Over the last two days all of our VPN clients refuse to stay connected for more than a few seconds. The connections say they are connected, and the lock appears green on a mobile or desktop app, but then when you try to connect to a remote desktop session using a remote laptop, the openvpn client immediately disconnects . I am seeing in /var/log/messages:
an IP packet with unknown IP version=15 seen
From other forum posts this has something to do with compression not set correctly, so in /var/ipfire/ovpn/settings I sent COMPLZO=no, then tried again, does not help.
Settings:
LOG_VERB=3
CLIENT2CLIENT=
REDIRECT_GW_DEF1=on
KEEPALIVE_2=
DDEST_PORT=1194
TLSAUTH=
KEEPALIVE_1=
DCOMPLZO=off
ADDITIONAL_CONFIGS=on
ROOTCERT_OU=IT
COMPLZO=no
VPN_IP=(external ip)
DHCP_WINS=10.5.1.1
ENABLED=on
DHCP_DNS=10.5.1.1
DHCP_DOMAIN=
DMTU=1400
DPROTOCOL=udp
ROOTCERT_EMAIL=(email)
ROUTES_PUSH=
ROOTCERT_HOSTNAME=(ipfire.fqdn)
ROOTCERT_CITY=(city)
DAUTH=SHA512
ROOTCERT_COUNTRY=US
ROOTCERT_ORGANIZATION=’(org).’
DOVPN_SUBNET=10.8.1.0/255.255.255.0
MAX_CLIENTS=100
ENABLED_ORANGE=off
ROOTCERT_STATE=WI
ENABLED_BLUE=off
DCIPHER=AES-256-CBC
------------------------------- server.conf--------------------
[root@ipfire ovpn]# vi server.conf
#OpenVPN Server conf
daemon openvpnserver
writepid /var/run/openvpn.pid
#DAN prepare OpenVPN for listening on blue and orange
;local (external ip)
dev tun
proto udp
port 1194
script-security 3
ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600
client-config-dir /var/ipfire/ovpn/ccd
tls-server
ca /var/ipfire/ovpn/ca/cacert.pem
cert /var/ipfire/ovpn/certs/servercert.pem
key /var/ipfire/ovpn/certs/serverkey.pem
dh /var/ipfire/ovpn/ca/dh1024.pem
server 10.8.1.0 255.255.255.0
tun-mtu 1400
status-version 1
status /var/run/ovpnserver.log 30
ncp-disable
cipher AES-256-CBC
auth SHA512
push “redirect-gateway def1”
push “dhcp-option DNS 10.5.1.1”
push “dhcp-option WINS 10.5.1.1”
max-clients 100
tls-verify /usr/lib/openvpn/verify
crl-verify /var/ipfire/ovpn/crls/cacrl.pem
user nobody
group nobody
persist-key
persist-tun
verb 3
Log clients connecting/disconnecting
client-connect “/usr/sbin/openvpn-metrics client-connect”
client-disconnect “/usr/sbin/openvpn-metrics client-disconnect”
#---------------------------
Start of custom directives
from server.conf.local
#---------------------------
plugin /usr/lib/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
#ping 10
#ping-exit 60
#-----------------------------
End of custom directives
#-----------------------------
----------------------client config-----------------------------------
OpenVPN clientconfig from ccd extension by Copymaster#
#This client uses the dynamic pool
#Client gets routes to these networks (behind IPFire)
push “route (lan network) 255.255.255.0”
#Client gets these nameservers
push “dhcp-option DNS (openvpn gateway)”
########################################
#######################################
#Force clients to disconnect after 5 minutes
push “inactive 300”
I’m not sure what changed, as I have not changed any settings on ipfire this week until this started happening.
Any thoughts would be appreciated.