SSL VPN disconnects after few minutes

Question

Hey there, 
 I've some problems with our ssl vpn, which are affecting some of our users. They connect successfully but than they get a disconnect after a few minutes or even seconds. 
 The idle timeout is set to 30min. Already tried to reinstall the sll client. 
 Any Ideas? 
 
 Wed Nov 27 11:47:16 2019 [8739] ::ffff:91.22.XXXXXXX TLS: Initial packet from [AF_INET6]::ffff:91.22.XXXXXXX:61202 (via ::ffff:87.XXXXXXX%Port2), sid=7cde2d7a 522c9793 ....CUT Wed Nov 27 11:47:16 2019 [8739] ::ffff:91.22.XXXXXXX PLUGIN_CALL: POST /lib/openvpn-plugin-utm.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2 Wed Nov 27 11:47:16 2019 [8739] ::ffff:91.22.XXXXXXX TLS: Username/Password authentication deferred for username 'ssl.vpn.user' [CN SET] Wed Nov 27 11:47:16 2019 [8739] ::ffff:91.22.XXXXXXX Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Wed Nov 27 11:47:16 2019 [8739] ::ffff:91.22.XXXXXXX Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Wed Nov 27 11:47:16 2019 [8739] ::ffff:91.22.XXXXXXX Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Wed Nov 27 11:47:16 2019 [8739] ::ffff:91.22.XXXXXXX Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Wed Nov 27 11:47:16 2019 [8739] ::ffff:91.22.XXXXXXX Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA Wed Nov 27 11:47:16 2019 [8739] ::ffff:91.22.XXXXXXX [ssl.vpn.user] Peer Connection Initiated with [AF_INET6]::ffff:91.22.XXXXXX:61202 (via ::ffff:87.190.XXXXXX%Port2) Wed Nov 27 11:47:17 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX OPTIONS IMPORT: reading client specific options from: /cfs/system/openvpn/conf.d/ssl.vpn.user Wed Nov 27 11:47:17 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX MULTI_sva: pool returned IPv4=10.10.80.3, IPv6=2001:db8::1:2 Wed Nov 27 11:47:17 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX ifconfig_pool_remote_ipv6:2001:db8::1:2 Wed Nov 27 11:47:17 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX ifconfig_remote_ip: 91.22.XXXXXXX, isipv4c: 1 Authentication server 127.0.0.1 gave login response code 2 Wed Nov 27 11:47:17 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX PLUGIN_CALL: POST /lib/openvpn-plugin-utm.so/PLUGIN_CLIENT_CONNECT status=0 Wed Nov 27 11:47:17 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_9d4cd1ae4e174fc2bb122aeb13de936f.tmp Wed Nov 27 11:47:17 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX ifconfig_pool_remote_ipv6:2001:db8::1:2 Wed Nov 27 11:47:17 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX ifconfig_remote_ip: 91.22.XXXXXXX, isipv4c: 1 INSERT 0 1 COMMIT script ipv4 --> ipset v6.14: Element cannot be deleted from the set: it's not added ipset v6.14: Element cannot be deleted from the set: it's not added ipset v6.14: Element cannot be deleted from the set: it's not added script ipv4 <-- Wed Nov 27 11:47:17 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_17862e3adcc2956dc31f7afcb8492d88.tmp Wed Nov 27 11:47:17 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX ifconfig_pool_remote_ipv6:2001:db8::1:2 Wed Nov 27 11:47:17 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX ifconfig_remote_ip: 91.22.XXXXXX, isipv4c: 1 Wed Nov 27 11:47:17 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX MULTI: Learn: 10.10.80.3 -> ssl.vpn.user/::ffff:91.22.XXXXXXX Wed Nov 27 11:47:17 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX MULTI: primary virtual IP for ssl.vpn.user/::ffff:91.22.XXXXXXX: 10.10.80.3 Wed Nov 27 11:47:17 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX MULTI: Learn: 2001:db8::1:2 -> ssl.vpn.user/::ffff:91.22.XXXXXXX Wed Nov 27 11:47:17 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX MULTI: primary virtual IPv6 for ssl.vpn.user/::ffff:91.22.XXXXXXX: 2001:db8::1:2 Wed Nov 27 11:47:19 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX PUSH: Received control message: 'PUSH_REQUEST' Wed Nov 27 11:47:19 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX send_push_reply(): safe_cap=940 Wed Nov 27 11:47:19 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX Host:::ffff:91.22.XXXXXXX Port:61202 Wed Nov 27 11:47:19 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX Is IPv4 :1 Wed Nov 27 11:47:19 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX send_push_reply(): suppress sending 'tun-ipv6' Wed Nov 27 11:47:19 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX SENT CONTROL [ssl.vpn.user]: 'PUSH_REPLY,route-gateway 10.10.80.1,ping 45,ping-restart 180,redirect-gateway def1,topology subnet,route remote_host 255.255.255.255 net_gateway,dhcp-option DNS 10.10.10.1,dhcp-option DOMAIN XXXX.local.local,ifconfig 10.10.80.3 255.255.255.0' (status=1) 
 Wed Nov 27 11:47:25 2019 [8739] CID is :401 
 .......CUT Wed Nov 27 11:52:55 2019 [8739] CID is :426 Wed Nov 27 11:52:57 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX [ssl.vpn.user] Inactivity timeout (--ping-restart), restarting Wed Nov 27 11:52:57 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX SIGUSR1[soft,ping-restart] received, client-instance restarting Authentication server 127.0.0.1 gave login response code 2 GARNER: log disconnect event: username=ssl.vpn.user Wed Nov 27 11:52:57 2019 [8739] PLUGIN_CALL: POST /lib/openvpn-plugin-utm.so/PLUGIN_CLIENT_DISCONNECT status=0 DELETE 1 COMMIT ipset v6.14: Element cannot be deleted from the set: it's not added ipset v6.14: Element cannot be deleted from the set: it's not added ipset v6.14: Element cannot be deleted from the set: it's not added Wed Nov 27 11:52:57 2019 [8739] WARNING: Failed running command (--client-disconnect): external program exited with error status: 1 Wed Nov 27 11:53:10 2019 [8739] CID is :401

Vishal_R · Answer

Hi Jonnie Based on below logs line : Wed Nov 27 11:52:57 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX [ssl.vpn.user] Inactivity timeout (--ping-restart), restarting Wed Nov 27 11:52:57 2019 [8739] ssl.vpn.user/::ffff:91.22.XXXXXXX SIGUSR1[soft,ping-restart] received, client-instance restarting Possibilities : 1) The network between end client computer and the remote VPN server has dropped out. 2) If you are connecting from a specific location and are seeing regular drop outs it is recommended to confirm the issue by changing the protocol and port used for SSL VPN if any possibility. 3) Some stateful firewalls or NAT routers may blocking a connection in between end system and SSL VPN server. 
 If your computer has firewall on or Internet security software installed, or you have a firewall activated on your router, try temporarily disabling it and see if the Inactivity timeouts still occur. 
 4) Please ensure two openvpn client processes on the client machine not in a running state at the same time. Please try to verify above steps and confirm the issue status.