VPN keeps crashing

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2  Next
Author Message
phrozen
DD-WRT Novice


Joined: 11 Jan 2007
Posts: 4

PostPosted: Thu Jan 11, 2007 14:49    Post subject: VPN keeps crashing Reply with quote
I'm running DD-WRT v23 SP2 (09/15/06) vpn (SVN revision 3932) on a Buffalo WHR-HP-G54. My client is a Windows XP machine running openVPN GUI, 1.0.3 with OpenVPN 2.0.9.

I'm running a retrospect backup over the VPN and the connection keeps dropping. The VPN connection dies, but the internet connection is fine. The router stays up, everything seems to be fine but the VPN server. After a few minutes, the VPN server comes back and the client reconnects. I can't figure it out. I suspect it might have something to do with Jumbo frames on the DD-WRT LAN side, but I have disabled them and it is still happening.

Here is my VPN config:

Startup:
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
echo "
-----BEGIN OpenVPN Static key V1-----
(removed)
-----END OpenVPN Static key V1-----
" > /tmp/static.key
ln -s /usr/sbin/openvpn /tmp/myvpn
/tmp/myvpn --dev tap0 --secret /tmp/static.key --comp-lzo --port 1194 --proto tcp-server --verb 3 --daemon

Firewall:
iptables -I INPUT 1 -p tcp --dport 1194 -j ACCEPT
Sponsor
Blackraven
DD-WRT User


Joined: 10 Jul 2006
Posts: 398
Location: NL

PostPosted: Thu Jan 11, 2007 21:47    Post subject: Reply with quote
I added the following options to my router (server):
--ping-timer-rem --ping 10 --ping-restart 60
(somehow the --keepalive didn't work, so I had to use this...)
and the following to my client config:
keepalive 10 60
ping-timer-rem

That solved my problem for the loss of connection through the tunnel, hope it helps you, else you should check out www.openvpn.net for more/different options.

_________________
WRT54GL v1.1 DD-WRT v24-SP2 vpn - build 10550
WRT610N v1 DD-WRT v24-preSP2 - build 14929 mega
DIR825 B1 DD-WRT v3.0-r30949 std
phrozen
DD-WRT Novice


Joined: 11 Jan 2007
Posts: 4

PostPosted: Sun Jan 14, 2007 18:52    Post subject: Reply with quote
Nope didn't work for me. It still drops all the time. Argh. It's completely useless for backups and other operations...
ev1te
DD-WRT User


Joined: 03 Jan 2007
Posts: 76
Location: Sweden, Stockholm

PostPosted: Sun Jan 14, 2007 19:01    Post subject: Reply with quote
What kind of speed do you have, for me the WRT54GL router uses 100% CPU when i transfer files in 400 KB/s using openvpn tunnel (after that the speed does't increase couse the router can not handle more throughput)?

Maybe openvpn can not send the packages to keep the connection up and running because of the high CPU load?

_________________
WRT320N
phrozen
DD-WRT Novice


Joined: 11 Jan 2007
Posts: 4

PostPosted: Sun Jan 14, 2007 19:03    Post subject: Reply with quote
I'm sending data over a 384 kbps uplink. It maxes out at 50 kb/s, so that shouldn't be a problem.

Maybe it's something that hasn't been fully tested with WinXP as a client?
ev1te
DD-WRT User


Joined: 03 Jan 2007
Posts: 76
Location: Sweden, Stockholm

PostPosted: Mon Jan 15, 2007 7:51    Post subject: Reply with quote
I have transfered files above 500 MB through my OpenVpn tunnel without problems. How long does it take for the connection to die? (minutes/hours/days)?

Altho I am using a certificate based configuration:

mode server
proto udp
port 1195
dev tap0
keepalive 15 60
push \"route-gateway 192.168.100.1\"
verb 1
comp-lzo
daemon
client-to-client
tls-server
ca ca.crt
dh dh1024.pem
cert server.crt
key server.key

_________________
WRT320N
phrozen
DD-WRT Novice


Joined: 11 Jan 2007
Posts: 4

PostPosted: Wed Jan 17, 2007 21:36    Post subject: Reply with quote
Ahhh! I think I fixed it. Its been up for 24 hours straight now transferring data with no problems. (knock on wood). I think the problem was with TCP. I changed to UDP and it works fine.

WinXP Client config:
Code:
# Use the following for simple connections:
remote SOMEADDRESS.SOMETHING
port 1194
dev tap
secret static.key
proto udp
comp-lzo


DD-WRT Server config:

Startup:
Code:
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 permisc up
echo "
-----BEGIN OpenVPN Static key V1-----
<insert key here>
-----END OpenVPN Static key V1-----
" > /tmp/static.key
ln -s /usr/sbin/openvpn /tmp/myvpn
/tmp/myvpn --dev tap0 --secret /tmp/static.key --port 1194 --proto udp --verb 1 --comp-lzo --daemon


Firewall:
Code:
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
Syndil
DD-WRT Novice


Joined: 09 Jan 2007
Posts: 4

PostPosted: Sun Jan 28, 2007 7:56    Post subject: Reply with quote
Blackraven wrote:
I added the following options to my router (server):
--ping-timer-rem --ping 10 --ping-restart 60
(somehow the --keepalive didn't work, so I had to use this...)
and the following to my client config:
keepalive 10 60
ping-timer-rem

That solved my problem for the loss of connection through the tunnel, hope it helps you, else you should check out www.openvpn.net for more/different options.

Thanks for this. I'd been having a problem with my DD-WRT OpenVPN server on a WRT54GL where the connection would die after a period of inactivity, and I'd have to reconnect manually. According to the man page for OpenVPN the "keepalive" function is just a macro so it doesn't really make sense that it shouldn't work, but that does indeed seem to be the case.
jnjn
DD-WRT User


Joined: 07 Jun 2006
Posts: 448
Location: PRC

PostPosted: Sun Jan 28, 2007 13:09    Post subject: Reply with quote
try use "server-bridge" mode please.
in fact, i'm not running bridge mode openvpn on dd-wrt, i'm running it as a server and another dd-wrt as a client in routing mode.
it works just fine, nothing unstable so far (it's running for about 2 week now). Smile
bigfatlazydork
DD-WRT Novice


Joined: 29 Nov 2007
Posts: 1

PostPosted: Thu Nov 29, 2007 8:35    Post subject: UDP works but not TCP Reply with quote
I followed these steps below and OpenVPN on the WRT54GL worked great (UDP), thank you very much! However I think they're blocing UDP at work because the UDP config doesn't work at my workplace. It works flawlessly everywhere else, I've tried the same config except using "proto tcp-client" entry and it is not working!!!. Anyone else having problems configuring using TCP instead of UDP? Here's a portion of the log:

Thu Nov 29 00:26:02 2007 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Thu Nov 29 00:26:02 2007 LZO compression initialized
Thu Nov 29 00:26:02 2007 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{0DC8DBAD-70EA-4474-B458-159C31199218}.tap
Thu Nov 29 00:26:02 2007 Successful ARP Flush on interface [4] {0DC8DBAD-70EA-4474-B458-159C31199218}
Thu Nov 29 00:26:02 2007 Attempting to establish TCP connection with 68.183.xx.xxx:443
Thu Nov 29 00:26:02 2007 TCP connection established with 68.183.xx.xxx:443
Thu Nov 29 00:26:02 2007 TCPv4_CLIENT link local: [undef]
Thu Nov 29 00:26:02 2007 TCPv4_CLIENT link remote: 68.183.xx.xxx:443
Thu Nov 29 00:26:03 2007 Connection reset, restarting [0]
Thu Nov 29 00:26:03 2007 SIGUSR1[soft,connection-reset] received, process restarting

It then keeps recycling with the above text, any suggestions welcomed, thanks in advance.


phrozen wrote:
Ahhh! I think I fixed it. Its been up for 24 hours straight now transferring data with no problems. (knock on wood). I think the problem was with TCP. I changed to UDP and it works fine.

