Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN connection will not reconnect until pfsense reboot

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    1 Posts 1 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dnarz
      last edited by

      I followed the directions from the sticky "How to create an OpenVPN client to StrongVPN" and have successfully set up two separate OpenVPN clients to two different StrongVPN accounts, and routed only certain clients on my LAN through each VPN using rules in the Firewall under LAN.  Everything works fine except if either VPN connection goes down (every few days or so) pfsense does not reconnect to it and the connection stays down until I reboot.  Only a reboot will reconnect to StrongVPN once there is a disconnect.  If I try and stop and restart the OpenVPN client service, not only does it not reconnect but the other OpenVPN clients also disconnect and will not reconnect until a reboot.  I'm not sure if this is a bug in pfsense or if I have something wrong with my configuration.  Any help would be greatly appreciated.  I'm on the nanobsd (4g) 2.0-RC1 (i386) build from Sat Feb 26 (1633).  I have tried a more recent build (March 9, 2011 - 1850) with the same results.  My setup and logs are as follows:

      Firewall: NAT: Outbound looks like this: (set to Manual Outbound NAT rule generation)
      WAN  192.168.78.0/24    * *  500 * * YES  Auto created rule for ISAKMP - LAN to WAN 
      WAN  192.168.78.0/24    * *  *    * * NO    Auto created rule for LAN to WAN 
      WAN  192.168.80.240/28  * *  *    * * NO    Auto created rule for PPTP server 
      WAN  192.168.79.0/24    * *  500 * * YES  Auto created rule for ISAKMP - DMZ to WAN 
      WAN  192.168.79.0/24    * *  *    * * NO    Auto created rule for DMZ to WAN 
      WAN  192.168.80.240/28  * *  *    * * NO    Auto created rule for PPTP server 
      STRONGVPNUSA  192.168.78.0/24    * *  *    * * NO    LAN -> StrongVPNUSA 
      STRONGVPNHK  192.168.78.0/24    * *  *    * * NO    LAN -> StrongVPNHK

      Status: OpenVPN looks like this after one of the clients disconnects:
      StongVPNUSA TCP:50211 up Fri Apr 8 2:37:36 2011 10.xx.xx.78 207.xx.xx.12
      StrongVPNHK TCP:50160 down

      Status: Gateways looks like this after one of the clients disconnects:
      STRONGVPNUSA 10.xx.xx.78 8.8.8.8 Warning, Latency     Interface STRONGVPNUSA Dynamic Gateway
      STRONGVPNHK 10.xx.xx.110 8.8.4.4 Offline     Interface STRONGVPNHK Dynamic Gateway
      WAN 119.xx.xx.1 119.xx.xx.1 Online     Interface WAN Dynamic Gateway

      Gateways looks like this:
      STRONGVPNUSA STRONGVPNUSA 10.xx.xx.78 8.8.8.8 Interface STRONGVPNUSA Dynamic Gateway 
      STRONGVPNHK STRONGVPNHK 10.xx.xx.110 8.8.4.4 Interface STRONGVPNHK Dynamic Gateway 
      WAN (default) WAN 119.xx.xx.1 119.xx.xx.1 Interface WAN Dynamic Gateway

