OpenVPN connection drops after around 100 seconds

openvpnvpn

I have set up an OpenVPN connection to a PLC with built-in OpenVPN compatibility. I am connecting to my own OpenVPN Access Server, to which I am able to connect with other equipment as well as from my Windows client.
I set up the connection a few weeks ago, and everything seemed fine, but now the connection is failing.
The behavior is as follows:
After a reboot, the PLC connects to the Access Server (I can see it under "Current Users"), but only for around 100 seconds. After that, it disappears and does not reappear.
I have set the following parameters in the client.ovpn configuration file which is loaded on the PLC:

cipher AES-256-CBC


setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind


dev tun
dev-type tun
persist-tun
persist-key
resolv-retry infinite
ns-cert-type server
setenv opt tls-version-min 1.0 or-highest
reneg-sec 0
sndbuf 0
rcvbuf 0


comp-lzo no
verb 3
setenv PUSH_PEER_INFO


key-direction 1

The latest certificate was generated a couple of days ago and the problem has been present from the beginning. Mind you, this certificate was generated solely because the previous was causing similar issues.
I am NOT able to ping, SSH or access the webinterface of the PLC via the VPN connection (not even during the 100 apparently online seconds), but since I am currently testing the setup, I also have a direct connection to the PLC, because it is on the same network as I am.
So, to sum it up, the OpenVPN connection to the PLC used to work, but now doesn't. I can't see any time limits in the certificate or anywhere else, so what could be wrong?

Updated:

Log from OpenVPN AS:

2019-10-24 06:43:52+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:52 2019  [IP:PORTofPLC] TLS: Initial packet from [AF_INET] [IP:PORTofPLC] (via [AF_INET]10.1.0.4%eth0), sid=[someHEXnumbers]'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019  [IP:PORTofPLC] VERIFY OK: depth=1, /CN=OpenVPN CA'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019  [IP:PORTofPLC] VERIFY OK: nsCertType=CLIENT'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019  [IP:PORTofPLC] VERIFY OK: depth=0, /CN=*vpnUSERNAME*_AUTOLOGIN'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019  [IP:PORTofPLC] peer info: IV_VER=2.4.6'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019  [IP:PORTofPLC] peer info: IV_PLAT=linux'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019  [IP:PORTofPLC] peer info: IV_PROTO=2'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019  [IP:PORTofPLC] peer info: IV_NCP=2'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019  [IP:PORTofPLC] peer info: IV_LZO=1'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019  [IP:PORTofPLC] peer info: IV_COMP_STUB=1'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019  [IP:PORTofPLC] peer info: IV_COMP_STUBv2=1'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019  [IP:PORTofPLC] peer info: IV_TCPNL=1'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019  [IP:PORTofPLC] peer info: IV_HWADDR=*MAC*'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019  [IP:PORTofPLC] peer info: IV_SSL=OpenSSL_1.0.2q__20_Nov_2018'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019  [IP:PORTofPLC] Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA'
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:53 2019  [IP:PORTofPLC] [*vpnUSERNAME*_AUTOLOGIN] Peer Connection Initiated with [AF_INET] [IP:PORTofPLC] (via [AF_INET]10.1.0.4%eth0)'
2019-10-24 06:43:53+0000 [-] AUTH SUCCESS {'status': 0, 'reason': 'AuthTrue: autologin certificate auth succeeded', 'serial_list': [], 'user': u'*vpnUSERNAME*', 'proplist': {u'prop_autologin': u'true', u'prop_force_lzo': u'false', u'pvt_passw$
2019-10-24 06:43:53+0000 [-] OVPN 1 OUT: "Thu Oct 24 06:43:53 2019 MANAGEMENT: CMD 'client-auth 139 0'"
