OpenVPN Continually Reauthorizes – Valuable Tech Notes

I have been running OpenVPN on a small VPS for my family for the past several months, and have been happy with it. Last week my host rebooted the box and now I'm having issues. They turned TUN back on, which in the past has gotten me back in operation.

I can connect to the VPN, but when I try to access the web through it the connection gets stuck in a continual loop of reauthorizing. I've read through the log files, but this is greek to me. Can anyone help make sense of this? Below is a log file for one session.

I've tried restarting the OpenVPN service and rebooting my instance, neither had any effect on this issue. I think it has to do with routing traffic through the VPN, but I haven't changed anything other than rebooting the hardware so I'm not sure what would have triggered this. Client keys are the same as well.

Wed Nov  7 11:16:16 2012 MULTI: multi_create_instance called
Wed Nov  7 11:16:16 2012 xxx.xxx.xxx.xxx:50631 Re-using SSL/TLS context
Wed Nov  7 11:16:16 2012 xxx.xxx.xxx.xxx:50631 LZO compression initialized
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 Local Options hash (VER=V4): '530fdded'
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 Expected Remote Options hash (VER=V4): '41690919'
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:50631, sid=d4a3e774 69029449
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 VERIFY OK: depth=1, /C=US/ST=TX/L=City/O=engr/CN=domain_CA/emailAddress=me@gmail.com
Wed Nov  7 11:16:17 2012 xxx.xxx.xxx.xxx:50631 VERIFY OK: depth=0, /C=US/ST=TX/L=City/O=engr/CN=mycomputer/emailAddress=me@gmail.com
Wed Nov  7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov  7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov  7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov  7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov  7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Nov  7 11:16:18 2012 xxx.xxx.xxx.xxx:50631 [mycomputer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:50631
Wed Nov  7 11:16:18 2012 mycomputer/xxx.xxx.xxx.xxx:50631 MULTI: Learn: 10.8.0.26 -> mycomputer/xxx.xxx.xxx.xxx:50631
Wed Nov  7 11:16:18 2012 mycomputer/xxx.xxx.xxx.xxx:50631 MULTI: primary virtual IP for mycomputer/xxx.xxx.xxx.xxx:50631: 10.8.0.26
Wed Nov  7 11:16:20 2012 mycomputer/xxx.xxx.xxx.xxx:50631 PUSH: Received control message: 'PUSH_REQUEST'
Wed Nov  7 11:16:20 2012 mycomputer/xxx.xxx.xxx.xxx:50631 SENT CONTROL [mycomputer]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.26 10.8.0.25' (status=1)
Wed Nov  7 11:17:00 2012 MULTI: multi_create_instance called
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 Re-using SSL/TLS context
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 LZO compression initialized
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 Local Options hash (VER=V4): '530fdded'
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 Expected Remote Options hash (VER=V4): '41690919'
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:64732, sid=fc2b0817 0fa801c1
Wed Nov  7 11:17:00 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 VERIFY OK: depth=1, /C=US/ST=TX/L=City/O=engr/CN=domain_CA/emailAddress=me@gmail.com
Wed Nov  7 11:17:00 2012 xxx.xxx.xxx.xxx:64732 VERIFY OK: depth=0, /C=US/ST=TX/L=City/O=engr/CN=mycomputer/emailAddress=me@gmail.com
Wed Nov  7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov  7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov  7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov  7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov  7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Nov  7 11:17:01 2012 xxx.xxx.xxx.xxx:64732 [mycomputer] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:64732
Wed Nov  7 11:17:01 2012 MULTI: new connection by client 'mycomputer' will cause previous active sessions by this client to be dropped.  Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.
Wed Nov  7 11:17:01 2012 MULTI: Learn: 10.8.0.26 -> mycomputer/xxx.xxx.xxx.xxx:64732
Wed Nov  7 11:17:01 2012 MULTI: primary virtual IP for mycomputer/xxx.xxx.xxx.xxx:64732: 10.8.0.26
Wed Nov  7 11:17:03 2012 mycomputer/xxx.xxx.xxx.xxx:64732 PUSH: Received control message: 'PUSH_REQUEST'
Wed Nov  7 11:17:03 2012 mycomputer/xxx.xxx.xxx.xxx:64732 SENT CONTROL [mycomputer]: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.8.0.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.26 10.8.0.25' (status=1)
Wed Nov  7 11:17:07 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:12 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:20 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:30 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:37 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:46 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:17:56 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:06 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:08 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:19 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:29 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:39 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:50 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:18:59 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:19:09 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:19:12 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:19:22 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:19:32 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:19:42 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:19:53 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:20:03 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:20:13 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:20:23 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:20:34 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:20:44 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:20:54 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
Wed Nov  7 11:21:03 2012 mycomputer/xxx.xxx.xxx.xxx:64732 [mycomputer] Inactivity timeout (--ping-restart), restarting
Wed Nov  7 11:21:03 2012 mycomputer/xxx.xxx.xxx.xxx:64732 SIGUSR1[soft,ping-restart] received, client-instance restarting

Best Answer

I determined that this has nothing to do with my VPN. My computer is a Mac and I had upgraded to Mountain Lion around the same time that I started having these problems. The VPN client that I was using, Tunnelblick, isn't compatible with Mountain Lion.

The solution was to uninstall Tunnelblick and upgrade to their latest beta release. Now my VPN is working flawlessly.

Best Answer

Related Solutions

OpenVPN – Should You Use TAP or TUN?

Linux – Strange OpenVPN behavior – disconnects after one minute

Related Topic