Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn client disconnected randomly

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 3 Posters 14.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      grzmrc
      last edited by

      Hi,
      I have a PFsense 2.0 behind a proxy that is configured as openvpn client in a site to site network.
      The openVPN server is in internet and is listen on port 443.

      The network seems to be ok, in sense that I can ping from both side.

      The issue is that the Pfsense behind the proxy is randomly disconnected. Can you help me to make the connection persistent even if the openvpn client is behind a proxy?

      PS : I have other Openvpn clients connected to that openvpn server, but they aren't disconnected randomly. They are not behind a proxy so I think that it is something that involve the proxy itself.

      How can I solve the issue?

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        what do your openvpn logs show when it's disconnected?

        1 Reply Last reply Reply Quote 0
        • G
          grzmrc
          last edited by

          This is the openvpn log. I'm not able to make a table. sorry  :-\

          Last 50 OpenVPN log entries

          Jan 20 14:36:39

          openvpn[2445]: NOTE: setsockopt TCP_NODELAY=1 failed (No kernel support)

          Jan 20 14:36:39

          openvpn[2445]: TCPv4_CLIENT link local: [undef]

          Jan 20 14:36:39

          openvpn[2445]: TCPv4_CLIENT link remote: [AF_INET]10.3.204.167:80

          Jan 20 14:36:43

          openvpn[2445]: [server] Peer Connection Initiated with [AF_INET]10.3.204.167:80

          Jan 20 14:36:45

          openvpn[2445]: NOTE: setsockopt TCP_NODELAY=1 failed (No kernel support)

          Jan 20 14:36:45

          openvpn[2445]: Preserving previous TUN/TAP instance: ovpnc1

          Jan 20 14:36:45

          openvpn[2445]: Initialization Sequence Completed

          Jan 24 23:50:01

          openvpn[2445]: Connection reset, restarting [-1]

          Jan 24 23:50:01

          openvpn[2445]: SIGUSR1[soft,connection-reset] received, process restarting

          Jan 24 23:50:06

          openvpn[2445]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

          Jan 24 23:50:06

          openvpn[2445]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts

          Jan 24 23:50:06

          openvpn[2445]: Re-using SSL/TLS context

          Jan 24 23:50:06

          openvpn[2445]: LZO compression initialized

          Jan 24 23:50:06

          openvpn[2445]: Attempting to establish TCP connection with [AF_INET]10.3.204.167:80 [nonblock]

          Jan 24 23:50:07

          openvpn[2445]: TCP connection established with [AF_INET]10.3.204.167:80

          Jan 24 23:50:12

          openvpn[2445]: recv_line: TCP port read timeout expired: Operation now in progress (errno=36)

          Jan 24 23:50:12

          openvpn[2445]: /usr/local/sbin/ovpn-linkdown ovpnc1 1500 1560 192.168.20.2 255.255.255.0 init

          Jan 24 23:50:12

          openvpn[2445]: SIGTERM[soft,init_instance] received, process exiting

          Jan 26 02:07:47

          openvpn[5525]: OpenVPN 2.2.0 i386-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Aug 11 2011

          Jan 26 02:07:47

          openvpn[5525]: WARNING: file '/var/etc/openvpn/client1.pas' is group or others accessible

          Jan 26 02:07:47

          openvpn[5525]: WARNING: using –pull/--client and --ifconfig together is probably not what you want

          Jan 26 02:07:47

          openvpn[5525]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

          Jan 26 02:07:47

          openvpn[5525]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts

          Jan 26 02:07:48

          openvpn[5525]: LZO compression initialized

          Jan 26 02:07:48

          openvpn[5723]: Attempting to establish TCP connection with [AF_INET]10.3.204.167:80 [nonblock]

          Jan 26 02:07:49

          openvpn[5723]: TCP connection established with [AF_INET]10.3.204.167:80

          Jan 26 02:07:51

          openvpn[5723]: TCPv4_CLIENT link local: [undef]

