Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openfortivpn stops working after 1 hour #1145

Closed
BrunoTeixeira1996 opened this issue Oct 16, 2023 · 15 comments
Closed

openfortivpn stops working after 1 hour #1145

BrunoTeixeira1996 opened this issue Oct 16, 2023 · 15 comments

Comments

@BrunoTeixeira1996
Copy link

BrunoTeixeira1996 commented Oct 16, 2023
edited
Loading

Hi ,
I am using openfortivpn 1.19.0 but for some reason after around 1 hour the connection hangs and stops.
The log messages remain the same, not giving any sign of exiting or error.

brun0@b:~
VPN account password:
INFO:   Connected to gateway.
INFO:   Authenticated.
INFO:   Remote gateway has allocated a VPN.
Using interface ppp0
Connect: ppp0 <--> /dev/pts/3
INFO:   Got addresses: [10.69.100.4], ns [10.69.70.3, 10.69.70.4], ns_suffix [<company>.int]
INFO:   Negotiation complete.
INFO:   Negotiation complete.
local  IP address 10.69.100.4
remote IP address 169.254.2.1
INFO:   Interface ppp0 is UP.
INFO:   Setting new routes...
INFO:   Adding VPN nameservers...
INFO:   Tunnel is up and running.

The connection remains active for around 1h and then stops but theres no error message.

I am using Debian 12
@DimitriPapadopoulos
Copy link
Collaborator

See https://github.com/adrienverge/openfortivpn/wiki#debugging-openfortivpn.

@BrunoTeixeira1996
Copy link
Author

See https://github.com/adrienverge/openfortivpn/wiki#debugging-openfortivpn.

Doing this right now, going to post the log info shortly

@BrunoTeixeira1996
Copy link
Author

BrunoTeixeira1996 commented Oct 16, 2023
edited by DimitriPapadopoulos
Loading

@DimitriPapadopoulos
Here is the -v -v output

openfortivpn -v -v 
DEBUG:  openfortivpn 1.19.0
DEBUG:  revision unavailable
DEBUG:  Loaded configuration file "/etc/openfortivpn/config".
VPN account password: 
DEBUG:  Configuration host = "myhost"
DEBUG:  Configuration realm = "tunnel"
DEBUG:  Configuration port = "443"
DEBUG:  Configuration username = "myuser"
DEBUG:  Resolving gateway host ip
DEBUG:  Establishing ssl connection
DEBUG:  SO_KEEPALIVE: OFF
DEBUG:  TCP_KEEPIDLE: 7200
DEBUG:  TCP_KEEPINTVL: 75
DEBUG:  TCP_KEEPCNT: 9
DEBUG:  SO_SNDBUF: 16384
DEBUG:  SO_RCVBUF: 131072
DEBUG:  server_addr: _____
DEBUG:  server_port: 443
DEBUG:  gateway_addr: _____
DEBUG:  gateway_port: 443
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Setting minimum protocol version to: 0x303.
DEBUG:  Gateway certificate validation succeeded.
INFO:   Connected to gateway.
DEBUG:  http_send:
POST /remote/logincheck HTTP/1.1
Host: myhost:443
User-Agent: Mozilla/5.0 SV1
Accept: */*
Accept-Encoding: gzip, deflate, br
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT
Content-Type: application/x-www-form-urlencoded
Cookie: 
Content-Length: 87

username=myuser&credential=************************&realm=tunnel&ajax=1
DEBUG:  http_receive:
HTTP/1.1 200 OK
Date: Mon, 16 Oct 2023 11:41:34 GMT
Set-Cookie:  SVPNCOOKIE=; path=/; expires=Sun, 11 Mar 1984 12:00:00 GMT; secure; httponly; SameSite=Strict;
Set-Cookie: SVPNNETWORKCOOKIE=; path=/remote/network; expires=Sun, 11 Mar 1984 12:00:00 GMT; secure; httponly; SameSite=Strict
Transfer-Encoding: chunked
Content-Type: text/plain
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'; object-src 'self'; script-src 'self' https:  'unsafe-eval' 'unsafe-inline' blob:;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

8a    
ret=2,reqid=171263873,polid=1-7-250033ca,grp=something_something,portal=full-access-split-something,magic=7-250033ca,tokeninfo=ftm_push,chal_msg=
0


DEBUG:  Empty cookie.
DEBUG:  http_send:
POST /remote/logincheck HTTP/1.1
Host: remote.something.pt:443
User-Agent: Mozilla/5.0 SV1
Accept: */*
Accept-Encoding: gzip, deflate, br
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT
Content-Type: application/x-www-form-urlencoded
Cookie: SVPNCOOKIE=
Content-Length: 139

username=myuser&realm=tunnel&reqid=171263873&polid=1-7-250033ca&grp=something_something&portal=full-access-split-something&peer=&ftmpush=1
DEBUG:  http_receive:
HTTP/1.1 200 OK
Date: Mon, 16 Oct 2023 11:41:34 GMT
Set-Cookie: SVPNCOOKIE=lOojJTs0PjeKwNfOD+8WJLwjRPNoDi553cEj4+25lImOnsDNy/meSzqKICPvE2BYxXULeYCmtoidlyMXtTWATkULgsNuuc9oNt8t3c6BDK0M2ywyl7AN84dtZrDwQmvCAkhHzUWc7vgJZw6EdhzzEX3yBimAgd/DD3FEAnM7icbzIAleNiyjg8W6eT25Mx5nkSSKIcdFO4w8Iat3lX9CziaKi124LIl1Qjj0XVnxyL7HMAOwGKtTM1XBU421RuXQ++L9ukl9T4pP4y3pN5Kfgv4vbjh6rZN+XiVySoBvq5JJSdLlrAWtfhaC5eXEewKblbqG9t6s+Up3L5aOzNibUIBXU/nwk7LNFaEIJuVtRigqIgiYtk1b7Q9Ph5NsQPwFzrQCzr/i368ujLX1fws=; path=/; secure; httponly; SameSite=Strict
Transfer-Encoding: chunked
Content-Type: text/html
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'; object-src 'self'; script-src 'self' https:  'unsafe-eval' 'unsafe-inline' blob:;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

7e    
<!DOCTYPE html>
<html><head>
<script language='javascript'>
document.location='/sslvpn/portal.html';
</script>
</head></html>

