openfortivpn stops working after 1 hour

BrunoTeixeira1996 commented 1 year ago

Hi , I am using openfortivpn 1.19.0 but for some reason after around 1 hour the connection hangs and stops. The log messages remain the same, not giving any sign of exiting or error.

brun0@b:~
VPN account password:
INFO:   Connected to gateway.
INFO:   Authenticated.
INFO:   Remote gateway has allocated a VPN.
Using interface ppp0
Connect: ppp0 <--> /dev/pts/3
INFO:   Got addresses: [10.69.100.4], ns [10.69.70.3, 10.69.70.4], ns_suffix [<company>.int]
INFO:   Negotiation complete.
INFO:   Negotiation complete.
local  IP address 10.69.100.4
remote IP address 169.254.2.1
INFO:   Interface ppp0 is UP.
INFO:   Setting new routes...
INFO:   Adding VPN nameservers...
INFO:   Tunnel is up and running.

The connection remains active for around 1h and then stops but theres no error message.

I am using Debian 12

DimitriPapadopoulos commented 1 year ago

See https://github.com/adrienverge/openfortivpn/wiki#debugging-openfortivpn.

BrunoTeixeira1996 commented 1 year ago

See https://github.com/adrienverge/openfortivpn/wiki#debugging-openfortivpn.

Doing this right now, going to post the log info shortly

BrunoTeixeira1996 commented 1 year ago

@DimitriPapadopoulos Here is the -v -v output

openfortivpn -v -v

``` DEBUG: openfortivpn 1.19.0 DEBUG: revision unavailable DEBUG: Loaded configuration file "/etc/openfortivpn/config". VPN account password: DEBUG: Configuration host = "myhost" DEBUG: Configuration realm = "tunnel" DEBUG: Configuration port = "443" DEBUG: Configuration username = "myuser" DEBUG: Resolving gateway host ip DEBUG: Establishing ssl connection DEBUG: SO_KEEPALIVE: OFF DEBUG: TCP_KEEPIDLE: 7200 DEBUG: TCP_KEEPINTVL: 75 DEBUG: TCP_KEEPCNT: 9 DEBUG: SO_SNDBUF: 16384 DEBUG: SO_RCVBUF: 131072 DEBUG: server_addr: _____ DEBUG: server_port: 443 DEBUG: gateway_addr: _____ DEBUG: gateway_port: 443 DEBUG: Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4 DEBUG: Setting minimum protocol version to: 0x303. DEBUG: Gateway certificate validation succeeded. INFO: Connected to gateway. DEBUG: http_send: POST /remote/logincheck HTTP/1.1 Host: myhost:443 User-Agent: Mozilla/5.0 SV1 Accept: */* Accept-Encoding: gzip, deflate, br Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT Content-Type: application/x-www-form-urlencoded Cookie: Content-Length: 87 username=myuser&credential=************************&realm=tunnel&ajax=1 DEBUG: http_receive: HTTP/1.1 200 OK Date: Mon, 16 Oct 2023 11:41:34 GMT Set-Cookie: SVPNCOOKIE=; path=/; expires=Sun, 11 Mar 1984 12:00:00 GMT; secure; httponly; SameSite=Strict; Set-Cookie: SVPNNETWORKCOOKIE=; path=/remote/network; expires=Sun, 11 Mar 1984 12:00:00 GMT; secure; httponly; SameSite=Strict