I’ve been seeing bizarre problems with my openvpn client (on linux) over the last couple of days. It would connect, and I could access the network, but the VPN would regularly restart itself and connections would be closed, seeing messages like
Tue May 22 13:19:43 2012 [OpenVPN_Server] Inactivity timeout (--ping-restart), restarting Tue May 22 13:19:43 2012 TCP/UDP: Closing socket
I saw these problems when I tried my profile on several different computers.
I was unable to find anything on the internet about this (possibly my google fu was weak), but we’ve finally managed to track down the problem. I thought I’d put this here in case other people had the same issue.
This seems to happen when you’re running two openvpn clients with the same profile from different computers. I have two computers I use, and I’d left one idle running the VPN client. When I then tried to connect to the VPN from the other computer I would see this behaviour. I then (foolishly) left that computer trying to use the VPN when I went back to the first computer, so now the problem had mysteriously appeared there too.
Anyway, now that I know the issue it’s easy to avoid. Live and learn.
Neat – I’m fairly sure I’ve done that myself without any problems though.
I’ve worked on-site at a client where we had individual VMware-hosted test labs and we connected to our labs via OpenVPN. It was quite common for people to connect more than one client at once to the VPN, e.g. a PC and Mac to test different browsers. I used Windows myself but a lot of the developers there ran Ubuntu so there would be some Linux clients in the mix.
I guess the server software or configuration plays a part but I can’t remember exactly what they were using there.
Yeah, I expect that our config contributes to it in some way. I’m not sure what. I don’t think we’re doing anything particularly funny, but the amount I know about VPNs couldn’t fill a post-it note.
It’s amusing that this post comes right after my “Proper approach to fixing bugs” post, because this is totally an instance of a bug which I just made go away instead of properly understanding it. Mostly because I don’t care that much now that it works. I just thought I’d post about it so the next poor soul who hits something like this has slightly more chance of finding it on Google.
Only one connection per cert (with unique CN) is allowed by default if you use the cert based auth:
http://serverfault.com/questions/104154/why-is-duplicate-cn-not-recommended-in-openvpn
Ah, that’d be it then. Thanks.
Thank you, you’ve solved a problem we just had
Thanks!
Our backup system with the exact same setup was also powered on, so 2 clients with same cert were connecting to the server, resulting in this behavior.
Thanks so much for this post. I have been struggling with this for weeks. My employees will be thrilled.
Thanks a lot, I was off in the wrong direction until I stumbled on this!
Thank you! This is what happened to me. I’ll have to go back to the other remote site and disconnect. Hooray.
I have this problem with one of my users. He is using his cert only on one computer and gets this problem.
I on the other hand use it on 2 with out any problems.
Any clever ideas?
regards, Frank
None. Sorry. I’m really not very knowledgeable about OpenVPN at all, which is probably why it took me as long as it did to debug my issue!
Hello;
I had a scenario where two of three devices worked fine using standard default settings for Open VPN (regardless of which client was used).
One of the computers was connecting via a wireless adapter. It would connect to the VPN server and then at random lose connection with a timeout : “Inactivity timeout (–ping-restart), restarting”
While this general error is experienced by a lot of VPN users, I believe a common one that is overlooked is gateway addressing.
Open VPN tries to set the VPN endpoint for the gateway and can fail for various reasons.
In my experience, the computer with the failing connection was not having ALL it’s network traffic handled over the VPN. Consequently it would fail to set an endpoint and as a result, eventually time out between the VPN server and my device.
Most VPN clients have an option to toggle ‘route all traffic over VPN’ or set a command that removes the gateway setting flag.
Of interesting note, the other computer was near identical in every way concerning it’s operating system, network and VPN settings. Only the hardware varied to a degree. Having tested it again on a wired connection, I did not have this problem.
My conclusion is that while VPN should automatically route all traffic, it’s possible that with wireless connections this is not happening be default and thus requires you to force it to route all traffic.
Pingback: Best of drmaciver.com | David R. MacIver
Genius – many thanks.
Don.
I have the same issue, my openVPN works, but in 15% of the time – it timeout and it restarts, the only thing is strange – it works good at the day and badly in the night, maybe it’s because of traffic in the NET? What do you think guys?