Jump to content


Photo

OpenVPN always disconnect

vpn openvpn disconnect fail

  • Please log in to reply
7 replies to this topic

#1 pepelegal

pepelegal

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 19 April 2014 - 09:03 PM

After the upgrade, my connection to any server last for about 2 hours, them, for no reason, it fails. Does not matter wich ISP I use. First I thought it was due to inactivity. Them I've created a script simulating some requests to some pages. It didn't do any effect. The connection keep disconecting in about 1 a 2 hours.

 

Here is the openvpn output:

 

Sat Apr 19 17:56:28 2014 [UNDEF] Inactivity timeout (--ping-restart), restarting
Sat Apr 19 17:56:28 2014 TCP/UDP: Closing socket
Sat Apr 19 17:56:28 2014 SIGUSR1[soft,ping-restart] received, process restarting
Sat Apr 19 17:56:28 2014 Restart pause, 2 second(s)
Sat Apr 19 17:56:30 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Apr 19 17:56:30 2014 Re-using SSL/TLS context
Sat Apr 19 17:56:30 2014 LZO compression initialized
Sat Apr 19 17:56:30 2014 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Apr 19 17:56:30 2014 Socket Buffers: R=[163840->131072] S=[163840->131072]
Sat Apr 19 17:56:30 2014 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Apr 19 17:56:30 2014 Local Options hash (VER=V4): '9e7066d2'
Sat Apr 19 17:56:30 2014 Expected Remote Options hash (VER=V4): '162b04de'
Sat Apr 19 17:56:30 2014 UDPv4 link local: [undef]
Sat Apr 19 17:56:30 2014 UDPv4 link remote: [AF_INET]109.163.230.232:443
Sat Apr 19 17:57:30 2014 [UNDEF] Inactivity timeout (--ping-restart), restarting
Sat Apr 19 17:57:30 2014 TCP/UDP: Closing socket
Sat Apr 19 17:57:30 2014 SIGUSR1[soft,ping-restart] received, process restarting
Sat Apr 19 17:57:30 2014 Restart pause, 2 second(s)
Sat Apr 19 17:57:32 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Sat Apr 19 17:57:32 2014 Re-using SSL/TLS context
Sat Apr 19 17:57:32 2014 LZO compression initialized
Sat Apr 19 17:57:32 2014 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Sat Apr 19 17:57:32 2014 Socket Buffers: R=[163840->131072] S=[163840->131072]
Sat Apr 19 17:57:32 2014 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Sat Apr 19 17:57:32 2014 Local Options hash (VER=V4): '9e7066d2'
Sat Apr 19 17:57:32 2014 Expected Remote Options hash (VER=V4): '162b04de'
Sat Apr 19 17:57:32 2014 UDPv4 link local: [undef]
Sat Apr 19 17:57:32 2014 UDPv4 link remote: [AF_INET]109.163.230.232:443
 



#2 pepelegal

pepelegal

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 21 April 2014 - 02:39 AM

Ok. I measured this night.

It takes exactly 2 hours to disconnect and start again:

Sat Apr 19 17:56:28 2014 [UNDEF] Inactivity timeout (--ping-restart), restarting
Sat Apr 19 17:56:28 2014 TCP/UDP: Closing socket
Sat Apr 19 17:56:28 2014 SIGUSR1[soft,ping-restart] received, process restarting
Sat Apr 19 17:56:28 2014 Restart pause, 2 second(s)

...

 

Any airvpn staff member has any clue about this bug?



#3 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7791 posts

Posted 21 April 2014 - 11:05 AM

Hello!

There's no disconnection every 2 hours on our system. It looks like a problem on your side, maybe you have a brief line drop or a DHCP renew from your ISP every 2 hours.

Kind regards

#4 pepelegal

pepelegal

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 21 April 2014 - 01:53 PM

Ok.

Every even hour (7,9,11,13,15) on BRT, at 50 minute, the connection fails on Phoenics. I'm gonna try using another ISP and report back.



#5 pepelegal

pepelegal

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 21 April 2014 - 11:39 PM

You're right!

It was a DHCP renew. My router was setted to 120 minutes.

I've changed my virtual machine from Bridge to NAT. It have resolved the problem.

 

But it let a question:

Is it possible to use a virtual machine in Bridge mode and not be vulnerable to DHCP renew problem?

There is any way to config OpenVPN to restart the connection?



#6 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7791 posts

Posted 22 April 2014 - 01:12 AM

You're right!

It was a DHCP renew. My router was setted to 120 minutes.

I've changed my virtual machine from Bridge to NAT. It have resolved the problem.

 

But it let a question:

Is it possible to use a virtual machine in Bridge mode and not be vulnerable to DHCP renew problem?

There is any way to config OpenVPN to restart the connection?

 

Hello!

 

We're glad to know it!

 

Basically it depends on the lease time of the DHCP server.

 

"IP addressing information is leased to a client, and the client is responsible for renewing the lease. By default, DHCP clients try to renew their lease when 50 percent of the lease time has expired. To renew its lease, a DHCP client sends a DHCPRequest message to the DHCP server from which it originally obtained the lease.

The DHCP server automatically renews the lease by responding with a DHCPAck message. This DHCPAck message contains the new lease as well as any DHCP option parameters. This ensures that the DHCP client can update its TCP/IP settings in case the network administrator has updated any settings on the DHCP server. Figure 4.9 illustrates the Renewing state."

 

(From http://technet.microsoft.com/en-us/library/cc958935.aspx )

 

If the VM is in bridge mode, then the DHCP server is again your router. If the VM is attached via NAT, it depends on the host system.

 

Kind regards



#7 cyberninja

cyberninja

    Advanced Member

  • Members
  • PipPipPip
  • 33 posts

Posted 24 May 2015 - 05:30 PM

I had a similar problem whereby my VPN connection would disconnect after being is use for about 60 minutes. Then I would have to manually reconnect to get it going again for another 60 minutes. This would repeat until I solved the problem.


To find the the problem I checked the messages log (I run Linux so for my system I check the messages log in /var/log/). In the messages log I found messages for inactivity timeout and ping-restart. Even though I was always active whether browsing, downloading a file, or watching a video, it would always show a disconnect with inactivity timeout. I found the cause of this problem: in the firewall settings there is a toggle for allowing or disallowing 'ping from WAN' which means allowing or disallowing a ping from outside the router / internet. Mine was set to disallow pings from the WAN/internet. After I toggled it to allow pings from outside the router / internet, my VPN connection stayed alive indefinitely - no more disconnects. So what seems to be happening is the AirVPN server periodically sends pings to the client (your computer) to check for activity. If the AirVPN server ping can't get through because your firewall is blocking it, then your computer doesn't see it and therefore doesn't respond with a ping back to the server. When this is the case, the silence the AirVPN server experiences from the client makes it think there is no activity, so it disconnects the VPN connection.


When I had a Verizon Actiontec router the ping option was defaulted to allow pings from the outside. When I recently switched to ASUS RT-N66U its default was to disallow pings from the outside and that's when my disconnect issue began.


To modify your router's firewall setting you'll need to look up the instructions for accessing it: for the ASUS routers (and many others) you can access it by opening a browser in your connected computer and entering web-address 192.168.1.1. When the login page shows you'll have to enter your login name and password (check the sticker on the router for the default username and password if you've never done this before). Once in, find the firewall area and look for the settings. Don't forget to save/apply any changes you've made before exiting.



#8 cyberninja

cyberninja

    Advanced Member

  • Members
  • PipPipPip
  • 33 posts

Posted 28 May 2015 - 12:57 AM

If the above doesn't solve your problem see if this does: add the line 'ping 15', without the tic marks, to your clientconfig.ovpn file. What this does is ping the openvpn/airvpn server every 15 seconds to let it know your computer is still active in its connection, just in case your computer wasn't doing this on its own. If your problem was related to this it should solve it. You can also check the firewall to see if there are any openvpn settings you can engage that allow openvpn more control and free passage in and out.







Similar Topics Collapse

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Servers online. Online Sessions: 15154 - BW: 60842 Mbit/sYour IP: 54.197.24.206Guest Access.