"Error writing to SSL connection" with security/openfortivpn

lessless

lessless

Hi,

I'm using openfortivpn 1.21.0 on `FreeBSD:14:amd64` and it dies after a couple of minutes with the following error:


Code: 
DEBUG:  ppp ---> gateway (54 bytes)
ppp:   00 21 45 00 00 34 00 00 40 00 40 06 c2 bd c0 a8 42 cb c3 ce b0 c4 b6 a2 01 bb 39 3f 6b c9 0f 0c ac 9a 80 14 00 00 87 a0 00 00 01 01 08 0a b9 69 a5 8d 16 f5 e8 18


DEBUG:  Error writing to SSL connection (Connection closed).
DEBUG:  Error reading from SSL connection (Operation timed out).
INFO:   Cancelling threads...
INFO:   Cleanup, joining threads...
DEBUG:  Disconnecting
INFO:   Setting tun0 interface down.
INFO:   Restoring routes...
DEBUG:  /sbin/route -n delete -host 195.206.176.196 192.168.66.1
delete host 195.206.176.196: gateway 192.168.66.1 fib 0: not in table
INFO:   Removing VPN nameservers...
DEBUG:  resolvconf_call: /sbin/resolvconf -d "tun0.openfortivpn"
DEBUG:  Waiting for ppp to exit...
DEBUG:  waitpid: ppp exit status code 0
DEBUG:  ppp: Successful exit.
INFO:   Terminated ppp.
INFO:   Closed connection to gateway.
DEBUG:  SO_KEEPALIVE: OFF
DEBUG:  TCP_KEEPIDLE: 7200
DEBUG:  TCP_KEEPINTVL: 75
DEBUG:  TCP_KEEPCNT: 8
DEBUG:  SO_SNDBUF: 32768
DEBUG:  SO_RCVBUF: 65536
DEBUG:  server_addr: 195.206.176.196
DEBUG:  server_port: 443
DEBUG:  gateway_ip: 195.206.176.196
DEBUG:  gateway_port: 443
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Setting minimum protocol version to: 0x303.
DEBUG:  Gateway certificate validation failed.
DEBUG:  Gateway certificate digest found in white list.

Full log: https://pastebin.com/xx8My56N


I tried suggested
Code: 
ppp.conf doas openfortivpn -c /usr/local/etc/openfortivpn/flattire  --ppp-system flattire-vpn -v -v
but without much luck

Code: 
flattire-client:
set dial
set speed 38400
set mru 1354
set login
set timeout 0
disable deflate pred1
deny deflate pred1


Any advice is appreciated!
 
lessless said:
it dies after a couple of minutes with the following error
Click to expand...
Is the connection passing through a firewall? Maybe a firewall state times out if the connection's been idle for a while. I get this with ssh(1) too if I don't pay attention and forgot to enable TCP_Keepalive. After leaving the connection idle for some time the firewall times out and the connection is dropped.
 
SirDice said:
Is the connection passing through a firewall? Maybe a firewall state times out if the connection's been idle for a while. I get this with ssh(1) too if I don't pay attention and forgot to enable TCP_Keepalive. After leaving the connection idle for some time the firewall times out and the connection is dropped.
Click to expand...

I suspect the issue is confined within the server boundaries. There is a Linux router nearby that's doing just fine.

Also, today I noticed that MTU on linux is 1354:
Code: 
21: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1354 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 3
link/ppp

and on FreeBSD it's 1500

Code: 
tun1: flags=1008051<UP,POINTOPOINT,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 1500
    options=80000<LINKSTATE>
    groups: tun
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    Opened by PID 24965

I tried to set it to 1354 with
Code: 
doas ifconfig tun1 mtu 1354
right after link goes up (manually so far)and I can see in debug logs that the packet size decreased DEBUG: ppp ---> gateway (1356 bytes)but it still breaks down:

Code: 
DEBUG:  Error writing to SSL connection (Connection closed).
DEBUG:  ppp ---> gateway (54 bytes)
INFO:   Cancelling threads...
ppp:   00 21 45 00 00 34 00 00 40 00 40 06 c2 bd c0 a8 42 cb c3 ce b0 c4 71 d3 01 bb 9b 28 fb ee 75 07 95 4b 80 14 00 00 a3 5f 00 00 01 01 08 0a c7 3a 4e a4 1e a3 11 d8


I also trimmed PPP settings to just

Code: 
cloudgateway-client:
 set timeout 0
 set iface idle 0
 
You must log in or register to reply here.
Back
Top