Once upgraded, VPN stopped working because of AUTH_FAILED error and the only way to fix it was do hard-reset ( https://www.snbforums.com/threads/r...in-380-69-is-now-available.42697/#post-364064 )
It looked the issue was solved, but it's not. Almost every hour VPN connection stops working and the only way to get it up is Disable/Enable VPN client. Looking at logs, I found OpenVPN re-establishes connection every hour:
However, after exactly one more hour connection couldn't be re-established and log shows:
At this time, connection goes down and I need to Disable/Enable VPN. Could anyone advice me on this? Maybe it's just some option from VPN server itself, which drops connection after one hour, and client needs to re-establish it? If so, how can I prevent this? It happens no matter if I'm online or offline - connection gets re-established every single hour at the same second.
I also found new version to act strange with VPN. I configured VPN client to block traffic if tunnel goes down, and it works. However! Connection went down again several minutes ago, and I couldn't re-connection because of AUTH_FAILED error again. This time, I configured my VPN client NOT to block traffic if tunnel goes down and disabled VPN, so I could connect to the Internet.
While this trick always worked on previous versions, it didn't work this time. Even after VPN client is Disabled, AUTH_FAILED error is still displayed next to "Service State" field every time I open VPN client. Furthermore, looking at logs, I see router tries to connect to disabled VPN every single time I open VPN client section. The only way to get my Internet connection back this time was to factory reset OpenVPN settings.
What am I missing here?
It looked the issue was solved, but it's not. Almost every hour VPN connection stops working and the only way to get it up is Disable/Enable VPN client. Looking at logs, I found OpenVPN re-establishes connection every hour:
Code:
Dec 12 17:24:19 openvpn[3050]: OpenVPN 2.4.3 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 11 2017
Dec 12 17:24:19 openvpn[3050]: library versions: OpenSSL 1.0.2n 7 Dec 2017, LZO 2.08
Dec 12 17:24:19 openvpn[3051]: WARNING: --ping should normally be used with --ping-restart or --ping-exit
Dec 12 17:24:19 openvpn[3051]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Dec 12 17:24:19 openvpn[3051]: Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Dec 12 17:24:19 openvpn[3051]: Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Dec 12 17:24:20 openvpn[3051]: TCP/UDP: Preserving recently used remote address: [AF_INET]95.143.193.6:1194
Dec 12 17:24:20 openvpn[3051]: Socket Buffers: R=[122880->122880] S=[122880->122880]
Dec 12 17:24:20 openvpn[3051]: UDP link local: (not bound)
Dec 12 17:24:20 openvpn[3051]: UDP link remote: [AF_INET]95.143.193.6:1194
Dec 12 17:24:20 openvpn[3051]: TLS: Initial packet from [AF_INET]95.143.193.6:1194, sid=fe497cea 549a60d2
Dec 12 17:24:20 openvpn[3051]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Dec 12 17:24:20 openvpn[3051]: VERIFY OK: depth=1, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=se23.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Dec 12 17:24:20 openvpn[3051]: VERIFY KU OK
Dec 12 17:24:20 openvpn[3051]: Validating certificate extended key usage
Dec 12 17:24:20 openvpn[3051]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Dec 12 17:24:20 openvpn[3051]: VERIFY EKU OK
Dec 12 17:24:20 openvpn[3051]: VERIFY OK: depth=0, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=se23.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Dec 12 17:24:20 openvpn[3051]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Dec 12 17:24:20 openvpn[3051]: [se23.nordvpn.com] Peer Connection Initiated with [AF_INET]95.143.193.6:1194
Dec 12 17:24:21 openvpn[3051]: SENT CONTROL [se23.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Dec 12 17:24:21 openvpn[3051]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,dhcp-option DNS 78.46.223.24,dhcp-option DNS 162.242.211.137,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.96 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Dec 12 17:24:21 openvpn[3051]: OPTIONS IMPORT: timers and/or timeouts modified