0


DEBUG:  Cookie: SVPNCOOKIE=lOojJTs0PjeKwNfOD+8WJLwjRPNoDi553cEj4+25lImOnsDNy/meSzqKICPvE2BYxXULeYCmtoidlyMXtTWATkULgsNuuc9oNt8t3c6BDK0M2ywyl7AN84dtZrDwQmvCAkhHzUWc7vgJZw6EdhzzEX3yBimAgd/DD3FEAnM7icbzIAleNiyjg8W6eT25Mx5nkSSKIcdFO4w8Iat3lX9CziaKi124LIl1Qjj0XVnxyL7HMAOwGKtTM1XBU421RuXQ++L9ukl9T4pP4y3pN5Kfgv4vbjh6rZN+XiVySoBvq5JJSdLlrAWtfhaC5eXEewKblbqG9t6s+Up3L5aOzNibUIBXU/nwk7LNFaEIJuVtRigqIgiYtk1b7Q9Ph5NsQPwFzrQCzr/i368ujLX1fws=
INFO:   Authenticated.
DEBUG:  Cookie: SVPNCOOKIE=lOojJTs0PjeKwNfOD+8WJLwjRPNoDi553cEj4+25lImOnsDNy/meSzqKICPvE2BYxXULeYCmtoidlyMXtTWATkULgsNuuc9oNt8t3c6BDK0M2ywyl7AN84dtZrDwQmvCAkhHzUWc7vgJZw6EdhzzEX3yBimAgd/DD3FEAnM7icbzIAleNiyjg8W6eT25Mx5nkSSKIcdFO4w8Iat3lX9CziaKi124LIl1Qjj0XVnxyL7HMAOwGKtTM1XBU421RuXQ++L9ukl9T4pP4y3pN5Kfgv4vbjh6rZN+XiVySoBvq5JJSdLlrAWtfhaC5eXEewKblbqG9t6s+Up3L5aOzNibUIBXU/nwk7LNFaEIJuVtRigqIgiYtk1b7Q9Ph5NsQPwFzrQCzr/i368ujLX1fws=
DEBUG:  http_send:
GET /remote/index HTTP/1.1
Host: remote.something.pt:443
User-Agent: Mozilla/5.0 SV1
Accept: */*
Accept-Encoding: gzip, deflate, br
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT
Content-Type: application/x-www-form-urlencoded
Cookie: SVPNCOOKIE=lOojJTs0PjeKwNfOD+8WJLwjRPNoDi553cEj4+25lImOnsDNy/meSzqKICPvE2BYxXULeYCmtoidlyMXtTWATkULgsNuuc9oNt8t3c6BDK0M2ywyl7AN84dtZrDwQmvCAkhHzUWc7vgJZw6EdhzzEX3yBimAgd/DD3FEAnM7icbzIAleNiyjg8W6eT25Mx5nkSSKIcdFO4w8Iat3lX9CziaKi124LIl1Qjj0XVnxyL7HMAOwGKtTM1XBU421RuXQ++L9ukl9T4pP4y3pN5Kfgv4vbjh6rZN+XiVySoBvq5JJSdLlrAWtfhaC5eXEewKblbqG9t6s+Up3L5aOzNibUIBXU/nwk7LNFaEIJuVtRigqIgiYtk1b7Q9Ph5NsQPwFzrQCzr/i368ujLX1fws=
Content-Length: 0


DEBUG:  http_receive:
HTTP/1.1 403 Forbidden
Date: Mon, 16 Oct 2023 11:41:45 GMT
Transfer-Encoding: chunked
Content-Type: text/html
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'; object-src 'self'; script-src 'self' https:  'unsafe-eval' 'unsafe-inline' blob:;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

698   
<HTML>
<HEAD>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<link href="/sslvpn/css/ssl_style.css" rel="stylesheet" type="text/css">
<script type='text/javascript' src='/remote/fgt_lang?lang=en'></script>
</head>
<body class="main">
<table class="container" cellpadding="0" cellspacing="0">
<tr>
<td><table class="dialog" width=300 align="center" cellpadding="0" cellspacing="0">
<tr>
<td><table class="header" cellpadding="0" cellspacing="0">
<tr>
<td id="err_title"></td>
</tr>
</table></td>
</tr>
<script>document.getElementById('err_title').innerHTML=fgt_lang['error'];</script>
<tr>
<td class="body" height=100><table class="body"><tr><td id='err_val' title='403' align="center">
<script>
var errval_elem=document.getElementById('err_val');
var errval=errval_elem.getAttribute('title').split(',');
var err_str = fgt_lang[errval[0]];
if (err_str == undefined) {
   errval_elem.innerHTML = "some unknown error!<br>";
} else {   if (errval.length == 2) {
       err_str = encodeURIComponent(err_str.replace("%d", errval[1]));
       err_str = err_str.replace(/%20/g, " ");   }
   errval_elem.innerHTML = err_str;
}
</script></td></tr></table></td>
</tr>
<tr><td>
<table class="footer" cellpadding="0" cellspacing="0">
<tr><td>
<input id="ok_button" type="button" value="" onclick="chkbrowser()" style="width:80px">
</td></tr>
</table>
</td></tr>
</table>
</body>
<script language = "javascript">
document.getElementById('ok_button').value=fgt_lang['ok'];
function chkbrowser() {
if (window.location.pathname == "/remote/login")
window.location.reload();
else
window.location.href = "/remote/login";}
</script>
</html>

