# OpenVPN Issues - SIGUSR1[soft,connection-reset] received, process restarting



## xNovax

I am trying to connect to my OpenVPN server from my schools wifi, but when I try to connect to it I get an error.

Code:



Code:


Mon Feb 03 08:51:27 2014 Warning: cannot open --log file: C:\Program Files\OpenVPN\log\falcon-router-TCP-443-xNovax-config.log: Access is denied.   (errno=5)
Mon Feb 03 08:51:27 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Mon Feb 03 08:51:36 2014 Control Channel Authentication: using 'falcon-router-TCP-443-xNovax-tls.key' as a OpenVPN static key file
Mon Feb 03 08:51:36 2014 Attempting to establish TCP connection with [AF_INET]My_IP:My_port
Mon Feb 03 08:51:36 2014 TCP connection established with [AF_INET]My_IP:My_port
Mon Feb 03 08:51:36 2014 TCPv4_CLIENT link local (bound): [undef]
Mon Feb 03 08:51:36 2014 TCPv4_CLIENT link remote: [AF_INET]My_IP:My_port
Mon Feb 03 08:51:37 2014 Connection reset, restarting [-1]
Mon Feb 03 08:51:37 2014 SIGUSR1[soft,connection-reset] received, process restarting


----------



## Ulquiorra

could be the port is filtered you running it on a standard port?, or that its a misconfiguration on your client (mostg common i find id complzo is misconfigured or Ta.key is missing)

check the logs on your openvpn server to see if they are telling you anything,


----------



## xNovax

It is running on port 443 which is the SSL port so it should not be filtering encrypted traffic. The client was built by the client export on the router so I doubt there is a misconfiguration.

It seems to be able to connect but then there is an error or something somewhere.

Once I get home I will check the server and see if there is any error output.


----------



## Ulquiorra

the only way o troubleshooting it then is getting the logs from the server

they are usualy in
/var/log/openvpn/openvpn.log
or
/var/log/messages

the soft reset hints at either misconfig or blocking


----------



## xNovax

If this may help here is my client config.

Code:



Code:


dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote My_IP 443 tcp
lport 0
verify-x509-name "xNovax" name
auth-user-pass
pkcs12 falcon-router-TCP-443-xNovax.p12
tls-auth falcon-router-TCP-443-xNovax-tls.key 1

And this is what is in the log of the client

Code:



Code:


Mon Feb 03 09:19:58 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Enter Management Password:
Mon Feb 03 09:19:58 2014 MANAGEMENT: Socket bind failed on local address [AF_INET]127.0.0.1:25340: Address already in use (WSAEADDRINUSE)
Mon Feb 03 09:19:58 2014 Exiting due to fatal error


----------



## Ulquiorra

OHHHH just thought, Have you installed / running OpenVPN as admin?

also failing that try adding

first
# Enable compression on the VPN link.
comp-lzo

after (take the above out)
# Set log file verbosity.
verb 5


----------



## xNovax

Quote:


> Originally Posted by *Ulquiorra*
> 
> OHHHH just thought, Have you installed / running OpenVPN as admin?
> 
> also failing that try adding
> 
> first
> # Enable compression on the VPN link.
> comp-lzo
> 
> after (take the above out)
> # Set log file verbosity.
> verb 5


There is no compression running on the link, I took it off before because I thought it was what was causing the error.
So where should I put
verb 5


----------



## Ulquiorra

into the client config (something.ovpn), then remport it into the gui


----------



## xNovax

This is what the output window is saying now

Code:



Code:


