Home / server / Questions / 614170
Accepted
zymhan
Asked: 2014-07-22 04:59:17 +0800 CST

Unusual OpenVPN server log entries every minute - Connection reset, restarting [0]

  • 772

OpenVPN is running on pfSense 2.0-release. Until recently, these messages had not occurred. In the OpenVPN server logs, the follwing set of messages repeats every minute

openvpn[34562]: xx.xx.xx.xx:11553 Connection reset, restarting [0]
openvpn[34562]: TCPv4_SERVER link remote: [AF_INET]xx.xx.xx.xx:11553
openvpn[34562]: TCPv4_SERVER link local: [undef]
openvpn[34562]: TCP connection established with [AF_INET]xx.xx.xx.xx:11553
openvpn[34562]: LZO compression initialized
openvpn[34562]: Re-using SSL/TLS context
openvpn[34562]: xx.xx.xx.xx:54881 Connection reset, restarting [0]
openvpn[34562]: TCPv4_SERVER link remote: [AF_INET]xx.xx.xx.xx:54881
openvpn[34562]: TCPv4_SERVER link local: [undef]
openvpn[34562]: TCP connection established with [AF_INET]xx.xx.xx.xx:54881
openvpn[34562]: LZO compression initialized
openvpn[34562]: Re-using SSL/TLS context
openvpn

2 Answers

  1. You shouldn't use TCP unless that's your only option, always preferable to tunnel anything in connectionless protocols. Not directly related to the issue, but I would change that to UDP. Doing so would possibly help this problem (though it's probably indicative of some other root cause).

    The "connection reset" is the cause of the issue, it's a question of why the TCP connection is being dropped or abandoned. If your config kills states on gateway failure, and your gateway monitor isn't reliably replying, it could be repeatedly killing states. Checking a packet capture of the traffic would be telling.

    The logs you posted don't show any signs of issues with keepalives. I wouldn't touch that, and revert any changes you made related to that.

    • 2
  2. Best Answer

    I forget I ever asked this question! I figured out the problem with the help of tech support. The issue was that we were monitoring the OpenVPN TCP port on the server with Zabbix, which was opening a connection every minute to confirm the port was open. Once it confirmed the port was open, Zabbix would close the connection, causing the "Connection reset" messages. In retrospect the ephemeral port numbers of the connecting client should have been a bigger clue that the issue wasn't with OpenVPN itself.

    Nothing like finding out that your problem was caused by you all along.

    • 2