0

0


DEBUG:  http_send:
GET /remote/fortisslvpn HTTP/1.1
Host: remote.something.pt:443
User-Agent: Mozilla/5.0 SV1
Accept: */*
Accept-Encoding: gzip, deflate, br
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT
Content-Type: application/x-www-form-urlencoded
Cookie: SVPNCOOKIE=lOojJTs0PjeKwNfOD+8WJLwjRPNoDi553cEj4+25lImOnsDNy/++L9ukl9T4pP4y3pN5Kfgv4vbjh6rZN+XiVySoBvq5JJSdLlrAWtfhaC5eXEewKblbqG9t6s+Up3L5aOzNibUIBXU/nwk7LNFaEIJuVtRigqIgiYtk1b7Q9Ph5NsQPwFzrQCzr/i368ujLX1fws=
Content-Length: 0


DEBUG:  http_receive:
HTTP/1.1 200 OK
Date: Mon, 16 Oct 2023 11:41:45 GMT
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'; object-src 'self'; script-src 'self' https:  'unsafe-eval' 'unsafe-inline' blob:;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

5ba   
<HTML>
<HEAD>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<META http-equiv="Pragma" content="no-cache">
<META http-equiv="cache-control" content="no-cache">
<META http-equiv="cache-control" content="must-revalidate">
<!-- SSL-VPN protocol version:
embed.FGTversion = 1;
fortisslvpn.FGTversion = 1
-->
<body>
<form NAME="Form1" on>
<input TYPE="hidden" NAME="Text6" VALUE="">
<input TYPE="hidden" NAME="Text3" value="">
<input TYPE="hidden" name="text6" VALUE="">
<input type="hidden" name="text7" value="0"></form>
<script>
var cookie_str='lOojJTs0PjeKwNfOD+8WJLwjRPNoDi553cEj4+//DD3FEAnM7icbzIAleNiyjg8W6eT25Mx5nkSSKIcdFO4w8Iat3lX9CziaKi124LIl1Qjj0XVnxyL7HMAOwGKtTM1XBU421RuXQ++L9ukl9T4pP4y3pN5Kfgv4vbjh6rZN+XiVySoBvq5JJSdLlrAWtfhaC5eXEewKblbqG9t6s+Up3L5aOzNibUIBXU/nwk7LNFaEIJuVtRigqIgiYtk1b7Q9Ph5NsQPwFzrQCzr/i368ujLX1fws=';
</script><!-- fortisslvpn.serverip = Document.form1.text3.value+'?'+'lOojJTs0PjeKwNfOD+8WJLwjRPNoDi553cEj4+25lImOnsDNy/meSzqKICPvE2BYxXULeYCmtoidlyMXtTWATkULgsNuuc9oNt8t3c6BDK0M2ywyl7AN84dtZrDwQmvCAkhHzUWc7vgJZw6EdhzzEX3yBimAgd/DD3FEAnM7icbzIAleNiyjg8W6eT25Mx5nkSSKIcdFO4w8Iat3lX9CziaKi124LIl1Qjj0XVnxyL7HMAOwGKtTM1XBU421RuXQ++L9ukl9T4pP4y3pN5Kfgv4vbjh6rZN+XiVySoBvq5JJSdLlrAWtfhaC5eXEewKblbqG9t6s+Up3L5aOzNibUIBXU/nwk7LNFaEIJuVtRigqIgiYtk1b7Q9Ph5NsQPwFzrQCzr/i368ujLX1fws=' -->
</body>
</HTML>

0

mentById('ok_button').value=fgt_lang['ok'];
function chkbrowser() {
if (window.location.pathname == "/remote/login")
window.location.reload();
else
window.location.href = "/remote/login";}
</script>
</html>

