Menu
▾
▴
Re: [Openvpn-users] Problems With UDP and Server Mode
|
From: Giancarlo R. <lin...@on...> - 2005-11-01 18:50:59
|
Pavel Lis=C3=BD wrote: > Jez Rogers p=C3=AD=C5=A1e v P=C3=A1 28. 10. 2005 v 19:17 +0100: >=20 >>Weird problem using UDP with mode server on 2.0.2 >> >>Most of the time it works fine. Occasionally the client connection sees= =20 >>incoming packets from the server on the same port number that the clien= t=20 >>is trying to initiate a connection on. Needless to say the client=20 >>firewall takes exception to this. >> >>Eventually it all falls over with >> >>TLS Error: TLS key negotiation failed to occur within 60 seconds (check= =20 >>your network connectivity) and restarts. >> >>This behaviour persists even after both ends are stopped and started. >>It affects all clients. >> >>Seems to be that once it's got it's knickers in a twist that's it. When= =20 >>it's working, you can shut the client down and start it and the=20 >>tunnelled TCP connections don't even notice. >> >>Switching to tcp-server and tcp-client always seems to work - but I=20 >>really want to use UDP. >> >>Anyone have any ideas why this might be happening? >> >=20 > I had the same problem long time, but I didn't find solution. I you wil= l > be successful, please send your solution here. >=20 > Thanks >=20 > Pavel >=20 I had this problem when i tried to access my vpn server from a very slow link in my university. As i used 2048 bit keys, and the link was too slow to complete the tls handshake in 60 seconds, i had to increase the tls handshake window with the parameter: hand-window 300 Where 300 is in seconds. This means that any peer has 5 minutes to complete the handshake. I believe that this problem can happen to with other conectivity problems, as mtu, etc. Try increasing the hand-window and see what happens. If it doesn't work, check your connection for any mtu problems (try to transfer a big file, and see if there are any fragmentation, or lost packets). --=20 Giancarlo Razzolini Linux User 172199 Moleque Sem Conteudo Numero #002 Slackware Current Snike Tecnologia em Inform=C3=A1tica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 |
