OpenVPN looses connection every hour.

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
iorx
DD-WRT Novice


Joined: 12 Jun 2006
Posts: 11

PostPosted: Thu Feb 01, 2007 12:43    Post subject: OpenVPN looses connection every hour. Reply with quote
This is a Windows 2000 Server with OpenVPN 2.0.7 (server) and DD-WRT v23sp2 vpn (clients)

The problem is that the connection is very shortly interrupted every hour by this message:
"TLS: tls_process: killed"
Then the connection is restored.
This makes IP-phones drop and terminal sessions to disconnect.

I've tried changing the global tcp/udp timeout under "Administration" from 3600 to 600. This doesn't change anything.

Any of you heroes know how to fix this problem?

From the OpenVPN log on the server:
Code:
Thu Feb 01 11:58:32 2007 MULTI: Learn: 10.12.0.1 -> rtrske/[Ext.Ip.Addr.Here]:2051
Thu Feb 01 12:03:54 2007 MULTI: Learn: 10.12.0.1 -> rtrske/[Ext.Ip.Addr.Here]:2051
Thu Feb 01 12:12:17 2007 MULTI: Learn: 10.12.0.139 -> rtrske/[Ext.Ip.Addr.Here]:2051
[b]Thu Feb 01 12:13:00 2007 rtrske/[Ext.Ip.Addr.Here]:2051 TLS: tls_process: killed expiring key[/b]
Thu Feb 01 12:13:02 2007 rtrske/[Ext.Ip.Addr.Here]:2051 TLS: soft reset sec=0 bytes=199773637/0 pkts=285530/0
Thu Feb 01 12:13:05 2007 rtrske/[Ext.Ip.Addr.Here]:2051 VERIFY OK: depth=1,
Thu Feb 01 12:13:05 2007 rtrske/[Ext.Ip.Addr.Here]:2051 VERIFY OK: depth=0,
Thu Feb 01 12:13:05 2007 rtrske/[Ext.Ip.Addr.Here]:2051 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Feb 01 12:13:05 2007 rtrske/[Ext.Ip.Addr.Here]:2051 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 01 12:13:05 2007 rtrske/[Ext.Ip.Addr.Here]:2051 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Feb 01 12:13:05 2007 rtrske/[Ext.Ip.Addr.Here]:2051 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 01 12:13:06 2007 rtrske/[Ext.Ip.Addr.Here]:2051 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Feb 01 12:29:22 2007 MULTI: Learn: 10.12.0.139 -> rtrske/[Ext.Ip.Addr.Here]:2051
Thu Feb 01 12:44:15 2007 MULTI: Learn: 10.12.0.123 -> rtrske/[Ext.Ip.Addr.Here]:2051
Thu Feb 01 12:46:28 2007 MULTI: Learn: 10.12.0.139 -> rtrske/[Ext.Ip.Addr.Here]:2051
Thu Feb 01 13:03:34 2007 MULTI: Learn: 10.12.0.139 -> rtrske/[Ext.Ip.Addr.Here]:2051
[b]Thu Feb 01 13:13:03 2007 rtrske/[Ext.Ip.Addr.Here]:2051 TLS: tls_process: killed expiring key[/b]
Thu Feb 01 13:13:06 2007 rtrske/[Ext.Ip.Addr.Here]:2051 VERIFY OK: depth=1,
Thu Feb 01 13:13:06 2007 rtrske/[Ext.Ip.Addr.Here]:2051 VERIFY OK: depth=0,
Thu Feb 01 13:13:06 2007 rtrske/[Ext.Ip.Addr.Here]:2051 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Feb 01 13:13:06 2007 rtrske/[Ext.Ip.Addr.Here]:2051 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 01 13:13:06 2007 rtrske/[Ext.Ip.Addr.Here]:2051 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Thu Feb 01 13:13:06 2007 rtrske/[Ext.Ip.Addr.Here]:2051 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Feb 01 13:13:07 2007 rtrske/[Ext.Ip.Addr.Here]:2051 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Thu Feb 01 13:15:47 2007 rtrske/[Ext.Ip.Addr.Here]:2051 MULTI: Learn: 10.12.0.123 -> rtrske/[Ext.Ip.Addr.Here]:2051
Thu Feb 01 13:20:37 2007 MULTI: Learn: 10.12.0.139 -> rtrske/[Ext.Ip.Addr.Here]:2051
Sponsor
iorx
DD-WRT Novice


Joined: 12 Jun 2006
Posts: 11

PostPosted: Sat Feb 10, 2007 18:43    Post subject: *Bump* Reply with quote
Anyone?
placebo
DD-WRT User


Joined: 15 Sep 2006
Posts: 200

PostPosted: Tue Mar 13, 2007 10:07    Post subject: Reply with quote
I ran across the solution to your problem while perusing an openvpn mailing list. You want to increase the openvpn parameter reneg-sec from its default of 3600 seconds. You have to do it on both the client and server ends. I believe if you set the parameter to 0, it will disable renegotiation completely.
cyberde
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 1488
Location: the Netherlands

PostPosted: Sat Mar 31, 2007 11:45    Post subject: Reply with quote
Dit this solve the problem? I'm having that problem too.
_________________
Firmware: DD-WRT v24-sp2 (latest available) mega
WRT320N

Donater
cyberde
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 1488
Location: the Netherlands

PostPosted: Tue Apr 03, 2007 14:26    Post subject: Reply with quote
Bumbydump
_________________
Firmware: DD-WRT v24-sp2 (latest available) mega
WRT320N

Donater
placebo
DD-WRT User


Joined: 15 Sep 2006
Posts: 200

PostPosted: Tue Apr 03, 2007 20:13    Post subject: Reply with quote
If you are indeed seeing this problem, why don't you just try the suggested fix and find out for yourself if it works?
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum