Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN client Disconnecting

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 561 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      digitalgimpus
      last edited by

      I've got an OpenVPN client that loses it's connection every few days. Nothing in the logs seem to stand out.

      Aug 7 11:27:05	vpnprovider	48838	VERIFY WARNING: depth=0, unable to get certificate CRL: CN=vpn.vpnprovider.tld
      Aug 7 11:27:05	vpnprovider	48838	VERIFY WARNING: depth=1, unable to get certificate CRL: C=SE, ST=Stockholm, L=Stockholm, OU=XX, CN=vpnprovider.tld ca, emailAddress=info@vpnprovider.tld
      Aug 7 11:27:05	vpnprovider	48838	VERIFY OK: depth=1, C=SE, ST=Stockholm, L=Stockholm, OU=XX, CN=vpn.vpnprovider.tld ca, emailAddress=info@vpnprovider.tld
      Aug 7 11:27:05	vpnprovider	48838	VERIFY KU OK
      Aug 7 11:27:05	vpnprovider	48838	Validating certificate extended key usage
      Aug 7 11:27:05	vpnprovider	48838	++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
      Aug 7 11:27:05	vpnprovider	48838	VERIFY EKU OK
      Aug 7 11:27:05	vpnprovider	48838	VERIFY OK: depth=0, CN=vpn.vpnprovider.tld
      Aug 7 11:27:05	vpnprovider	48838	Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
      

      But I see that periodically even when there's no issue.

      Restarting it manually and the connection restores just fine.

      Custom Options are:

      persist-key;
      persist-tun;
      remote-cert-tls server;
      reneg-sec 0;
      disable-occ;
      resolv-retry infinite;
      auth-retry interact;
      
      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @digitalgimpus
        last edited by

        @digitalgimpus

        You're showing a small part of the reconnect phase, the point where certificates are tested for validity. These were ok, so the tunnel/control channel comes up.

        The reason for the connection to drop (or re negotiate) was before that moment.
        Look also in the main System for interface events, for example : an interface event can restart the OpenVPN client.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        D 1 Reply Last reply Reply Quote 0
        • D
          digitalgimpus @Gertjan
          last edited by

          About :30 before was the same message. Nothing note worthy.

          Regardless, at 11:27 despite the above message it did not come back up. It was down until I manually stopped and started the service a few hours later.

          1 Reply Last reply Reply Quote 0
          • D
            digitalgimpus
            last edited by

            Happened again about an hour ago. No errors or anything out of the ordinary in any logs.

            It looks like it at least once or twice in the past 48hrs had a disconnect and reconnected perfectly fine. Just occasionally it connects but the tunnel doesn't resume taking traffic until manually restarting.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.