0

0


INFO:   Remote gateway has allocated a VPN.
DEBUG:  SO_KEEPALIVE: OFF
DEBUG:  TCP_KEEPIDLE: 7200
DEBUG:  TCP_KEEPINTVL: 75
DEBUG:  TCP_KEEPCNT: 9
DEBUG:  SO_SNDBUF: 16384
DEBUG:  SO_RCVBUF: 131072
DEBUG:  server_addr: 93.108.234.105
DEBUG:  server_port: 443
DEBUG:  gateway_addr: 93.108.234.105
DEBUG:  gateway_port: 443
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Setting minimum protocol version to: 0x303.
DEBUG:  Gateway certificate validation succeeded.
DEBUG:  Retrieving configuration
DEBUG:  http_send:
GET /remote/fortisslvpn_xml HTTP/1.1
Host: remote.something.pt:443
User-Agent: Mozilla/5.0 SV1
Accept: */*
Accept-Encoding: gzip, deflate, br
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT
Content-Type: application/x-www-form-urlencoded
Cookie: SVPNCOOKIE=lOojJTs0PjeKwNfOD+/DD3FEAnM7icbzIAleNiyjg8W6eT25Mx5nkSSKIcdFO4w8Iat3lX9CziaKi124LIl1Qjj0XVnxyL7HMAOwGKtTM1XBU421RuXQ++L9ukl9T4pP4y3pN5Kfgv4vbjh6rZN+XiVySoBvq5JJSdLlrAWtfhaC5eXEewKblbqG9t6s+Up3L5aOzNibUIBXU/nwk7LNFaEIJuVtRigqIgiYtk1b7Q9Ph5NsQPwFzrQCzr/i368ujLX1fws=
Content-Length: 0


DEBUG:  http_receive:
HTTP/1.1 200 OK
Date: Mon, 16 Oct 2023 11:41:45 GMT
Transfer-Encoding: chunked
Content-Type: text/xml
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'; object-src 'self'; script-src 'self' https:  'unsafe-eval' 'unsafe-inline' blob:;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

395   
<?xml version='1.0' encoding='utf-8'?><sslvpn-tunnel ver='2' dtls='1' patch='1'><dtls-config heartbeat-interval='10' heartbeat-fail-count='10' heartbeat-idle-timeout='10' client-hello-timeout='10' /><tunnel-method value='ppp' /><tunnel-method value='tun' /><tunnel-method value='websocket' /><auth-ses check-src-ip='1' tun-connect-without-reauth='0' tun-user-ses-timeout='30' /><client-config save-password='on' keep-alive='on' auto-connect='off' /><ipv4><dns domain='something.int' /><dns ip='10.69.70.3' /><dns ip='10.69.70.4' /><assigned-addr ipv4='10.69.100.1' /><split-tunnel-info><addr ip='10.69.69.10' mask='255.255.255.255' /><addr ip='10.69.69.10' mask='255.255.255.255' /><addr ip='10.69.69.253' mask='255.255.255.255' /><addr ip='10.69.70.0' mask='255.255.255.0' /><addr ip='10.69.81.0' mask='255.255.255.0' /></split-tunnel-info></ipv4><idle-timeout val='14400' /><auth-timeout val='36000' /></sslvpn-tunnel>
0


DEBUG:  found dns suffix something.int in xml config
DEBUG:  found dns server 10.69.70.3 in xml config
DEBUG:  found dns server 10.69.70.4 in xml config
DEBUG:  Establishing the tunnel
DEBUG:  ppp_path: /usr/sbin/pppd
DEBUG:  Switch to tunneling mode
DEBUG:  http_send:
GET /remote/sslvpn-tunnel HTTP/1.1
Host: sslvpn
Cookie: SVPNCOOKIE=lOojJTs0PjeKwNfOD+25lImOnsDNy/meSzqKICPvE2BYxXULeYCmtoidlyMXtTWATkULgsNuuc9oNt8t3c6BDK0M2ywyl7AN84dtZrDwQmvCAkhHzUWc7vgJZw6EdhzzEX3yBimAgd/DD3FEAnM7icbzIAleNiyjg8W6eT25Mx5nkSSKIcdFO4w8Iat3lX9CziaKi124LIl1Qjj0XVnxyL7HMAOwGKtTM1XBU421RuXQ++L9ukl9T4pP4y3pN5Kfgv4vbjh6rZN+XiVySoBvq5JJSdLlrAWtfhaC5eXEewKblbqG9t6s+Up3L5aOzNibUIBXU/nwk7LNFaEIJuVtRigqIgiYtk1b7Q9Ph5NsQPwFzrQCzr/i368ujLX1fws=


