OpenVPN problem

We have a bunch of Teltonika RUT300 with openvpn installation. SW release RUT30X_R_00.07.10 cause openvpn to hang after 20 min / 2 hours of operation without any errors. Simply traffic stops going to the tunnel, overall operation is ok. We downgraded devices to the old firmware RUT30X_R_00.07.07.3 where this problem is absent (openvpn work properly). Can Teltonika team help to troubleshoot newest sw release to resolve this issue?

1 Like

Update. Just installed latest release * Firmware version RUT30X_R_00.07.10.2
Doen’t fix openvpn hanging problem. Device stops sending packets to openvpn tunnel after an hour of operation.

There is an openvpn log and seems problem is related to DCO
Thu Nov 7 12:17:25 2024 daemon.notice openvpn(Liga534)[3670]: Validating certificate extended key usage
Thu Nov 7 12:17:25 2024 daemon.notice openvpn(Liga534)[3670]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Nov 7 12:17:25 2024 daemon.notice openvpn(Liga534)[3670]: VERIFY EKU OK
Thu Nov 7 12:17:25 2024 daemon.notice openvpn(Liga534)[3670]: VERIFY OK: depth=0, CN=openvpn
Thu Nov 7 12:17:26 2024 daemon.notice openvpn(Liga534)[3670]: peer info: IV_VER=2.6.12
Thu Nov 7 12:17:26 2024 daemon.notice openvpn(Liga534)[3670]: peer info: IV_PLAT=linux
Thu Nov 7 12:17:26 2024 daemon.notice openvpn(Liga534)[3670]: peer info: IV_TCPNL=1
Thu Nov 7 12:17:26 2024 daemon.notice openvpn(Liga534)[3670]: peer info: IV_CIPHERS=AES-256-GCM:AES-256-CBC:CHACHA20-POLY1305
Thu Nov 7 12:17:26 2024 daemon.notice openvpn(Liga534)[3670]: peer info: IV_PROTO=714
Thu Nov 7 12:17:26 2024 daemon.notice openvpn(Liga534)[3670]: peer info: IV_LZO_STUB=1
Thu Nov 7 12:17:26 2024 daemon.notice openvpn(Liga534)[3670]: peer info: IV_COMP_STUB=1
Thu Nov 7 12:17:26 2024 daemon.notice openvpn(Liga534)[3670]: peer info: IV_COMP_STUBv2=1
Thu Nov 7 12:17:26 2024 daemon.notice openvpn(Liga534)[3670]: peer info: IV_HWADDR=02:e5:15:33:57:1d
Thu Nov 7 12:17:26 2024 daemon.notice openvpn(Liga534)[3670]: peer info: IV_SSL=OpenSSL_3.0.2_15_Mar_2022
Thu Nov 7 12:17:26 2024 daemon.notice openvpn(Liga534)[3670]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
Thu Nov 7 12:20:26 2024 daemon.notice openvpn(Liga534)[3670]: dco_get_peer_stats: netlink reports object not found, ovpn-dco unloaded?
Thu Nov 7 12:20:26 2024 daemon.notice openvpn(Liga534)[3670]: dco_get_peer_stats: failed to send netlink message: No such file or directory (-2)
Thu Nov 7 12:20:36 2024 daemon.notice openvpn(Liga534)[3670]: dco_get_peer_stats: netlink reports object not found, ovpn-dco unloaded?
Thu Nov 7 12:20:36 2024 daemon.notice openvpn(Liga534)[3670]: dco_get_peer_stats: failed to send netlink message: No such file or directory (-2)
Thu Nov 7 12:20:46 2024 daemon.notice openvpn(Liga534)[3670]: dco_get_peer_stats: netlink reports object not found, ovpn-dco unloaded?
Thu Nov 7 12:20:46 2024 daemon.notice openvpn(Liga534)[3670]: dco_get_peer_stats: failed to send netlink message: No such file or directory (-2)
Thu Nov 7 12:20:56 2024 daemon.notice openvpn(Liga534)[3670]: dco_get_peer_stats: netlink reports object not found, ovpn-dco unloaded?
Thu Nov 7 12:20:56 2024 daemon.notice openvpn(Liga534)[3670]: dco_get_peer_stats: failed to send netlink message: No such file or directory (-2)
Thu Nov 7 12:21:06 2024 daemon.notice openvpn(Liga534)[3670]: dco_get_peer_stats: netlink reports object not found, ovpn-dco unloaded?
Thu Nov 7 12:21:06 2024 daemon.notice openvpn(Liga534)[3670]: dco_get_peer_stats: failed to send netlink message: No such file or directory (-2)
Thu Nov 7 12:21:16 2024 daemon.notice openvpn(Liga534)[3670]: dco_get_peer_stats: netlink reports object not found, ovpn-dco unloaded?
Thu Nov 7 12:21:16 2024 daemon.notice openvpn(Liga534)[3670]: dco_get_peer_stats: failed to send netlink message: No such file or directory (-2)
Thu Nov 7 12:21:26 2024 daemon.notice openvpn(Liga534)[3670]: dco_get_peer_stats: netlink reports object not found, ovpn-dco unloaded?
Thu Nov 7 12:21:26 2024 daemon.notice openvpn(Liga534)[3670]: dco_get_peer_stats: failed to send netlink message: No such file or directory (-2)
Thu Nov 7 12:21:36 2024 daemon.notice openvpn(Liga534)[3670]: dco_get_peer_stats: netlink reports object not found, ovpn-dco unloaded?
Thu Nov 7 12:21:36 2024 daemon.notice openvpn(Liga534)[3670]: dco_get_peer_stats: failed to send netlink message: No such file or directory (-2)
Thu Nov 7 12:21:46 2024 daemon.notice openvpn(Liga534)[3670]: dco_get_peer_stats: netlink reports object not found, ovpn-dco unloaded?
Thu Nov 7 12:21:46 2024 daemon.notice openvpn(Liga534)[3670]: dco_get_peer_stats: failed to send netlink message: No such file or directory (-2)
Thu Nov 7 12:21:56 2024 daemon.notice openvpn(Liga534)[3670]: dco_get_peer_stats: netlink reports object not found, ovpn-dco unloaded?

Hello,

We apologize for any inconvenience this issue has caused. This is a known problem, and our developers are currently working on a fix. I will keep you updated as soon as there is any news.

Thank you for your understanding and patience.

Best regards,

Thanks for reply. For us it is very important to fix as all used devices are operating with openvpn

We understand your concern. As a temporary solution, we recommend downgrading your device’s firmware to a version that does not have issues with OpenVPN.

Best regards,

Downgrade is an option, but in my case some devices installed in remote areas where I can’t access. Downgrade does not keep configuration and router is connected to gw with ip 192.168.1.1. In this case it won’t be accessible even via rms. So, for some cases it is a deadlock. is there are any option to disable DCO remotely via ssh?

Hello,

There is a workaround available: you can use the Extra options field and type disable-dco there. Additionally, you can increase the keepalive values through SSH by following these steps:

  1. Execute vi /etc/config/openvpn.
  2. Press i to enter edit mode.
  3. Under your OpenVPN configuration, add the line list extra 'disable-dco' to disable DCO. To increase the keepalive value, modify the number in option keepalive '10 120'.
  4. Press Esc.
  5. Type :wq and press Enter to save and quit.
  6. Execute /etc/init.d/openvpn restart to restart the OpenVPN service.

Please let me know if you need any further assistance!

Best regards,

This topic was automatically closed after 13 days. New replies are no longer allowed.