2019-10-24 06:43:54+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:54 2019 *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC] OPTIONS IMPORT: compression parms modified'
2019-10-24 06:43:54+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:54 2019 *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC] MULTI: Learn: [vpnIPofPLC] -> *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC]'
2019-10-24 06:43:54+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:43:54 2019 *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC] MULTI: primary virtual IP for *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC]: [vpnIPofPLC]'
2019-10-24 06:43:58+0000 [-] OVPN 1 OUT: "Thu Oct 24 06:43:58 2019 *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC] SENT CONTROL [*vpnUSERNAME*_AUTOLOGIN]: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhc$
2019-10-24 06:43:58+0000 [-] OVPN 1 OUT: "Thu Oct 24 06:43:58 2019 *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC] Data Channel: using negotiated cipher 'AES-256-GCM'"
2019-10-24 06:43:58+0000 [-] OVPN 1 OUT: "Thu Oct 24 06:43:58 2019 *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC] Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key"
2019-10-24 06:43:58+0000 [-] OVPN 1 OUT: "Thu Oct 24 06:43:58 2019 *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC] Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key"
2019-10-24 06:45:38+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:45:38 2019 *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC] [*vpnUSERNAME*_AUTOLOGIN] Inactivity timeout (--ping-restart), restarting'
2019-10-24 06:45:38+0000 [-] OVPN 1 OUT: 'Thu Oct 24 06:45:38 2019 *vpnUSERNAME*_AUTOLOGIN/ [IP:PORTofPLC] SIGUSR1[soft,ping-restart] received, client-instance restarting'
2019-10-24 06:46:41+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:41 2019 TCP connection established with [AF_INET][IP:PORTofPLC]'
2019-10-24 06:46:41+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:41 2019 [IP:PORTofPLC] SIGTERM[soft,port-share-redirect] received, client-instance exiting'
2019-10-24 06:46:42+0000 [HTTPChannel,4036,] License Info {'apc': False, 'concurrent_connections': 10}
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: "Thu Oct 24 06:46:42 2019 MANAGEMENT: CMD 'status 3'"
2019-10-24 06:46:42+0000 [-] OVPN 1 OUT: "Thu Oct 24 06:46:42 2019 MANAGEMENT: CMD 'status 3'"
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:42 2019 TCP connection established with [AF_INET][IP:PORTofPLC]'
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:42 2019 [IP:PORTofPLC] TCP connection established with [AF_INET][IP:PORTofPLC]'
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:42 2019 [IP:PORTofPLC] SIGTERM[soft,port-share-redirect] received, client-instance exiting'
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:42 2019 [IP:PORTofPLC] SIGTERM[soft,port-share-redirect] received, client-instance exiting'
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:42 2019 TCP connection established with [AF_INET][IP:PORTofPLC]'
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:42 2019 [IP:PORTofPLC] TCP connection established with [AF_INET][IP:PORTofPLC]'
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:42 2019 [IP:PORTofPLC] SIGTERM[soft,port-share-redirect] received, client-instance exiting'
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:42 2019 [IP:PORTofPLC] SIGTERM[soft,port-share-redirect] received, client-instance exiting'
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:42 2019 TCP connection established with [AF_INET][IP:PORTofPLC]'
2019-10-24 06:46:42+0000 [-] OVPN 0 OUT: 'Thu Oct 24 06:46:42 2019 [IP:PORTofPLC] SIGTERM[soft,port-share-redirect] received, client-instance exiting'

