1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

[SOLVED] Open VPN connection dropping outside network activity on only one of three devices

Discussion in 'Networking & Security' started by newconroer, Dec 30, 2013.

  1. newconroer

    Joined:
    Jun 20, 2007
    Messages:
    2,814 (1.09/day)
    Thanks Received:
    263
    Solution was to force all traffic over VPN. My VPN client gui had this a simple check box - though there are script commands that can do it as well.

    ===============================================================
    I am running Open VPN on three devices over Netgear DG834GV4 ( have also tried this on a Sagem 2504).

    Computer A (Windows 7, Viscosity VPN client, ethernet) runs fine, no problems using VPN.
    Computer B (Windows 7, Viscosity VPN client, Linksys wireless adapter)runs fine for about ten minutes or so, then all websites fail. VPN is still connected(in a connected state) and internal network is ok.
    Computer C (Android, Open VPN for Android client, ethernet) device runs fine, no problems using VPN.

    I have tried using default blank DNS in IPV4 config, Open DNS servers via the IPV4 configuration, DNS via the VPN itself or completely no DNS at all.

    My VPN provider has tried to assist but the only responses I've had are :

    A) Your router must not work with multiple devices and VPN.
    B) Try different ports.

    A) is obviously not true
    B) I am doing this next, but what alternative ports can I use for a VPN?

    When I disable the VPN connection on Computer B, it works indefinitely, which says to me it's clearly an issue with the VPN connection. The settings for the VPN are identical to Computer A.


    I found a person having a very similar issue, however no replies to that thread:

    "On one of my home PCs (Windows 7 Professional 64BIT, wired connection) I have problem with VPN - after 2-5 minutes after connection to my workplace it "freezes" - i.e. pings stop reaching my work computers, but connection itself reports "connected" state. If I disconnect/reconnect it manually everything returns back to life - for several minutes. I have 3 more different computers on the same network (2 laptops, one workstation), some of them are wired, some wireless, one even has the same OS )Windows 7/64bit. All have VPN configured the same way to the same workplace - but they work perfectly without disconnections/freezes, and the forth PC - does not."

    I read elsewhere that Windows firewall might be blocking replies from the dhcp server whilst the VPN connection is open. This causes the VPN connection to drop out at the end of the dhcp lease period

    ...?
    Last edited: Jan 5, 2014
  2. Aquinus

    Aquinus Resident Wat-man

    Joined:
    Jan 28, 2012
    Messages:
    5,887 (6.59/day)
    Thanks Received:
    1,888
    Location:
    Concord, NH
    What Linksys adapter are you using? I've had a number of issues with me AE2500, not just with OpenVPN but anything that makes it run too hot. I had to remove the case on the adapter just so it can keep kind of cool. I use OVPN at work and I used to administer it.

    Are you running OpenVPN on the router and essentially adding your work network to your home network or is each computer connecting to the VPN individually? If it's the latter, I suspect an issue with the client, not the server. Could you output what OVPN says once it stops responding and have you tried pinging a device on the work network without DNS? I find that DNS doesn't always switch when I connect. Granted I usually connect in Linix and I manually copy a new /etc/resolve.conf to take care of it, but since it initially starts working, I'm skeptical that's the issue.

    Can you ping computer B from computer A or C over the VPN connection? Pinging the VPN IP for Comp B when it stops responding?
  3. newconroer

    Joined:
    Jun 20, 2007
    Messages:
    2,814 (1.09/day)
    Thanks Received:
    263
    Hi,

    The adapter is a [get back to you on that].

    Each device boots up and then connects individually to different VPN servers.
    Are you familiar with Viscosity? That's the GUI/client I am using.