Transfer-Encoding: chunked Content-Type: text/plain X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self'; object-src 'self'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob:; X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 8a ret=2,reqid=171263873,polid=1-7-250033ca,grp=something_something,portal=full-access-split-something,magic=7-250033ca,tokeninfo=ftm_push,chal_msg= 0 DEBUG: Empty cookie. DEBUG: http_send: POST /remote/logincheck HTTP/1.1 Host: remote.something.pt:443 User-Agent: Mozilla/5.0 SV1 Accept: */* Accept-Encoding: gzip, deflate, br Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT Content-Type: application/x-www-form-urlencoded Cookie: SVPNCOOKIE= Content-Length: 139 username=myuser&realm=tunnel&reqid=171263873&polid=1-7-250033ca&grp=something_something&portal=full-access-split-something&peer=&ftmpush=1 DEBUG: http_receive: HTTP/1.1 200 OK Date: Mon, 16 Oct 2023 11:41:34 GMT Set-Cookie: SVPNCOOKIE=lOojJTs0PjeKwNfOD+8WJLwjRPNoDi553cEj4+25lImOnsDNy/meSzqKICPvE2BYxXULeYCmtoidlyMXtTWATkULgsNuuc9oNt8t3c6BDK0M2ywyl7AN84dtZrDwQmvCAkhHzUWc7vgJZw6EdhzzEX3yBimAgd/DD3FEAnM7icbzIAleNiyjg8W6eT25Mx5nkSSKIcdFO4w8Iat3lX9CziaKi124LIl1Qjj0XVnxyL7HMAOwGKtTM1XBU421RuXQ++L9ukl9T4pP4y3pN5Kfgv4vbjh6rZN+XiVySoBvq5JJSdLlrAWtfhaC5eXEewKblbqG9t6s+Up3L5aOzNibUIBXU/nwk7LNFaEIJuVtRigqIgiYtk1b7Q9Ph5NsQPwFzrQCzr/i368ujLX1fws=; path=/; secure; httponly; SameSite=Strict Transfer-Encoding: chunked Content-Type: text/html X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self'; object-src 'self'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob:; X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 7e 0 DEBUG: Cookie: SVPNCOOKIE=lOojJTs0PjeKwNfOD+8WJLwjRPNoDi553cEj4+25lImOnsDNy/meSzqKICPvE2BYxXULeYCmtoidlyMXtTWATkULgsNuuc9oNt8t3c6BDK0M2ywyl7AN84dtZrDwQmvCAkhHzUWc7vgJZw6EdhzzEX3yBimAgd/DD3FEAnM7icbzIAleNiyjg8W6eT25Mx5nkSSKIcdFO4w8Iat3lX9CziaKi124LIl1Qjj0XVnxyL7HMAOwGKtTM1XBU421RuXQ++L9ukl9T4pP4y3pN5Kfgv4vbjh6rZN+XiVySoBvq5JJSdLlrAWtfhaC5eXEewKblbqG9t6s+Up3L5aOzNibUIBXU/nwk7LNFaEIJuVtRigqIgiYtk1b7Q9Ph5NsQPwFzrQCzr/i368ujLX1fws= INFO: Authenticated. DEBUG: Cookie: SVPNCOOKIE=lOojJTs0PjeKwNfOD+8WJLwjRPNoDi553cEj4+25lImOnsDNy/meSzqKICPvE2BYxXULeYCmtoidlyMXtTWATkULgsNuuc9oNt8t3c6BDK0M2ywyl7AN84dtZrDwQmvCAkhHzUWc7vgJZw6EdhzzEX3yBimAgd/DD3FEAnM7icbzIAleNiyjg8W6eT25Mx5nkSSKIcdFO4w8Iat3lX9CziaKi124LIl1Qjj0XVnxyL7HMAOwGKtTM1XBU421RuXQ++L9ukl9T4pP4y3pN5Kfgv4vbjh6rZN+XiVySoBvq5JJSdLlrAWtfhaC5eXEewKblbqG9t6s+Up3L5aOzNibUIBXU/nwk7LNFaEIJuVtRigqIgiYtk1b7Q9Ph5NsQPwFzrQCzr/i368ujLX1fws= DEBUG: http_send: GET /remote/index HTTP/1.1 Host: remote.something.pt:443 User-Agent: Mozilla/5.0 SV1 Accept: */* Accept-Encoding: gzip, deflate, br Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT Content-Type: application/x-www-form-urlencoded Cookie: SVPNCOOKIE=lOojJTs0PjeKwNfOD+8WJLwjRPNoDi553cEj4+25lImOnsDNy/meSzqKICPvE2BYxXULeYCmtoidlyMXtTWATkULgsNuuc9oNt8t3c6BDK0M2ywyl7AN84dtZrDwQmvCAkhHzUWc7vgJZw6EdhzzEX3yBimAgd/DD3FEAnM7icbzIAleNiyjg8W6eT25Mx5nkSSKIcdFO4w8Iat3lX9CziaKi124LIl1Qjj0XVnxyL7HMAOwGKtTM1XBU421RuXQ++L9ukl9T4pP4y3pN5Kfgv4vbjh6rZN+XiVySoBvq5JJSdLlrAWtfhaC5eXEewKblbqG9t6s+Up3L5aOzNibUIBXU/nwk7LNFaEIJuVtRigqIgiYtk1b7Q9Ph5NsQPwFzrQCzr/i368ujLX1fws= Content-Length: 0 DEBUG: http_receive: HTTP/1.1 403 Forbidden Date: Mon, 16 Oct 2023 11:41:45 GMT Transfer-Encoding: chunked Content-Type: text/html X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self'; object-src 'self'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob:; X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 698

0 0 DEBUG: http_send: GET /remote/fortisslvpn HTTP/1.1 Host: remote.something.pt:443 User-Agent: Mozilla/5.0 SV1 Accept: */* Accept-Encoding: gzip, deflate, br Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT Content-Type: application/x-www-form-urlencoded Cookie: SVPNCOOKIE=lOojJTs0PjeKwNfOD+8WJLwjRPNoDi553cEj4+25lImOnsDNy/++L9ukl9T4pP4y3pN5Kfgv4vbjh6rZN+XiVySoBvq5JJSdLlrAWtfhaC5eXEewKblbqG9t6s+Up3L5aOzNibUIBXU/nwk7LNFaEIJuVtRigqIgiYtk1b7Q9Ph5NsQPwFzrQCzr/i368ujLX1fws= Content-Length: 0 DEBUG: http_receive: HTTP/1.1 200 OK Date: Mon, 16 Oct 2023 11:41:45 GMT Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self'; object-src 'self'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob:; X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 5ba 0 mentById('ok_button').value=fgt_lang['ok']; function chkbrowser() { if (window.location.pathname == "/remote/login") window.location.reload(); else window.location.href = "/remote/login";} 0 0 INFO: Remote gateway has allocated a VPN. DEBUG: SO_KEEPALIVE: OFF DEBUG: TCP_KEEPIDLE: 7200 DEBUG: TCP_KEEPINTVL: 75 DEBUG: TCP_KEEPCNT: 9 DEBUG: SO_SNDBUF: 16384 DEBUG: SO_RCVBUF: 131072 DEBUG: server_addr: 93.108.234.105 DEBUG: server_port: 443 DEBUG: gateway_addr: 93.108.234.105 DEBUG: gateway_port: 443 DEBUG: Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4 DEBUG: Setting minimum protocol version to: 0x303. DEBUG: Gateway certificate validation succeeded. DEBUG: Retrieving configuration DEBUG: http_send: GET /remote/fortisslvpn_xml HTTP/1.1 Host: remote.something.pt:443 User-Agent: Mozilla/5.0 SV1 Accept: */* Accept-Encoding: gzip, deflate, br Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT Content-Type: application/x-www-form-urlencoded Cookie: SVPNCOOKIE=lOojJTs0PjeKwNfOD+/DD3FEAnM7icbzIAleNiyjg8W6eT25Mx5nkSSKIcdFO4w8Iat3lX9CziaKi124LIl1Qjj0XVnxyL7HMAOwGKtTM1XBU421RuXQ++L9ukl9T4pP4y3pN5Kfgv4vbjh6rZN+XiVySoBvq5JJSdLlrAWtfhaC5eXEewKblbqG9t6s+Up3L5aOzNibUIBXU/nwk7LNFaEIJuVtRigqIgiYtk1b7Q9Ph5NsQPwFzrQCzr/i368ujLX1fws= Content-Length: 