Dynamic IP and reconnection problem
-
I thought I got this figured when everything was working yesterday until today morning when I had an exact problem as described here:
http://forum.pfsense.org/index.php?topic=5340.0
I got both the Server & the client site on dynamic IP, the server side has an asterisk box behind pfsense. Whenever the client switches off for the night it refuses to reconnect in the morning and gives the below msg on the server:
openvpn[75489]: TCP NOTE: Rejected connection attempt from x.x.x.x:65281 due to –remote setting
the client side shows:
Mar 23 12:16:39 openvpn[9858]: SIGUSR1[soft,connection-reset] received, process restarting
Mar 23 12:16:44 openvpn[9858]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Mar 23 12:16:44 openvpn[9858]: Re-using pre-shared static key
Mar 23 12:16:44 openvpn[9858]: Preserving previous TUN/TAP instance: ovpnc1
Mar 23 12:16:44 openvpn[9858]: Attempting to establish TCP connection with [AF_INET]x.x.x.x:1194 [nonblock]
Mar 23 12:16:45 openvpn[9858]: TCP connection established with [AF_INET]x.x.x.x:1194
Mar 23 12:16:45 openvpn[9858]: TCPv4_CLIENT link local (bound): [AF_INET]y.y.y.y
Mar 23 12:16:45 openvpn[9858]: TCPv4_CLIENT link remote: [AF_INET]x.x.x.x:1194
Mar 23 12:16:45 openvpn[9858]: Connection reset, restarting [0]I can see that my issue is with "persist-remote-ip" on the server side config, but since I'm running pfsense 2.0 RC1, I cannot find any "dynamic-ip" checkbox on the vpn webconfigurator to get rid of the same. Any help in this regard is highly appreciated.
Another issue I face is, one way voice communication, the remote voip clients can listen to the server side, but the server side hears nothing. Restarting the asterisk box solves the issue, so I'm guessing this is something to do with asterisk & not pfsense. I'll probably move this issue to asterisk forum after I'm sure its nothing to do with pfsense.
This is my Server side /var/etc/openvpn/server1.conf
dev ovpns1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-server
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 117.194.x.x
ifconfig 192.168.10.1 192.168.10.2
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 25
push "route 192.168.1.0 255.255.255.0"
route 192.168.0.0 255.255.255.0
secret /var/etc/openvpn/server1.secret
persist-remote-ip
floatand client side /var/etc/openvpn/client1.conf:
dev ovpnc1
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_client1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-client
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 59.93.y.y
lport 0
management /var/etc/openvpn/client1.sock unix
remote host.dyndns.com 1194
ifconfig 192.168.10.2 192.168.10.1
route 192.168.1.0 255.255.255.0
secret /var/etc/openvpn/client1.secret
resolv-retry infinite -
Here is the update, I switched from shared key to SSL and TCP to UDP, now it seems to be working. Will monitor this line for couple of days to see if I've further problems.