DEBUG:  Starting IO through the tunnel
DEBUG:  pppd_read thread
DEBUG:  ssl_read thread
DEBUG:  if_config thread
DEBUG:  ssl_write thread
DEBUG:  pppd_write thread
DEBUG:  pppd ---> gateway (16 bytes)
pppd:   c0 21 01 01 00 0e 01 04 05 4a 05 06 32 1a fe 6e

DEBUG:  gateway ---> pppd (12 bytes)
gtw:    c0 21 01 01 00 0a 05 06 9a b9 05 cc

DEBUG:  pppd ---> gateway (12 bytes)
pppd:   c0 21 02 01 00 0a 05 06 9a b9 05 cc

DEBUG:  gateway ---> pppd (16 bytes)
gtw:    c0 21 02 01 00 0e 01 04 05 4a 05 06 32 1a fe 6e

DEBUG:  pppd ---> gateway (10 bytes)
pppd:   c0 21 09 00 00 08 32 1a fe 6e

DEBUG:  pppd ---> gateway (17 bytes)
pppd:   80 fd 01 01 00 0f 1a 04 78 00 18 04 78 00 15 03 2f

And here is the pppd-log output

using channel 6
Using interface ppp0
Connect: ppp0 <--> /dev/pts/9
sent [LCP ConfReq id=0x1 <mru 1354> <magic 0x321afe6e>]
rcvd [LCP ConfReq id=0x1 <magic 0x9ab905cc>]
sent [LCP ConfAck id=0x1 <magic 0x9ab905cc>]
rcvd [LCP ConfAck id=0x1 <mru 1354> <magic 0x321afe6e>]
sent [LCP EchoReq id=0x0 magic=0x321afe6e]
sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>]
sent [IPV6CP ConfReq id=0x1 <addr fe80::fd94:60cc:1182:7ac6>]
rcvd [IPCP ConfReq id=0x1 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x1 <addr 169.254.2.1>]
rcvd [LCP EchoRep id=0x0 magic=0x9ab905cc]
rcvd [CCP ConfReq id=0x1]
sent [CCP ConfAck id=0x1]
rcvd [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
sent [CCP ConfReq id=0x2]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 0.0.0.0>]
rcvd [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a fd 94 60 cc 11 82 7a c6 64 01]
Protocol-Reject for 'IPv6 Control Protocol' (0x8057) received
rcvd [IPCP ConfReq id=0x2 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x2 <addr 169.254.2.1>]
rcvd [CCP ConfAck id=0x2]
rcvd [IPCP ConfNak id=0x2 <addr 10.69.100.1>]
sent [IPCP ConfReq id=0x3 <addr 10.69.100.1>]
rcvd [IPCP ConfReq id=0x3 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x3 <addr 169.254.2.1>]
rcvd [IPCP ConfAck id=0x3 <addr 10.69.100.1>]
rcvd [IPCP ConfReq id=0x4 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x4 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x5 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x5 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x6 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x6 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x7 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x7 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x8 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x8 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x9 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x9 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0xa <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0xa <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0xb <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0xb <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0xc <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0xc <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0xd <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0xd <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0xe <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0xe <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0xf <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0xf <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x10 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x10 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x11 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x11 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x12 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x12 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x13 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x13 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x14 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x14 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x15 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x15 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x16 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x16 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x17 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x17 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x18 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x18 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x19 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x19 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x1a <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x1a <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x1b <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x1b <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x1c <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x1c <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x1d <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x1d <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x1e <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x1e <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x1f <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x1f <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x20 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x20 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x21 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x21 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x22 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x22 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x23 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x23 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x24 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x24 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x25 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x25 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x26 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x26 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x27 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x27 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x28 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x28 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x29 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x29 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x2a <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x2a <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x2b <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x2b <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x2c <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x2c <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x2d <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x2d <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x2e <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x2e <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x2f <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x2f <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x30 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x30 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x31 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x31 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x32 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x32 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x33 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x33 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x34 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x34 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x35 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x35 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x36 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x36 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x37 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x37 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x38 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x38 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x39 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x39 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x3a <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x3a <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x3b <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x3b <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x3c <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x3c <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x3d <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x3d <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x3e <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x3e <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x3f <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x3f <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x40 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x40 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x41 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x41 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x42 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x42 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x43 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x43 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x44 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x44 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x45 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x45 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x46 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x46 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x47 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x47 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x48 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x48 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x49 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x49 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x4a <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x4a <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x4b <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x4b <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x4c <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x4c <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x4d <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x4d <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x4e <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x4e <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x4f <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x4f <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x50 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x50 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x51 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x51 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x52 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x52 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x53 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x53 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x54 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x54 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x55 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x55 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x56 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x56 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x57 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x57 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x58 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x58 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x59 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x59 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x5a <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x5a <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x5b <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x5b <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x5c <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x5c <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x5d <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x5d <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x5e <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x5e <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x5f <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x5f <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x60 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x60 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x61 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x61 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x62 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x62 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x63 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x63 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x64 <addr PUBLIC_IP.105>]
sent [IPCP ConfNak id=0x64 <addr 169.254.2.1>]
rcvd [IPCP ConfReq id=0x65 <addr PUBLIC_IP.105>]
sent [IPCP ConfRej id=0x65 <addr PUBLIC_IP.105>]
rcvd [IPCP ConfReq id=0x66 <addrs PUBLIC_IP.105 10.69.100.1>]
sent [IPCP ConfRej id=0x66 <addrs PUBLIC_IP.105 10.69.100.1>]
rcvd [IPCP ConfReq id=0x67]
sent [IPCP ConfAck id=0x67]
Script /etc/ppp/ip-pre-up started (pid 18305)
Script /etc/ppp/ip-pre-up finished (pid 18305), status = 0x0
local  IP address 10.69.100.1
remote IP address 169.254.2.1
Script /etc/ppp/ip-up started (pid 18308)
Script /etc/ppp/ip-up finished (pid 18308), status = 0x0

