I’ve been seeing bizarre problems with my openvpn client (on linux) over the last couple of days. It would connect, and I could access the network, but the VPN would regularly restart itself and connections would be closed, seeing messages like
Tue May 22 13:19:43 2012 [OpenVPN_Server] Inactivity timeout (--ping-restart), restarting Tue May 22 13:19:43 2012 TCP/UDP: Closing socket
I saw these problems when I tried my profile on several different computers.
I was unable to find anything on the internet about this (possibly my google fu was weak), but we’ve finally managed to track down the problem. I thought I’d put this here in case other people had the same issue.
This seems to happen when you’re running two openvpn clients with the same profile from different computers. I have two computers I use, and I’d left one idle running the VPN client. When I then tried to connect to the VPN from the other computer I would see this behaviour. I then (foolishly) left that computer trying to use the VPN when I went back to the first computer, so now the problem had mysteriously appeared there too.
Anyway, now that I know the issue it’s easy to avoid. Live and learn.
Neat – I’m fairly sure I’ve done that myself without any problems though.
I’ve worked on-site at a client where we had individual VMware-hosted test labs and we connected to our labs via OpenVPN. It was quite common for people to connect more than one client at once to the VPN, e.g. a PC and Mac to test different browsers. I used Windows myself but a lot of the developers there ran Ubuntu so there would be some Linux clients in the mix.
I guess the server software or configuration plays a part but I can’t remember exactly what they were using there.
Yeah, I expect that our config contributes to it in some way. I’m not sure what. I don’t think we’re doing anything particularly funny, but the amount I know about VPNs couldn’t fill a post-it note.
It’s amusing that this post comes right after my “Proper approach to fixing bugs” post, because this is totally an instance of a bug which I just made go away instead of properly understanding it. Mostly because I don’t care that much now that it works. I just thought I’d post about it so the next poor soul who hits something like this has slightly more chance of finding it on Google.
Only one connection per cert (with unique CN) is allowed by default if you use the cert based auth:
http://serverfault.com/questions/104154/why-is-duplicate-cn-not-recommended-in-openvpn
Ah, that’d be it then. Thanks.
Thank you, you’ve solved a problem we just had
Thanks!
Our backup system with the exact same setup was also powered on, so 2 clients with same cert were connecting to the server, resulting in this behavior.
Thanks so much for this post. I have been struggling with this for weeks. My employees will be thrilled.
Thanks a lot, I was off in the wrong direction until I stumbled on this!