Menu
What's new
By:
Filters Better Search

OpenVPN connection timeouts

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

mystical

Occasional Visitor
For the last year I have had an ASUS AC68U OpenVPN client running Merlin 380.58 connected to an AC68U server running 380.58. Last week I upgraded my client to 380.65_4 and since then I have been experiencing timeouts of the connection after less than 24 hours of operation. The server logs say it is successfully renewing the connection eveyr hour, but the client logs report timeout when trying to renew. Since the server is 2500 miles away and in heavy use, I am reluctant to upgrade its firmware, since if it fails I would have to get on a plane to recover it to operation. Any debugging or recovery suggestions would be welcome.

This is the client log:

Apr 19 07:12:00 openvpn[30730]: VERIFY OK: depth=1, C=US, ST=CA, L=Fremont, O=Mystic Video, OU=server, CN=lab4.mysticvideo.net, name=lab4, emailAddress=thomas@mysticvideo.net
Apr 19 07:12:00 openvpn[30730]: VERIFY OK: depth=0, C=US, ST=CA, L=Fremont, O=Mystic Video, OU=server, CN=lab4, name=lab4, emailAddress=thomas@mysticvideo.net
Apr 19 07:12:00 openvpn[30730]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Apr 19 07:12:00 openvpn[30730]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Apr 19 07:12:00 openvpn[30730]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 19 07:12:00 openvpn[30730]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Apr 19 07:12:00 openvpn[30730]: WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Apr 19 07:12:00 openvpn[30730]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 19 07:12:00 openvpn[30730]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Apr 19 07:12:06 openvpn[30400]: 192.168.157.128 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 19 07:12:06 openvpn[30400]: 192.168.157.128 TLS Error: TLS handshake failed
Apr 19 07:12:06 openvpn[30400]: 192.168.157.128 SIGUSR1[soft,tls-error] received, client-instance restarting
Apr 19 07:12:06 openvpn[30400]: 192.168.157.128 TLS: Initial packet from [AF_INET6]::ffff:192.168.157.128:49980, sid=7e6a7e72 d0ed583c
Apr 19 07:13:06 openvpn[30400]: 192.168.157.128 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 19 07:13:06 openvpn[30400]: 192.168.157.128 TLS Error: TLS handshake failed
Apr 19 07:13:06 openvpn[30400]: 192.168.157.128 SIGUSR1[soft,tls-error] received, client-instance restarting
Apr 19 07:13:06 openvpn[30400]: 192.168.157.128 TLS: Initial packet from [AF_INET6]::ffff:192.168.157.128:52931, sid=3829a638 871d55f8
Apr 19 07:14:06 openvpn[30400]: 192.168.157.128 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Apr 19 07:14:06 openvpn[30400]: 192.168.157.128 TLS Error: TLS handshake failed
Apr 19 07:14:06 openvpn[30400]: 192.168.157.128 SIGUSR1[soft,tls-error] received, client-instance restarting
Apr 19 07:14:07 openvpn[30400]: 192.168.157.128 TLS: Initial packet from [AF_INET6]::ffff:192.168.157.128:52
 
I have ugraded three ASUS to your Alpha 4 build and will report back if I still see the vpn lockup problems.
 
I've upgraded to yesterdays Beta 4 build and still have a similar issue. My OpenVPN client disconnects after inactivity. However, it still shows as turned on in the GUI.
 
I have the same problem VPN disconnects everyday since I have upgraded 2 weeks ago to the latest version (380.65.4). Every morning I have to login to my router and click the "Apply" button to re-connect the VPN.
My Router is: AC3100
 
Need more information on how you have configured everything - there can be a number of different reasons for this. We can't help you without any kind of details on your setup.
 
Thanks for looking into this, here is my vpn configuration:
upload_2017-5-7_10-41-13.png
 
Try to set:
TLS control: <value here>
Auth Digest: <value here>
Chiper negoation: <value here>
Check compression: <check value here>

Remove, it's already in config.
persit-key
pesist-tun
 
Thanks for the quick reply, except for the Compression which has the new LZ4 value, I think all other setting are the same as the previous stable version 380.65.0 and was working with the same settings just fine and these settings are based on the VPN provider recommendation.

As you recommended, I will remove the following and hope it is still connected tomorrow morning:
persit-key
pesist-tun
 
efox said:
Thanks for the quick reply, except for the Compression which has the new LZ4 value, I think all other setting are the same as the previous stable version 380.65.0 and was working with the same settings just fine and these settings are based on the VPN provider recommendation.
As you recommended, I will remove the following and hope it is still connected tomorrow morning:
persit-key
pesist-tun
Click to expand...

I recomend you to insert value as recomendation and test if you get rid of connection timeouts.
TLS control: outgoing auth (1)
Auth Digest: SHA1
Chiper negoation: 'BF-CBC (Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Check compression: <check value here> LZ4 I dont know if its used. Check in PUSH string from vpn-provider what in use.

It seems you are behind double NAT (192.168.157.128) its a loacal ipnumber.
 
Last edited:
I have tested the new settings for the last three days, unfortunately it didn't resolve the issue, I still have to click the Apply button every day to re-connect the VPN.
 
You must log in or register to reply here.

Similar threads

Sergyk
VPN client
Replies
7
Views
646
eibgrad
eibgrad
P
OVPN Problem. Asus rt ax56u (latest merlin firmware
Replies
9
Views
2K
pattox
P
B
Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14
Replies
1
Views
154
eibgrad
eibgrad
T
[Help] Problems setting up OpenVPN
Replies
7
Views
250
Thookie
T
D
ASUS RT-AX86U OpenVPN Server Error - Key Too Small
Replies
5
Views
1K
David2001
D
Similar threads
Thread starter Title Forum Replies Date
C Connection to router by ip fails while remote over OpenVPN Asuswrt-Merlin 17
B OpenVPN tunnel up but the connection resets all the time Asuswrt-Merlin 6
T [Help] Problems setting up OpenVPN Asuswrt-Merlin 7
N dedicated router for OpenVPN Asuswrt-Merlin 4
N Solved OpenVPN Server split tunnell config Asuswrt-Merlin 5
S OpenVPN LAN access + one external IP Asuswrt-Merlin 3
J VPN director Multiple OpenVPN clients Asuswrt-Merlin 7
G OpenVPN Server log, is this in error ? Asuswrt-Merlin 7
H Extremely low speed on ac86u with openvpn client Asuswrt-Merlin 7
H Can no longer get OpenVPN Server to work Asuswrt-Merlin 4

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 580 (members: 9, guests: 571)
Top