Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

OpenVPN [flash] Inactivity timeout (--ping-restart), restarting issue...

Status
Not open for further replies.

w810i

Technical User
Jun 15, 2006
49
PH
Hi,

Using OpenVPN application, I am encountering every 1-2 minutes disconnection all the time. Does anybody have an idea why this is happening please? thanks.

See logs below:

Mon Sep 03 17:05:28 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Mon Sep 03 17:05:28 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 03 17:05:28 2018 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 03 17:05:28 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Mon Sep 03 17:05:28 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 03 17:05:28 2018 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Mon Sep 03 17:05:28 2018 Preserving previous TUN/TAP instance: Ethernet
Mon Sep 03 17:05:28 2018 Initialization Sequence Completed
Mon Sep 03 17:05:28 2018 MANAGEMENT: >STATE:1535965528,CONNECTED,SUCCESS,192.168.xx.xx,xxx.245.xxx.xx,30xxx,,
*********DISCONNECTING PART*************
Mon Sep 03 17:07:24 2018 [flash] Inactivity timeout (--ping-restart), restarting
Mon Sep 03 17:07:24 2018 SIGUSR1[soft,ping-restart] received, process restarting
Mon Sep 03 17:07:24 2018 MANAGEMENT: >STATE:1535965644,RECONNECTING,ping-restart,,,,,
Mon Sep 03 17:07:24 2018 Restart pause, 5 second(s)
Mon Sep 03 17:07:29 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]220.245.xxx.xx:30xxx
Mon Sep 03 17:07:29 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon Sep 03 17:07:29 2018 UDP link local: (not bound)
Mon Sep 03 17:07:29 2018 UDP link remote: [AF_INET]220.245.240.xx:30xxx
Mon Sep 03 17:07:29 2018 MANAGEMENT: >STATE:1535965649,WAIT,,,,,,
Mon Sep 03 17:07:30 2018 MANAGEMENT: >STATE:1535965650,AUTH,,,,,,
Mon Sep 03 17:07:30 2018 TLS: Initial packet from [AF_INET]220.245.240.xx:30xxx, sid=c3f3f0dd 4974b4fb
Mon Sep 03 17:07:31 2018 VERIFY OK: depth=1, CN=flash
Mon Sep 03 17:07:31 2018 VERIFY KU OK
Mon Sep 03 17:07:31 2018 Validating certificate extended key usage
Mon Sep 03 17:07:31 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Sep 03 17:07:31 2018 VERIFY EKU OK
Mon Sep 03 17:07:31 2018 VERIFY OK: depth=0, CN=flash
Mon Sep 03 17:07:33 2018 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Sep 03 17:07:33 2018 [flash] Peer Connection Initiated with [AF_INET]220.245.240.xx:30xxx
Mon Sep 03 17:07:34 2018 MANAGEMENT: >STATE:1535965654,GET_CONFIG,,,,,,
Mon Sep 03 17:07:34 2018 SENT CONTROL [flash]: 'PUSH_REQUEST' (status=1)
Mon Sep 03 17:07:34 2018 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 192.168.66.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 192.168.xx.xx 192.168.xx.xx'
Mon Sep 03 17:07:34 2018 OPTIONS IMPORT: timers and/or timeouts modified
Mon Sep 03 17:07:34 2018 OPTIONS IMPORT: --ifconfig/up options modified
Mon Sep 03 17:07:34 2018 OPTIONS IMPORT: route options modified
Mon Sep 03 17:07:34 2018 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 03 17:07:34 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
 
I'm definitely no VPN expert, but it looks like it's disconnecting due to lack of activity. Perhaps a test? Try a constant ping to the registration address and see if it stops dropping every 2 minutes?

LoPath
Maintain HiPath 4000 V5 & V6, OpenScape Xpert V4, OpenScape Xpressions, OpenScape Contact Center V8, OpenScape Voice V9
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top