Bug#863110: openvpn: VPN remains connected, but network is unreachable after 30-45 min and requires reconnect

Wed, 12 Jul 2017 00:39:59 -0700 

severity #863110 serious
thanks

Hi,

we have got the same issue with all our VPNs upgraded to Stretch now.
Most VPNs are connected about a 1 GBit/s datacenter connection with each
other (also same LAN), the other ones are connected about a 100 MBit/s
connection.

Example configuration:

client
dev tun
proto udp
remote XYZ 1197
verify-x509-name "C=de, ST=Nordrhein-Westfalen, L=...., O=.....,
OU=...., CN=...., emailAddress=...."
route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
ca ....
cert ....
key .....
auth-user-pass ....
cipher AES-256-CBC
auth SHA256
comp-lzo
route-delay 4
verb 3
reneg-sec 0

The only thing I have got in my logs is e.g. this:

Jul 12 03:02:39 HOST ovpn-ABC_network[20317]: [gateway01] Inactivity
timeout (--ping-restart), restarting
Jul 12 03:02:39 HOST ovpn-ABC_network[20317]: SIGUSR1[soft,ping-restart]
received, process restarting
Jul 12 03:02:39 HOST ovpn-ABC_network[20317]: Restart pause, 5 second(s)
Jul 12 03:02:44 HOST ovpn-ABC_network[20317]: TCP/UDP: Preserving
recently used remote address: [AF_INET].........:44443
Jul 12 03:02:44 HOST ovpn-ABC_network[20317]: Socket Buffers:
R=[87380->87380] S=[16384->16384]
Jul 12 03:02:44 HOST ovpn-ABC_network[20317]: Attempting to establish
TCP connection with [AF_INET]..........:44443 [nonblock]

Jul 12 03:04:44 HOST ovpn-ABC_network[20317]: TCP: connect to
[AF_INET]............:44443 failed: Connection timed out
Jul 12 03:04:44 HOST ovpn-ABC_network[20317]: SIGUSR1[connection
failed(soft),init_instance] received, process restarting
Jul 12 03:04:44 HOST ovpn-ABC_network[20317]: Restart pause, 5 second(s)
Jul 12 03:04:49 HOST ovpn-ABC_network[20317]: TCP/UDP: Preserving
recently used remote address: [AF_INET]............:44443
Jul 12 03:04:49 HOST ovpn-ABC_network[20317]: Socket Buffers:
R=[87380->87380] S=[16384->16384]
Jul 12 03:04:49 HOST ovpn-ABC_network[20317]: Attempting to establish
TCP connection with [AF_INET]..........:44443 [nonblock]

After this the connection was down, until we manualy restarted it.

Since all Stretch VPNs are affected here  raised the severity of this issue.

-- 
/*
Mit freundlichem Gruß / With kind regards,
 Patrick Matthäi
 GNU/Linux Debian Developer

  Blog: http://www.linux-dev.org/
E-Mail: pmatth...@debian.org
        patr...@linux-dev.org
*/

Reply via email to