OpenVPN connectivity issues
Logwatch was good enough to show me that I had my logs filled with messages like these... repeating themselves over and over ad infinitum:
That's openvpn server complaining that it is getting a connection... and then without a warning another one is started. Worst of all, I had no access to the client logs so I had to guess what's going on.
Good news is, I guessed right. I checked my certificate and it had expired the day before and the clients were dropping the connection as soon as they saw the expired certificate.
I don't know how many times it has been that this has happened now. It was okay with Web, SMTP and IMAP servers since you get a warning in the client but you can still keep working. With OpenVPN it's more subtle than that.
Homework -- figure a way of protecting myself against such errors.
2007-12-20 09:11:21.037917500 90.154.176.176:36999 Re-using SSL/TLS context
2007-12-20 09:11:21.037942500 90.154.176.176:36999 LZO compression initialized
2007-12-20 09:11:21.038038500 90.154.176.176:36999 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:0 EL:0 ]
2007-12-20 09:11:21.038061500 90.154.176.176:36999 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
2007-12-20 09:11:21.038096500 90.154.176.176:36999 Local Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
2007-12-20 09:11:21.038115500 90.154.176.176:36999 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1542,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
2007-12-20 09:11:21.038147500 90.154.176.176:36999 Local Options hash (VER=V4): '14168603'
2007-12-20 09:11:21.038172500 90.154.176.176:36999 Expected Remote Options hash (VER=V4): '504e774e'
2007-12-20 09:11:21.038221500 90.154.176.176:36999 TLS: Initial packet from 90.154.176.176:36999, sid=ae156279 68b55b32
2007-12-20 09:11:24.132401500 90.154.176.176:36986 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2007-12-20 09:11:24.132458500 90.154.176.176:36986 TLS Error: TLS handshake failed
2007-12-20 09:11:24.132578500 90.154.176.176:36986 SIGUSR1[soft,tls-error] received, client-instance restarting
2007-12-20 09:11:25.446516500 MULTI: multi_create_instance called
That's openvpn server complaining that it is getting a connection... and then without a warning another one is started. Worst of all, I had no access to the client logs so I had to guess what's going on.
Good news is, I guessed right. I checked my certificate and it had expired the day before and the clients were dropping the connection as soon as they saw the expired certificate.
I don't know how many times it has been that this has happened now. It was okay with Web, SMTP and IMAP servers since you get a warning in the client but you can still keep working. With OpenVPN it's more subtle than that.
Homework -- figure a way of protecting myself against such errors.
Comments
Post a Comment