorporating the keepalive message option into amvpn in
      the next release.  Also, we'll look into ways to make
      amvpn work well in bad Internet connection scenarios.

      Thank you,

      Jayaraj.
      Amrita ITF Labs.

       
    • Terence Parker
      Terence Parker
      2003-09-22

      Thanks Jayaraj,

      Now it seems to be working great.  So far got disconnected 20 times and still running...........darn this is very neat!

      DL