LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-20-2017, 04:57 PM   #1
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,407
Blog Entries: 4

Rep: Reputation: 3836Reputation: 3836Reputation: 3836Reputation: 3836Reputation: 3836Reputation: 3836Reputation: 3836Reputation: 3836Reputation: 3836Reputation: 3836Reputation: 3836
One(!) OpenVPN client re-connects hundreds of times each day


We use OpenVPN to connect to a remote server, and have used script-generated duplicate configurations for each one. Nearly all of these operate flawlessly ... except clients who are within the client's place of business. We see their OpenVPN server re-connnecting to us literally hundreds of times a day, every day. The client experiences erratic network performance connecting to our administrative web-site through this tunnel. No one else does. I believe that the reconnections are occurring because the tunnel has dropped, but the server-side log files give little indication. (UDP, not TCP/IP, is used for the data transfer.) The reconnections are always uneventful.

In trying to understand the problem, we installed an OpenVPN client on a couple of machines within their network and had users use this client to connect. They experienced similar problems if they connect from the office.

A significant finding in their client log is this:
Code:
2017-06-19 07:59:52 Tunnelblick[452] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9806)
2017-06-19 07:59:53 Tunnelblick[452] CFNetwork SSLHandshake failed (-9806)
... and the second message is repeated 4 times.

This continues once a second for about 32 seconds, then we see this:
Code:
2017-06-19 07:57:28 Tunnelblick[510] currentIPInfo(Name): IP address info could not be fetched within 32.3 seconds; the error was 'Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." 
UserInfo={_kCFStreamErrorCodeKey=-9806, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x106435220 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." 
UserInfo={NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFNetworkCFStreamSSLErrorOriginalValue=-9806,
 _kCFStreamPropertySSLClientCertificateState=0, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.,
 _kCFStreamErrorDomainKey=3, NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, _kCFStreamErrorCodeKey=-9806}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., 
NSErrorFailingURLKey=https://www.tunnelblick.net/ipinfo, NSErrorFailingURLStringKey=https://www.tunnelblick.net/ipinfo,
 _kCFStreamErrorDomainKey=3}'; the response was '(null)'
The machine in question is an OS/X box, and I don't know if this log is actually related to the network instability that we are experiencing. (It could well be something peculiar to the OpenVPN client program, which is TunnelBlick.) I am trying to obtain log files from their primary OpenVPN client router.

My suspicion is that the client has intermittent internet connectivity but might not be aware of it. Still, I need to gather more evidence of this.

Last edited by sundialsvcs; 06-20-2017 at 05:02 PM.
 
Old 06-21-2017, 07:32 AM   #2
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 15,700

Rep: Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222Reputation: 2222
It seems to be bellyaching about SSL. What's the story there?
Also, some other errors caught my attention
Code:
bash: syntax error near unexpected token `('
bash: you: command not found
bash: SSL: command not found
Looks like some scripting syntax error is loose. Have fun. One other thing to check is that there isn't a $PATH enviroment variable set in your script leaving out important directories.
 
Old 06-21-2017, 08:38 AM   #3
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,407

Original Poster
Blog Entries: 4

Rep: Reputation: 3836Reputation: 3836Reputation: 3836Reputation: 3836Reputation: 3836Reputation: 3836Reputation: 3836Reputation: 3836Reputation: 3836Reputation: 3836Reputation: 3836
I'm beginning to decide that this must be something that TunnelBlick is doing on its own e.g. "phoning home." But it isn't succeeding. I don't think I yet have the necessary clue here. I've asked for a copy of the OpenVPN client log of the actual machine that's bouncing.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN connects but no replies to pings Paintball_Star7 Linux - Networking 1 01-11-2011 12:55 AM
OpenVPN connects but there is no traffic moby@root Linux - Networking 7 12-11-2010 05:30 AM
cron sessions opening hundreds of times linuxfia Linux - General 5 01-14-2009 07:24 PM
OpenVPN-client connects,cant see servers subnet andbn Linux - Networking 0 10-29-2007 01:24 PM
no internet, Firefox connects but times out, RHEL4 tidalbay Linux - Networking 2 02-21-2007 02:26 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration