Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN disconnects intermittently (every few weeks)

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 735 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vpnguy
      last edited by

      I have latest pfsense 2.5.2 running an OpenVPN client through the device running 24/7. However, every few weeks I have to refresh the connection in the Status -> OpenVPN page. When this happens it shows no IP address for the connection.

      I'm pretty new to pfsense and firewalls so if any helpful person needs more info from me on my setup please let me know.

      Below are my OpenVPN client settings, followed by the OpenVPN logs:

      Settings:

      Server Mode: Peer to Peer (SSL/TLS)
      Protocol: UDP on IPv4 only
      Device mode: Layer 3 Tunnel Mode
      Interface: WAN
      Server host: myvpnprovider.com
      Server port: 1912
      Proxy Authentication: none
      User Authentication: (username, password)
      Authentication Retry: Unchecked (retries the connection when authentication fails)
      TLS Configuration:
      User a TLS Key
      <OpenVPN Static key value>
      TLS Key Usage Mode: TLS Authentication
      TLS keydir direction: Default direction
      Peer certificate authority: (provided by VPN provider)
      Client certificate: None (username/ password required)
      Data encryption negotiation: enabled
      Data encryption algorithms:
      AES-128-CBC (128 bit key, 128 bit block)
      AES-128-CFB (128 bit key, 128 bit block)
      AES-128-CFB1 (128 bit key, 128 bit block)
      AES-128-CFB8 (128 bit key, 128 bit block)
      AES-128-GCM (128 bit key, 128 bit block)
      AES-128-OFB (128 bit key, 128 bit block)
      AES-128-CBC (192 bit key, 128 bit block)
      AES-128-CFB (192 bit key, 128 bit block)
      AES-128-CFB1 (192 bit key, 128 bit block)
      AES-128-CFB8 (192 bit key, 128 bit block)
      AES-256-GCM
      AES-128-GCM
      Fallback Data Encryption Algorithm: AES-256-GCM (256 bit key, 128 bit block)
      Auth digest algorithm: SHA256 (256-bit)
      Hardware Crypto: No Hardware Crypto Acceleration
      Tunnel settings: (blank)
      Limit outgoing bandwidth: Between 100 and 100,000,000 bytes/sec
      Allow Compression: Decompress incoming, do not compress outgoing (asymmetric)
      Compression: Disable Compression [Omit Preference]
      Topology: Subnet -- One IP address per client in a common subnet
      Type-of-Service: blank
      Don't pull routes: blank
      Don't add/remove routes: blank
      Pull DNS: blank
      Ping Settings:
      Inactive: 0
      Ping method: keepalive -- Use keepalive helper
      Interval: 10
      Timeout: 60
      Advanced configuration:
      Custom options:
      persis-key
      persist-tun
      remote-cert-tls server
      reneg-sec 0
      auth-retry interact
      UDP Fast I/0: blank
      Exit Notify: Disabled
      Send/Receive Buffer: Default
      Gateway creation: IPv4 only
      Verbosity level: default

      Logs:

      Jan 11 11:29:03 openvpn 57365 RESOLVE: Cannot resolve host address: myvpnprovider.com:1912 (Name does not resolve)
      Jan 11 11:29:03 openvpn 57365 Could not determine IPv4/IPv6 protocol
      Jan 11 11:29:03 openvpn 57365 SIGUSR1[soft,init_instance] received, process restarting
      Jan 11 11:34:03 openvpn 57365 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

      (these log entries repeat every few minutes until I manually refresh the VPN connection in Status -> OpenVPN)

      GertjanG 1 Reply Last reply Reply Quote 0
      • B
        bcruze
        last edited by bcruze

        You are at the mercy of your vpn provider for stability… doesn’t mean it’s your hardware or your internet connection, but it could be

        Use the remote host command for it to reconnect to the next online server: https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/
        Under tunnel options

        I also prefer to use the server external ip… since we do not know what dns servers you are using
        … some are set to block vpn provider servers

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @vpnguy
          last edited by

          @vpnguy

          The question :

          @vpnguy said in OpenVPN disconnects intermittently (every few weeks):

          OpenVPN disconnects intermittently (every few weeks)

          The answer :

          @vpnguy said in OpenVPN disconnects intermittently (every few weeks):

          RESOLVE: Cannot resolve host address: myvpnprovider.com:1912 (Name does not resolve)

          In short : at Jan 11 11:29:03 the OpenVPN client wanted to reconnect to VPN server, as it does what we all do :
          Take "myvpnprovider.com" as it can't understand what that is (only humans can) and use the DNS to translate (also called resolve) that into an IP.
          But the asnwer was : Cannot resolve host address: myvpnprovider.com:1912 (Name does not resolve), so, it stopped.

          If you tryu to call some one, and you have his name, you use a phone book to look up the number, tight ?
          It's exactly the same thing. If you can't find the phone book, you pass on to something else, you can't phone the guy.

          You could look into the log of your "DNS" (the resolver log) to see what unbound (the resolver) was doing at that moment ?
          Example : unbound was restarting at that moment ?
          Because, example, your WAN IP changed at that moment (see the system log at around that moment) ? When the WAN IP changes, many processes get restarted.

          Maybe the OpenVPN client restarted before unbound was restarted, that would explain the " (Name does not resolve)".
          This is what is known as a race condition.

          A possible solution :
          Look up the IP of "myvpnprovider.com" yourself :

          host myvpnprovider.com

          and use the IP found here :

          66c5aeec-0eb1-4d5f-9f76-19a03ba86e21-image.png

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • V
            vpnguy
            last edited by

            Good ideas, I will try these out when back at the office. My concern would be that the VPN server IP's might not be static but I will take that up with the VPN provider.

            1 Reply Last reply Reply Quote 0
            • V vpnguy referenced this topic on
            • V vpnguy referenced this topic on
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.