linux and vpn connection issues

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

linux and vpn connection issues

kris duff
Hello,

My question is not directly related on the gumstix but since my software is running on the gumstix and here people have a lot of good ideas, I am taking my chance.

I am using an external enclosed radio (connected to the gumstix using ethernet). The radio is a DHCP server and always gives the same IP to the gumstix.

I uses an openvpn client on the gumstix to establish the connection from the outside world.

sometimes, the radio lose it's connection to the 3g network and after a while, the radio get signal and all the LED are blinking normally (telling me that the connection is ok). But, I need to reboot the system to get the communication on the gumstix.

I cannot reproduce this behavior in my lab.

But, I need to understand what is going on. To make things more difficult, the problematic systems are 1000km away.

So, would you have any suggestion for me to try to pinpoint the problem ?

Should I log ping result on the different interface ? Is there any tool to do this kind of diagnostic ?

Thank you a lot

Regards

------------------------------------------------------------------------------

_______________________________________________
gumstix-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gumstix-users
Reply | Threaded
Open this post in threaded view
|

Re: linux and vpn connection issues

Akram Hameed
Hi Kris,

Do you have the keepalive option set in your OpenVPN server configuration? It should help you watch the connection and if it fails, in my experience, a reconnection is prompted.


# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120
There's also an option that might help depending on your problem:


- If the connection persists on the server a long time, it will reject new connections from your client.

This is because default behaviour is to not allow duplicate common-name connections.


You can work around it (insecurely, I might add...) by changing a setting:
# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn
Notes taken from: https://openvpn.net/index.php/open-source/documentation/howto.html

You could also use something like monit: https://mmonit.com/monit/

Which is a tiny program for monitoring processes, sockets...network endpoints. So, add a rule to do a ping test on your VPN server. If the ping test fails > X times, then attempt to restart the openvpn client (or perform some other network action for example).

Good luck!

Cheers,

Akram


On Thu, Dec 1, 2016 at 7:36 AM, kris duff <[hidden email]> wrote:
Hello,

My question is not directly related on the gumstix but since my software is running on the gumstix and here people have a lot of good ideas, I am taking my chance.

I am using an external enclosed radio (connected to the gumstix using ethernet). The radio is a DHCP server and always gives the same IP to the gumstix.

I uses an openvpn client on the gumstix to establish the connection from the outside world.

sometimes, the radio lose it's connection to the 3g network and after a while, the radio get signal and all the LED are blinking normally (telling me that the connection is ok). But, I need to reboot the system to get the communication on the gumstix.

I cannot reproduce this behavior in my lab.

But, I need to understand what is going on. To make things more difficult, the problematic systems are 1000km away.

So, would you have any suggestion for me to try to pinpoint the problem ?

Should I log ping result on the different interface ? Is there any tool to do this kind of diagnostic ?

Thank you a lot

Regards

------------------------------------------------------------------------------

_______________________________________________
gumstix-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gumstix-users



------------------------------------------------------------------------------

_______________________________________________
gumstix-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gumstix-users
Reply | Threaded
Open this post in threaded view
|

Re: linux and vpn connection issues

kris duff
Akram,

Thank you so much for your reply.

Regarding the keepalive, yes it is enabled by default. And it is working very good in the lab ...

I was not aware of the duplicate thing. I will have a look, but as you stated, it is unsecure so not the good thing to put in place on production environment :-)

Also, thank you for the monit tool, I will have a look.

Regards

Kris


On Wednesday, November 30, 2016 4:46 PM, Akram Hameed <[hidden email]> wrote:


Hi Kris,

Do you have the keepalive option set in your OpenVPN server configuration? It should help you watch the connection and if it fails, in my experience, a reconnection is prompted.


# The keepalive directive causes ping-like
# messages to be sent back and forth over
# the link so that each side knows when
# the other side has gone down.
# Ping every 10 seconds, assume that remote
# peer is down if no ping received during
# a 120 second time period.
keepalive 10 120
There's also an option that might help depending on your problem:


- If the connection persists on the server a long time, it will reject new connections from your client.

This is because default behaviour is to not allow duplicate common-name connections.


You can work around it (insecurely, I might add...) by changing a setting:
# Uncomment this directive if multiple clients
# might connect with the same certificate/key
# files or common names. This is recommended
# only for testing purposes. For production use,
# each client should have its own certificate/key
# pair.
#
# IF YOU HAVE NOT GENERATED INDIVIDUAL
# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
# EACH HAVING ITS OWN UNIQUE "COMMON NAME",
# UNCOMMENT THIS LINE OUT.
;duplicate-cn
Notes taken from: https://openvpn.net/index.php/open-source/documentation/howto.html

You could also use something like monit: https://mmonit.com/monit/

Which is a tiny program for monitoring processes, sockets...network endpoints. So, add a rule to do a ping test on your VPN server. If the ping test fails > X times, then attempt to restart the openvpn client (or perform some other network action for example).

Good luck!

Cheers,

Akram


On Thu, Dec 1, 2016 at 7:36 AM, kris duff <[hidden email]> wrote:
Hello,

My question is not directly related on the gumstix but since my software is running on the gumstix and here people have a lot of good ideas, I am taking my chance.

I am using an external enclosed radio (connected to the gumstix using ethernet). The radio is a DHCP server and always gives the same IP to the gumstix.

I uses an openvpn client on the gumstix to establish the connection from the outside world.

sometimes, the radio lose it's connection to the 3g network and after a while, the radio get signal and all the LED are blinking normally (telling me that the connection is ok). But, I need to reboot the system to get the communication on the gumstix.

I cannot reproduce this behavior in my lab.

But, I need to understand what is going on. To make things more difficult, the problematic systems are 1000km away.

So, would you have any suggestion for me to try to pinpoint the problem ?

Should I log ping result on the different interface ? Is there any tool to do this kind of diagnostic ?

Thank you a lot

Regards

------------------------------ ------------------------------ ------------------

______________________________ _________________
gumstix-users mailing list
[hidden email]
https://lists.sourceforge.net/ lists/listinfo/gumstix-users





------------------------------------------------------------------------------

_______________________________________________
gumstix-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/gumstix-users
Reply | Threaded
Open this post in threaded view
|

Re: linux and vpn connection issues

Pilgrim_32
This post has NOT been accepted by the mailing list yet.
In reply to this post by kris duff
Truly useful and informative information on solving the vpn connection issues. I am in search of the free vpn server software for my computer to use fast vpn services. Got to know about few good software’s. Planning to download the best one soon with help of my friend as he is a software engineer.