Posted: Thu Jan 11, 2007 14:49 Post subject: VPN keeps crashing
I'm running DD-WRT v23 SP2 (09/15/06) vpn (SVN revision 3932) on a Buffalo WHR-HP-G54. My client is a Windows XP machine running openVPN GUI, 1.0.3 with OpenVPN 2.0.9.
I'm running a retrospect backup over the VPN and the connection keeps dropping. The VPN connection dies, but the internet connection is fine. The router stays up, everything seems to be fine but the VPN server. After a few minutes, the VPN server comes back and the client reconnects. I can't figure it out. I suspect it might have something to do with Jumbo frames on the DD-WRT LAN side, but I have disabled them and it is still happening.
I added the following options to my router (server):
--ping-timer-rem --ping 10 --ping-restart 60
(somehow the --keepalive didn't work, so I had to use this...)
and the following to my client config:
keepalive 10 60
ping-timer-rem
That solved my problem for the loss of connection through the tunnel, hope it helps you, else you should check out www.openvpn.net for more/different options. _________________ EA6900 DD-WRT v3.0-r48305 std
EA6900 FreshTomato 2022.1
DIR825 B1 DD-WRT v3.0-r30949 std
retired:
WRT54GL v1.1 DD-WRT v24-SP2 vpn - build 10550
WRT610N v1 DD-WRT v24-preSP2 - build 14929 mega
Joined: 03 Jan 2007 Posts: 76 Location: Sweden, Stockholm
Posted: Sun Jan 14, 2007 19:01 Post subject:
What kind of speed do you have, for me the WRT54GL router uses 100% CPU when i transfer files in 400 KB/s using openvpn tunnel (after that the speed does't increase couse the router can not handle more throughput)?
Maybe openvpn can not send the packages to keep the connection up and running because of the high CPU load? _________________ WRT320N
Joined: 03 Jan 2007 Posts: 76 Location: Sweden, Stockholm
Posted: Mon Jan 15, 2007 7:51 Post subject:
I have transfered files above 500 MB through my OpenVpn tunnel without problems. How long does it take for the connection to die? (minutes/hours/days)?
Altho I am using a certificate based configuration:
mode server
proto udp
port 1195
dev tap0
keepalive 15 60
push \"route-gateway 192.168.100.1\"
verb 1
comp-lzo
daemon
client-to-client
tls-server
ca ca.crt
dh dh1024.pem
cert server.crt
key server.key _________________ WRT320N
Ahhh! I think I fixed it. Its been up for 24 hours straight now transferring data with no problems. (knock on wood). I think the problem was with TCP. I changed to UDP and it works fine.
WinXP Client config:
Code:
# Use the following for simple connections:
remote SOMEADDRESS.SOMETHING
port 1194
dev tap
secret static.key
proto udp
comp-lzo
I added the following options to my router (server):
--ping-timer-rem --ping 10 --ping-restart 60
(somehow the --keepalive didn't work, so I had to use this...)
and the following to my client config:
keepalive 10 60
ping-timer-rem
That solved my problem for the loss of connection through the tunnel, hope it helps you, else you should check out www.openvpn.net for more/different options.
Thanks for this. I'd been having a problem with my DD-WRT OpenVPN server on a WRT54GL where the connection would die after a period of inactivity, and I'd have to reconnect manually. According to the man page for OpenVPN the "keepalive" function is just a macro so it doesn't really make sense that it shouldn't work, but that does indeed seem to be the case.
try use "server-bridge" mode please.
in fact, i'm not running bridge mode openvpn on dd-wrt, i'm running it as a server and another dd-wrt as a client in routing mode.
it works just fine, nothing unstable so far (it's running for about 2 week now).
Posted: Thu Nov 29, 2007 8:35 Post subject: UDP works but not TCP
I followed these steps below and OpenVPN on the WRT54GL worked great (UDP), thank you very much! However I think they're blocing UDP at work because the UDP config doesn't work at my workplace. It works flawlessly everywhere else, I've tried the same config except using "proto tcp-client" entry and it is not working!!!. Anyone else having problems configuring using TCP instead of UDP? Here's a portion of the log:
Thu Nov 29 00:26:02 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Thu Nov 29 00:26:02 2007 LZO compression initialized
Thu Nov 29 00:26:02 2007 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{0DC8DBAD-70EA-4474-B458-159C31199218}.tap
Thu Nov 29 00:26:02 2007 Successful ARP Flush on interface [4] {0DC8DBAD-70EA-4474-B458-159C31199218}
Thu Nov 29 00:26:02 2007 Attempting to establish TCP connection with 68.183.xx.xxx:443
Thu Nov 29 00:26:02 2007 TCP connection established with 68.183.xx.xxx:443
Thu Nov 29 00:26:02 2007 TCPv4_CLIENT link local: [undef]
Thu Nov 29 00:26:02 2007 TCPv4_CLIENT link remote: 68.183.xx.xxx:443
Thu Nov 29 00:26:03 2007 Connection reset, restarting [0]
Thu Nov 29 00:26:03 2007 SIGUSR1[soft,connection-reset] received, process restarting
It then keeps recycling with the above text, any suggestions welcomed, thanks in advance.
phrozen wrote:
Ahhh! I think I fixed it. Its been up for 24 hours straight now transferring data with no problems. (knock on wood). I think the problem was with TCP. I changed to UDP and it works fine.
WinXP Client config:
Code:
# Use the following for simple connections:
remote SOMEADDRESS.SOMETHING
port 1194
dev tap
secret static.key
proto udp
comp-lzo
Anyone know how I can use the script for DD-WRT to connect to a Cisco VPN Concentrator using vpnc with auto-reconnect along with the OpenVPN Server mode with Static Key?
I tried pasting the code from both scripts and saving it to the startup but that didn't work.
Posted: Fri Jan 04, 2008 9:23 Post subject: Re: UDP works but not TCP
bigfatlazydork wrote:
I followed these steps below and OpenVPN on the WRT54GL worked great (UDP), thank you very much! However I think they're blocing UDP at work because the UDP config doesn't work at my workplace. It works flawlessly everywhere else, I've tried the same config except using "proto tcp-client" entry and it is not working!!!. Anyone else having problems configuring using TCP instead of UDP? Here's a portion of the log:
bigfatlazydork and others -- I am running v24 RC6.2 and am experiencing the identical problem. TCP won't work at all, but UDP ports do. I would use UDP instead, but like you, I need to be able to use OpenVPN with TCP port 443.
This problem should be noted by the devs, as I am the third person in this thread to report the identical problem. Thanks.
Just to verify: you're using proto tcp-server on one end, proto tcp-client on the other end, and you modified the firewall command for TCP packets instead of UDP?
Just to verify: you're using proto tcp-server on one end, proto tcp-client on the other end, and you modified the firewall command for TCP packets instead of UDP?
No, TCP does NOT work; only UDP. What we did was used UDP because TCP would not work. Here are my startup and firewall scripts that DO work:
I guess I should have asked if you were trying those settings. I just wanted to verify that you in fact made those three changes because if you don't make any one of them, it won't work.
