[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] 2.0.b1 mode server, tun0, connection robustness, bug?

  • Subject: Re: [Openvpn-users] 2.0.b1 mode server, tun0, connection robustness, bug?
  • From: "Adam V. Richards" <avrich@xxxxxxxxxxxxxx>
  • Date: Tue, 11 May 2004 10:02:51 -0600 (MDT)
> ping 15
> ping-restart 120
>
> push "ping 15"
> push "ping-restart 60"

Quick follow-up: I just set this up like you've indicated, and keep the
client inactive for a while.  During this time I tcpdump'ed so I can
observe the pings every 15 seconds -- but they never came!  :/

I tried removing these 4 lines from the server, and just did this on the
client

  ping 5
  ping-restart 8

While watching the logs on the server, I would see this message appear
every 8 seconds:

  ...TLS: new session incoming connection from 10.1.1.10:5000...

followed by the new session setup dialog back-n-forth:

-------------------start------------------
Tue May 11 09:58:59 2004 vega.wifi.orem.verio.net/10.1.1.10:5000 VERIFY
OK: depth=1,
/C=US/ST=UT/L=Orem/O=NTT/Verio.SME/CN=gw-wifi.wifi.orem.verio.net/emailAddress=avrich@xxxxxxxxxxxxxx
Tue May 11 09:58:59 2004 vega.wifi.orem.verio.net/10.1.1.10:5000 VERIFY
OK: depth=0,
/C=US/ST=UT/O=NTT/Verio.SME/CN=vega.wifi.orem.verio.net/emailAddress=avrich@xxxxxxxxxxxxxx
Tue May 11 09:58:59 2004 vega.wifi.orem.verio.net/10.1.1.10:5000 Data
Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue May 11 09:58:59 2004 vega.wifi.orem.verio.net/10.1.1.10:5000 Data
Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 11 09:58:59 2004 vega.wifi.orem.verio.net/10.1.1.10:5000 Data
Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue May 11 09:58:59 2004 vega.wifi.orem.verio.net/10.1.1.10:5000 Data
Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue May 11 09:58:59 2004 vega.wifi.orem.verio.net/10.1.1.10:5000 TLS:
move_session: dest=TM_ACTIVE src=TM_UNTRUSTED reinit_src=1
Tue May 11 09:58:59 2004 vega.wifi.orem.verio.net/10.1.1.10:5000 TLS:
tls_multi_process: untrusted session promoted to trusted
Tue May 11 09:58:59 2004 vega.wifi.orem.verio.net/10.1.1.10:5000 Control
Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Tue May 11 09:59:02 2004 vega.wifi.orem.verio.net/10.1.1.10:5000 PUSH:
Received control message: 'PUSH_REQUEST'
Tue May 11 09:59:02 2004 vega.wifi.orem.verio.net/10.1.1.10:5000 SENT
CONTROL [vega.wifi.orem.verio.net]: 'PUSH_REPLY,ifconfig 192.168.200.6
192.168.200.5' (status=1)
-----------------end----------------------

Once the last message in the new setup flurry arrived:

  ...SENT CONTROL [vega.wifi.orem.verio.net]: 'PUSH_REPLY,ifconfig
     192.168.200.6 192.168.200.5' (status=1)...

then I saw (from the server's perspective) 2 pings arrive from the clinet,
but w/ no replies sent back:

[gw-wifi]~# tcpdump -xXnli tun0 -s 0
tcpdump: listening on tun0
10:01:28.269880 192.168.200.6 > 192.168.200.5: icmp: echo request
0x0000   4500 003c 6d64 0000 8001 bbff c0a8 c806        E..<md..........
0x0010   c0a8 c805 0800 bbf8 1806 2401 0000 0000        ..........$.....
0x0020   0000 0000 0000 0000 0000 0000 0000 0000        ................
0x0030   0000 0000 0000 0000 0000 0000                  ............
10:01:28.269950 192.168.200.6 > 192.168.200.5: icmp: echo request
0x0000   4500 003c 6d64 0000 7f01 bcff c0a8 c806        E..<md..........
0x0010   c0a8 c805 0800 bbf8 1806 2401 0000 0000        ..........$.....
0x0020   0000 0000 0000 0000 0000 0000 0000 0000        ................
0x0030   0000 0000 0000 0000 0000 0000                  ............
...

This process just kept looping.  Hope this helps.  Thanks.

-Adam