          Jan 26 02:07:51

          openvpn[5723]: TCPv4_CLIENT link remote: [AF_INET]10.3.204.167:80

          Jan 26 02:07:54

          openvpn[5723]: [server] Peer Connection Initiated with [AF_INET]10.3.204.167:80

          Jan 26 02:07:57

          openvpn[5723]: NOTE: setsockopt TCP_NODELAY=1 failed (No kernel support)

          Jan 26 02:07:57

          openvpn[5723]: TUN/TAP device /dev/tun1 opened

          Jan 26 02:07:57

          openvpn[5723]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

          Jan 26 02:07:57

          openvpn[5723]: /sbin/ifconfig ovpnc1 192.168.20.2 netmask 255.255.255.0 mtu 1500 up

          Jan 26 02:07:57

          openvpn[5723]: ERROR: FreeBSD route add command failed: external program exited with error status: 1

          Jan 26 02:07:57

          openvpn[5723]: /usr/local/sbin/ovpn-linkup ovpnc1 1500 1560 192.168.20.2 255.255.255.0 init

          Jan 26 02:07:57

          openvpn[5723]: ERROR: FreeBSD route add command failed: external program exited with error status: 1

          Jan 26 02:07:57

          openvpn[5723]: ERROR: FreeBSD route add command failed: external program exited with error status: 1

          Jan 26 02:07:57

          openvpn[5723]: WARNING: potential route subnet conflict between local LAN [10.0.127.0/255.255.255.0] and remote VPN [10.0.0.0/255.0.0.0]

          Jan 26 02:07:57

          openvpn[5723]: Initialization Sequence Completed

          Jan 26 16:20:35

          openvpn[5723]: [server] Inactivity timeout (–ping-restart), restarting

          Jan 26 16:20:35

          openvpn[5723]: SIGUSR1[soft,ping-restart] received, process restarting

          Jan 26 16:20:40

          openvpn[5723]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

          Jan 26 16:20:40

          openvpn[5723]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts

          Jan 26 16:20:40

          openvpn[5723]: Re-using SSL/TLS context

          Jan 26 16:20:40

          openvpn[5723]: LZO compression initialized

          Jan 26 16:20:40

          openvpn[5723]: Attempting to establish TCP connection with [AF_INET]10.3.204.167:80 [nonblock]

          Jan 26 16:20:41

          openvpn[5723]: TCP connection established with [AF_INET]10.3.204.167:80

          Jan 26 16:20:46

          openvpn[5723]: recv_line: TCP port read timeout expired: Operation now in progress (errno=36)

          Jan 26 16:20:46

          openvpn[5723]: /usr/local/sbin/ovpn-linkdown ovpnc1 1500 1560 192.168.20.2 255.255.255.0 init

          Jan 26 16:20:46

          openvpn[5723]: SIGTERM[soft,init_instance] received, process exiting

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            Looks like your proxy is dropping the connection after a period of time. Lot of possible reasons so hard to say for sure, but maybe it has a hard limit on how long a connection can live, or someone periodically does something to the proxy that drops you.

            1 Reply Last reply Reply Quote 0
            • G
              grzmrc
              last edited by

              perhaps the network inactivity may cause a disconnection by proxy. is it possible to ping the openvpn server every five minuts?

              1 Reply Last reply Reply Quote 0
              • N
                Nachtfalke
                last edited by

                @grzmrc:

                perhaps the network inactivity may cause a disconnection by proxy. is it possible to ping the openvpn server every five minuts?

                use:

                keepalive n m

                n: if there is no traffic for n seconds then send a ping
                m: if there isn't a ping for m seconds then restart the tunnel.

                example:

                keepalive 60 300
                1 Reply Last reply Reply Quote 0
                • C
                  cmb
                  last edited by

                  The keepalive in OpenVPN is automatic. If there is no traffic going over the tunnel, it sends its keepalives to keep the connection up, and to detect if it drops.

                  1 Reply Last reply Reply Quote 0
                  • G
                    grzmrc
                    last edited by

                    Well,
                    When proxy drops my connection I need to set openvpn client to disabile and then re-enable the openvpn client in pfsense.
                    Is it possible to automatize this task whenever the openvpn connection is lost?

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.