Disconnections to pfsense from OpenVPN

damianhl

Hello team!

I am a beginner in pfsense.
We have configured an OpenVPN on the pfsense and all seems to be working, no reports from users.
Now, we use the OpenVPN connection to enter to the pfsense web portal from outside (We prefer don't enable it for WAN interfaces directly), the problem is that sometimes, the pfsense stop working, usually, when the web portal was inactive for some seconds and I try to access to a different section (as firewall rules or whatever), I lost connection.
When I run a ping all the time through the OpenVPN, from the OpenVPN Client to the pfsense, when it fails, I stop getting answer from pfsense for about 14 paquets in a row and then start to answer again.
Any idea?

Thanks in advance.
Regards,
Damián

damianhl

Any idea?

viragomann

@damianhl
Something to see in the OpenVPN client log at the time of failure?

Something in the pfSense logs: OpenVPN, system, gateways?

Did you try the connection already from a different client and a different internet connection?

Something odd on pfSense like high CPU or memory usage?

damianhl

@viragomann
Hello, thanks for your response.

Client side:

2022-08-09 17:06:02 TLS Error: Unroutable control packet received from [AF_INET]PublicIP:1194 (si=3 op=P_CONTROL_V1)
2022-08-09 17:06:04 TLS Error: Unroutable control packet received from [AF_INET]PublicIP:1194 (si=3 op=P_CONTROL_V1)
2022-08-09 17:06:04 TLS Error: Unroutable control packet received from [AF_INET]PublicIP:1194 (si=3 op=P_CONTROL_V1)
2022-08-09 17:06:22 [OpenVPN_server] Inactivity timeout (--ping-restart), restarting

Firsts 3 lines appears sometimes, but there are more than 3

Server logs: I did not find anything, in "Status -> System Logs" inside the "VPN" tab I dont have a tab for OpenVPN. In "System -> Gateways" no new events

We tried the VPN from multiple computers and internet connections, we all have the same issue

Resourses are fine, memory about 11% used all the time, cpu about 2% used all the time, Swap 0% all the time, no traffic saturation on interfaces

This is not happening all the time, today I connected and ping does not lost any packet in 1321 tries
This is an old version of pfsense (2.4.3-RELEASE), I know I need to update this but I could not do this yet.
In OpenVPN settings there are not "Ping settings"

Thanks in advance.
Regards,
Damián

Jarhead

@damianhl Set this to 0 if it isn't.

damianhl

@jarhead
Hello Jarhead, thanks for your answer
I dont have such option in the OpenVPN settings in this version

Jarhead

@damianhl Pretty sure that's been in every version.
What version are you running?
Scroll to the bottom, it's down pretty low in the config.

viragomann

@damianhl said in Disconnections to pfsense from OpenVPN:

This is an old version of pfsense (2.4.3-RELEASE), I know I need to update this but I could not do this yet.

Yes, you should consider to upgrade seriously.

The client log indicates a broken TLS session.
A reason for this could be that the system time on pfSense doesn't match with the clients time. Probably you can check this in case the issue occur again.