TCP working always, UDP working rarely...
Working flawlessly when using tcp, over 3g or wifi.
but when changing proto to udp, it works once, but 50 times it doesn't "reset, reboot, re-install, restart server daemon, change network connection...etc", the thing is, it works sometimes!! so my config should be right, right? especially it *always* works if TCP.
The status just stops at "Wait" .... forever, tried 3g and wifi "two different networks".
Please help, since tcp is S..L..O..W.
Thanks for the tool by the way.
Galaxy tab
openvpn 2.1.1
busybox 1.17.1
working fine with TCP!
---------client.conf---------
client
dev tun
proto udp
remote 123.123.123.123 1194
nobind
persist-key
persist-tun
mute-replay-warnings
ca /sdcard/openvpn/ca.crt
cert /sdcard/openvpn/wolf.crt
key /sdcard/openvpn/wolf.key
ns-cert-type rnicrosoft
tls-auth /sdcard/openvpn/ta.key 1
cipher AES-128-CBC
comp-lzo
verb 0
----------openvpn.log "failed UDP connection"-------------
Wed Feb 2 06:00:16 2011 us=498083 11.11.11.11:51035 Re-using SSL/TLS context
Wed Feb 2 06:00:16 2011 us=498136 11.11.11.11:51035 LZO compression initialized
Wed Feb 2 06:00:16 2011 us=498416 11.11.11.11:51035 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Feb 2 06:00:16 2011 us=498441 11.11.11.11:51035 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 2 06:00:16 2011 us=498523 11.11.11.11:51035 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Wed Feb 2 06:00:16 2011 us=498539 11.11.11.11:51035 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Wed Feb 2 06:00:16 2011 us=498575 11.11.11.11:51035 Local Options hash (VER=V4): 'a2e63101'
Wed Feb 2 06:00:16 2011 us=498596 11.11.11.11:51035 Expected Remote Options hash (VER=V4): '272f1b58'
RWed Feb 2 06:00:16 2011 us=498684 11.11.11.11:51035 TLS: Initial packet from 11.11.11.11:51035, sid=63543461 c093b2b6
WRWWRWRWWWRWWRWWRWWRWWRWRWWRWWRWWRWWRWWRWWRWWRWWRWWRWWRWRWWWRWWRWWRWWRWRWWRWWRWWRWWWed Feb 2 06:01:16 2011 us=954631 11.11.11.11:51035 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed Feb 2 06:01:16 2011 us=954687 11.11.11.11:51035 TLS Error: TLS handshake failed
Wed Feb 2 06:01:16 2011 us=954781 11.11.11.11:51035 SIGUSR1[soft,tls-error] received, client-instance restarting
Wed Feb 2 06:01:17 2011 us=987640 MULTI: multi_create_instance called
Wed Feb 2 06:01:17 2011 us=987708 11.11.11.11:51045 Re-using SSL/TLS context
Wed Feb 2 06:01:17 2011 us=987739 11.11.11.11:51045 LZO compression initialized
Wed Feb 2 06:01:17 2011 us=987817 11.11.11.11:51045 Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:0 ]
Wed Feb 2 06:01:17 2011 us=987833 11.11.11.11:51045 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 2 06:01:17 2011 us=987872 11.11.11.11:51045 Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Wed Feb 2 06:01:17 2011 us=987901 11.11.11.11:51045 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Wed Feb 2 06:01:17 2011 us=987926 11.11.11.11:51045 Local Options hash (VER=V4): 'a2e63101'
Wed Feb 2 06:01:17 2011 us=987952 11.11.11.11:51045 Expected Remote Options hash (VER=V4): '272f1b58'
RWed Feb 2 06:01:17 2011 us=988005 11.11.11.11:51045 TLS: Initial packet from 11.11.11.11:51045, sid=356e5456 1f824040
WWRWWRWWRWWRWWRWWRWWRWWRWWRW
----------openvpn.log "successful TCP connection"-------------
Wed Feb 2 06:13:29 2011 us=101201 Re-using SSL/TLS context
Wed Feb 2 06:13:29 2011 us=101305 LZO compression initialized
Wed Feb 2 06:13:29 2011 us=101631 Control Channel MTU parms [ L:1560 D:168 EF:68 EB:0 ET:0 EL:0 ]
Wed Feb 2 06:13:29 2011 us=101682 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Feb 2 06:13:29 2011 us=101771 Local Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
Wed Feb 2 06:13:29 2011 us=101786 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
Wed Feb 2 06:13:29 2011 us=101825 Local Options hash (VER=V4): 'a642654b'
Wed Feb 2 06:13:29 2011 us=101846 Expected Remote Options hash (VER=V4): '0bdd0804'
Wed Feb 2 06:13:29 2011 us=101882 TCP connection established with 11.11.11.11:51268
Wed Feb 2 06:13:29 2011 us=101905 Socket Buffers: R=[131072->131072] S=[131072->131072]
Wed Feb 2 06:13:29 2011 us=101922 TCPv4_SERVER link local: [undef]
Wed Feb 2 06:13:29 2011 us=101938 TCPv4_SERVER link remote: 11.11.11.11:51268
RWed Feb 2 06:13:29 2011 us=938176 11.11.11.11:51268 TLS: Initial packet from 11.11.11.11:51268, sid=223d6876 14d07a22
WRRWWWWRWRWRWWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRRRRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWRWed Feb 2 06:13:35 2011 us=576045 11.11.11.11:51268 VERIFY OK: depth=1, /C=US/ST=NY/L=REDMOND/O=microsoft/CN=microsoft_CA/emailAddress=root@microsoft.com
Wed Feb 2 06:13:35 2011 us=576367 11.11.11.11:51268 VERIFY OK: depth=0, /C=US/ST=NY/L=REDMOND/O=microsoft/CN=billgates/emailAddress=root@microsoft.com
WRWRWRWRWRWRWRWed Feb 2 06:13:36 2011 us=442620 11.11.11.11:51268 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Feb 2 06:13:36 2011 us=442653 11.11.11.11:51268 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Feb 2 06:13:36 2011 us=442666 11.11.11.11:51268 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Wed Feb 2 06:13:36 2011 us=442697 11.11.11.11:51268 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
WWWRRWed Feb 2 06:13:37 2011 us=20535 11.11.11.11:51268 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Feb 2 06:13:37 2011 us=20596 11.11.11.11:51268 [billgates] Peer Connection Initiated with 11.11.11.11:51268
Wed Feb 2 06:13:37 2011 us=20664 billgates/11.11.11.11:51268 MULTI: Learn: 10.8.0.2 -> billgates/11.11.11.11:51268
Wed Feb 2 06:13:37 2011 us=20678 billgates/11.11.11.11:51268 MULTI: primary virtual IP for billgates/11.11.11.11:51268: 10.8.0.2
RWed Feb 2 06:13:39 2011 us=348364 billgates/11.11.11.11:51268 PUSH: Received control message: 'PUSH_REQUEST'
Wed Feb 2 06:13:39 2011 us=348430 billgates/11.11.11.11:51268 SENT CONTROL [billgates]: 'PUSH_REPLY,route-gateway 123.123.123.123,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route-gateway 10.8.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1)
WWWWRRRwrWRwrWRwrWR
---------iptables-save--------
root@bt:/etc/openvpn# iptables-save | grep -v # | grep -v :
*raw
COMMIT
*nat
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT
*mangle
COMMIT
*filter
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.8.0.0/24 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
COMMIT