Well now it timed out in less than 3 minutes. This is the server openvpn.log
Thu Jan 1 23:15:04 2015 192.168.200.116:50290 TLS: Initial packet from
[AF_INET]192.168.200.116:50290 (via [AF_INET]192.168.200.1%br0), sid=bfb37b79
340ac555
Thu Jan 1 23:17:32 2015 192.168.200.116:50290 [UNDEF] Inactivity timeout
(--ping-restart), restarting
Thu Jan 1 23:17:32 2015 192.168.200.116:50290 SIGUSR1[soft,ping-restart]
received, client-instance restarting
I can get it to work using a 8192 DH parameters but 16384 is a no go.
> Date: Thu, 1 Jan 2015 22:00:04 -0500
> From: xenoph...@godshell.com
> To: bird_...@hotmail.com
> CC: janj...@nikhef.nl; openvpn-users@lists.sourceforge.net
> Subject: Re: [Openvpn-users] Testing with large keys
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> jack seth wrote:
> > Could possibly be that. I ran your command below and I get 180
> > also. Is there a way to temporarily disable it? Does this happen on
> > TCP streams?
>
> That would be for UDP streams. There are a number of parameters for tcp
> connections .. Check out the /proc/sys/net/netfilter directory on your
> linux box.
>
> I wouldn't disable it, but you could determine if that's what the
> problem is by changing the value and verifying if the behavior changes.
> You can use sysctl to set a new value :
>
> $ sudo sysctl -w net.netfilter.nf_conntrack_udp_timeout_stream=240
>
> That would change the setting to 240 seconds. If this ends up being the
> problem, you can make these settings permanent via /etc/sysctl.conf.
>
> - --
> - ---------------------------
> Jason 'XenoPhage' Frisvold
> xenoph...@godshell.com
> - ---------------------------
>
> "Any sufficiently advanced magic is indistinguishable from technology."
> - - Niven's Inverse of Clarke's Third Law
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAlSmCbQACgkQ8CjzPZyTUTTjYwCeJ1kdh3XFe3mOXsXHF1nGa2tn
> ehIAnjiX89HjsBPPHzgZCgcrkWbjrk0E
> =w6KA
> -----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
