Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN client times out, can't reconnect. Requires service restart.

    Scheduled Pinned Locked Moved OpenVPN
    14 Posts 4 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zayrn9efir
      last edited by

      I'm having a problem where the OpenVPN client on pfSense will connect to a server with no problems, but later the connection will timeout and it cannot reconnect to the server. It will just ping-restart every minute until I restart the service. At that point it reconnects normally with no problems.

      Setup: pfSense 2.2.6 > wireless bridge > internet

      I realize the above is not ideal, but I have no choice. I believe what is happening is that the wireless connection is getting interrupted. This only seems to happen while I'm sleeping (with only a couple of exceptions), so I can't pinpoint the source of the interruption. It does not always happen at the same time, nor does it happen after being connected for XX hours. In the logs below, I rebooted the wireless router used for the bridge at around 08:58 and the results were the same as what I've been seeing. While the client is constantly restarting, I can plug another device into the router and connect to the VPN server, so it's not a connectivity problem.

      I've tried connecting to different servers. I've tried changing keepalive values, but they get overriden by the values pushed from the server. I've rebooted all the devices I can get my hands on. The issue started when I was on 2.2.5, so I tried reverting to 2.2.4 and upgrading to 2.2.6. I've changed the gateway monitor IP. Nothing fixes it. At this point I'm just throwing darts in the dark.

      The ideal solution would be for me to find and fix the source of the interruption. Until I can do that, how can I get the OpenVPN service to restart rather than ping-restart endlessly?