0 DEBUG: http_receive: HTTP/1.1 200 OK Date: Mon, 16 Oct 2023 11:41:45 GMT Transfer-Encoding: chunked Content-Type: text/xml X-Frame-Options: SAMEORIGIN Content-Security-Policy: frame-ancestors 'self'; object-src 'self'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob:; X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 395

0 DEBUG: found dns suffix something.int in xml config DEBUG: found dns server 10.69.70.3 in xml config DEBUG: found dns server 10.69.70.4 in xml config DEBUG: Establishing the tunnel DEBUG: ppp_path: /usr/sbin/pppd DEBUG: Switch to tunneling mode DEBUG: http_send: GET /remote/sslvpn-tunnel HTTP/1.1 Host: sslvpn Cookie: SVPNCOOKIE=lOojJTs0PjeKwNfOD+25lImOnsDNy/meSzqKICPvE2BYxXULeYCmtoidlyMXtTWATkULgsNuuc9oNt8t3c6BDK0M2ywyl7AN84dtZrDwQmvCAkhHzUWc7vgJZw6EdhzzEX3yBimAgd/DD3FEAnM7icbzIAleNiyjg8W6eT25Mx5nkSSKIcdFO4w8Iat3lX9CziaKi124LIl1Qjj0XVnxyL7HMAOwGKtTM1XBU421RuXQ++L9ukl9T4pP4y3pN5Kfgv4vbjh6rZN+XiVySoBvq5JJSdLlrAWtfhaC5eXEewKblbqG9t6s+Up3L5aOzNibUIBXU/nwk7LNFaEIJuVtRigqIgiYtk1b7Q9Ph5NsQPwFzrQCzr/i368ujLX1fws= DEBUG: Starting IO through the tunnel DEBUG: pppd_read thread DEBUG: ssl_read thread DEBUG: if_config thread DEBUG: ssl_write thread DEBUG: pppd_write thread DEBUG: pppd ---> gateway (16 bytes) pppd: c0 21 01 01 00 0e 01 04 05 4a 05 06 32 1a fe 6e DEBUG: gateway ---> pppd (12 bytes) gtw: c0 21 01 01 00 0a 05 06 9a b9 05 cc DEBUG: pppd ---> gateway (12 bytes) pppd: c0 21 02 01 00 0a 05 06 9a b9 05 cc DEBUG: gateway ---> pppd (16 bytes) gtw: c0 21 02 01 00 0e 01 04 05 4a 05 06 32 1a fe 6e DEBUG: pppd ---> gateway (10 bytes) pppd: c0 21 09 00 00 08 32 1a fe 6e DEBUG: pppd ---> gateway (17 bytes) pppd: 80 fd 01 01 00 0f 1a 04 78 00 18 04 78 00 15 03 2f ``` And here is the `pppd-log` output ``` using channel 6 Using interface ppp0 Connect: ppp0 <--> /dev/pts/9 sent [LCP ConfReq id=0x1 ] rcvd [LCP ConfReq id=0x1 ] sent [LCP ConfAck id=0x1 ] rcvd [LCP ConfAck id=0x1 ] sent [LCP EchoReq id=0x0 magic=0x321afe6e] sent [CCP ConfReq id=0x1 ] sent [IPCP ConfReq id=0x1 ] sent [IPV6CP ConfReq id=0x1 ] rcvd [IPCP ConfReq id=0x1 ] sent [IPCP ConfNak id=0x1 ] rcvd [LCP EchoRep id=0x0 magic=0x9ab905cc] rcvd [CCP ConfReq id=0x1] sent [CCP ConfAck id=0x1] rcvd [CCP ConfRej id=0x1 ] sent [CCP ConfReq id=0x2] rcvd [IPCP ConfRej id=0x1 ] sent [IPCP ConfReq id=0x2 ] rcvd [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a fd 94 60 cc 11 82 7a c6 64 01] Protocol-Reject for 'IPv6 Control Protocol' (0x8057) received rcvd [IPCP ConfReq id=0x2 ] sent [IPCP ConfNak id=0x2 ] rcvd [CCP ConfAck id=0x2] rcvd [IPCP ConfNak id=0x2 ] sent [IPCP ConfReq id=0x3 ] rcvd [IPCP ConfReq id=0x3 ] sent [IPCP ConfNak id=0x3 ] rcvd [IPCP ConfAck id=0x3 ] rcvd [IPCP ConfReq id=0x4 ] sent [IPCP ConfNak id=0x4 ] rcvd [IPCP ConfReq id=0x5 ] sent [IPCP ConfNak id=0x5 ] rcvd [IPCP ConfReq id=0x6 ] sent [IPCP ConfNak id=0x6 ] rcvd [IPCP ConfReq id=0x7 ] sent [IPCP ConfNak id=0x7 ] rcvd [IPCP ConfReq id=0x8 ] sent [IPCP ConfNak id=0x8 ] rcvd [IPCP ConfReq id=0x9 ] sent [IPCP ConfNak id=0x9 ] rcvd [IPCP ConfReq id=0xa ] sent [IPCP ConfNak id=0xa ] rcvd [IPCP ConfReq id=0xb ] sent [IPCP ConfNak id=0xb ] rcvd [IPCP ConfReq id=0xc ] sent [IPCP ConfNak id=0xc ] rcvd [IPCP ConfReq id=0xd ] sent [IPCP ConfNak id=0xd ] rcvd [IPCP ConfReq id=0xe ] sent [IPCP ConfNak id=0xe ] rcvd [IPCP ConfReq id=0xf ] sent [IPCP ConfNak id=0xf ] rcvd [IPCP ConfReq id=0x10 ] sent [IPCP ConfNak id=0x10 ] rcvd [IPCP ConfReq id=0x11 ] sent [IPCP ConfNak id=0x11 ] rcvd [IPCP ConfReq id=0x12 ] sent [IPCP ConfNak id=0x12 ] rcvd [IPCP ConfReq id=0x13 ] sent [IPCP ConfNak id=0x13 ] rcvd [IPCP ConfReq id=0x14 ] sent [IPCP ConfNak id=0x14 ] rcvd [IPCP ConfReq id=0x15 ] sent [IPCP ConfNak id=0x15 ] rcvd [IPCP ConfReq id=0x16 ] sent [IPCP ConfNak id=0x16 ] rcvd [IPCP ConfReq id=0x17 ] sent [IPCP ConfNak id=0x17 ] rcvd [IPCP ConfReq id=0x18 ] sent [IPCP ConfNak id=0x18 ] rcvd [IPCP ConfReq id=0x19 ] sent [IPCP ConfNak id=0x19 ] rcvd [IPCP ConfReq id=0x1a ] sent [IPCP ConfNak id=0x1a ] rcvd [IPCP ConfReq id=0x1b ] sent [IPCP ConfNak id=0x1b ] rcvd [IPCP ConfReq id=0x1c ] sent [IPCP ConfNak id=0x1c ] rcvd [IPCP ConfReq id=0x1d ] sent [IPCP ConfNak id=0x1d ] rcvd [IPCP ConfReq id=0x1e ] sent [IPCP ConfNak id=0x1e ] rcvd [IPCP ConfReq id=0x1f ] sent [IPCP ConfNak id=0x1f ] rcvd [IPCP ConfReq id=0x20 ] sent [IPCP ConfNak id=0x20 ] rcvd [IPCP ConfReq id=0x21 ] sent [IPCP ConfNak id=0x21 ] rcvd [IPCP ConfReq id=0x22 ] sent [IPCP ConfNak id=0x22 ] rcvd [IPCP ConfReq id=0x23 ] sent [IPCP ConfNak id=0x23 ] rcvd [IPCP ConfReq id=0x24 ] sent [IPCP ConfNak id=0x24 ] rcvd [IPCP ConfReq id=0x25 ] sent [IPCP ConfNak id=0x25 ] rcvd [IPCP ConfReq id=0x26 ] sent [IPCP ConfNak id=0x26 ] rcvd [IPCP ConfReq id=0x27 ] sent [IPCP ConfNak id=0x27 ] rcvd [IPCP ConfReq id=0x28 ] sent [IPCP ConfNak id=0x28 ] rcvd [IPCP ConfReq id=0x29 ] sent [IPCP ConfNak id=0x29 ] rcvd [IPCP ConfReq id=0x2a ] sent [IPCP ConfNak id=0x2a ] rcvd [IPCP ConfReq id=0x2b ] sent [IPCP ConfNak id=0x2b ] rcvd [IPCP ConfReq id=0x2c ] sent [IPCP ConfNak id=0x2c ] rcvd [IPCP ConfReq id=0x2d ] sent [IPCP ConfNak id=0x2d ] rcvd [IPCP ConfReq id=0x2e ] sent [IPCP ConfNak id=0x2e ] rcvd [IPCP ConfReq id=0x2f ] sent [IPCP ConfNak id=0x2f ] rcvd [IPCP ConfReq id=0x30 ] sent [IPCP ConfNak id=0x30 ] rcvd [IPCP ConfReq id=0x31 ] sent [IPCP ConfNak id=0x31 ] rcvd [IPCP ConfReq id=0x32 ] sent [IPCP ConfNak id=0x32 ] rcvd [IPCP ConfReq id=0x33 ] sent [IPCP ConfNak id=0x33 ] rcvd [IPCP ConfReq id=0x34 ] sent [IPCP ConfNak id=0x34 ] rcvd [IPCP ConfReq id=0x35 ] sent [IPCP ConfNak id=0x35 ] rcvd [IPCP ConfReq id=0x36 ] sent [IPCP ConfNak id=0x36 ] rcvd [IPCP ConfReq id=0x37 ] sent [IPCP ConfNak id=0x37 ] rcvd [IPCP ConfReq id=0x38 ] sent [IPCP ConfNak id=0x38 ] rcvd [IPCP ConfReq id=0x39 ] sent [IPCP ConfNak id=0x39 ] rcvd [IPCP ConfReq id=0x3a ] sent [IPCP ConfNak id=0x3a ] rcvd [IPCP ConfReq id=0x3b ] sent [IPCP ConfNak id=0x3b ] rcvd [IPCP ConfReq id=0x3c ] sent [IPCP ConfNak id=0x3c ] rcvd [IPCP ConfReq id=0x3d ] sent [IPCP ConfNak id=0x3d ] rcvd [IPCP ConfReq id=0x3e ] sent [IPCP ConfNak id=0x3e ] rcvd [IPCP ConfReq id=0x3f ] sent [IPCP ConfNak id=0x3f ] rcvd [IPCP ConfReq id=0x40 ] sent [IPCP ConfNak id=0x40 ] rcvd [IPCP ConfReq id=0x41 ] sent [IPCP ConfNak id=0x41 ] rcvd [IPCP ConfReq id=0x42 ] sent [IPCP ConfNak id=0x42 ] rcvd [IPCP ConfReq id=0x43 ] sent [IPCP ConfNak id=0x43 ] rcvd [IPCP ConfReq id=0x44 ] sent [IPCP ConfNak id=0x44 ] rcvd [IPCP ConfReq id=0x45 ] sent [IPCP ConfNak id=0x45 ] rcvd [IPCP ConfReq id=0x46 ] sent [IPCP ConfNak id=0x46 ] rcvd [IPCP ConfReq id=0x47 ] sent [IPCP ConfNak id=0x47 ] rcvd [IPCP ConfReq id=0x48 ] sent [IPCP ConfNak id=0x48 ] rcvd [IPCP ConfReq id=0x49 ] sent [IPCP ConfNak id=0x49 ] rcvd [IPCP ConfReq id=0x4a ] sent [IPCP ConfNak id=0x4a ] rcvd [IPCP ConfReq id=0x4b ] sent [IPCP ConfNak id=0x4b ] rcvd [IPCP ConfReq id=0x4c ] sent [IPCP ConfNak id=0x4c ] rcvd [IPCP ConfReq id=0x4d ] sent [IPCP ConfNak id=0x4d ] rcvd [IPCP ConfReq id=0x4e ] sent [IPCP ConfNak id=0x4e ] rcvd [IPCP ConfReq id=0x4f ] sent [IPCP ConfNak id=0x4f ] rcvd [IPCP ConfReq id=0x50 ] sent [IPCP ConfNak id=0x50 ] rcvd [IPCP ConfReq id=0x51 ] sent [IPCP ConfNak id=0x51 ] rcvd [IPCP ConfReq id=0x52 ] sent [IPCP ConfNak id=0x52 ] rcvd [IPCP ConfReq id=0x53 ] sent [IPCP ConfNak id=0x53 ] rcvd [IPCP ConfReq id=0x54 ] sent [IPCP ConfNak id=0x54 ] rcvd [IPCP ConfReq id=0x55 ] sent [IPCP ConfNak id=0x55 ] rcvd [IPCP ConfReq id=0x56 ] sent [IPCP ConfNak id=0x56 ] rcvd [IPCP ConfReq id=0x57 ] sent [IPCP ConfNak id=0x57 ] rcvd [IPCP ConfReq id=0x58 ] sent [IPCP ConfNak id=0x58 ] rcvd [IPCP ConfReq id=0x59 ] sent [IPCP ConfNak id=0x59 ] rcvd [IPCP ConfReq id=0x5a ] sent [IPCP ConfNak id=0x5a ] rcvd [IPCP ConfReq id=0x5b ] sent [IPCP ConfNak id=0x5b ] rcvd [IPCP ConfReq id=0x5c ] sent [IPCP ConfNak id=0x5c ] rcvd [IPCP ConfReq id=0x5d ] sent [IPCP ConfNak id=0x5d ] rcvd [IPCP ConfReq id=0x5e ] sent [IPCP ConfNak id=0x5e ] rcvd [IPCP ConfReq id=0x5f ] sent [IPCP ConfNak id=0x5f ] rcvd [IPCP ConfReq id=0x60 ] sent [IPCP ConfNak id=0x60 ] rcvd [IPCP ConfReq id=0x61 ] sent [IPCP ConfNak id=0x61 ] rcvd [IPCP ConfReq id=0x62 ] sent [IPCP ConfNak id=0x62 ] rcvd [IPCP ConfReq id=0x63 ] sent [IPCP ConfNak id=0x63 ] rcvd [IPCP ConfReq id=0x64 ] sent [IPCP ConfNak id=0x64 ] rcvd [IPCP ConfReq id=0x65 ] sent [IPCP ConfRej id=0x65 ] rcvd [IPCP ConfReq id=0x66 ] sent [IPCP ConfRej id=0x66 ] rcvd [IPCP ConfReq id=0x67] sent [IPCP ConfAck id=0x67] Script /etc/ppp/ip-pre-up started (pid 18305) Script /etc/ppp/ip-pre-up finished (pid 18305), status = 0x0 local IP address 10.69.100.1 remote IP address 169.254.2.1 Script /etc/ppp/ip-up started (pid 18308) Script /etc/ppp/ip-up finished (pid 18308), status = 0x0 ```

Like I said, after a couple of minutes I got no message about connection lost but I lose connectivity with the VPN.

BrunoTeixeira1996 commented 1 year ago

Adding to the above log output. Here is the result of ip route. I think this has duplicates interfaces for some reason

DimitriPapadopoulos commented 1 year ago

Something must be happening when you lose connectivity. Something else might overwrite network parameters.

What do you see in system logs when you lose connectivity?

BrunoTeixeira1996 commented 1 year ago

I realy think its network managers fault for some reason. In the systems logs everything is normal and looks like everything is working. But that is not the case

DimitriPapadopoulos commented 1 year ago

Yes, it probably has to do with the network manager. To tell the truth, openfortivpn does not do the right thing when directly modifying /etc/resolv.conf. Having resolvconf installed might help.

BrunoTeixeira1996 commented 1 year ago

I can confirm I don't have resolvconf installed

$ resolvconf
bash: resolvconf: command not found

Do you think that might help? I can install and test and come back with further information if that worked or no

DimitriPapadopoulos commented 1 year ago

It may help if resolvconf does the right thing.

BrunoTeixeira1996 commented 1 year ago

It may help if resolvconf does the right thing.

By installing resolvconf I have the following error, wut

brun0@hhh:~
$ sudo apt install resolvconf
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  resolvconf
0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
Need to get 55.6 kB of archives.
After this operation, 184 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main amd64 resolvconf all 1.91+nmu1 [55.6 kB]
Fetched 55.6 kB in 0s (516 kB/s)    
Preconfiguring packages ...
Selecting previously unselected package resolvconf.
(Reading database ... 189751 files and directories currently installed.)
Preparing to unpack .../resolvconf_1.91+nmu1_all.deb ...
Unpacking resolvconf (1.91+nmu1) ...
Setting up resolvconf (1.91+nmu1) ...
