You are not logged in.

Pages: 1

#1 2016-02-15 11:11:46

cnilsecure
Member
Registered: 2016-02-15
Posts: 3

openvpn acting wierd

Hey,

I have a really weird problem, i installed openvpn (both gui and cmdline same result)
i manage to connect with no problem  here is the log from client:
-------------

openvpn --config /etc/openvpn/test1.conf &
[1] 17094
[root@NODE-1 1000]# Mon Feb 15 14:51:37 2016 OpenVPN 2.3.9 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 24 2015
Mon Feb 15 14:51:37 2016 library versions: OpenSSL 1.0.2e 3 Dec 2015, LZO 2.09
Mon Feb 15 14:51:37 2016 WARNING: No server certificate verification method has been enabled.  See [url]http://openvpn.net/howto.html#mitm[/url] for more info.
Mon Feb 15 14:51:37 2016 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Feb 15 14:51:37 2016 UDPv4 link local: [undef]
Mon Feb 15 14:51:37 2016 UDPv4 link remote: [AF_INET]43.X.X.182:2294
Mon Feb 15 14:51:52 2016 TLS: Initial packet from [AF_INET]43.X.X.182:2294, sid=2965765f 740ad0d0
Mon Feb 15 14:51:52 2016 VERIFY OK: depth=1, CN=ChangeMe
Mon Feb 15 14:51:52 2016 VERIFY OK: depth=0, CN=server
Mon Feb 15 14:51:52 2016 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Feb 15 14:51:52 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Feb 15 14:51:52 2016 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Feb 15 14:51:52 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Feb 15 14:51:52 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Feb 15 14:51:52 2016 [server] Peer Connection Initiated with [AF_INET]43.X.X.182:2294
Mon Feb 15 14:51:55 2016 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Mon Feb 15 14:51:55 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway autolocal,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0'
Mon Feb 15 14:51:55 2016 OPTIONS IMPORT: timers and/or timeouts modified
Mon Feb 15 14:51:55 2016 OPTIONS IMPORT: --ifconfig/up options modified
Mon Feb 15 14:51:55 2016 OPTIONS IMPORT: route options modified
Mon Feb 15 14:51:55 2016 OPTIONS IMPORT: route-related options modified
Mon Feb 15 14:51:55 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Feb 15 14:51:55 2016 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=enp4s0 HWADDR=00:01:2e:4d:69:dc
Mon Feb 15 14:51:55 2016 TUN/TAP device tun0 opened
Mon Feb 15 14:51:55 2016 TUN/TAP TX queue length set to 100
Mon Feb 15 14:51:55 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Feb 15 14:51:55 2016 /usr/bin/ip link set dev tun0 up mtu 1500
Mon Feb 15 14:51:55 2016 /usr/bin/ip addr add dev tun0 10.8.0.2/24 broadcast 10.8.0.255
Mon Feb 15 14:51:55 2016 ROUTE remote_host is NOT LOCAL
Mon Feb 15 14:51:55 2016 /usr/bin/ip route add 43.X.X.182/32 via 192.168.1.1
Mon Feb 15 14:51:55 2016 /usr/bin/ip route del 0.0.0.0/0
Mon Feb 15 14:51:55 2016 /usr/bin/ip route add 0.0.0.0/0 via 10.8.0.1
Mon Feb 15 14:51:55 2016 Initialization Sequence Completed

-------------------------------------------

when i ping 10.8.0.1
sometimes its pinging sometimes its dies on me
take a look:

[root@NODE-1 1000]# ping 10.8.0.1
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=93.4 ms
64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=90.8 ms
64 bytes from 10.8.0.1: icmp_seq=3 ttl=64 time=91.6 ms
64 bytes from 10.8.0.1: icmp_seq=4 ttl=64 time=85.2 ms
64 bytes from 10.8.0.1: icmp_seq=5 ttl=64 time=78.6 ms
64 bytes from 10.8.0.1: icmp_seq=6 ttl=64 time=76.7 ms
64 bytes from 10.8.0.1: icmp_seq=7 ttl=64 time=71.1 ms
64 bytes from 10.8.0.1: icmp_seq=8 ttl=64 time=55.7 ms
64 bytes from 10.8.0.1: icmp_seq=9 ttl=64 time=22.1 ms
64 bytes from 10.8.0.1: icmp_seq=10 ttl=64 time=13.4 ms
64 bytes from 10.8.0.1: icmp_seq=11 ttl=64 time=15.4 ms
64 bytes from 10.8.0.1: icmp_seq=12 ttl=64 time=12.7 ms
64 bytes from 10.8.0.1: icmp_seq=13 ttl=64 time=13.8 ms
64 bytes from 10.8.0.1: icmp_seq=14 ttl=64 time=13.5 ms
64 bytes from 10.8.0.1: icmp_seq=15 ttl=64 time=14.2 ms
64 bytes from 10.8.0.1: icmp_seq=16 ttl=64 time=12.9 ms          <----------- stopped for like 30 seconds
64 bytes from 10.8.0.1: icmp_seq=76 ttl=64 time=16.6 ms
64 bytes from 10.8.0.1: icmp_seq=77 ttl=64 time=21.4 ms
64 bytes from 10.8.0.1: icmp_seq=78 ttl=64 time=38.1 ms
^C
--- 10.8.0.1 ping statistics ---
78 packets transmitted, 19 received, 75% packet loss, time 77030ms
rtt min/avg/max/mdev = 12.783/44.114/93.445/32.399 ms

----------------------------------
I am using wicd for network manager (dont know if its important or not)
here is my openvpn client config:

client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote 43.X.X.182 2294
resolv-retry infinite
nobind
persist-key
persist-tun
#remote-cert-tls server   <--- i disabled this to make sure its not the cause of my problem.
comp-lzo
verb 3
ca ca.crt
cert server.crt
key client.key

--------------------------
here is the server config:

port 2294
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway autolocal"   (i also tried redirect-gateway def1 same result)
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
#crl-verify /etc/openvpn/easy-rsa/pki/crl.pem  <--- again disabled to make sure its not the cause of the problem.

---------------------------------
hopefully someone knows the answer to this problem its driving me crazy:/
i started to suspect MTU is the answer

Last edited by cnilsecure (2016-02-15 12:26:04)

Offline

#2 2016-02-15 11:58:19

x33a
Forum Fellow
Registered: 2009-08-15
Posts: 4,587

Re: openvpn acting wierd

@cnilsecure, welcome to the forums.

Please edit your post and use code tags for the output and config snippets.

https://bbs.archlinux.org/help.php#bbcode

As for the problem, make sure that there is no packet loss between your machine and the server's public IP itself.

Offline

#3 2016-02-15 12:19:24

cnilsecure
Member
Registered: 2016-02-15
Posts: 3

Re: openvpn acting wierd

Hey x33a,

which bbcode i should use for output and config? (quote?)
as for the package loss there is none
if i ping the public ip of the openvpn server it wont lose a single ping:/
thats what drives me nuts i have no explanation to this problem
like i said i start to suspect mtu might contain the answer but i have no experience with it  what so ever and i hope someone here had the same problem and managed to solve it.

I will edit my initial post with the bbcode but when i looked at the example i couldnt find a bbcode relating to output or config

Offline

#4 2016-02-15 12:26:33

x33a
Forum Fellow
Registered: 2009-08-15
Posts: 4,587

Re: openvpn acting wierd

Use the "code" tag, like this:

[code]Text[/code]

Edit: Try using tcp instead of udp. I have had better results with tcp myself.

Last edited by x33a (2016-02-15 12:29:51)

Offline

#5 2016-02-15 14:54:49

cnilsecure
Member
Registered: 2016-02-15
Posts: 3

Re: openvpn acting wierd

Hey again,

well yeah i figured the bbcode by myself smile
about the tcp its not the issue i start to believe its wicd who is the cause of my suffering
i connected again without doing the routing its works like a charm
and very stable so it appears wicd is trying to force is setting on my connection, hence the drop of packages
if anyone have any past experience with wicd and openvpn please advise
Best regards,
CNILSECURE:)

Offline

Pages: 1

Board footer

Powered by FluxBB