Menu
▾
▴
[Openvpn-users] Client disconnecting
|
From: Christopher <dis...@re...> - 2008-06-05 20:11:21
|
I have 13 clients, of these only 2 are disconnecting, like this. Client log: Thu Jun 05 13:10:21 2008 OpenVPN 2.1_rc4 Win32-MinGW [SSL] [LZO2] built on Apr 2 5 2007 Thu Jun 05 13:10:21 2008 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Jun 05 13:10:21 2008 LZO compression initialized Thu Jun 05 13:10:21 2008 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET: 0 EL:0 ] Thu Jun 05 13:10:21 2008 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET: 32 EL:0 AF:3/1 ] Thu Jun 05 13:10:21 2008 Local Options hash (VER=V4): '31fdf004' Thu Jun 05 13:10:21 2008 Expected Remote Options hash (VER=V4): '3e6d1056' Thu Jun 05 13:10:21 2008 Attempting to establish TCP connection with 68.228.1.24 8:1194 Thu Jun 05 13:10:21 2008 TCP connection established with 68.228.x.x:1194 Thu Jun 05 13:10:21 2008 Socket Buffers: R=[8192->8192] S=[8192->8192] Thu Jun 05 13:10:21 2008 TCPv4_CLIENT link local: [undef] Thu Jun 05 13:10:21 2008 TCPv4_CLIENT link remote: 68.228.x.x:1194 Thu Jun 05 13:10:21 2008 TLS: Initial packet from 68.228.x.x:1194, sid=f336e75 a 8d2785df Thu Jun 05 13:10:22 2008 VERIFY OK: depth=1, /C=US/ST=LA/L=Lafayette/O=Xxxxx_Com munications/CN=68.228.x.x/emailAddress=su...@ov... Thu Jun 05 13:10:22 2008 VERIFY OK: depth=0, /C=US/ST=LA/O=Xxxxx_Communications/ CN=server/emailAddress=su...@ov... Thu Jun 05 13:10:23 2008 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Jun 05 13:10:23 2008 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Jun 05 13:10:23 2008 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Jun 05 13:10:23 2008 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Jun 05 13:10:23 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES2 56-SHA, 1024 bit RSA Thu Jun 05 13:10:23 2008 [server] Peer Connection Initiated with 68.228.x.x:11 94 Thu Jun 05 13:10:24 2008 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Thu Jun 05 13:10:25 2008 PUSH: Received control message: 'PUSH_REPLY,route 192.1 68.0.0 255.255.255.0,dhcp-option WINS 10.8.0.1,route-gateway 10.8.0.1,ping 10,pi ng-restart 120,ifconfig 10.8.0.8 255.255.255.0' Thu Jun 05 13:10:25 2008 OPTIONS IMPORT: timers and/or timeouts modified Thu Jun 05 13:10:25 2008 OPTIONS IMPORT: --ifconfig/up options modified Thu Jun 05 13:10:25 2008 OPTIONS IMPORT: route options modified Thu Jun 05 13:10:25 2008 OPTIONS IMPORT: route-related options modified Thu Jun 05 13:10:25 2008 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Thu Jun 05 13:10:25 2008 TAP-WIN32 device [Local Area Connection 3] opened: \\.\ Global\{0E5F3521-081A-45EF-A876-14729574D432}.tap Thu Jun 05 13:10:25 2008 TAP-Win32 Driver Version 9.3 Thu Jun 05 13:10:25 2008 TAP-Win32 MTU=1500 Thu Jun 05 13:10:25 2008 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1 0.8.0.8/255.255.255.0 on interface {0E5F3521-081A-45EF-A876-14729574D432} [DHCP- serv: 10.8.0.0, lease-time: 31536000] Thu Jun 05 13:10:25 2008 NOTE: FlushIpNetTable failed on interface [3] {0E5F3521 -081A-45EF-A876-14729574D432} (status=6) : The handle is invalid. Thu Jun 05 13:10:30 2008 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up Thu Jun 05 13:10:30 2008 route ADD 192.168.0.0 MASK 255.255.255.0 10.8.0.1 Thu Jun 05 13:10:30 2008 ROUTE: route addition failed using CreateIpForwardEntry : Network access is denied. [status=65 if_index=3] Thu Jun 05 13:10:30 2008 Route addition via IPAPI failed [adaptive] Thu Jun 05 13:10:30 2008 Route addition fallback to route.exe The route addition failed: Network access is denied. Thu Jun 05 13:10:30 2008 Initialization Sequence Completed Thu Jun 05 13:10:33 2008 Connection reset, restarting [-1] Thu Jun 05 13:10:33 2008 TCP/UDP: Closing socket Thu Jun 05 13:10:33 2008 SIGUSR1[soft,connection-reset] received, process restar ting Thu Jun 05 13:10:33 2008 Restart pause, 5 second(s) Thu Jun 05 13:10:38 2008 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Jun 05 13:10:38 2008 Re-using SSL/TLS context Thu Jun 05 13:10:38 2008 LZO compression initialized Thu Jun 05 13:10:38 2008 Control Channel MTU parms [ L:1576 D:140 EF:40 EB:0 ET: 0 EL:0 ] Thu Jun 05 13:10:38 2008 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET: 32 EL:0 AF:3/1 ] Thu Jun 05 13:10:38 2008 Local Options hash (VER=V4): '31fdf004' Thu Jun 05 13:10:38 2008 Expected Remote Options hash (VER=V4): '3e6d1056' Thu Jun 05 13:10:38 2008 Attempting to establish TCP connection with 68.228.1.24 8:1194 Thu Jun 05 13:10:38 2008 TCP connection established with 68.228.x.x:1194 Thu Jun 05 13:10:38 2008 Socket Buffers: R=[8192->8192] S=[8192->8192] Thu Jun 05 13:10:38 2008 TCPv4_CLIENT link local: [undef] Thu Jun 05 13:10:38 2008 TCPv4_CLIENT link remote: 68.228.x.x:1194 Thu Jun 05 13:10:38 2008 TLS: Initial packet from 68.228.x.x:1194, sid=39eac05 4 fedea4cb Thu Jun 05 13:10:39 2008 VERIFY OK: depth=1, /C=US/ST=LA/L=Lafayette/O=Xxxxx_Com munications/CN=68.228.x.x/emailAddress=su...