New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenVPN 2.6.5 disconnects if connected to RDP with Windows 2012 Server (every 10 minutes) #391
Comments
The peer tells your client to reconnect. The client is behaving exactly like it should. What kind of server do you use and what the server log say? |
@thxny not sure I agree with @schwabe on the "it's coming from the server", but it's hard to see because your log is incomplete in that regard. Can you please re-run with The pkcs#11 stuff in your log irritates me, but that might be perfectly normal, just caused by Of course, seeing the server log (verb 3 or 4) at the time of disconnect (30seconds before that, to actual disconnect) would also be helpful. |
Hi, 11:38:27 first connecting Full log: |
@cron2 we only log https://github.com/search?q=repo%3AOpenVPN%2Fopenvpn%20remote-exit&type=code With
|
With verb=7 15:45:43 first connecting OpenVPN |
dmsg() requires ENABLE_DEBUG but we probably do not have it on by default in MSVC builds (unlike cross-compile)?. So, verb=7 is not super useful here except that it shows data is flowing right until the restart. Strangely, the first restart happens soon after connection is established and user starts RDP. And then repeated at 10 minute intervals. As its i "remote-exit" in all cases, some script on the server may be doing this, the first of which somehow triggers at "zero" minutes. I think you need to look at the server setup and logs. |
@schwabe, @selvanair I see what you mean - the OCC_EXIT in occ.c logs with
which might not end up somewhere useful. Shall we change this to "about the same" as for the CC-EEN, maybe pointing out that this was OCC
? |
@selvanair @schwabe The important thing is that only some employees have a problem accessing this RDP server. For some it works perfectly fine. |
@thyxNY yes. But the logs show no problems on the client side. The disconnecct is triggered by the server side. |
This has been implemented today and will be part of the upcoming 2.6.6 release (tomorrow-ish). It will not fix the actual problem here, but helps diagnostics. commit 6e68d8c
|
@cron2 I can install the beta software, set the verb variable and give you the current infolog... |
@thyxNY that will just make the issue more obvious but will not give us any better/new information. You need the server side to diagnose what is going on here. |
@thyxNY Is the VPN server same as the RDP server or are you always connected to the same VPN and different RDP servers, one of which causes this issue? I guess the latter as you mention "company" VPN and "data centre" RDP servers. Is RDP tunneled through the VPN connection or in clear? If no RDP session is active, I suppose the VPN stays up for long with no such periodic disconnects, does it? Although the disconnection does appear to be initiated by the server, its bizarre that RDP to an independent server could have anything to do with it. |
@selvanair Yes, connecting to only one server causes this problem. We have no problems with connecting to other servers (neither me nor other employees, 10 minutes/hours/... and all is OK). OpenVPN client disconnection only occurs when trying to connect to terminal server on Windows2012R2.
One VPN Server, then connecting to different servers (or different remote desktop services).
Yes, RDP connection goes through the VPN connection.
Yes.
Yes :-( |
@thyxNY Have you ever found a solution to this issue? |
I have a strange problem connecting with OpenVPN.
I connect to the company using OpenVPN client 2.6.5.
If I run RDP connection to the Windows 2016 Datacenter server - everything is OK.
However, if you connect to a server with Windows 2012 Datacenter R2 (build 9600), the OpenVPN client disconnects exactly every 10 minutes, then reconnects 2-3 seconds and .... the situation repeats every 10 minutes.