    The next time it stops I will try pinging another device and also check the log.
  4. Aquinus

    Aquinus Resident Wat-man

    Joined:
    Jan 28, 2012
    Messages:
    5,887 (6.59/day)
    Thanks Received:
    1,888
    Location:
    Concord, NH
    Sorry, I tend to use the CLI client. I like the verbosity. I don't know if Viscosity has any options for logging or debugging, but I would be surprised if it didn't.
  5. newconroer

    Joined:
    Jun 20, 2007
    Messages:
    2,814 (1.09/day)
    Thanks Received:
    263
    Last edited: Dec 30, 2013
  6. newconroer

    Joined:
    Jun 20, 2007
    Messages:
    2,814 (1.09/day)
    Thanks Received:
    263
    Alright, switched back to wireless and it dropped with the log :

    Dec 30 01:37:40: State changed to Connecting
    Dec 30 01:37:41: Viscosity 1.0.0 (1034)
    Dec 30 01:37:41: Running on Microsoft Windows 7 Ultimate
    Dec 30 01:37:41: Bringing up interface...
    Dec 30 01:37:41: Checking reachability status of connection...
    Dec 30 01:37:42: Connection is reachable. Starting connection attempt.
    Dec 30 01:37:42: OpenVPN 2.3.2 Windows-MSVC [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Dec 13 2013
    Dec 30 01:37:43: Attempting to establish TCP connection with [AF_INET]109.123.107.155:80 [nonblock]
    Dec 30 01:37:44: TCP connection established with [AF_INET]109.123.107.155:80
    Dec 30 01:37:44: TCPv4_CLIENT link local: [undef]
    Dec 30 01:37:44: TCPv4_CLIENT link remote: [AF_INET]109.123.107.155:80
    Dec 30 01:37:44: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Dec 30 01:37:44: [*.earthvpn.com] Peer Connection Initiated with [AF_INET]109.123.107.155:80
    Dec 30 01:37:49: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Dec 30 01:37:49: open_tun, tt->ipv6=0
    Dec 30 01:37:49: TAP-WIN32 device [Viscosity] opened: \\.\Global\{7705A231-89E9-48A1-B0BC-289AFC23A14D}.tap
    Dec 30 01:37:49: Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.179.17/255.255.255.252 on interface {7705A231-89E9-48A1-B0BC-289AFC23A14D} [DHCP-serv: 192.168.179.18, lease-time: 31536000]
    Dec 30 01:37:49: Successful ARP Flush on interface [14] {7705A231-89E9-48A1-B0BC-289AFC23A14D}
    Dec 30 01:37:55: Initialization Sequence Completed
    Dec 30 01:37:55: State changed to Connected
    Dec 30 01:45:43: [*.earthvpn.com] Inactivity timeout (--ping-restart), restarting
    Dec 30 01:45:43: SIGUSR1[soft,ping-restart] received, process restarting
    Dec 30 01:45:43: State changed to Connecting

    Timeout I can agree with, as per the symptoms - but why is inactivity affecting this device and not the others?

    I noticed on the failing computer that WLAN configuration service is not turned started/turned on.
  7. remixedcat

    remixedcat

    Joined:
    May 13, 2010
    Messages:
    2,578 (1.70/day)
    Thanks Received:
    523
    Turn on the service.

    Also make sure the WLAN channel isn't congested that the Linksys is using.

    Also do you have any energy saving features on the adapter? If so turn those off.
    newconroer and Aquinus say thanks.
  8. newconroer

    Joined:
    Jun 20, 2007
    Messages:
    2,814 (1.09/day)
    Thanks Received:
    263
    Turned on the service and got a new error now :


    Dec 30 02:34:03: ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=11]
    Dec 30 02:34:03: env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    Dec 30 02:34:03: Initialization Sequence Completed
    Dec 30 02:34:03: State changed to Connected


    Channel should not be congested; only two wireless devices (this one and a mobile phone).

    The linksys device is quite basic in terms of configuration. There will be no power or advanced features.

    Considering this only happens when connected to the VPN, it should be independent of the activity status of the adapter itself.
    Last edited: Dec 30, 2013
  9. Aquinus

    Aquinus Resident Wat-man

    Joined:
    Jan 28, 2012
    Messages:
    5,887 (6.59/day)
    Thanks Received:
    1,888
    Location:
    Concord, NH
    Do you have another wireless adapter to can try it with to try and rule out the adapter itself? You could try a different channel just for the sake of trying it. Some channels have more noise than others.
  10. newconroer

    Joined:
    Jun 20, 2007
    Messages:
    2,814 (1.09/day)
    Thanks Received:
    263
    I ran the sequence again - connected wireless, connected VPN and then let it sit for twenty minutes.
    I checked one website, which worked, and then right afterwards I got the disconnect again.

    [*.earthvpn.com] Inactivity timeout (--ping-restart), restarting
    SIGUSR1[soft,ping-restart] received, process restarting
    State changed to Connecting


    So it's holding the connection until a point of 'inactivity' but only disconnects after I try to use it again - not before!?!?

    I do in fact, and will do that shortly - need to clarify if it's the wireless service or just the adapter itself.


  11. newconroer

    Joined:
    Jun 20, 2007
    Messages:
    2,814 (1.09/day)
    Thanks Received:
    263
    With the other adapter (USB based)[and on a different channel], it times out quicker:

    Dec 30 04:38:25: State changed to Connecting
    Dec 30 04:38:25: Viscosity 1.0.0 (1034)
    Dec 30 04:38:25: Running on Microsoft Windows 7 Ultimate
    Dec 30 04:38:26: Bringing up interface...
    Dec 30 04:38:27: Checking reachability status of connection...
    Dec 30 04:38:31: Connection is reachable. Starting connection attempt.
    Dec 30 04:38:31: OpenVPN 2.3.2 Windows-MSVC [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Dec 13 2013
    Dec 30 04:38:33: Attempting to establish TCP connection with [AF_INET]95.154.217.109:80 [nonblock]
    Dec 30 04:38:34: TCP connection established with [AF_INET]95.154.217.109:80
    Dec 30 04:38:34: TCPv4_CLIENT link local: [undef]
    Dec 30 04:38:34: TCPv4_CLIENT link remote: [AF_INET]95.154.217.109:80
    Dec 30 04:38:35: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Dec 30 04:38:36: [*.earthvpn.com] Peer Connection Initiated with [AF_INET]95.154.217.109:80
    Dec 30 04:38:40: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Dec 30 04:38:40: open_tun, tt->ipv6=0
    Dec 30 04:38:40: TAP-WIN32 device [Viscosity] opened: \\.\Global\{7705A231-89E9-48A1-B0BC-289AFC23A14D}.tap
    Dec 30 04:38:40: Notified TAP-Windows driver to set a DHCP IP/netmask of 192.168.179.13/255.255.255.252 on interface {7705A231-89E9-48A1-B0BC-289AFC23A14D} [DHCP-serv: 192.168.179.14, lease-time: 31536000]
    Dec 30 04:38:40: Successful ARP Flush on interface [14] {7705A231-89E9-48A1-B0BC-289AFC23A14D}
    Dec 30 04:38:45: Warning: route gateway is ambiguous: 192.168.0.1 (2 matches)
    Dec 30 04:38:45: env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    Dec 30 04:38:46: Initialization Sequence Completed
    Dec 30 04:38:46: State changed to ConnectedDec 30 04:39:28: [*.earthvpn.com] Inactivity timeout (--ping-restart), restarting
    Dec 30 04:39:28: SIGUSR1[soft,ping-restart] received, process restarting
    Dec 30 04:39:28: State changed to Connecting


    That was one website visit before it disconnected.

    Note the routing comment in the fifth to last lines.

    On the first adapter it was :
    Dec 30 02:34:03: ROUTE: route addition failed using CreateIpForwardEntry: The object already exists. [status=5010 if_index=11]

    On this adapter it changed to :
    Dec 30 04:38:45: Warning: route gateway is ambiguous: 192.168.0.1 (2 matches)


    So that's two failures via wireless and none via wired.
    Last edited: Dec 30, 2013
  12. BiggieShady

    BiggieShady

    Joined:
    Feb 8, 2012
    Messages:
    924 (1.05/day)
    Thanks Received:
    300
    Location:
    Zagreb, Croatia
    You could try restarting your DHCP service and if it doesn't help try resetting winsock in cmd as admin:
    Code:
    netsh winsock reset
    newconroer says thanks.
  13. Aquinus

    Aquinus Resident Wat-man

    Joined:
    Jan 28, 2012
    Messages:
    5,887 (6.59/day)
    Thanks Received:
    1,888
    Location:
    Concord, NH
    Your network and the VPN network aren't on the same subnet, are they?

