OpenVPN connection reset

Hi all,

I am using OpenVPN with two openwrt router, one as server and one as client. When I use udp protocol I can connect to the server normally, but if I change to tcp protocol, the connection will be established and reset over and over. I have no idea where is the problem, has anyone met the same problem?

Here is part of the logs:

Config:

client
dev tun
proto udp
remote xxx.xx.xx.xx 51980
resolv-retry infinite
nobind
persist-key
persist-tun
auth SHA256
cipher AES-256-GCM
comp-lzo adaptive
nice 0
mute 5
verb 3

1 Like

Remove that from both client and server.

2 Likes

Thanks very much for your reply.

It helps a lot, I won't get connection reset error everytime, but it still happens randomly. By the way, can I know why this config line will cause this problem?

Now I get this error sometimes:

You can try to comment out those options and increase log verbosity:

Similar threads:

It might be also related to your ISP and their traffic shaping and/or DPI.

2 Likes

Appreciate your help, I will increase log verbosity and check again.

1 Like

I am facing another problem now...
From the logs, I can see OpenVPN added ipv4 addr to tun interface, but when I check the interface the ipv4 addr didn't exist, which causes network unreachable error.

Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: OPTIONS IMPORT: timers and/or timeouts modified
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: OPTIONS IMPORT: --persist options modified
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: OPTIONS IMPORT: --ifconfig/up options modified
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: OPTIONS IMPORT: route options modified
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: NOTE: --mute triggered...
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: 4 variation(s) on previous 5 message(s) suppressed by --mute
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: net_route_v4_best_gw query: dst 0.0.0.0
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: sitnl_send: checking for received messages
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: sitnl_send: rtnl: received 1028 bytes
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: net_route_v4_best_gw result: via 192.168.113.1 dev eth0.2
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: TUN/TAP device tun0 opened
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: do_ifconfig, ipv4=1, ipv6=0
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: net_iface_mtu_set: mtu 1500 for tun0
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: sitnl_send: checking for received messages
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: sitnl_send: rtnl: received 36 bytes
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: net_iface_up: set tun0 up
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: sitnl_send: checking for received messages
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: sitnl_send: rtnl: received 36 bytes
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: net_addr_v4_add: 10.8.0.2/24 dev tun0
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: sitnl_send: checking for received messages
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: sitnl_send: rtnl: received 36 bytes
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: /etc/openvpn/update-resolv-conf tun0 1500 1624 10.8.0.2 255.255.255.0 init
Thu Mar 18 07:09:23 2021 daemon.notice openvpn[16820]: UDP WRITE [22] to [AF_INET]192.168.113.169:52000: P_ACK_V1 kid=0 [ 5 ]
Thu Mar 18 07:09:24 2021 daemon.notice openvpn[16820]: UDP WRITE [100] to [AF_INET]192.168.113.169:52000: P_DATA_V2 kid=0 DATA len=9

Do you have any idea?

Perhaps there's a race condition with netifd.
Avoid declaring the VPN interface in the network config:
OpenVPN client tun adapter loses its IP address on network restart - #2 by jow

1 Like

Thanks a lot!! It does solve the problem.
Thanks again for the sharing.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.