@ov... Thu Jun 05 13:10:39 2008 VERIFY OK: depth=0, /C=US/ST=LA/O=Xxxxx_Communications/ CN=server/emailAddress=su...@ov... Thu Jun 05 13:10:40 2008 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Jun 05 13:10:40 2008 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Jun 05 13:10:40 2008 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Thu Jun 05 13:10:40 2008 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Jun 05 13:10:40 2008 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES2 56-SHA, 1024 bit RSA Thu Jun 05 13:10:40 2008 [server] Peer Connection Initiated with 68.228.x.x:11 94 Thu Jun 05 13:10:41 2008 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Thu Jun 05 13:10:41 2008 PUSH: Received control message: 'PUSH_REPLY,route 192.1 68.0.0 255.255.255.0,dhcp-option WINS 10.8.0.1,route-gateway 10.8.0.1,ping 10,pi ng-restart 120,ifconfig 10.8.0.8 255.255.255.0' Thu Jun 05 13:10:41 2008 OPTIONS IMPORT: timers and/or timeouts modified Thu Jun 05 13:10:41 2008 OPTIONS IMPORT: --ifconfig/up options modified Thu Jun 05 13:10:41 2008 OPTIONS IMPORT: route options modified Thu Jun 05 13:10:41 2008 OPTIONS IMPORT: route-related options modified Thu Jun 05 13:10:41 2008 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Thu Jun 05 13:10:41 2008 Preserving previous TUN/TAP instance: Local Area Connec tion 3 Thu Jun 05 13:10:41 2008 Initialization Sequence Completed It will continue to do this. Client config: ############################################## # Sample client-side OpenVPN 2.0 config file # # for connecting to multi-client server. # # # # This configuration can be used by multiple # # clients, however each client should have # # its own cert and key files. # # # # On Windows, you might want to rename this # # file so it has a .ovpn extension # ############################################## # Specify that we are a client and that we # will be pulling certain config file directives # from the server. client # Use the same setting as you are using on # the server. # On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface. dev tap ;dev tun # Windows needs the TAP-Win32 adapter name # from the Network Connections panel # if you have more than one. On XP SP2, # you may need to disable the firewall # for the TAP adapter. ;dev-node MyTap # Are we connecting to a TCP or # UDP server? Use the same setting as # on the server. proto tcp ;proto udp # The hostname/IP and port of the server. # You can have multiple remote entries # to load balance between the servers. remote 68.228.x.x 1194 ;remote my-server-2 1194 # Choose a random host from the remote # list for load-balancing. Otherwise # try hosts in the order specified. ;remote-random # Keep trying indefinitely to resolve the # host name of the OpenVPN server. Very useful # on machines which are not permanently connected # to the internet such as laptops. resolv-retry infinite # Most clients don't need to bind to # a specific local port number. nobind # Downgrade privileges after initialization (non-Windows only) ;user nobody ;group nobody # Try to preserve some state across restarts. persist-key persist-tun # If you are connecting through an # HTTP proxy to reach the actual OpenVPN # server, put the proxy server/IP and # port number here. See the man page # if your proxy server requires # authentication. ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] # Wireless networks often produce a lot # of duplicate packets. Set this flag # to silence duplicate packet warnings. ;mute-replay-warnings # SSL/TLS parms. # See the server config file for more # description. It's best to use # a separate .crt/.key file pair # for each client. A single ca # file can be used for all clients. ca ca.crt cert rayne.crt key rayne.key # Verify server certificate by checking # that the certicate has the nsCertType # field set to "server". This is an # important precaution to protect against # a potential attack discussed here: # http://openvpn.net/howto.html#mitm # # To use this feature, you will need to generate # your server certificates with the nsCertType # field set to "server". The build-key-server # script in the easy-rsa folder will do this. ;ns-cert-type server # If a tls-auth key is used on the server # then every client must also have the key. ;tls-auth ta.key 1 # Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here. ;cipher x # Enable compression on the VPN link. # Don't enable this unless it is also # enabled in the server config file. comp-lzo # Set log file verbosity. verb 3 # Silence repeating messages ;mute 20 Does anyone know what to do? __________ Information from ESET NOD32 Antivirus, version of virus signature database 3162 (20080605) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com |
