Connection terminated every ~1 sec, but VPN works.

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
vir
Posts: 3
Joined: Mon Nov 11, 2024 6:43 am

Connection terminated every ~1 sec, but VPN works.

Post by vir » Mon Nov 11, 2024 6:59 am

I have strange behavior in the logs, not sure if this should be like this and I should be getting flooded with this messages by default.
The connection is established successfully, I can access the VPN connection. Still did not have a chance to measure real speed degradation, so not sure if the VPN is working right.

There is a message "Connection has been terminated" in the server logs as frequent as every or less of each second and instantly getting back "SSL communication for connection has been started"
Please let me know if this is correct behavior or something is wrong.

The log looks like and it grows up to ~100mb per day, per single VPN connection:

Code: Select all

2024-11-11 07:34:38.675 On the TCP Listener (Port 443), a Client (IP address <removed>, Host name "<removed>", Port number 63572) has connected.
2024-11-11 07:34:38.675 For the client (IP address: <removed>, host name: "<removed>", port number: 63572), connection "CID-40755" has been created.
2024-11-11 07:34:38.857 SSL communication for connection "CID-40755" has been started. The protocol version is TLSv1.3. The encryption algorithm name is "TLS_AES_256_GCM_SHA384".
2024-11-11 07:34:38.958 Connection "CID-40755" has been terminated.
2024-11-11 07:34:39.831 On the TCP Listener (Port 443), a Client (IP address <removed>, Host name "<removed>", Port number 63573) has connected.
2024-11-11 07:34:39.831 For the client (IP address: <removed>, host name: "<removed>", port number: 63573), connection "CID-40756" has been created.
2024-11-11 07:34:39.983 SSL communication for connection "CID-40756" has been started. The protocol version is TLSv1.3. The encryption algorithm name is "TLS_AES_256_GCM_SHA384".
2024-11-11 07:34:40.094 Connection "CID-40756" has been terminated.
2024-11-11 07:34:40.876 On the TCP Listener (Port 443), a Client (IP address <removed>, Host name "<removed>", Port number 63506) has connected.
2024-11-11 07:34:40.876 For the client (IP address: <removed>, host name: "<removed>", port number: 63506), connection "CID-40757" has been created.
2024-11-11 07:34:41.039 SSL communication for connection "CID-40757" has been started. The protocol version is TLSv1.3. The encryption algorithm name is "TLS_AES_256_GCM_SHA384".
2024-11-11 07:34:41.160 Connection "CID-40757" has been terminated.



solo
Posts: 1521
Joined: Sun Feb 14, 2021 10:31 am

Re: Connection terminated every ~1 sec, but VPN works.

Post by solo » Mon Nov 11, 2024 9:27 am

It's blocked by a firewall somewhere or there is port 443 conflict.

vir
Posts: 3
Joined: Mon Nov 11, 2024 6:43 am

Re: Connection terminated every ~1 sec, but VPN works.

Post by vir » Mon Nov 11, 2024 5:22 pm

Will explore in details. I have lighttpd, but was moved to 8443 from the beginning. Just confirmed it listens on 8443 port, on both SE servers (I have a cluster).
Another point, which I will explore - I have configured nftables in place, and open all input ports on input chain (type filter hook input priority 0) based on a nft set, both static (for known clients) and dynamic using fwknop service. Would this cause a problem? I checked during this log events - the source IP is in set.

ip saddr @vpn_allow_host_v4 counter accept

solo
Posts: 1521
Joined: Sun Feb 14, 2021 10:31 am

Re: Connection terminated every ~1 sec, but VPN works.

Post by solo » Mon Nov 11, 2024 10:24 pm

"blocked by a firewall somewhere" means DPI on ISP or along the way. Also, test as standalone first.

vir
Posts: 3
Joined: Mon Nov 11, 2024 6:43 am

Re: Connection terminated every ~1 sec, but VPN works.

Post by vir » Mon Nov 11, 2024 11:38 pm

Found who flooded me with the connections. Following configuration caused me this problem:
AccountDetailSet <vpn> /MAXTCP:1 /INTERVAL:1 /TTL:10 /HALF:no /BRIDGE:yes /MONITOR:no /NOTRACK:no /NOQOS:no /DISABLEUDP:no
reversed back to
AccountDetailSet <vpn> /MAXTCP:1 /INTERVAL:1 /TTL:0 /HALF:no /BRIDGE:yes /MONITOR:no /NOTRACK:no /NOQOS:no /DISABLEUDP:no
stopped to flood.

Any recommendation for TTL and purpose of one in this context?

Post Reply