SOLVED! Open-VPN Tunnel stalls after 1 minute
-
Applies to 1.2.3_RC2 of July 23, 2009, earlier version don't work either.
We used to use a Linux box to tunnel our local office LAN via nat to our headoffice for internet-traffic. This works perfectly with the Linux box, but with pfSense it never worked, because the virtual tunnel port was not appearing in the GUI. Starting with 1.2.3_RC2 it is now possible to nat thru' the tunnel too.
This seems to be a often searched feature.
So I set up a test installation and connected the same OVPN server.
This works for about one minute, even with continous pings. Then the connection stalls until the OpenVPN client restarts after the set timeout period. This repeats endless.
A Linux box running in parallel to the same server works ok (no connetion stall).
When this happens, I can not ping to the remote tunnel end, but to the local end (from the local LAN and from inside the pfSense shell). ifconfig is still showing the tunnel up.
I tested it with two different hardware scenarios: a standard PC with two NICs (Live-CD) and with a Alix board (nanoBSD image).
The same setup, but with version 2.0 alpha-alpha works.
SOLUTION:
The problem was in the client-certificate. I had multiple dots in the common name (CN) (i.e. xyz.abcdef.com). Recreating the certificate with another hostname without dots solved the issue :'(Is this descibed eswhere?