Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Peer-to-peer constant reconnecting

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jpletka
      last edited by

      I'm trying to setup a peer-to-peer OpenVPN between two pfsense servers running 2.0.1-RELEASE, but the client keeps getting the connection dropped, with a status of "reconnecting; ping-restart" and nothing appears to be routing between them.  Both these firewalls are also doing PPTP VPNs that are working correctly.  There is probably something simple I'm doing wrong, but after spending 4 hours trying to get the VPN up, I've run out of things to try.  Thanks in advance.

      
FW01 ("server")
=======================
LAN: 10.1.1.2/24
WAN: xx.xx.126.34/27
ServerMode: Peer to Peer (Shared Key)
Protocol: UDP
DeviceMode: tun
Interface: WAN
Port 1194
Tunnel: 10.0.8.1/30
Local Network: 10.1.1.0/24
Remote Network: 192.168.1.0/24
Firewall Rule in OpenVPN tab: UDP 	* 	* 	* 	* 	* 	none 	  

FW03 (client)
LAN: 192.168.1.2/24
WAN: xx.xx.9.66/27
ServerMode: Peer to Peer (Shared Key)
Protocol: UDP
DeviceMode: tun
Interface: WAN
Server Host: xx.xx.126.34
Tunnel: <blank>– also tried 10.1.8.0/24
Remote Network: 10.1.1.0/24</blank>

      Client Logs:

      
System Log
Apr 6 18:00:08 	kernel: <57ovpnc1: lvnk state chanced to DOWN
Apr 6 18:00:08 	check_reload_status: Reloading filter
Apr 6 18:00:08 	check_reload_status: Reloading filter
Apr 6 18:00:08 	kernel: ovpnc1: link state changed to UP
Apr 6 18:00:08 	check_reload_status: rc.newwanip starting ovpnc1
Apr 6 18:00:08 	check_reload_status: Syncing firewall
Apr 6 18:00:13 	php: : rc.newwanip: Informational is starting ovpnc1.
Apr 6 18:00:13 	php: : rc.newwanip: on (IP address: 10.1.8.2) (interface: ) (real interface: ovpnc1).
Apr 6 18:00:13 	php: : OpenNTPD is starting up.
Apr 6 18:00:13 	php: : pfSense package system has detected an ip change -> ... Restarting packages.
Apr 6 18:00:13 	check_reload_status: Starting packages
Apr 6 18:00:19 	php: : Restarting/Starting all packages.
Apr 6 18:00:56 	kernel: ovpnc1: link state changed to DOWN
Apr 6 18:00:56 	check_reload_status: Reloading filter
Apr 6 18:00:57 	check_reload_status: Reloading filter
Apr 6 18:00:57 	kernel: ovpnc1: link state changed to UP
Apr 6 18:00:57 	check_reload_status: rc.newwanip starting ovpnc1
Apr 6 18:00:57 	check_reload_status: Syncing firewall
Apr 6 18:01:02 	php: : rc.newwanip: Informational is starting ovpnc1.
Apr 6 18:01:02 	php: : rc.newwanip: on (IP address: ) (interface: ) (real interface: ovpnc1).
Apr 6 18:01:02 	php: : rc.newwanip: Failed to update IP, restarting...
Apr 6 18:01:02 	php: : send_event: sent interface reconfigure got ERROR: incomplete command. all <string>reload <interface>reconfigure <interface>restart <interface>newip <string>linkup <string>sync</string></string></interface></interface></interface></string> 

      
Client OpenVPN log
Apr 6 18:39:14 	openvpn[12177]: Inactivity timeout (–ping-restart), restarting
Apr 6 18:39:14 	openvpn[12177]: SIGUSR1[soft,ping-restart] received, process restarting
Apr 6 18:39:16 	openvpn[12177]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Apr 6 18:39:16 	openvpn[12177]: Re-using pre-shared static key
Apr 6 18:39:16 	openvpn[12177]: Preserving previous TUN/TAP instance: ovpnc1
Apr 6 18:39:16 	openvpn[12177]: UDPv4 link local (bound): [AF_INET]64.94.9.66
Apr 6 18:39:16 	openvpn[12177]: UDPv4 link remote: [AF_INET]64.74.126.34:1194


      
Server OpenVPN log
Apr 6 14:40:36 	openvpn[22117]: UDPv4 link remote: [undef]
Apr 6 14:40:36 	openvpn[22117]: UDPv4 link local (bound): [AF_INET]xx.xx.126.34:1194
Apr 6 14:40:36 	openvpn[21006]: /usr/local/sbin/ovpn-linkup ovpns1 1500 1557 10.1.8.1 10.1.8.2 init
Apr 6 14:40:36 	openvpn[21006]: /sbin/ifconfig ovpns1 10.1.8.1 10.1.8.2 mtu 1500 netmask 255.255.255.255 up
Apr 6 14:40:36 	openvpn[21006]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Apr 6 14:40:36 	openvpn[21006]: TUN/TAP device /dev/tun1 opened
Apr 6 14:40:36 	openvpn[21006]: Control Channel Authentication: using '/var/etc/openvpn/server1.tls-auth' as a OpenVPN static key file
Apr 6 14:40:36 	openvpn[21006]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Apr 6 14:40:36 	openvpn[21006]: OpenVPN 2.2.0 amd64-portbld-freebsd8.1 [SSL] [LZO2] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Aug 11 2011
Apr 6 14:40:36 	openvpn[17171]: SIGTERM[hard,] received, process exiting
Apr 6 14:40:36 	openvpn[17171]: /usr/local/sbin/ovpn-linkdown ovpns1 1500 1557 10.1.8.1 10.1.8.2 init
Apr 6 14:40:36 	openvpn[17171]: ERROR: FreeBSD route delete command failed: external program exited with error status: 1
Apr 6 14:40:36 	openvpn[17171]: event_wait : Interrupted system call (code=4)
Apr 6 14:06:32 	openvpn[17171]: Initialization Sequence Completed
Apr 6 14:06:32 	openvpn[17171]: UDPv4 link remote: [undef]
Apr 6 14:06:32 	openvpn[17171]: UDPv4 link local (bound): [AF_INET]xx.xx.126.34:1194
      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        you're not permitting the client traffic server-side in firewall rules. What I would have guessed anyway, but maybe I'm psychic and know that fixed your issue, and gave you the suggestion in the first place.  ;)
        http://serverfault.com/questions/377399/pfsense-peer-to-peer-openvpn-not-connecting

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.