On Tue, 5 Jul 2005, ddaasd wrote:
Hi,
I finally set up an OpenVpn 2.0 Server on rhel3 and winxp clients. Everything works just fine until now.
The only problem is that after I close the connection from the client the server logs continuously:
Tue Jul 5 11:45:40 2005 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
...
Tue Jul 5 11:46:01 2005 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
This is really annoying, increases my logs, generates snort alerts "ICMP Destination Unreachable Port Unreachable" and so on.
Is something configured wrong or this is the normal behaviour? If yes how can I get rid of this kind of message?
It's nothing wrong. Per default the server is not notified when a client
disconnects, what's why you get these messages in the server log.
There is two things you can to make things better though. Use --keepalive
(or ping/ping-restart) to make the server realize that a client has
disconnected after some time. I usually use the following values
On server:
ping 10
ping-restart 120
On clients:
ping 10
ping-restart 60
And, then you can add "--explicit-exit-notify 2" on the client, which will
cause it to notify the server when you disconnect cleanly. The '2' means
that it will send to exit-notify packets to the server before exiting.
There is no acknowledge to this exit-notify packet that why you can tell
OpenVPN to send multiple exit-notify packets it case happends to be
dropped.
--
_____________________________________________________________
Mathias Sundman (^) ASCII Ribbon Campaign
OpenVPN GUI for Windows X NO HTML/RTF in e-mail
http://openvpn.se/ / \ NO Word docs in e-mail
|