×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

OpenVPN [flash] Inactivity timeout (--ping-restart), restarting issue...

OpenVPN [flash] Inactivity timeout (--ping-restart), restarting issue...

OpenVPN [flash] Inactivity timeout (--ping-restart), restarting issue...

(OP)
Hi,

Using OpenVPN application, I am encountering every 1-2 minutes disconnection all the time. Does anybody have an idea why this is happening please? thanks.

See logs below:

Mon Sep 03 17:05:28 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Mon Sep 03 17:05:28 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 03 17:05:28 2018 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 03 17:05:28 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Mon Sep 03 17:05:28 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Sep 03 17:05:28 2018 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Mon Sep 03 17:05:28 2018 Preserving previous TUN/TAP instance: Ethernet
Mon Sep 03 17:05:28 2018 Initialization Sequence Completed
Mon Sep 03 17:05:28 2018 MANAGEMENT: >STATE:1535965528,CONNECTED,SUCCESS,192.168.xx.xx,xxx.245.xxx.xx,30xxx,,
*********DISCONNECTING PART*************
Mon Sep 03 17:07:24 2018 [flash] Inactivity timeout (--ping-restart), restarting
Mon Sep 03 17:07:24 2018 SIGUSR1[soft,ping-restart] received, process restarting
Mon Sep 03 17:07:24 2018 MANAGEMENT: >STATE:1535965644,RECONNECTING,ping-restart,,,,,
Mon Sep 03 17:07:24 2018 Restart pause, 5 second(s)
Mon Sep 03 17:07:29 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]220.245.xxx.xx:30xxx
Mon Sep 03 17:07:29 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Mon Sep 03 17:07:29 2018 UDP link local: (not bound)
Mon Sep 03 17:07:29 2018 UDP link remote: [AF_INET]220.245.240.xx:30xxx
Mon Sep 03 17:07:29 2018 MANAGEMENT: >STATE:1535965649,WAIT,,,,,,
Mon Sep 03 17:07:30 2018 MANAGEMENT: >STATE:1535965650,AUTH,,,,,,
Mon Sep 03 17:07:30 2018 TLS: Initial packet from [AF_INET]220.245.240.xx:30xxx, sid=c3f3f0dd 4974b4fb
Mon Sep 03 17:07:31 2018 VERIFY OK: depth=1, CN=flash
Mon Sep 03 17:07:31 2018 VERIFY KU OK
Mon Sep 03 17:07:31 2018 Validating certificate extended key usage
Mon Sep 03 17:07:31 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Sep 03 17:07:31 2018 VERIFY EKU OK
Mon Sep 03 17:07:31 2018 VERIFY OK: depth=0, CN=flash
Mon Sep 03 17:07:33 2018 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Sep 03 17:07:33 2018 [flash] Peer Connection Initiated with [AF_INET]220.245.240.xx:30xxx
Mon Sep 03 17:07:34 2018 MANAGEMENT: >STATE:1535965654,GET_CONFIG,,,,,,
Mon Sep 03 17:07:34 2018 SENT CONTROL [flash]: 'PUSH_REQUEST' (status=1)
Mon Sep 03 17:07:34 2018 PUSH: Received control message: 'PUSH_REPLY,route 192.168.1.0 255.255.255.0,route 192.168.66.0 255.255.255.0,topology net30,ping 10,ping-restart 60,ifconfig 192.168.xx.xx 192.168.xx.xx'
Mon Sep 03 17:07:34 2018 OPTIONS IMPORT: timers and/or timeouts modified
Mon Sep 03 17:07:34 2018 OPTIONS IMPORT: --ifconfig/up options modified
Mon Sep 03 17:07:34 2018 OPTIONS IMPORT: route options modified
Mon Sep 03 17:07:34 2018 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
Mon Sep 03 17:07:34 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).

RE: OpenVPN [flash] Inactivity timeout (--ping-restart), restarting issue...

I'm definitely no VPN expert, but it looks like it's disconnecting due to lack of activity. Perhaps a test? Try a constant ping to the registration address and see if it stops dropping every 2 minutes?

LoPath
Maintain HiPath 4000 V5 & V6, OpenScape Xpert V4, OpenScape Xpressions, OpenScape Contact Center V8, OpenScape Voice V9

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close