OpenVPN client connections get dropped when rc.filter_configure_sync script runs (every 15min from crontab)
-
@dael-sutton said in OpenVPN client connections get dropped when rc.filter_configure_sync script runs (every 15min from crontab):
WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1571', remote='link-mtu 1555'
1571 and 1555 ??
-
Not sure what to do about that message, to be honest. It logs when the connection establishes, but everything appears to work fine, except for the disconnects with 'Permission denied (code=13)' on the quarter hour.
-
@dael-sutton Are there any firewall logs for that endpoint?
-
@silence Nothing form the endpoint, however I was ssh'd in watching the filter.log;
Feb 9 14:44:57 firewalk3 filterlog[26048]: 135,,,1593745551,em2,match,pass,in,4,0x0,,128,37015,0,DF,6,tcp,52,192.168.2.13,172.16.0.24,51278,3050,0,S,1825821203,,64240,,mss;nop;wscale;nop;nop;sackOK
Feb 9 14:44:57 firewalk3 filterlog[26048]: 135,,,1593745551,em2,match,pass,in,4,0x0,,128,37016,0,DF,6,tcp,52,192.168.2.13,172.16.0.24,51278,3050,0,S,1825821203,,64240,,mss;nop;wscale;nop;nop;sackOK
Feb 9 14:45:00 firewalk3 filterlog[26048]: 8,,,1000000103,ovpns1,match,block,in,4,0x0,,128,37102,0,DF,6,tcp,52,10.11.1.7,172.16.0.19,56913,9191,0,S,382678354,,64240,,mss;nop;wscale;nop;nop;sackOK
Feb 9 14:45:00 firewalk3 filterlog[26048]: 8,,,1000000103,ovpns1,match,block,in,4,0x0,,128,3652,0,DF,6,tcp,52,10.11.1.7,172.16.0.18,56914,631,0,S,2428094745,,64240,,mss;nop;wscale;nop;nop;sackOKand when the clock ticked 14:45:00 those two entries flicked past and my ssh connection got disconnected.
So it's probably nothing to do with OpenVPN and more to do with the firewall/filter stopping & starting and resetting all connections on the 15min. :( -
@dael-sutton What services do you have in your pfsense?
like pfblockerng?
-
Just these;
ssh is normally disabled.
-
Could this be doing it?
-
@dael-sutton said in OpenVPN client connections get dropped when rc.filter_configure_sync script runs (every 15min from crontab):
Could this be doing it?
show you gateway !
-
No gateway groups defined.
none of the gateways should be detected as "down" when the filter reloads, but maybe I should disable that tickbox and see what happens.... -
Yee-Haa. Unticking that "flush all states" tickbox seems to have done the trick. Thankyou @Silence for your patience while I grabbed at straws until the correct one appeared. 15:15 came and went and my test openvpv connection didn't drop, and my ssh session stayed running too.
-
@dael-sutton said in OpenVPN client connections get dropped when rc.filter_configure_sync script runs (every 15min from crontab):
Yee-Haa. Unticking that "flush all states" tickbox seems to have done the trick. Thankyou @Silence for your patience while I grabbed at straws until the correct one appeared. 15:15 came and went and my test openvpv connection didn't drop, and my ssh session stayed running too.
Don't forget to like the comment that helped you.