I made a config with verb=11 and I have this record from the log:
2023-07-24 15:21:43 us=390000 PKCS#11: __pkcs11h_openssl_ex_data_free entered - parent=000001BDB164C3B0, ptr=0000000000000000, ad=000001BDB164C440, idx=1, argl=0, argp=00007FFFBAD13D38
2023-07-24 15:21:43 us=390000 PKCS#11: __pkcs11h_openssl_ex_data_free entered - parent=000001BDB164BD20, ptr=0000000000000000, ad=000001BDB164BDB0, idx=1, argl=0, argp=00007FFFBAD13D38
2023-07-24 15:21:43 us=390000 TCP/UDP: Closing socket
2023-07-24 15:21:43 us=390000 SIGUSR1[soft,remote-exit] received, process restarting
2023-07-24 15:21:43 us=390000 MANAGEMENT: >STATE:1690204903,RECONNECTING,remote-exit,,,,,
2023-07-24 15:21:43 us=390000 Restart pause, 1 second(s)
2023-07-24 15:21:44 us=406000 Re-using SSL/TLS context
2023-07-24 15:21:44 us=406000 MTU: adding 426 buffer tailroom for compression for 1768 bytes of payload
2023-07-24 15:21:44 us=406000 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2023-07-24 15:21:44 us=406000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2023-07-24 15:21:44 us=406000 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2023-07-24 15:21:44 us=406000 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2023-07-24 15:21:44 us=406000 TCP/UDP: Preserving recently used remote address: [AF_INET]91.207.xx.xx:1194
2023-07-24 15:21:44 us=406000 Socket Buffers: R=[65536->65536] S=[65536->65536]
2023-07-24 15:21:44 us=406000 UDPv4 link local: (not bound)
2023-07-24 15:21:44 us=406000 UDPv4 link remote: [AF_INET]91.207.xx.xx:1194
2023-07-24 15:21:44 us=406000 MANAGEMENT: >STATE:1690204904,WAIT,,,,,,
2023-07-24 15:21:44 us=406000 write_control_auth(): P_CONTROL_HARD_RESET_CLIENT_V2
…
2023-07-24 15:32:25 us=593000 PKCS#11: __pkcs11h_openssl_ex_data_free entered - parent=000001BDB164B870, ptr=0000000000000000, ad=000001BDB164B900, idx=1, argl=0, argp=00007FFFBAD13D38
2023-07-24 15:32:25 us=593000 PKCS#11: __pkcs11h_openssl_ex_data_free entered - parent=000001BDB164AA60, ptr=0000000000000000, ad=000001BDB164AAF0, idx=1, argl=0, argp=00007FFFBAD13D38
2023-07-24 15:32:25 us=593000 TCP/UDP: Closing socket
2023-07-24 15:32:25 us=593000 SIGUSR1[soft,remote-exit] received, process restarting
2023-07-24 15:32:25 us=593000 MANAGEMENT: >STATE:1690205545,RECONNECTING,remote-exit,,,,,
2023-07-24 15:32:25 us=593000 Restart pause, 1 second(s)
2023-07-24 15:32:26 us=609000 Re-using SSL/TLS context
2023-07-24 15:32:26 us=609000 MTU: adding 426 buffer tailroom for compression for 1768 bytes of payload
2023-07-24 15:32:26 us=609000 Control Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1250 tun_max_mtu:0 headroom:126 payload:1600 tailroom:126 ET:0 ]
2023-07-24 15:32:26 us=609000 Data Channel MTU parms [ mss_fix:0 max_frag:0 tun_mtu:1500 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
2023-07-24 15:32:26 us=609000 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2023-07-24 15:32:26 us=609000 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto UDPv4,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2023-07-24 15:32:26 us=609000 TCP/UDP: Preserving recently used remote address: [AF_INET]91.207.xx.xx:1194
2023-07-24 15:32:26 us=609000 Socket Buffers: R=[65536->65536] S=[65536->65536]
2023-07-24 15:32:26 us=609000 UDPv4 link local: (not bound)
2023-07-24 15:32:26 us=609000 UDPv4 link remote: [AF_INET]91.207.xx.xx:1194
2023-07-24 15:32:26 us=609000 MANAGEMENT: >STATE:1690205546,WAIT,,,,,,
2023-07-24 15:32:26 us=609000 write_control_auth(): P_CONTROL_HARD_RESET_CLIENT_V2
Version information (please complete the following information):
The text was updated successfully, but these errors were encountered: