[SOLVED] ExpressVPN won't remain connected, OpenVPN Client
-
hello,
I followed this tutorial:
https://www.expressvpn.com/support/vpn-setup/pfsense-with-expressvpn-openvpn/
for setting up expressvpn with openvpn on pfsense.
The VPN client does not want to stay connected (I have contacted my VPN provider and they directed me back to the forums).
Here are some logs from the status->openvpn window
Time Process PID Message
Apr 15 05:27:03 openvpn 73671 Restart pause, 2 second(s)
Apr 15 05:27:05 openvpn 73671 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Apr 15 05:27:05 openvpn 73671 Socket Buffers: R=[42080->524288] S=[57344->524288]
Apr 15 05:27:05 openvpn 73671 UDPv4 link local (bound): [AF_INET]10.0.1.10
Apr 15 05:27:05 openvpn 73671 UDPv4 link remote: [AF_INET]103.13.101.147:1195
Apr 15 05:28:05 openvpn 73671 [UNDEF] Inactivity timeout (–ping-restart), restarting
Apr 15 05:28:05 openvpn 73671 SIGUSR1[soft,ping-restart] received, process restarting
Apr 15 05:28:05 openvpn 73671 Restart pause, 2 second(s)
Apr 15 05:28:07 openvpn 73671 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Apr 15 05:28:07 openvpn 73671 Socket Buffers: R=[42080->524288] S=[57344->524288]
Apr 15 05:28:07 openvpn 73671 UDPv4 link local (bound): [AF_INET]10.0.1.10
Apr 15 05:28:07 openvpn 73671 UDPv4 link remote: [AF_INET]103.13.101.147:1195
Apr 15 05:29:07 openvpn 73671 [UNDEF] Inactivity timeout (–ping-restart), restarting
Apr 15 05:29:07 openvpn 73671 SIGUSR1[soft,ping-restart] received, process restarting
Apr 15 05:29:07 openvpn 73671 Restart pause, 2 second(s)
Apr 15 05:29:09 openvpn 73671 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Apr 15 05:29:09 openvpn 73671 Socket Buffers: R=[42080->524288] S=[57344->524288]
Apr 15 05:29:09 openvpn 73671 UDPv4 link local (bound): [AF_INET]10.0.1.10
Apr 15 05:29:09 openvpn 73671 UDPv4 link remote: [AF_INET]103.13.101.147:1195
Apr 15 05:30:09 openvpn 73671 [UNDEF] Inactivity timeout (–ping-restart), restarting
Apr 15 05:30:09 openvpn 73671 SIGUSR1[soft,ping-restart] received, process restarting
Apr 15 05:30:09 openvpn 73671 Restart pause, 2 second(s)
Apr 15 05:30:11 openvpn 73671 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Apr 15 05:30:11 openvpn 73671 Socket Buffers: R=[42080->524288] S=[57344->524288]
Apr 15 05:30:12 openvpn 73671 UDPv4 link local (bound): [AF_INET]10.0.1.10
Apr 15 05:30:12 openvpn 73671 UDPv4 link remote: [AF_INET]221.121.145.62:1195
Apr 15 05:31:13 openvpn 73671 [UNDEF] Inactivity timeout (–ping-restart), restarting
Apr 15 05:31:13 openvpn 73671 SIGUSR1[soft,ping-restart] received, process restarting
Apr 15 05:31:13 openvpn 73671 Restart pause, 2 second(s)
Apr 15 05:31:15 openvpn 73671 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Apr 15 05:31:15 openvpn 73671 Socket Buffers: R=[42080->524288] S=[57344->524288]
Apr 15 05:31:15 openvpn 73671 UDPv4 link local (bound): [AF_INET]10.0.1.10
Apr 15 05:31:15 openvpn 73671 UDPv4 link remote: [AF_INET]221.121.145.62:1195
Apr 15 05:32:16 openvpn 73671 [UNDEF] Inactivity timeout (–ping-restart), restarting
Apr 15 05:32:16 openvpn 73671 SIGUSR1[soft,ping-restart] received, process restarting
Apr 15 05:32:16 openvpn 73671 Restart pause, 2 second(s)
Apr 15 05:32:18 openvpn 73671 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Apr 15 05:32:18 openvpn 73671 Socket Buffers: R=[42080->524288] S=[57344->524288]
Apr 15 05:32:18 openvpn 73671 UDPv4 link local (bound): [AF_INET]10.0.1.10
Apr 15 05:32:18 openvpn 73671 UDPv4 link remote: [AF_INET]221.121.145.62:1195
Apr 15 05:33:18 openvpn 73671 [UNDEF] Inactivity timeout (–ping-restart), restarting
Apr 15 05:33:18 openvpn 73671 SIGUSR1[soft,ping-restart] received, process restarting
Apr 15 05:33:18 openvpn 73671 Restart pause, 2 second(s)
Apr 15 05:33:20 openvpn 73671 NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Apr 15 05:33:20 openvpn 73671 Socket Buffers: R=[42080->524288] S=[57344->524288]
Apr 15 05:33:20 openvpn 73671 UDPv4 link local (bound): [AF_INET]10.0.1.10
Apr 15 05:33:20 openvpn 73671 UDPv4 link remote: [AF_INET]221.121.145.62:1195
Apr 15 05:33:27 openvpn 73671 MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
Apr 15 05:33:27 openvpn 73671 MANAGEMENT: CMD 'state 1'
Apr 15 05:33:27 openvpn 73671 MANAGEMENT: Client disconnectedI read up on the activity timeout, is there a setting I could adjust for that on my side? I could possibly ask my provider to provide an accurate time if that is in fact the problem.
The only other thing that concerns me is this MANAGEMENT: CMD 'state 1' line. What's THAT all about??
It should be noted that I do have internet access with the current config, set exactly to a 't' (except for the port which was 1195 in the document I received from expressvpn), as described in the above linked tut (including leaving the existing NAT rules in place, after copying them and replacing the interface. Not sure if they are supposed to be deleted or not, but I tried that and it cuts internet access).
Having looked at the status window for both the gateways and interface it seems there are issues in those configs as well. I have attached some screen-caps for reference.
Any suggestions or ideas??
note: have tested VPN provider and account from iphone. Have tried and retried provided username and password on pfsense box.
EDIT: another thing to note is that after having entered all the certificate information provided by expressVPN, it seems to have done some auto configuration and pulled in the TLS auth key, which there is no way to enter than manually, that leads me to assume there is at least some authentication happening with eVPN's servers. true??
EDIT: also also; the .ovpn file wasn't separated but the different sections are marked as <cert>….</cert> and <ca>....</ca> seeing as there was on instruction in the tut I followed common sense there
Thanks in advance.
mm25
-
The following link
https://forum.pfsense.org/index.php?topic=79363.0
is saying that the
MANAGEMENT: Client disconnected
line is normal… still, the rest of the issues are real.
-
This forum is talking about timeout.. https://forums.openvpn.net/viewtopic.php?t=8655
But I already have
keepalive 10 60
in the config file…
-
SSSOOOOOOOOOOLLLLLLVVVVEEEEEED!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! GGGGGGGGGGOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALLLLLLLLLLLLLLLLL
It was the automatic TLS authentication gen; the key it generated was inconsistent with the .ovpn sent by ExpressVPN.
The answer; when you enter info for a new certificate, enter your private key data and save, then go to VPN -> OpenVPN -> Clients -> in the 'Cryptographic settings' section, the first time you create the client it may not have a 'key' box. But save the client and if their is an option to "automatically generate key", uncheck that box. After you save, go back into the client edit and in the 'key' box delete the auto-generated key and replace it, with the one sent to you by the vpn provider (inside the .ovpn file under <tls-auth>).
</tls-auth>