FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
892 views 2 comments
by anonymous

Hello community,

I am new here, so please let me know if I am missing any data you need for answering my question.

I am using a RUT240 and trying to establish a stable connection to an OpenVPN-Server (using the RUT as client). Basically it works and the RUT connects to the server.
Every 60 minutes there is a soft reset which seems to work fine as well.
However, sometimes the server logs are telling "AEAD Decrypt error: bad packet ID (may be a replay)". According to Google this is also not a major issue if I understand it correct.

Not the real issue: After while I can see in the server logs (the "XXX" come from my side):
localhost ovpn-server[6478]: Rut/92.195.170.XXX:57079 [Rut] Inactivity timeout (--ping-restart), restarting
localhost ovpn-server[6478]: Rut/92.195.170.XXX:57079 SIGUSR1[soft,ping-restart] received, client-instance restarting

After this log, there is not further log anymore. RUT seems to not reconnect until I restart the RUT.

Since the RUT is not at my location, it is a little bit difficult for diagnosys or onsite hands on.

Is this a know issue or any configuration I can set in the RUT or on the server? Do you need any further logs from server and/or client?

Thanks in advance for your help!
Ben

1 Answer

0 votes
by anonymous

Hello,

Make sure your RUT240 is running on one of the new firmware versions. Update if necessary.

Is the RUT240 Internet connection itself stable all time? It happens that the operator updates the IP settings every hour, so the connection may be interrupted for a short time. Review logread output via CLI/SSH.

Also check that you have set up Keep Alive on the client side correctly. Keep Alive defines two time intervals: the first is used to periodically send ICMP requests to the OpenVPN server, the second one defines a time window, which is used to restart the OpenVPN service if no ICMP response is received during the specified time slice. 

Example: 10 120

Regards.

by anonymous
Hello,

thanks for your reply. Unfortunately the firmware was not up to date so I fixed that. However, I am still having problems after hours or sometimes days in regards to OpenVPN disconnect and not reconnecting automatically.

I did not find the Keep Alive setting. I used the server-generated .ovpn-Profile to set up the Client. Can I still define it somewhere in the GUI or via SSH?

Regards,
Benny
by anonymous

You can edit OpenVPN setting via CLI/SSH client on the /etc/config/openvpn file. You need to use vi as editor and add "option keepalive" parameters.

root@Teltonika:~# vi /etc/config/openvpn

config webui 'webui'

        option _auth 'tls'

config openvpn 'nn'

        option keepalive '10 120'

        option _name 'nn'

        list data_ciphers 'BF-CBC'

        option nobind '1'

        option persist_key '1'

        option port '1194'

        option dev 'tun_c_nn'

        .

        .

        .

Don't forget to apply settings, for this save the changes and reload openvpn service;

root@Teltonika:~# /etc/init.d/openvpn reload