search

OpenVPN / openvpn

OpenVPN is an open source VPN daemon
http://openvpn.net
Other
10.74k stars 2.99k forks source link

No data flow after random time frame #229

Open SelfMan opened 1 year ago

SelfMan commented 1 year ago

With OpenVPN 2.6.0 while connecting to a up-to-date Synology NAS, the connection is established and after a while the data flow stops working. Connection appears to be still up, but I am unable to ping or access any of the remote location's devices.

I am using following ovpn config file

dev tun tls-client remote 1194 pull proto udp script-security 2 reneg-sec 0 cipher AES-256-CBC data-ciphers 'AES-256-CBC' auth SHA512 auth-user-pass

-----BEGIN CERTIFICATE----- cert data -----END CERTIFICATE-----

On a Windows 10 22H2 x64 all patched up system. With OpenVPN version: 2.6.0

The OpenVPN 2.5.8 works with the same confix file just fine, no issues there.

schwabe commented 1 year ago

Please include a log from both versions.

SelfMan commented 1 year ago

the logs are as following

2023-01-29 16:01:11 OpenVPN 2.5.8 [git:none/0357ceb877687faa] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 2 2022 2023-01-29 16:01:11 Windows version 10.0 (Windows 10 or greater) 64bit 2023-01-29 16:01:11 library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10 2023-01-29 16:01:11 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 2023-01-29 16:01:11 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194 2023-01-29 16:01:11 UDP link local (bound): [AF_INET][undef]:1194 2023-01-29 16:01:11 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:1194 2023-01-29 16:01:11 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 2023-01-29 16:01:11 [remote-nas] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194 2023-01-29 16:01:11 open_tun 2023-01-29 16:01:11 tap-windows6 device [OpenVPN TAP-Windows6] opened 2023-01-29 16:01:11 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.150.0.6/255.255.255.252 on interface {37637351-B564-4A87-B77F-BAD7B30F1C9A} [DHCP-serv: 10.150.0.5, lease-time: 31536000] 2023-01-29 16:01:11 Successful ARP Flush on interface [24] {37637351-B564-4A87-B77F-BAD7B30F1C9A} 2023-01-29 16:01:12 IPv4 MTU set to 1500 on interface 24 using service 2023-01-29 16:01:17 Initialization Sequence Completed

2023-01-29 17:43:30 OpenVPN 2.6.0 [git:v2.6.0/b999466418dddb89] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Jan 25 2023 2023-01-29 17:43:30 Windows version 10.0 (Windows 10 or greater), amd64 executable 2023-01-29 17:43:30 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10 2023-01-29 17:43:31 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 2023-01-29 17:43:32 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194 2023-01-29 17:43:32 UDPv4 link local: (not bound) 2023-01-29 17:43:32 UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1194 2023-01-29 17:43:32 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 2023-01-29 17:43:33 [remote-nas] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194 2023-01-29 17:43:33 open_tun 2023-01-29 17:43:33 tap-windows6 device [OpenVPN TAP-Windows6] opened 2023-01-29 17:43:33 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.150.0.10/255.255.255.252 on interface {37637351-B564-4A87-B77F-BAD7B30F1C9A} [DHCP-serv: 10.150.0.9, lease-time: 31536000] 2023-01-29 17:43:33 Successful ARP Flush on interface [24] {37637351-B564-4A87-B77F-BAD7B30F1C9A} 2023-01-29 17:43:33 IPv4 MTU set to 1500 on interface 24 using service 2023-01-29 17:43:39 Initialization Sequence Completed 2023-01-29 17:51:52 [remote-nas] Inactivity timeout (--ping-restart), restarting 2023-01-29 17:51:52 SIGUSR1[soft,ping-restart] received, process restarting 2023-01-29 17:51:53 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 2023-01-29 17:51:53 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194 2023-01-29 17:51:53 UDPv4 link local: (not bound) 2023-01-29 17:51:53 UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1194 2023-01-29 17:52:53 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2023-01-29 17:52:53 TLS Error: TLS handshake failed 2023-01-29 17:52:53 SIGUSR1[soft,tls-error] received, process restarting 2023-01-29 17:52:54 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 2023-01-29 17:52:54 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194 2023-01-29 17:52:54 UDPv4 link local: (not bound) 2023-01-29 17:52:54 UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1194 2023-01-29 17:53:26 [remote-nas] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194 2023-01-29 17:53:26 open_tun 2023-01-29 17:53:26 tap-windows6 device [OpenVPN TAP-Windows6] opened 2023-01-29 17:53:26 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.150.0.6/255.255.255.252 on interface {37637351-B564-4A87-B77F-BAD7B30F1C9A} [DHCP-serv: 10.150.0.5, lease-time: 31536000] 2023-01-29 17:53:26 Successful ARP Flush on interface [24] {37637351-B564-4A87-B77F-BAD7B30F1C9A} 2023-01-29 17:53:26 IPv4 MTU set to 1500 on interface 24 using service 2023-01-29 17:53:31 Initialization Sequence Completed 2023-01-29 17:56:27 [remote-nas] Inactivity timeout (--ping-restart), restarting 2023-01-29 17:56:27 SIGUSR1[soft,ping-restart] received, process restarting 2023-01-29 17:56:28 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 2023-01-29 17:56:28 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194 2023-01-29 17:56:28 UDPv4 link local: (not bound) 2023-01-29 17:56:28 UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1194 2023-01-29 17:56:28 [remote-nas] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194 2023-01-29 17:56:28 open_tun 2023-01-29 17:56:28 tap-windows6 device [OpenVPN TAP-Windows6] opened 2023-01-29 17:56:28 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.150.0.6/255.255.255.252 on interface {37637351-B564-4A87-B77F-BAD7B30F1C9A} [DHCP-serv: 10.150.0.5, lease-time: 31536000] 2023-01-29 17:56:28 Successful ARP Flush on interface [24] {37637351-B564-4A87-B77F-BAD7B30F1C9A} 2023-01-29 17:56:28 IPv4 MTU set to 1500 on interface 24 using service 2023-01-29 17:56:33 Initialization Sequence Completed

Pippin1st commented 1 year ago

Hi,

both meaning server and client...I guess ;)

If I'm not mistaken you can find the server config on Synology NAS via SSH here: cat /usr/syno/etc/packages/VPNCenter/openvpn/openvpn.conf

For a server log @verb 4, just add

log /var/log/openvpn.log
verb 4

to the conf file and restart VPNCenter.

To view it: cat /var/log/openvpn.log