Dec 12 17:24:21 openvpn[3051]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Dec 12 17:24:21 openvpn[3051]: Socket Buffers: R=[122880->245760] S=[122880->245760]
Dec 12 17:24:21 openvpn[3051]: OPTIONS IMPORT: --ifconfig/up options modified
Dec 12 17:24:21 openvpn[3051]: OPTIONS IMPORT: route options modified
Dec 12 17:24:21 openvpn[3051]: OPTIONS IMPORT: route-related options modified
Dec 12 17:24:21 openvpn[3051]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Dec 12 17:24:21 openvpn[3051]: OPTIONS IMPORT: peer-id set
Dec 12 17:24:21 openvpn[3051]: OPTIONS IMPORT: adjusting link_mtu to 1657
Dec 12 17:24:21 openvpn[3051]: OPTIONS IMPORT: data channel crypto options modified
Dec 12 17:24:21 openvpn[3051]: Data Channel: using negotiated cipher 'AES-256-GCM'
Dec 12 17:24:21 openvpn[3051]: Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 12 17:24:21 openvpn[3051]: Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 12 17:24:21 openvpn[3051]: TUN/TAP device tun11 opened
Dec 12 17:24:21 openvpn[3051]: TUN/TAP TX queue length set to 100
Dec 12 17:24:21 openvpn[3051]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Dec 12 17:24:21 openvpn[3051]: /usr/sbin/ip link set dev tun11 up mtu 1500
Dec 12 17:24:21 openvpn[3051]: /usr/sbin/ip addr add dev tun11 10.8.8.96/24 broadcast 10.8.8.255
Dec 12 17:24:24 openvpn[3051]: /usr/sbin/ip route add 95.143.193.6/32 via 78.63.255.254
Dec 12 17:24:24 openvpn[3051]: /usr/sbin/ip route add 0.0.0.0/1 via 10.8.8.1
Dec 12 17:24:24 openvpn[3051]: /usr/sbin/ip route add 128.0.0.0/1 via 10.8.8.1
Dec 12 17:24:24 openvpn-routing: Configuring policy rules for client 1
Dec 12 17:24:24 openvpn-routing: Tunnel re-established, restoring WAN access to clients
Dec 12 17:24:24 openvpn[3051]: Initialization Sequence CompletedHowever, after exactly one more hour connection couldn't be re-established and log shows:
Code:
Dec 12 18:24:20 openvpn[3051]: VERIFY OK: depth=1, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=se23.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Dec 12 18:24:20 openvpn[3051]: VERIFY KU OK
Dec 12 18:24:20 openvpn[3051]: Validating certificate extended key usage
Dec 12 18:24:20 openvpn[3051]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Dec 12 18:24:20 openvpn[3051]: VERIFY EKU OK
Dec 12 18:24:20 openvpn[3051]: VERIFY OK: depth=0, C=PA, ST=PA, L=Panama, O=NordVPN, OU=NordVPN, CN=se23.nordvpn.com, name=NordVPN, emailAddress=cert@nordvpn.com
Dec 12 18:24:22 openvpn[3051]: Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 12 18:24:22 openvpn[3051]: Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 12 18:24:22 openvpn[3051]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSAAt this time, connection goes down and I need to Disable/Enable VPN. Could anyone advice me on this? Maybe it's just some option from VPN server itself, which drops connection after one hour, and client needs to re-establish it? If so, how can I prevent this? It happens no matter if I'm online or offline - connection gets re-established every single hour at the same second.
I also found new version to act strange with VPN. I configured VPN client to block traffic if tunnel goes down, and it works. However! Connection went down again several minutes ago, and I couldn't re-connection because of AUTH_FAILED error again. This time, I configured my VPN client NOT to block traffic if tunnel goes down and disabled VPN, so I could connect to the Internet.
While this trick always worked on previous versions, it didn't work this time. Even after VPN client is Disabled, AUTH_FAILED error is still displayed next to "Service State" field every time I open VPN client. Furthermore, looking at logs, I see router tries to connect to disabled VPN every single time I open VPN client section. The only way to get my Internet connection back this time was to factory reset OpenVPN settings.
What am I missing here?