    What's your subnet and the VPN's subnet?
  14. newconroer

    Joined:
    Jun 20, 2007
    Messages:
    2,814 (1.09/day)
    Thanks Received:
    263
    I am not familiar with how to manually restart the DHCP other than to toggle it on/off in the router page?

    What's the purpose of resetting winsock - you think there's corruption in the catalog?

    ending .252 for VPN
    ending .250 for my subnet
  15. Aquinus

    Aquinus Resident Wat-man

    Joined:
    Jan 28, 2012
    Messages:
    5,887 (6.59/day)
    Thanks Received:
    1,888
    Location:
    Concord, NH
    That doesn't help me? I wanted the full subnet, not just the mask.
    For example mine at my network in my house is 10.0.0.0/24 with 10.0.0.1 as the gateway and at work it is 10.255.0.0/16 with 10.255.255.254 as the gateway.
  16. newconroer

    Joined:
    Jun 20, 2007
    Messages:
    2,814 (1.09/day)
    Thanks Received:
    263
    I changed the port from 80 to 443 on the failing connection and it has been up (and physically inactive on my part) for about half an hour.
    I tried various websites and the connection is still responding.


    [​IMG]
    Last edited: Dec 30, 2013
  17. newconroer

    Joined:
    Jun 20, 2007
    Messages:
    2,814 (1.09/day)
    Thanks Received:
    263
    Connection lasted for just under an hour then reset. This time however, it didn't require any involvement from me - it had already timed out on it's own.

    The facts :

    -Only happens when using VPN
    -Only happens on wireless (that I can tell)
    -Tried two wireless devices with same results
    -Used different port for the VPN
  18. remixedcat

    remixedcat

    Joined:
    May 13, 2010
    Messages:
    2,578 (1.70/day)
    Thanks Received:
    523
    Mabye it's a bug with the VPN software and wireless controllers. What kinda encryption are you using?
  19. newconroer

    Joined:
    Jun 20, 2007
    Messages:
    2,814 (1.09/day)
    Thanks Received:
    263
    Possibly; I'll look for another VPN client.

    OpenVPN protocol uses AES cipher with 128bit and 256bit(Optional) encryption, hash algorithm is 160bit SHA1, control channel is TLSv1/SSLv3 DHE-RSA-AES256-SHA and 2048 bit RSA.

    EDIT: Changed to a more basic Open VPN client. OpenVPN as a protocol is not an option, so I chose SSTP which connected and am going to try it in about half an hour.
    Last edited: Dec 30, 2013
  20. newconroer

    Joined:
    Jun 20, 2007
    Messages:
    2,814 (1.09/day)
    Thanks Received:
    263
    Basic Open VPN under SSTP as previously mentioned, eventually died out with the following :

    [​IMG]

    I question whether it really has anything to do with password or authentication, seeing as how it connected for thirty + minutes without fault.

    I have enabled logging - and hopefully will turn something up.
  21. kn00tcn

    kn00tcn

    Joined:
    Feb 9, 2009
    Messages:
    650 (0.33/day)
    Thanks Received:
    116
    Location:
    Toronto
    if you make computer A wireless, will it start dropping as well?
  22. Finners

    Joined:
    May 9, 2011
    Messages:
    126 (0.11/day)
    Thanks Received:
    32
    Have you got the wireless device set up to have a static IP?
  23. newconroer

    Joined:
    Jun 20, 2007
    Messages:
    2,814 (1.09/day)
    Thanks Received:
    263
    Haven't tried that; but may do so in a short bit here
    Originally it did and we had the same problems
  24. remixedcat

    remixedcat

    Joined:
    May 13, 2010
    Messages:
    2,578 (1.70/day)
    Thanks Received:
    523
    Sounds like you got an encryption problem.

    How secure is your network?
  25. newconroer

    Joined:
    Jun 20, 2007
    Messages:
    2,814 (1.09/day)
    Thanks Received:
    263
    I would not say it's overtly secure - and the settings between both computers are near identical in terms of active services.

    I've just plugged in a wireless adapter on this main working computer to see if it produces the same fault.

Currently Active Users Viewing This Thread: 2 (0 members and 2 guests)

Share This Page