Like I said, after a couple of minutes I got no message about connection lost but I lose connectivity with the VPN.

@BrunoTeixeira1996
Copy link
Author

Adding to the above log output. Here is the result of ip route.
image
I think this has duplicates interfaces for some reason

@DimitriPapadopoulos
Copy link
Collaborator

Something must be happening when you lose connectivity. Something else might overwrite network parameters.

What do you see in system logs when you lose connectivity?

@BrunoTeixeira1996
Copy link
Author

I realy think its network managers fault for some reason.
In the systems logs everything is normal and looks like everything is working. But that is not the case

@DimitriPapadopoulos
Copy link
Collaborator

Yes, it probably has to do with the network manager. To tell the truth, openfortivpn does not do the right thing when directly modifying /etc/resolv.conf. Having resolvconf installed might help.

@BrunoTeixeira1996
Copy link
Author

I can confirm I don't have resolvconf installed

$ resolvconf
bash: resolvconf: command not found

Do you think that might help? I can install and test and come back with further information if that worked or no

@DimitriPapadopoulos
Copy link
Collaborator

It may help if resolvconf does the right thing.

@BrunoTeixeira1996
Copy link
Author

BrunoTeixeira1996 commented Oct 24, 2023
edited by DimitriPapadopoulos
Loading

It may help if resolvconf does the right thing.