Mon Feb 03 10:45:25 2014   pkcs11_protected_authentication = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_protected_authentication = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_protected_authentication = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_protected_authentication = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_protected_authentication = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_private_mode = 00000000
Mon Feb 03 10:45:25 2014   pkcs11_private_mode = 00000000
Mon Feb 03 10:45:25 2014   pkcs11_private_mode = 00000000
Mon Feb 03 10:45:25 2014   pkcs11_private_mode = 00000000
Mon Feb 03 10:45:25 2014   pkcs11_private_mode = 00000000
Mon Feb 03 10:45:25 2014   pkcs11_private_mode = 00000000
Mon Feb 03 10:45:25 2014   pkcs11_private_mode = 00000000
Mon Feb 03 10:45:25 2014   pkcs11_private_mode = 00000000
Mon Feb 03 10:45:25 2014   pkcs11_private_mode = 00000000
Mon Feb 03 10:45:25 2014   pkcs11_private_mode = 00000000
Mon Feb 03 10:45:25 2014   pkcs11_private_mode = 00000000
Mon Feb 03 10:45:25 2014   pkcs11_private_mode = 00000000
Mon Feb 03 10:45:25 2014   pkcs11_private_mode = 00000000
Mon Feb 03 10:45:25 2014   pkcs11_private_mode = 00000000
Mon Feb 03 10:45:25 2014   pkcs11_private_mode = 00000000
Mon Feb 03 10:45:25 2014   pkcs11_private_mode = 00000000
Mon Feb 03 10:45:25 2014   pkcs11_cert_private = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_cert_private = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_cert_private = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_cert_private = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_cert_private = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_cert_private = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_cert_private = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_cert_private = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_cert_private = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_cert_private = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_cert_private = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_cert_private = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_cert_private = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_cert_private = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_cert_private = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_cert_private = DISABLED
Mon Feb 03 10:45:25 2014   pkcs11_pin_cache_period = -1
Mon Feb 03 10:45:25 2014   pkcs11_id = '[UNDEF]'
Mon Feb 03 10:45:25 2014   pkcs11_id_management = DISABLED
Mon Feb 03 10:45:25 2014   server_network = 0.0.0.0
Mon Feb 03 10:45:25 2014   server_netmask = 0.0.0.0
Mon Feb 03 10:45:25 2014   server_network_ipv6 = ::
Mon Feb 03 10:45:25 2014   server_netbits_ipv6 = 0
Mon Feb 03 10:45:25 2014   server_bridge_ip = 0.0.0.0
Mon Feb 03 10:45:25 2014   server_bridge_netmask = 0.0.0.0
Mon Feb 03 10:45:25 2014   server_bridge_pool_start = 0.0.0.0
Mon Feb 03 10:45:25 2014   server_bridge_pool_end = 0.0.0.0
Mon Feb 03 10:45:25 2014   ifconfig_pool_defined = DISABLED
Mon Feb 03 10:45:25 2014   ifconfig_pool_start = 0.0.0.0
Mon Feb 03 10:45:25 2014   ifconfig_pool_end = 0.0.0.0
Mon Feb 03 10:45:25 2014   ifconfig_pool_netmask = 0.0.0.0
Mon Feb 03 10:45:25 2014   ifconfig_pool_persist_filename = '[UNDEF]'
Mon Feb 03 10:45:25 2014   ifconfig_pool_persist_refresh_freq = 600
Mon Feb 03 10:45:25 2014   ifconfig_ipv6_pool_defined = DISABLED
Mon Feb 03 10:45:25 2014   ifconfig_ipv6_pool_base = ::
Mon Feb 03 10:45:25 2014   ifconfig_ipv6_pool_netbits = 0
Mon Feb 03 10:45:25 2014   n_bcast_buf = 256
Mon Feb 03 10:45:25 2014   tcp_queue_limit = 64
Mon Feb 03 10:45:25 2014   real_hash_size = 256
Mon Feb 03 10:45:25 2014   virtual_hash_size = 256
Mon Feb 03 10:45:25 2014   client_connect_script = '[UNDEF]'
Mon Feb 03 10:45:25 2014   learn_address_script = '[UNDEF]'
Mon Feb 03 10:45:25 2014   client_disconnect_script = '[UNDEF]'
Mon Feb 03 10:45:25 2014   client_config_dir = '[UNDEF]'
Mon Feb 03 10:45:25 2014   ccd_exclusive = DISABLED
Mon Feb 03 10:45:25 2014   tmp_dir = 'C:\Users\Aaron\AppData\Local\Temp\'
Mon Feb 03 10:45:25 2014   push_ifconfig_defined = DISABLED
Mon Feb 03 10:45:25 2014   push_ifconfig_local = 0.0.0.0
Mon Feb 03 10:45:25 2014   push_ifconfig_remote_netmask = 0.0.0.0
Mon Feb 03 10:45:25 2014   push_ifconfig_ipv6_defined = DISABLED
Mon Feb 03 10:45:25 2014   push_ifconfig_ipv6_local = ::/0
Mon Feb 03 10:45:25 2014   push_ifconfig_ipv6_remote = ::
Mon Feb 03 10:45:25 2014   enable_c2c = DISABLED
Mon Feb 03 10:45:25 2014   duplicate_cn = DISABLED
Mon Feb 03 10:45:25 2014   cf_max = 0
Mon Feb 03 10:45:25 2014   cf_per = 0
Mon Feb 03 10:45:25 2014   max_clients = 1024
Mon Feb 03 10:45:25 2014   max_routes_per_client = 256
Mon Feb 03 10:45:25 2014   auth_user_pass_verify_script = '[UNDEF]'
Mon Feb 03 10:45:25 2014   auth_user_pass_verify_script_via_file = DISABLED
Mon Feb 03 10:45:25 2014   client = ENABLED
Mon Feb 03 10:45:25 2014   pull = ENABLED
Mon Feb 03 10:45:25 2014   auth_user_pass_file = 'stdin'
Mon Feb 03 10:45:25 2014   show_net_up = DISABLED
Mon Feb 03 10:45:25 2014   route_method = 0
Mon Feb 03 10:45:25 2014   ip_win32_defined = DISABLED
Mon Feb 03 10:45:25 2014   ip_win32_type = 3
Mon Feb 03 10:45:25 2014   dhcp_masq_offset = 0
Mon Feb 03 10:45:25 2014   dhcp_lease_time = 31536000
Mon Feb 03 10:45:25 2014   tap_sleep = 0
Mon Feb 03 10:45:25 2014   dhcp_options = DISABLED
Mon Feb 03 10:45:25 2014   dhcp_renew = DISABLED
Mon Feb 03 10:45:25 2014   dhcp_pre_release = DISABLED
Mon Feb 03 10:45:25 2014   dhcp_release = DISABLED
Mon Feb 03 10:45:25 2014   domain = '[UNDEF]'
Mon Feb 03 10:45:25 2014   netbios_scope = '[UNDEF]'
Mon Feb 03 10:45:25 2014   netbios_node_type = 0
Mon Feb 03 10:45:25 2014   disable_nbt = DISABLED
Mon Feb 03 10:45:25 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Mon Feb 03 10:45:25 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Feb 03 10:45:25 2014 Need hold release from management interface, waiting...
Mon Feb 03 10:45:25 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Feb 03 10:45:25 2014 MANAGEMENT: CMD 'state on'
Mon Feb 03 10:45:25 2014 MANAGEMENT: CMD 'log all on'
Mon Feb 03 10:45:25 2014 MANAGEMENT: CMD 'hold off'
Mon Feb 03 10:45:25 2014 MANAGEMENT: CMD 'hold release'
Mon Feb 03 10:45:36 2014 MANAGEMENT: CMD 'username "Auth" "xNovax"'
Mon Feb 03 10:45:36 2014 MANAGEMENT: CMD 'password [...]'
Mon Feb 03 10:45:36 2014 MANAGEMENT: CMD 'proxy NONE  '
Mon Feb 03 10:45:37 2014 Control Channel Authentication: using 'falcon-router-TCP-443-xNovax-tls.key' as a OpenVPN static key file
Mon Feb 03 10:45:37 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Feb 03 10:45:37 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Feb 03 10:45:37 2014 Control Channel MTU parms [ L:1559 D:168 EF:68 EB:0 ET:0 EL:0 ]
Mon Feb 03 10:45:37 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Feb 03 10:45:37 2014 Data Channel MTU parms [ L:1559 D:1450 EF:59 EB:4 ET:0 EL:0 ]
Mon Feb 03 10:45:37 2014 Local Options String: 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Mon Feb 03 10:45:37 2014 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Mon Feb 03 10:45:37 2014 Local Options hash (VER=V4): '7004d33d'
Mon Feb 03 10:45:37 2014 Expected Remote Options hash (VER=V4): '2f085942'
Mon Feb 03 10:45:37 2014 Attempting to establish TCP connection with [AF_INET]My_IP:443
Mon Feb 03 10:45:37 2014 MANAGEMENT: >STATE:1391442337,TCP_CONNECT,,,
Mon Feb 03 10:45:37 2014 TCP connection established with [AF_INET]My_IP:443
Mon Feb 03 10:45:37 2014 TCPv4_CLIENT link local (bound): [undef]
Mon Feb 03 10:45:37 2014 TCPv4_CLIENT link remote: [AF_INET]My_IP:443
Mon Feb 03 10:45:37 2014 MANAGEMENT: >STATE:1391442337,WAIT,,,
Mon Feb 03 10:45:37 2014 Connection reset, restarting [-1]
Mon Feb 03 10:45:37 2014 TCP/UDP: Closing socket
Mon Feb 03 10:45:37 2014 SIGUSR1[soft,connection-reset] received, process restarting
Mon Feb 03 10:45:37 2014 MANAGEMENT: >STATE:1391442337,RECONNECTING,connection-reset,,
Mon Feb 03 10:45:37 2014 Restart pause, 5 second(s)


----------



## Ulquiorra

Feb 03 10:45:37 2014 TCP connection established with [AF_INET]My_IP:443
Mon Feb 03 10:45:37 2014 TCPv4_CLIENT link local (bound): [undef]
Mon Feb 03 10:45:37 2014 TCPv4_CLIENT link remote: [AF_INET]My_IP:443
Mon Feb 03 10:45:37 2014 MANAGEMENT: >STATE:1391442337,WAIT,,,
Mon Feb 03 10:45:37 2014 Connection reset, restarting [-1]
Mon Feb 03 10:45:37 2014 TCP/UDP: Closing socket
Mon Feb 03 10:45:37 2014 SIGUSR1[soft,connection-reset] received, process restarting
Mon Feb 03 10:45:37 2014 MANAGEMENT: >STATE:1391442337,RECONNECTING,connection-reset,,
Mon Feb 03 10:45:37 2014 Restart pause, 5 second(s)

im afraid the onlt way to troubleshoot more is to look at the server logs, your establishing a link fine, but then its diconnecting you, i can have a look at your server config later if youd like (or i could drop you my settings)


----------



## xNovax

Quote:


> Originally Posted by *Ulquiorra*
> 
> Feb 03 10:45:37 2014 TCP connection established with [AF_INET]My_IP:443
> Mon Feb 03 10:45:37 2014 TCPv4_CLIENT link local (bound): [undef]
> Mon Feb 03 10:45:37 2014 TCPv4_CLIENT link remote: [AF_INET]My_IP:443
> Mon Feb 03 10:45:37 2014 MANAGEMENT: >STATE:1391442337,WAIT,,,
> Mon Feb 03 10:45:37 2014 Connection reset, restarting [-1]
> Mon Feb 03 10:45:37 2014 TCP/UDP: Closing socket
> Mon Feb 03 10:45:37 2014 SIGUSR1[soft,connection-reset] received, process restarting
> Mon Feb 03 10:45:37 2014 MANAGEMENT: >STATE:1391442337,RECONNECTING,connection-reset,,
> Mon Feb 03 10:45:37 2014 Restart pause, 5 second(s)
> 
> im afraid the onlt way to troubleshoot more is to look at the server logs, your establishing a link fine, but then its diconnecting you, i can have a look at your server config later if youd like (or i could drop you my settings)


Once I get home at about 2:45 PM EST I will send you the server log.


----------



## xNovax

Here is what I have gotten out of the log.

These are the 50 that were listed in the UI.


I checked the openvpn.log file and this is what I got.
It is fairly long so I put it into a .txt file.

OpenVPNLog.txt 183k .txt file


----------



## Ulquiorra

I notice your running it on 192.168.2.1, you sure the network ranges dont mismatch? you shoudl really use something on the 10.X.X or the 172.16.X.X

Jan 31 19:00:03 falcon-router openvpn[82736]: 66.97.29.130:3703 Connection reset, restarting [-1]
Jan 31 19:00:08 falcon-router openvpn[82736]: 66.97.29.130:42175 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan 31 19:00:08 falcon-router openvpn[82736]: 66.97.29.130:42175 TLS Error: TLS handshake failed
Jan 31 19:00:08 falcon-router openvpn[82736]: 66.97.29.130:42175 Fatal TLS error (check_tls_errors_co), restarting
Jan 31 19:00:08 falcon-router openvpn[82736]: TCP connection established with [AF_INET]66.97.29.130:36160

Suddgets the above, make sure the networks dont mash,

otherwise connection could be blocked outbound / drop openvpn traffic

As a side note, look at using TA.key as well







, it helps a bit with security


----------



## xNovax

Quote:


> Originally Posted by *Ulquiorra*
> 
> I notice your running it on 192.168.2.1, you sure the network ranges dont mismatch? you shoudl really use something on the 10.X.X or the 172.16.X.X
> 
> Jan 31 19:00:03 falcon-router openvpn[82736]: 66.97.29.130:3703 Connection reset, restarting [-1]
> Jan 31 19:00:08 falcon-router openvpn[82736]: 66.97.29.130:42175 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
> Jan 31 19:00:08 falcon-router openvpn[82736]: 66.97.29.130:42175 TLS Error: TLS handshake failed
> Jan 31 19:00:08 falcon-router openvpn[82736]: 66.97.29.130:42175 Fatal TLS error (check_tls_errors_co), restarting
> Jan 31 19:00:08 falcon-router openvpn[82736]: TCP connection established with [AF_INET]66.97.29.130:36160
> 
> Suddgets the above, make sure the networks dont mash,
> 
> otherwise connection could be blocked outbound / drop openvpn traffic
> 
> As a side note, look at using TA.key as well
> 
> 
> 
> 
> 
> 
> 
> , it helps a bit with security


So what exactly should I change. When I change my Tunnel Local IP from 192.168.2.x it won't start the open vpn service.


----------



## Ulquiorra

It would be entire VPN scope,

you need to change the server.conf to something like.

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.8.66.0 255.255.255.0

Then also make sure that if you change this you change the CCD values

-bash-3.2# cat /etc/openvpn/ccd/necurity
ifconfig-push 10.8.66.18 10.8.66.17


----------



## fastfood

You could check the DNS entry on your Ovpn server System. Make sure you use a truly resolving DNS. (For testing you could use 8.8.8.8 <- its the google dns).

Best regards


----------



## xNovax

Quote:


> Originally Posted by *fastfood*
> 
> You could check the DNS entry on your Ovpn server System. Make sure you use a truly resolving DNS. (For testing you could use 8.8.8.8 <- its the google dns).
> 
> Best regards


I have switched to a new router and am now using a windows domain VPN.


----------