      System Logs : OpenVPN looks like this after a disconnect:
      Apr 9 20:53:22 openvpn[59008]: NOTE: –mute triggered...
      Apr 9 20:53:17 openvpn[59008]: TCP: connect to [AF_INET]119.xx.xx.143:443 failed, will try again in 5 seconds: Operation not permitted
      Apr 9 20:53:12 openvpn[59008]: TCP: connect to [AF_INET]119.xx.xx.143:443 failed, will try again in 5 seconds: Operation timed out
      Apr 9 20:52:57 openvpn[59008]: TCP: connect to [AF_INET]119.xx.xx.143:443 failed, will try again in 5 seconds: Operation not permitted
      Apr 9 20:52:52 openvpn[59008]: TCP: connect to [AF_INET]119.xx.xx.143:443 failed, will try again in 5 seconds: Operation not permitted
      Apr 9 20:52:47 openvpn[59008]: TCP: connect to [AF_INET]119.xx.xx.143:443 failed, will try again in 5 seconds: Operation not permitted
      Apr 9 20:52:42 openvpn[59008]: MANAGEMENT: Client disconnected
      Apr 9 20:52:42 openvpn[59008]: MANAGEMENT: CMD 'state 1'
      Apr 9 20:52:42 openvpn[59008]: MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
      Apr 9 20:52:42 openvpn[59008]: 110 variation(s) on previous 5 message(s) suppressed by –mute
      Apr 9 20:52:42 openvpn[6373]: MANAGEMENT: Client disconnected
      Apr 9 20:52:42 openvpn[6373]: MANAGEMENT: CMD 'status 2'
      Apr 9 20:52:42 openvpn[6373]: MANAGEMENT: CMD 'state 1'
      Apr 9 20:52:42 openvpn[6373]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
      Apr 9 20:52:42 openvpn[6373]: 3 variation(s) on previous 5 message(s) suppressed by –mute
      Apr 9 20:41:04 openvpn[59008]: NOTE: –mute triggered...
      Apr 9 20:40:59 openvpn[59008]: TCP: connect to [AF_INET]119.xx.xx.143:443 failed, will try again in 5 seconds: Operation not permitted
      Apr 9 20:40:55 openvpn[6373]: NOTE: –mute triggered...
      Apr 9 20:40:55 openvpn[6373]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Apr 9 20:40:55 openvpn[6373]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
      Apr 9 20:40:54 openvpn[59008]: TCP: connect to [AF_INET]119.xx.xx.143:443 failed, will try again in 5 seconds: Operation not permitted
      Apr 9 20:40:52 openvpn[6373]: VERIFY OK: depth=0, /C=US/ST=NA/O=reliablehosting.com/CN=ovpn137/emailAddress=techies@reliablehosting.com
      Apr 9 20:40:52 openvpn[6373]: VERIFY OK: depth=1, /C=US/ST=NA/L=San-Francisco/O=reliablehosting.com/CN=ovpn137/emailAddress=techies@reliablehosting.com
      Apr 9 20:40:49 openvpn[59008]: TCP: connect to [AF_INET]119.xx.xx.143:443 failed, will try again in 5 seconds: Operation not permitted
      Apr 9 20:40:46 openvpn[6373]: TLS: tls_process: killed expiring key
      Apr 9 20:40:44 openvpn[59008]: TCP: connect to [AF_INET]119.xx.xx.143:443 failed, will try again in 5 seconds: Operation timed out
      Apr 9 20:40:28 openvpn[59008]: TCP: connect to [AF_INET]119.xx.xx.143:443 failed, will try again in 5 seconds: Operation not permitted
      Apr 9 20:40:24 openvpn[59008]: MANAGEMENT: Client disconnected
      Apr 9 20:40:24 openvpn[59008]: MANAGEMENT: CMD 'state 1'
      Apr 9 20:40:24 openvpn[59008]: MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
      Apr 9 20:40:24 openvpn[59008]: 1565 variation(s) on previous 5 message(s) suppressed by –mute
      Apr 9 20:40:24 openvpn[6373]: MANAGEMENT: Client disconnected
      Apr 9 20:40:24 openvpn[6373]: MANAGEMENT: CMD 'status 2'
      Apr 9 20:40:24 openvpn[6373]: MANAGEMENT: CMD 'state 1'
      Apr 9 20:40:24 openvpn[6373]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
      Apr 9 20:40:24 openvpn[6373]: 257 variation(s) on previous 5 message(s) suppressed by –mute
      Apr 9 17:53:36 openvpn[59008]: NOTE: –mute triggered...
      Apr 9 17:53:31 openvpn[59008]: TCP: connect to [AF_INET]119.xx.xx.143:443 failed, will try again in 5 seconds: Operation timed out
      Apr 9 17:53:16 openvpn[59008]: TCP: connect to [AF_INET]119.xx.xx.143:443 failed, will try again in 5 seconds: Address already in use
      Apr 9 17:53:11 openvpn[59008]: TCP: connect to [AF_INET]119.xx.xx.143:443 failed, will try again in 5 seconds: Address already in use
      Apr 9 17:53:06 openvpn[59008]: TCP: connect to [AF_INET]119.xx.xx.143:443 failed, will try again in 5 seconds: Address already in use
      Apr 9 17:53:01 openvpn[59008]: TCP: connect to [AF_INET]119.xx.xx.143:443 failed, will try again in 5 seconds: Address already in use
      Apr 9 17:53:01 openvpn[59008]: Attempting to establish TCP connection with [AF_INET]119.xx.xx.143:443 [nonblock]
      Apr 9 17:53:01 openvpn[59008]: Expected Remote Options hash (VER=V4): 'c413e92e'
      Apr 9 17:53:01 openvpn[59008]: Local Options hash (VER=V4): 'd8421bb0'
      Apr 9 17:53:01 openvpn[59008]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,keydir 0,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-server'
      Apr 9 17:53:01 openvpn[59008]: Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher BF-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client'