By installing resolvconf I have the following error, wut

brun0@hhh:~
$ sudo apt install resolvconf
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  resolvconf
0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
Need to get 55.6 kB of archives.
After this operation, 184 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian bookworm/main amd64 resolvconf all 1.91+nmu1 [55.6 kB]
Fetched 55.6 kB in 0s (516 kB/s)    
Preconfiguring packages ...
Selecting previously unselected package resolvconf.
(Reading database ... 189751 files and directories currently installed.)
Preparing to unpack .../resolvconf_1.91+nmu1_all.deb ...
Unpacking resolvconf (1.91+nmu1) ...
Setting up resolvconf (1.91+nmu1) ...
Created symlink /etc/systemd/system/sysinit.target.wants/resolvconf.service → /lib/systemd/system/resolvconf.service.
Created symlink /etc/systemd/system/systemd-resolved.service.wants/resolvconf-pull-resolved.path → /lib/systemd/system/resolvconf-pull-resolved.path.
Unit /lib/systemd/system/resolvconf-pull-resolved.path is added as a dependency to a non-existent unit systemd-resolved.service.
Created symlink /etc/systemd/system/systemd-resolved.service.wants/resolvconf-pull-resolved.service → /lib/systemd/system/resolvconf-pull-resolved.service.
Unit /lib/systemd/system/resolvconf-pull-resolved.service is added as a dependency to a non-existent unit systemd-resolved.service.
Job for dnsmasq.service failed because the control process exited with error code.
See "systemctl status dnsmasq.service" and "journalctl -xeu dnsmasq.service" for details.
invoke-rc.d: initscript dnsmasq, action "restart" failed.
× dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
     Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Tue 2023-10-24 16:52:52 WEST; 4ms ago
   Duration: 2h 29min 19.723s
    Process: 11364 ExecStartPre=/etc/init.d/dnsmasq checkconfig (code=exited, status=0/SUCCESS)
    Process: 11374 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=2)
        CPU: 20ms

Oct 24 16:52:52 L8-BTeixeira systemd[1]: Starting dnsmasq.service - dnsmasq - A lightweight DH
CP and caching DNS server...
Oct 24 16:52:52 L8-BTeixeira dnsmasq[11374]: dnsmasq: failed to create listening socket for po
rt 53: Address already in use
Oct 24 16:52:52 L8-BTeixeira dnsmasq[11374]: failed to create listening socket for port 53: Ad
dress already in use
Oct 24 16:52:52 L8-BTeixeira dnsmasq[11374]: FAILED to start up
Oct 24 16:52:52 L8-BTeixeira systemd[1]: dnsmasq.service: Control process exited, code=exited,
 status=2/INVALIDARGUMENT
Oct 24 16:52:52 L8-BTeixeira systemd[1]: dnsmasq.service: Failed with result 'exit-code'.
Oct 24 16:52:52 L8-BTeixeira systemd[1]: Failed to start dnsmasq.service - dnsmasq - A lightwe
ight DHCP and caching DNS server.
Processing triggers for man-db (2.11.2-2) ...
Processing triggers for resolvconf (1.91+nmu1) ...
brun0@hhh:~
$ resolvconf
bash: resolvconf: command not found

@BrunoTeixeira1996
Copy link
Author

maemo-leste/bugtracker#583

@DimitriPapadopoulos
Copy link
Collaborator

There are multiple variants of resolvconf:

You have installed the first one, which might be a good idea as you seem to run Debian. Not sure about the error messages you see. Have they been fixed maemo-leste/libicd-network-ipv4#3? Hasn't the fix been propagated to your distribution?

@BrunoTeixeira1996
Copy link
Author

There are multiple variants of resolvconf:

You have installed the first one, which might be a good idea as you seem to run Debian. Not sure about the error messages you see. Have they been fixed maemo-leste/libicd-network-ipv4#3? Hasn't the fix been propagated to your distribution?

I dont remember why i was using dnsmasq to be fair. I think I wanted to access some internal services by name but I dont use that anymore so I just removed it and installed resolvconf.
Tomorrow Ill test if the openfortivpn works fine and If yes we can close this

@BrunoTeixeira1996
Copy link
Author

@DimitriPapadopoulos After around 4 hours of using openfortivpn the connection remained fine. I realy think the problem was the dnsmasq and the unused resolvconf. Ill let the vpn today for around 5+ hours and see the final result

@BrunoTeixeira1996
Copy link
Author

@DimitriPapadopoulos I can confirm that this is working as intended!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DimitriPapadopoulos @BrunoTeixeira1996