Log from PLC:

Oct 24 08:43:39  [PLCname] firewall[933]: pid: 933, ppid: 931
Oct 24 08:43:39  [PLCname] firewall[933]: uid: 0, euid: 0
Oct 24 08:43:39  [PLCname] firewall[933]: gid: 0, egid: 0
Oct 24 08:43:39  [PLCname] firewall[933]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:39  [PLCname] firewall[933]: exit value: 0 (success)
Oct 24 08:43:39  [PLCname] firewall[940]: pid: 940, ppid: 939
Oct 24 08:43:39  [PLCname] firewall[940]: uid: 0, euid: 0
Oct 24 08:43:39  [PLCname] firewall[940]: gid: 0, egid: 0
Oct 24 08:43:39  [PLCname] firewall[940]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:39  [PLCname] firewall[940]: exit value: 0 (success)
Oct 24 08:43:40  [PLCname] DRM: [Info] src/Drm.c:355: Starting DRM...
Oct 24 08:43:40  [PLCname] DRM: [Info] src/Drm.c:406: DRM started.
Oct 24 08:43:44  [PLCname] firewall[1187]: pid: 1187, ppid: 1185
Oct 24 08:43:44  [PLCname] firewall[1187]: uid: 0, euid: 0
Oct 24 08:43:44  [PLCname] firewall[1187]: gid: 0, egid: 0
Oct 24 08:43:44  [PLCname] firewall[1187]: execution call: /etc/config-tools/firewall iptables --set-forward on
Oct 24 08:43:44  [PLCname] firewall[1187]: exit value: 0 (success)
Oct 24 08:43:44  [PLCname] firewall[1200]: pid: 1200, ppid: 1199
Oct 24 08:43:44  [PLCname] firewall[1200]: uid: 0, euid: 0
Oct 24 08:43:44  [PLCname] firewall[1200]: gid: 0, egid: 0
Oct 24 08:43:44  [PLCname] firewall[1200]: execution call: /etc/config-tools/firewall iptables --rem-masq all
Oct 24 08:43:44  [PLCname] firewall[1200]: exit value: 0 (success)
Oct 24 08:43:44  [PLCname] firewall[1206]: pid: 1206, ppid: 1205
Oct 24 08:43:44  [PLCname] firewall[1206]: uid: 0, euid: 0
Oct 24 08:43:44  [PLCname] firewall[1206]: gid: 0, egid: 0
Oct 24 08:43:45  [PLCname] firewall[1206]: execution call: /etc/config-tools/firewall iptables --rem-pfw all
Oct 24 08:43:45  [PLCname] firewall[1206]: exit value: 0 (success)
Oct 24 08:43:45  [PLCname] firewall[1211]: pid: 1211, ppid: 1183
Oct 24 08:43:45  [PLCname] firewall[1211]: uid: 0, euid: 0
Oct 24 08:43:45  [PLCname] firewall[1211]: gid: 0, egid: 0
Oct 24 08:43:45  [PLCname] firewall[1211]: execution call: /etc/config-tools/firewall iptables --apply
Oct 24 08:43:45  [PLCname] FIREWALL: Firewall - setting network layer firewall up...
Oct 24 08:43:45  [PLCname] FIREWALL: Failed do set-up network-layer firewall!
Oct 24 08:43:46  [PLCname] FIREWALL: Firewall - ...finished.
Oct 24 08:43:46  [PLCname] firewall[1211]: exit value: 0 (success)
Oct 24 08:43:46  [PLCname] ifplugd(ethX1)[1277]: ifplugd 0.28 initializing.
Oct 24 08:43:46  [PLCname] ifplugd(ethX1)[1277]: Using interface ethX1/[ethXmac] with driver <dsa> (version: 0.1)
Oct 24 08:43:46  [PLCname] ifplugd(ethX1)[1277]: Using detection mode: SIOCETHTOOL
Oct 24 08:43:46  [PLCname] ifplugd(ethX1)[1277]: Initialization complete, link beat not detected.
Oct 24 08:43:46  [PLCname] ifplugd(ethX1)[1277]: Could not open /dev/tty, cannot beep.
Oct 24 08:43:46  [PLCname] ifplugd(ethX2)[1281]: ifplugd 0.28 initializing.
Oct 24 08:43:46  [PLCname] ifplugd(ethX2)[1281]: Using interface ethX2/[ethXmac] with driver <dsa> (version: 0.1)
Oct 24 08:43:46  [PLCname] ifplugd(ethX2)[1281]: Using detection mode: SIOCETHTOOL
Oct 24 08:43:46  [PLCname] ifplugd(ethX2)[1281]: Initialization complete, link beat detected.
Oct 24 08:43:46  [PLCname] ifplugd(ethX2)[1281]: Could not open /dev/tty, cannot beep.
Oct 24 08:43:46  [PLCname] ipwatchd[1294]: IPwatchD started
Oct 24 08:43:46  [PLCname] dnsmasq[1301]: started, version 2.80 DNS disabled
Oct 24 08:43:46  [PLCname] dnsmasq[1301]: compile time options: no-IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua no-TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify dumpfile
Oct 24 08:43:46  [PLCname] firewall[1305]: pid: 1305, ppid: 1304
Oct 24 08:43:46  [PLCname] firewall[1305]: uid: 0, euid: 0
Oct 24 08:43:46  [PLCname] firewall[1305]: gid: 0, egid: 0
Oct 24 08:43:46  [PLCname] firewall[1305]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:46  [PLCname] firewall[1305]: exit value: 0 (success)
Oct 24 08:43:47  [PLCname] DNSMASQ-LOCALHOST: Dnsmasq is disabled - "nameserver 127.0.0.1" will be removed
Oct 24 08:43:47  [PLCname] firewall[1313]: pid: 1313, ppid: 1312
Oct 24 08:43:47  [PLCname] firewall[1313]: uid: 0, euid: 0
Oct 24 08:43:47  [PLCname] firewall[1313]: gid: 0, egid: 0
Oct 24 08:43:47  [PLCname] firewall[1313]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:47  [PLCname] firewall[1313]: exit value: 0 (success)
Oct 24 08:43:47  [PLCname] dropbear[1318]: Running in background
Oct 24 08:43:47  [PLCname] firewall[1321]: pid: 1321, ppid: 1320
Oct 24 08:43:47  [PLCname] firewall[1321]: uid: 0, euid: 0
Oct 24 08:43:47  [PLCname] firewall[1321]: gid: 0, egid: 0
Oct 24 08:43:47  [PLCname] firewall[1321]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:47  [PLCname] firewall[1321]: exit value: 0 (success)
Oct 24 08:43:47  [PLCname] root: Starting virtual private network daemon
Oct 24 08:43:47  [PLCname] root: openvpn
Oct 24 08:43:47  [PLCname] ovpn-openvpn[1332]: OpenVPN 2.4.6 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul  6 2019
Oct 24 08:43:47  [PLCname] ovpn-openvpn[1332]: library versions: OpenSSL 1.0.2q  20 Nov 2018, LZO 2.09
Oct 24 08:43:47  [PLCname] ovpn-openvpn[1333]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Oct 24 08:43:47  [PLCname] ovpn-openvpn[1333]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Oct 24 08:43:47  [PLCname] root: 0
Oct 24 08:43:47  [PLCname] ovpn-openvpn[1333]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Oct 24 08:43:47  [PLCname] firewall[1350]: pid: 1350, ppid: 1349
Oct 24 08:43:47  [PLCname] firewall[1350]: uid: 0, euid: 0
Oct 24 08:43:47  [PLCname] firewall[1350]: gid: 0, egid: 0
Oct 24 08:43:47  [PLCname] firewall[1350]: execution call: /etc/config-tools/firewall iptables --set-forward on
Oct 24 08:43:47  [PLCname] firewall[1350]: exit value: 0 (success)
Oct 24 08:43:47  [PLCname] firewall[1360]: pid: 1360, ppid: 1359
Oct 24 08:43:47  [PLCname] firewall[1360]: uid: 0, euid: 0
Oct 24 08:43:47  [PLCname] firewall[1360]: gid: 0, egid: 0
Oct 24 08:43:47  [PLCname] firewall[1360]: execution call: /etc/config-tools/firewall iptables --rem-masq all
Oct 24 08:43:47  [PLCname] firewall[1360]: exit value: 0 (success)
Oct 24 08:43:48  [PLCname] firewall[1363]: pid: 1363, ppid: 1362
Oct 24 08:43:48  [PLCname] firewall[1363]: uid: 0, euid: 0
Oct 24 08:43:48  [PLCname] firewall[1363]: gid: 0, egid: 0
Oct 24 08:43:48  [PLCname] firewall[1363]: execution call: /etc/config-tools/firewall iptables --rem-pfw all
Oct 24 08:43:48  [PLCname] firewall[1363]: exit value: 0 (success)
Oct 24 08:43:48  [PLCname] firewall[1367]: pid: 1367, ppid: 1347
Oct 24 08:43:48  [PLCname] firewall[1367]: uid: 0, euid: 0
Oct 24 08:43:48  [PLCname] firewall[1367]: gid: 0, egid: 0
Oct 24 08:43:48  [PLCname] firewall[1367]: execution call: /etc/config-tools/firewall iptables --apply
Oct 24 08:43:48  [PLCname] FIREWALL: Firewall - setting network layer firewall up...
Oct 24 08:43:48  [PLCname] FIREWALL: Failed do set-up network-layer firewall!
Oct 24 08:43:48  [PLCname] FIREWALL: Firewall - ...finished.
Oct 24 08:43:48  [PLCname] firewall[1367]: exit value: 0 (success)
Oct 24 08:43:49  [PLCname] firewall[1469]: pid: 1469, ppid: 1468
Oct 24 08:43:49  [PLCname] firewall[1469]: uid: 0, euid: 0
Oct 24 08:43:49  [PLCname] firewall[1469]: gid: 0, egid: 0
Oct 24 08:43:49  [PLCname] firewall[1469]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:49  [PLCname] firewall[1469]: exit value: 0 (success)
Oct 24 08:43:50  [PLCname] firewall[1472]: pid: 1472, ppid: 1471
Oct 24 08:43:50  [PLCname] firewall[1472]: uid: 0, euid: 0
Oct 24 08:43:50  [PLCname] firewall[1472]: gid: 0, egid: 0
Oct 24 08:43:50  [PLCname] firewall[1472]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:50  [PLCname] firewall[1472]: exit value: 0 (success)
Oct 24 08:43:50  [PLCname] firewall[1475]: pid: 1475, ppid: 1474
Oct 24 08:43:50  [PLCname] firewall[1475]: uid: 0, euid: 0
Oct 24 08:43:50  [PLCname] firewall[1475]: gid: 0, egid: 0
Oct 24 08:43:50  [PLCname] firewall[1475]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:50  [PLCname] firewall[1475]: exit value: 0 (success)
Oct 24 08:43:50  [PLCname] progexecd: Program execution daemon started, ready to accept connections
Oct 24 08:43:51  [PLCname] firewall[1528]: pid: 1528, ppid: 1527
Oct 24 08:43:51  [PLCname] firewall[1528]: uid: 0, euid: 0
Oct 24 08:43:51  [PLCname] firewall[1528]: gid: 0, egid: 0
Oct 24 08:43:51  [PLCname] firewall[1528]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:51  [PLCname] firewall[1528]: exit value: 0 (success)
Oct 24 08:43:52  [PLCname] ovpn-openvpn[1333]: TCP/UDP: Preserving recently used remote address: [AF_INET][openVPNasIP:port]
Oct 24 08:43:52  [PLCname] ovpn-openvpn[1333]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Oct 24 08:43:52  [PLCname] ovpn-openvpn[1333]: UDP link local: (not bound)
Oct 24 08:43:52  [PLCname] ovpn-openvpn[1333]: UDP link remote: [AF_INET][openVPNasIP:port]
Oct 24 08:43:52  [PLCname] ovpn-openvpn[1333]: TLS: Initial packet from [AF_INET][openVPNasIP:port], sid=[someHEX]
Oct 24 08:43:52  [PLCname] ovpn-openvpn[1333]: VERIFY OK: depth=1, CN=OpenVPN CA
Oct 24 08:43:52  [PLCname] ovpn-openvpn[1333]: VERIFY OK: nsCertType=SERVER
Oct 24 08:43:52  [PLCname] ovpn-openvpn[1333]: VERIFY OK: depth=0, CN=OpenVPN Server
Oct 24 08:43:52  [PLCname] ovpn-openvpn[1333]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Oct 24 08:43:52  [PLCname] ovpn-openvpn[1333]: [OpenVPN Server] Peer Connection Initiated with [AF_INET][openVPNasIP:port]
Oct 24 08:43:53  [PLCname] ovpn-openvpn[1333]: SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Oct 24 08:43:56  [PLCname] firewall[1628]: pid: 1628, ppid: 1627
Oct 24 08:43:56  [PLCname] firewall[1628]: uid: 0, euid: 0
Oct 24 08:43:56  [PLCname] firewall[1628]: gid: 0, egid: 0
Oct 24 08:43:56  [PLCname] firewall[1628]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:56  [PLCname] firewall[1628]: exit value: 0 (success)
Oct 24 08:43:57  [PLCname] firewall[1662]: pid: 1662, ppid: 1661
Oct 24 08:43:57  [PLCname] firewall[1662]: uid: 0, euid: 0
Oct 24 08:43:57  [PLCname] firewall[1662]: gid: 0, egid: 0
Oct 24 08:43:57  [PLCname] firewall[1662]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:57  [PLCname] firewall[1662]: exit value: 0 (success)
Oct 24 08:43:57  [PLCname] firewall[1666]: pid: 1666, ppid: 1665
Oct 24 08:43:57  [PLCname] firewall[1666]: uid: 0, euid: 0
Oct 24 08:43:57  [PLCname] firewall[1666]: gid: 0, egid: 0
Oct 24 08:43:57  [PLCname] firewall[1666]: execution call: /etc/config-tools/firewall firewall --is-enabled
Oct 24 08:43:57  [PLCname] firewall[1666]: exit value: 0 (success)
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,compress stub-v2,red$
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.4.6)
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.4.6)
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.4.6)
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:20: register-dns (2.4.6)
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:21: block-ipv6 (2.4.6)
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: OPTIONS IMPORT: timers and/or timeouts modified
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: OPTIONS IMPORT: explicit notify parm(s) modified
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: OPTIONS IMPORT: compression parms modified
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: OPTIONS IMPORT: --ifconfig/up options modified
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: OPTIONS IMPORT: route options modified
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: OPTIONS IMPORT: route-related options modified
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: OPTIONS IMPORT: peer-id set
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: OPTIONS IMPORT: adjusting link_mtu to 1625
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: OPTIONS IMPORT: data channel crypto options modified