WinXP Client config:
Code:
# Use the following for simple connections:
remote SOMEADDRESS.SOMETHING
port 1194
dev tap
secret static.key
proto udp
comp-lzo


DD-WRT Server config:

Startup:
Code:
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 permisc up
echo "
-----BEGIN OpenVPN Static key V1-----
<insert key here>
-----END OpenVPN Static key V1-----
" > /tmp/static.key
ln -s /usr/sbin/openvpn /tmp/myvpn
/tmp/myvpn --dev tap0 --secret /tmp/static.key --port 1194 --proto udp --verb 1 --comp-lzo --daemon


Firewall:
Code:
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
tbird2340
DD-WRT Novice


Joined: 21 Sep 2007
Posts: 31

PostPosted: Mon Dec 03, 2007 16:27    Post subject: Reply with quote
Anyone know how I can use the script for DD-WRT to connect to a Cisco VPN Concentrator using vpnc with auto-reconnect along with the OpenVPN Server mode with Static Key?

I tried pasting the code from both scripts and saving it to the startup but that didn't work.

Thanks much.!
seeingwhite
DD-WRT Novice


Joined: 27 Oct 2006
Posts: 35

PostPosted: Fri Jan 04, 2008 9:23    Post subject: Re: UDP works but not TCP Reply with quote
bigfatlazydork wrote:
I followed these steps below and OpenVPN on the WRT54GL worked great (UDP), thank you very much! However I think they're blocing UDP at work because the UDP config doesn't work at my workplace. It works flawlessly everywhere else, I've tried the same config except using "proto tcp-client" entry and it is not working!!!. Anyone else having problems configuring using TCP instead of UDP? Here's a portion of the log:


bigfatlazydork and others -- I am running v24 RC6.2 and am experiencing the identical problem. TCP won't work at all, but UDP ports do. I would use UDP instead, but like you, I need to be able to use OpenVPN with TCP port 443.

This problem should be noted by the devs, as I am the third person in this thread to report the identical problem. Thanks.
placebo
DD-WRT User


Joined: 15 Sep 2006
Posts: 200

PostPosted: Fri Jan 04, 2008 11:03    Post subject: Reply with quote
Just to verify: you're using proto tcp-server on one end, proto tcp-client on the other end, and you modified the firewall command for TCP packets instead of UDP?
seeingwhite
DD-WRT Novice


Joined: 27 Oct 2006
Posts: 35

PostPosted: Fri Jan 04, 2008 18:34    Post subject: Reply with quote
placebo wrote:
Just to verify: you're using proto tcp-server on one end, proto tcp-client on the other end, and you modified the firewall command for TCP packets instead of UDP?


No, TCP does NOT work; only UDP. What we did was used UDP because TCP would not work. Here are my startup and firewall scripts that DO work:

Code:
openvpn --mktun --dev tap0
   brctl addif br0 tap0
   ifconfig tap0 0.0.0.0 promisc up
   echo "-----BEGIN OpenVPN Static key V1-----
***My Key Here***
-----END OpenVPN Static key V1-----" > /tmp/static.key
   ln -s /usr/sbin/openvpn /tmp/myvpn
   /tmp/myvpn --dev tap0 --secret /tmp/static.key --comp-lzo --port 443 --proto udp --verb 3 --daemon


Code:
iptables -I INPUT 1 -p udp --dport 443 -j ACCEPT
placebo
DD-WRT User


Joined: 15 Sep 2006
Posts: 200

PostPosted: Fri Jan 04, 2008 22:07    Post subject: Reply with quote
I guess I should have asked if you were trying those settings. I just wanted to verify that you in fact made those three changes because if you don't make any one of them, it won't work.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum