Hi James et al., I'm running OpenVPN quite successfully on 20 Windows XP roadwarrios, in order to access different networks. All the clients access a single VPN concentrator (2.0.9 on Debian Etch) using x.509 authentication and depending on a few server-side scripts they receive personalized routes and iptables rules. (Nb: the INPUT chain is empty and defaults to ACCEPT, only FORWARD rules are defined by the scripts).
So far so good, the setup works flawlessly pretty much all the time. Almost two or three times a month though, one or two roadwarriors (I've not been able to extrapolate a pattern, it happens to random people), loses all the OpenVPN-pushed routes. The VPN connection is still up and running: if you add the routes manually it keeps on working without an itch. A reboot restores normal behaviour. The client in the logs receives the following two warnings in the System Event log: 1) Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00FF97B41B3C. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. 2) Your computer has automatically configured the IP address for the Network Card with network address 00FF97B41B3C. The IP address being used is 169.254.236.158. So it basically wasn't able to renew the DHCP lease, hence the dropping of the routes. (Note that the initiale DHCP works fine, the client receives its routes correctly. It's just that afterwards, I believe on the subsequent renew but I'm not 100% sure, it fails and it loses all the VPN-pushd routes). I've tried the tap-sleep option and raised the waiting time to no avail. I'll now try the --dhcp-renew and --dhcp-release options, but I suspect they won't help much. I hope I can get a packet trace of this problem, but so far I've never been able to reproduce under wireshark. Any tips/hints on how to nail down and debug this beast? thanks, Michele
signature.asc
Description: Digital signature