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: Data Channel: using negotiated cipher 'AES-256-GCM'
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: TUN/TAP device tun0 opened
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: TUN/TAP TX queue length set to 100
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Oct 24 08:43:58  [PLCname] ovpn-openvpn[1333]: /usr/sbin/ifconfig tun0 [VPNipOFplc] netmask 255.255.255.0 mtu 1500 broadcast [broadcastIP]
Oct 24 08:44:03  [PLCname] ovpn-openvpn[1333]: /usr/sbin/route add -net [OVPNasIP] netmask 255.255.255.255 gw [OVPNgwIP]
Oct 24 08:44:03  [PLCname] ovpn-openvpn[1333]: /usr/sbin/route add -net [DNSip] netmask 255.255.255.255 metric 101 gw [OVPNgwIP]
Oct 24 08:44:03  [PLCname] ovpn-openvpn[1333]: /usr/sbin/route add -net 10.1.0.0 netmask 255.255.255.0 metric 101 gw [OVPNgwIP]
Oct 24 08:44:03  [PLCname] ovpn-openvpn[1333]: /usr/sbin/route add -net [OVPNnetworkIP] netmask 255.255.254.0 metric 101 gw [OVPNgwIP]
Oct 24 08:44:03  [PLCname] ovpn-openvpn[1333]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Oct 24 08:44:03  [PLCname] ovpn-openvpn[1333]: Initialization Sequence Completed
Oct 24 08:46:25  [PLCname] ovpn-openvpn[1333]: [OpenVPN Server] Inactivity timeout (--ping-restart), restarting
Oct 24 08:46:25  [PLCname] ovpn-openvpn[1333]: SIGUSR1[soft,ping-restart] received, process restarting
Oct 24 08:46:25  [PLCname] ovpn-openvpn[1333]: Restart pause, 5 second(s)
Oct 24 08:46:30  [PLCname] ovpn-openvpn[1333]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Oct 24 08:46:30  [PLCname] ovpn-openvpn[1333]: TCP/UDP: Preserving recently used remote address: [AF_INET][openVPNasIP:port]
Oct 24 08:46:30  [PLCname] ovpn-openvpn[1333]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Oct 24 08:46:30  [PLCname] ovpn-openvpn[1333]: UDP link local: (not bound)
Oct 24 08:46:30  [PLCname] ovpn-openvpn[1333]: UDP link remote: [AF_INET][openVPNasIP:port]
Oct 24 08:46:34  [PLCname] ovpn-openvpn[1333]: Server poll timeout, restarting
Oct 24 08:46:34  [PLCname] ovpn-openvpn[1333]: SIGUSR1[soft,server_poll] received, process restarting
Oct 24 08:46:34  [PLCname] ovpn-openvpn[1333]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Oct 24 08:46:39  [PLCname] ovpn-openvpn[1333]: TCP/UDP: Preserving recently used remote address: [AF_INET][openVPNasIP:port]
Oct 24 08:46:39  [PLCname] ovpn-openvpn[1333]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Oct 24 08:46:39  [PLCname] ovpn-openvpn[1333]: UDP link local: (not bound)
Oct 24 08:46:39  [PLCname] ovpn-openvpn[1333]: UDP link remote: [AF_INET][openVPNasIP:port]
Oct 24 08:46:43  [PLCname] ovpn-openvpn[1333]: Server poll timeout, restarting
Oct 24 08:46:43  [PLCname] ovpn-openvpn[1333]: SIGUSR1[soft,server_poll] received, process restarting
Oct 24 08:46:43  [PLCname] ovpn-openvpn[1333]: WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Oct 24 08:46:48  [PLCname] ovpn-openvpn[1333]: TCP/UDP: Preserving recently used remote address: [AF_INET][OVPNasIP]:443
Oct 24 08:46:48  [PLCname] ovpn-openvpn[1333]: Socket Buffers: R=[87380->87380] S=[16384->16384]
Oct 24 08:46:48  [PLCname] ovpn-openvpn[1333]: Attempting to establish TCP connection with [AF_INET][OVPNasIP]:443 [nonblock]
Oct 24 08:46:52  [PLCname] ovpn-openvpn[1333]: TCP: connect to [AF_INET][OVPNasIP]:443 failed: No route to host

Best Answer

Solution: A static route in the PLC's settings with a gateway address which happens to be present as the third hop was the issue, and removing this fixed the problem. The identical PLC I duplicated the settings from was tested with another router between the PLC and the network, this router having that very same IP address (and acting as a gateway). Without this router, the static route messed things up. However, I am still a bit puzzled as to how the PLC was able to present itself to the OpenVPN AS upon every restart and appear to be online until some timeout was reached.

Related Topic