Created symlink /etc/systemd/system/sysinit.target.wants/resolvconf.service → /lib/systemd/system/resolvconf.service.
Created symlink /etc/systemd/system/systemd-resolved.service.wants/resolvconf-pull-resolved.path → /lib/systemd/system/resolvconf-pull-resolved.path.
Unit /lib/systemd/system/resolvconf-pull-resolved.path is added as a dependency to a non-existent unit systemd-resolved.service.
Created symlink /etc/systemd/system/systemd-resolved.service.wants/resolvconf-pull-resolved.service → /lib/systemd/system/resolvconf-pull-resolved.service.
Unit /lib/systemd/system/resolvconf-pull-resolved.service is added as a dependency to a non-existent unit systemd-resolved.service.
Job for dnsmasq.service failed because the control process exited with error code.
See "systemctl status dnsmasq.service" and "journalctl -xeu dnsmasq.service" for details.
invoke-rc.d: initscript dnsmasq, action "restart" failed.
× dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
     Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Tue 2023-10-24 16:52:52 WEST; 4ms ago
   Duration: 2h 29min 19.723s
    Process: 11364 ExecStartPre=/etc/init.d/dnsmasq checkconfig (code=exited, status=0/SUCCESS)
    Process: 11374 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=2)
        CPU: 20ms

Oct 24 16:52:52 L8-BTeixeira systemd[1]: Starting dnsmasq.service - dnsmasq - A lightweight DH
CP and caching DNS server...
Oct 24 16:52:52 L8-BTeixeira dnsmasq[11374]: dnsmasq: failed to create listening socket for po
rt 53: Address already in use
Oct 24 16:52:52 L8-BTeixeira dnsmasq[11374]: failed to create listening socket for port 53: Ad
dress already in use
Oct 24 16:52:52 L8-BTeixeira dnsmasq[11374]: FAILED to start up
Oct 24 16:52:52 L8-BTeixeira systemd[1]: dnsmasq.service: Control process exited, code=exited,
 status=2/INVALIDARGUMENT
Oct 24 16:52:52 L8-BTeixeira systemd[1]: dnsmasq.service: Failed with result 'exit-code'.
Oct 24 16:52:52 L8-BTeixeira systemd[1]: Failed to start dnsmasq.service - dnsmasq - A lightwe
ight DHCP and caching DNS server.
Processing triggers for man-db (2.11.2-2) ...
Processing triggers for resolvconf (1.91+nmu1) ...
brun0@hhh:~
$ resolvconf
bash: resolvconf: command not found

BrunoTeixeira1996 commented 1 year ago

https://github.com/maemo-leste/bugtracker/issues/583

DimitriPapadopoulos commented 1 year ago

There are multiple variants of resolvconf:

resolvconf – initial Debian implementation
openresolv (GitHub) – compatible implementation
systemd resolvectl alias

You have installed the first one, which might be a good idea as you seem to run Debian. Not sure about the error messages you see. Have they been fixed https://github.com/maemo-leste/libicd-network-ipv4/pull/3? Hasn't the fix been propagated to your distribution?

BrunoTeixeira1996 commented 1 year ago

There are multiple variants of resolvconf:

resolvconf – initial Debian implementation

openresolv (GitHub) – compatible implementation

systemd resolvectl alias

You have installed the first one, which might be a good idea as you seem to run Debian. Not sure about the error messages you see. Have they been fixed maemo-leste/libicd-network-ipv4#3? Hasn't the fix been propagated to your distribution?

I dont remember why i was using dnsmasq to be fair. I think I wanted to access some internal services by name but I dont use that anymore so I just removed it and installed resolvconf. Tomorrow Ill test if the openfortivpn works fine and If yes we can close this

BrunoTeixeira1996 commented 1 year ago

@DimitriPapadopoulos After around 4 hours of using openfortivpn the connection remained fine. I realy think the problem was the dnsmasq and the unused resolvconf. Ill let the vpn today for around 5+ hours and see the final result

BrunoTeixeira1996 commented 1 year ago

@DimitriPapadopoulos I can confirm that this is working as intended!

adrienverge / openfortivpn

openfortivpn stops working after 1 hour #1145