      Apr 9 17:53:01 openvpn[59008]: Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
      Apr 9 17:53:01 openvpn[59008]: Socket Buffers: R=[65228->65536] S=[65228->65536]
      Apr 9 17:53:01 openvpn[59008]: Control Channel MTU parms [ L:1543 D:168 EF:68 EB:0 ET:0 EL:0 ]
      Apr 9 17:53:01 openvpn[59008]: Re-using SSL/TLS context
      Apr 9 17:53:01 openvpn[59008]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
      Apr 9 17:53:01 openvpn[59008]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
      Apr 9 17:52:56 openvpn[59008]: Restart pause, 5 second(s)
      Apr 9 17:52:56 openvpn[59008]: SIGUSR1[soft,ping-restart] received, process restarting
      Apr 9 17:52:56 openvpn[59008]: TCP/UDP: Closing socket
      Apr 9 17:52:56 openvpn[59008]: [ovpn013] Inactivity timeout (–ping-restart), restarting
      Apr 9 17:52:56 openvpn[59008]: 243 variation(s) on previous 5 message(s) suppressed by –mute
      Apr 8 13:38:28 openvpn[6373]: NOTE: –mute triggered...
      Apr 8 13:38:28 openvpn[6373]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Apr 8 13:38:28 openvpn[6373]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
      Apr 8 13:38:25 openvpn[6373]: VERIFY OK: depth=0, /C=US/ST=NA/O=reliablehosting.com/CN=ovpn137/emailAddress=techies@reliablehosting.com
      Apr 8 13:38:25 openvpn[6373]: VERIFY OK: depth=1, /C=US/ST=NA/L=San-Francisco/O=reliablehosting.com/CN=ovpn137/emailAddress=techies@reliablehosting.com
      Apr 8 13:38:18 openvpn[6373]: TLS: tls_process: killed expiring key
      Apr 8 13:28:17 openvpn[59008]: NOTE: –mute triggered...
      Apr 8 13:28:17 openvpn[59008]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
      Apr 8 13:28:15 openvpn[59008]: VERIFY OK: depth=0, /C=US/ST=NA/O=oakweb.com/CN=ovpn013/emailAddress=techies@reliablehosting.com
      Apr 8 13:28:15 openvpn[59008]: VERIFY OK: depth=1, /C=US/ST=NA/L=San-Francisco/O=oakweb.com/CN=ovpn013/emailAddress=techies@reliablehosting.com
      Apr 8 13:28:15 openvpn[59008]: TLS: soft reset sec=0 bytes=1585391391/0 pkts=2081654/0
      Apr 8 13:28:14 openvpn[59008]: TLS: tls_process: killed expiring key
      Apr 8 13:25:18 openvpn[59008]: MANAGEMENT: Client disconnected
      Apr 8 13:25:18 openvpn[59008]: MANAGEMENT: CMD 'status 2'
      Apr 8 13:25:18 openvpn[59008]: MANAGEMENT: CMD 'state 1'
      Apr 8 13:25:18 openvpn[59008]: MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
      Apr 8 13:25:18 openvpn[59008]: 69 variation(s) on previous 5 message(s) suppressed by –mute
      Apr 8 13:25:18 openvpn[6373]: MANAGEMENT: Client disconnected
      Apr 8 13:25:18 openvpn[6373]: MANAGEMENT: CMD 'status 2'
      Apr 8 13:25:18 openvpn[6373]: MANAGEMENT: CMD 'state 1'
      Apr 8 13:25:18 openvpn[6373]: MANAGEMENT: Client connected from /var/etc/openvpn/client1.sock
      Apr 8 13:25:18 openvpn[6373]: 80 variation(s) on previous 5 message(s) suppressed by –mute
      Apr 8 04:28:06 openvpn[59008]: NOTE: –mute triggered...
      Apr 8 04:28:06 openvpn[59008]: Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
      Apr 8 04:28:06 openvpn[59008]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Apr 8 04:28:06 openvpn[59008]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
      Apr 8 04:28:06 openvpn[59008]: VERIFY OK: depth=0, /C=US/ST=NA/O=oakweb.com/CN=ovpn013/emailAddress=techies@reliablehosting.com
      Apr 8 04:28:06 openvpn[59008]: VERIFY OK: depth=1, /C=US/ST=NA/L=San-Francisco/O=oakweb.com/CN=ovpn013/emailAddress=techies@reliablehosting.com
      Apr 8 03:37:40 openvpn[6373]: NOTE: –mute triggered...
      Apr 8 03:37:40 openvpn[6373]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
      Apr 8 03:37:40 openvpn[6373]: Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
      Apr 8 03:37:36 openvpn[6373]: VERIFY OK: depth=0, /C=US/ST=NA/O=reliablehosting.com/CN=ovpn137/emailAddress=techies@reliablehosting.com
      Apr 8 03:37:36 openvpn[6373]: VERIFY OK: depth=1, /C=US/ST=NA/L=San-Francisco/O=reliablehosting.com/CN=ovpn137/emailAddress=techies@reliablehosting.com
      Apr 8 03:37:34 openvpn[6373]: TLS: soft reset sec=0 bytes=767246/0 pkts=7534/0
      Apr 8 03:28:08 openvpn[59008]: Initialization Sequence Completed
      Apr 8 03:28:08 openvpn[59008]: Preserving previous TUN/TAP instance: ovpnc3
      Apr 8 03:28:08 openvpn[59008]: OPTIONS IMPORT: –ip-win32 and/or --dhcp-option options modified
      Apr 8 03:28:08 openvpn[59008]: OPTIONS IMPORT: route-related options modified
      Apr 8 03:28:08 openvpn[59008]: OPTIONS IMPORT: route options modified
      Apr 8 03:28:08 openvpn[59008]: OPTIONS IMPORT: –ifconfig/up options modified
      Apr 8 03:28:08 openvpn[59008]: NOTE: setsockopt TCP_NODELAY=1 failed (No kernel support)
      Apr 8 03:28:08 openvpn[59008]: OPTIONS IMPORT: –socket-flags option modified

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.