OpenVPN Remote Access (SSL/TLS+User Auth) will not pass traffic until restarted

scourtney2000

Hello,

My openVPN road warrior setup seems to die periodically. I can connect to the tunnel but the tunnel will not pass traffic. pfSense reports that i am connected. A route print on my client machine looks good. The system logs in the gui don't show anything out of the ordinary. Is there another log file that I can check for more info. Restarted the vpn tunnel from the gui get the tunnel functioning again. Apinger seems to working ok.

I have pfSense version 2.1.3 x64.

I want to provide more info but I need a little help finding the info to share. Is anyone else experiencing this issue.

Thanks,
Sean

NetBandit

Does it ever pass traffic?
ping your pfsense box continuously and watch to see if it ever goes through.

Also check your OpenVPN log for this:
event_wait : Interrupted system call (code=4)

If so, you might have the same problem as the rest of us:
https://forum.pfsense.org/index.php?topic=75989.0
https://forum.pfsense.org/index.php?topic=76735.0
https://forum.pfsense.org/index.php?topic=77169.0

-nb

scourtney2000

Hi,

Thank you for reply. Yes my tunnel does pass traffic. Periodically it will stop until i restart the tunnel from the gui, then it will pass traffic again.

Next time it stop working I will check the log for the line you mentioned.

Thanks,
Sean

scourtney2000

Hi,

Update,

Ok one of my openvpn setups is not working right now. 'ovpns1' is down. Notice it has no IP! 'openvpn2' is up. It has an IP.

ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
        options=80000 <linkstate>inet6 fe80::219:b9ff:fef3:3c93%ovpns1 prefixlen 64 scopeid 0x8
        nd6 options=3 <performnud,accept_rtadv>Opened by PID 1370

ovpns2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
        options=80000 <linkstate>inet6 fe80::219:b9ff:fef3:3c93%ovpns2 prefixlen 64 scopeid 0x9
        inet 10.0.12.1 –> 10.0.12.2 netmask 0xffffffff
        nd6 options=1 <performnud>Opened by PID 4967

What would cause a VPN to lose it's IP?

Thanks,
Sean</performnud></linkstate></up,pointopoint,running,multicast></performnud,accept_rtadv></linkstate></up,pointopoint,running,multicast>

NetBandit

what about
event_wait : Interrupted system call (code=4)

scourtney2000

hello Netbandit,

i checked the log files under System Logs > OpenVPN logs and I did not see this. I will keep an eye on it.

If there is anything else you want me to check let me know.

Thanks,
Sean

NetBandit

@scourtney2000:

i checked the log files under System Logs > OpenVPN logs and I did not see this. I will keep an eye on it.

You might need to set your log settings to 2000 lines to see it.
-nb

scourtney2000

thanks nb,

i am now logging 2000 lines.

i have not had a vpn crash yet today. i did adjust the gateway monitoring setting hoping this might help. i changed the 'down' setting to 60.

i do have traffic shaping installed. in my case i have assigned my openvpn an interface so i can traffic shape the vpn connections. last night i also prioritized icmp traffic just in case this was setting the gateway monitoring off.

i will let you know what happens.

thanks,
sean

scourtney2000

nb,

update. my vpn tunnels have not lost connectivity in over 24 hours. not sure why.

thanks,
Sean