What's new

Are there OpenVPN issues with 3.0.0.4.374.33

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ilium007

Regular Contributor
I have upgraded to 3.0.0.4.374.33 and now I can not pass any traffic across the VPN and the VPN is constantly dropping out with the following error:

Code:
Oct 05 19:57:32: [server1] Inactivity timeout (--ping-restart), restarting

I have removed all OpenVPN settings, regenerated the keys and have reconfigured the client but I still can not get traffic across the VPN.
 
My OpenVPN works like a charm :)
Would you tell us a bit more about your OpenVPN configuration?
 
Here is the server config:

Code:
# Automatically generated configuration
daemon
server 10.8.0.0 255.255.255.0
proto udp
port 1194
dev tun21
cipher AES-128-CBC
keepalive 15 60
verb 3
push "route 192.168.10.0 255.255.255.0"
push "dhcp-option DNS 192.168.10.1"
push "redirect-gateway def1"
tls-auth static.key 0
ca ca.crt
dh dh.pem
cert server.crt
key server.key
status-version 2
status status

# Custom Configuration
verb 3

And here is my client config:

Code:
#-- Config Auto Generated By Viscosity --#

#viscosity startonopen false
#viscosity dhcp true
#viscosity dnssupport true
#viscosity name ilium007
#viscosity ipv6 false
remote xxx.xxx.xxx.xxx 1194 udp
pull
tls-client
tls-auth ta.key 1
persist-key
ca ca.crt
dev tun
persist-tun
cert cert.crt
comp-lzo adaptive
key key.key
verb 2
cipher AES-128-CBC

It's pretty much a default setup apart from the cipher which is specified on both ends. As I said, the tunnel comes up (and drops out because on inactivity but connects straight away again) but no traffic goes over the vpn.
 
Last edited:
This is what my routing table looks like after connection:

Code:
macbookair:~ ilium007$ netstat -nar
Routing tables

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
0/1                10.8.0.5           UGSc            2        0    tun0
default            10.0.0.138         UGSc           26        0     en0
10/24              link#4             UCS             2        0     en0
10.0.0.1           127.0.0.1          UHS             0        0     lo0
10.0.0.138         84:db:2f:1b:4b:1a  UHLWIir         4       21     en0   1143
10.0.0.255         ff:ff:ff:ff:ff:ff  UHLWbI          0       34     en0
10.8.0.1/32        10.8.0.5           UGSc            0        0    tun0
10.8.0.5           10.8.0.6           UHr             7        0    tun0
17.82.253.7        10.8.0.5           UGHWIi          1        1    tun0
69.197.169.9       10.8.0.5           UGHW3Ii         0       36    tun0   3600
123.243.221.86/32  10.0.0.138         UGSc            1        0     en0
123.243.221.86     10.0.0.138         UGHWIi          2       71     en0
127                127.0.0.1          UCS             0        0     lo0
127.0.0.1          127.0.0.1          UH             11    17103     lo0
128.0/1            10.8.0.5           UGSc            1        0    tun0
169.254            link#4             UCS             0        0     en0
192.95.16.109      10.8.0.5           UGHWIi         21       27    tun0
192.168.10         10.8.0.5           UGSc            0        0    tun0

Internet6:
Destination                             Gateway                         Flags         Netif Expire
::1                                     link#1                          UHL             lo0
fe80::%lo0/64                           fe80::1%lo0                     UcI             lo0
fe80::1%lo0                             link#1                          UHLI            lo0
fe80::%en0/64                           link#4                          UCI             en0
fe80::7ed1:c3ff:fee6:fecd%en0           7c:d1:c3:e6:fe:cd               UHLI            lo0
ff01::%lo0/32                           fe80::1%lo0                     UmCI            lo0
ff01::%en0/32                           link#4                          UmCI            en0
ff02::%lo0/32                           fe80::1%lo0                     UmCI            lo0
ff02::%en0/32                           link#4                          UmCI            en0
macbookair:~ ilium007$

I don't have any internet connection either when I bring up the VPN which is strange because the default route above is still correct (10.0.0.138).

The route that should be added is 192.168.10.0/24 but in the above output you can see it adds 192.168.10 which seems strange.
 
First of all, afaik, the OpenVPN server should not restart by itself because of inactivity. It usually waits for client connections without any restarting till someone else stops it.
Maybe your client forces the server to restart?
Try to use the same compression method at both ends.
 
First of all, afaik, the OpenVPN server should not restart by itself because of inactivity. It usually waits for client connections without any restarting till someone else stops it.
Maybe your client forces the server to restart?
Try to use the same compression method at both ends.

It isn't the server restarting, its the client. I think it is because there is no traffic across the VPN in 60s (I read that is a default settings).

I will blow it all away and start again. I have set these things up for years without too much of an issue and have had OpenVPN tunnels running on the RT-N66U previously. I just don't know what I am doing wrong.
 
First of all, afaik, the OpenVPN server should not restart by itself because of inactivity. It usually waits for client connections without any restarting till someone else stops it.
Maybe your client forces the server to restart?
Try to use the same compression method at both ends.

You nailed it !!

I had compression set to "disabled' on the Asus and on my Mac (using Viscosity) I had it set to "Off".

Setting it to off in the client put the directive:

Code:
comp-lzo no

on the client but it was not specified on the server. By adding the same to the server it worked. I then realized on the client the setting should have been "not specified" rather than "off".

All working now. Thanks !
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top