      
08:29:27 openvpn[9476]: OpenVPN 2.3.8 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 21 2015
08:29:27 openvpn[10452]: Current Parameter Settings:
08:29:27 openvpn[10452]:   config = '/var/etc/openvpn/client9.conf'
08:29:27 openvpn[10452]:   mode = 0
08:29:27 openvpn[10452]:   show_ciphers = DISABLED
08:29:27 openvpn[10452]:   show_digests = DISABLED
08:29:27 openvpn[10452]:   show_engines = DISABLED
08:29:27 openvpn[10452]:   genkey = DISABLED
08:29:27 openvpn[10452]:   key_pass_file = '[UNDEF]'
08:29:27 openvpn[10452]:   show_tls_ciphers = DISABLED
08:29:27 openvpn[10452]: Connection profiles [default]:
08:29:27 openvpn[10452]:   proto = udp
08:29:27 openvpn[10452]:   local = '10.0.0.2'
08:29:27 openvpn[10452]:   local_port = 0
08:29:27 openvpn[10452]:   remote = 'XX.XX.XX.XX'
08:29:27 openvpn[10452]:   remote_port = 443
08:29:27 openvpn[10452]:   remote_float = DISABLED
08:29:27 openvpn[10452]:   bind_defined = DISABLED
08:29:27 openvpn[10452]:   bind_local = ENABLED
08:29:27 openvpn[10452]:   connect_retry_seconds = 5
08:29:27 openvpn[10452]:   connect_timeout = 10
08:29:27 openvpn[10452]:   connect_retry_max = 0
08:29:27 openvpn[10452]:   socks_proxy_server = '[UNDEF]'
08:29:27 openvpn[10452]:   socks_proxy_port = 0
08:29:27 openvpn[10452]:   socks_proxy_retry = DISABLED
08:29:27 openvpn[10452]:   tun_mtu = 1500
08:29:27 openvpn[10452]:   tun_mtu_defined = ENABLED
08:29:27 openvpn[10452]:   link_mtu = 1500
08:29:27 openvpn[10452]:   link_mtu_defined = DISABLED
08:29:27 openvpn[10452]:   tun_mtu_extra = 0
08:29:27 openvpn[10452]:   tun_mtu_extra_defined = DISABLED
08:29:27 openvpn[10452]:   mtu_discover_type = -1
08:29:27 openvpn[10452]:   fragment = 0
08:29:27 openvpn[10452]:   mssfix = 1450
08:29:27 openvpn[10452]:   explicit_exit_notification = 5
08:29:27 openvpn[10452]: Connection profiles END
08:29:27 openvpn[10452]:   remote_random = DISABLED
08:29:27 openvpn[10452]:   ipchange = '[UNDEF]'
08:29:27 openvpn[10452]:   dev = 'ovpnc9'
08:29:27 openvpn[10452]:   dev_type = 'tun'
08:29:27 openvpn[10452]:   dev_node = '/dev/tun9'
08:29:27 openvpn[10452]:   lladdr = '[UNDEF]'
08:29:27 openvpn[10452]:   topology = 1
08:29:27 openvpn[10452]:   tun_ipv6 = ENABLED
08:29:27 openvpn[10452]:   ifconfig_local = '[UNDEF]'
08:29:27 openvpn[10452]:   ifconfig_remote_netmask = '[UNDEF]'
08:29:27 openvpn[10452]:   ifconfig_noexec = DISABLED
08:29:27 openvpn[10452]:   ifconfig_nowarn = DISABLED
08:29:27 openvpn[10452]:   ifconfig_ipv6_local = '[UNDEF]'
08:29:27 openvpn[10452]:   ifconfig_ipv6_netbits = 0
08:29:27 openvpn[10452]:   ifconfig_ipv6_remote = '[UNDEF]'
08:29:27 openvpn[10452]:   shaper = 0
08:29:27 openvpn[10452]:   mtu_test = 0
08:29:27 openvpn[10452]:   mlock = DISABLED
08:29:27 openvpn[10452]:   keepalive_ping = 10
08:29:27 openvpn[10452]:   keepalive_timeout = 90
08:29:27 openvpn[10452]:   inactivity_timeout = 0
08:29:27 openvpn[10452]:   ping_send_timeout = 10
08:29:27 openvpn[10452]:   ping_rec_timeout = 90
08:29:27 openvpn[10452]:   ping_rec_timeout_action = 2
08:29:27 openvpn[10452]:   ping_timer_remote = ENABLED
08:29:27 openvpn[10452]:   remap_sigusr1 = 0
08:29:27 openvpn[10452]:   persist_tun = ENABLED
08:29:27 openvpn[10452]:   persist_local_ip = DISABLED
08:29:27 openvpn[10452]:   persist_remote_ip = DISABLED
08:29:27 openvpn[10452]:   persist_key = ENABLED
08:29:27 openvpn[10452]:   passtos = DISABLED
08:29:27 openvpn[10452]:   resolve_retry_seconds = 1000000000
08:29:27 openvpn[10452]:   username = '[UNDEF]'
08:29:27 openvpn[10452]:   groupname = '[UNDEF]'
08:29:27 openvpn[10452]:   chroot_dir = '[UNDEF]'
08:29:27 openvpn[10452]:   cd_dir = '[UNDEF]'
08:29:27 openvpn[10452]:   writepid = '/var/run/openvpn_client9.pid'
08:29:27 openvpn[10452]:   up_script = '/usr/local/sbin/ovpn-linkup'
08:29:27 openvpn[10452]:   down_script = '/usr/local/sbin/ovpn-linkdown'
08:29:27 openvpn[10452]:   down_pre = DISABLED
08:29:27 openvpn[10452]:   up_restart = DISABLED
08:29:27 openvpn[10452]:   up_delay = DISABLED
08:29:27 openvpn[10452]:   daemon = ENABLED
08:29:27 openvpn[10452]:   inetd = 0
08:29:27 openvpn[10452]:   log = DISABLED
08:29:27 openvpn[10452]:   suppress_timestamps = DISABLED
08:29:27 openvpn[10452]:   nice = 0
08:29:27 openvpn[10452]:   verbosity = 4
08:29:27 openvpn[10452]:   mute = 0
08:29:27 openvpn[10452]:   gremlin = 0
08:29:27 openvpn[10452]:   status_file = '[UNDEF]'
08:29:27 openvpn[10452]:   status_file_version = 1
08:29:27 openvpn[10452]:   status_file_update_freq = 60
08:29:27 openvpn[10452]:   occ = ENABLED
08:29:27 openvpn[10452]:   rcvbuf = 65536
08:29:27 openvpn[10452]:   sndbuf = 65536
08:29:27 openvpn[10452]:   sockflags = 0
08:29:27 openvpn[10452]:   fast_io = DISABLED
08:29:27 openvpn[10452]:   lzo = 1
08:29:27 openvpn[10452]:   route_script = '[UNDEF]'
08:29:27 openvpn[10452]:   route_default_gateway = '[UNDEF]'
08:29:27 openvpn[10452]:   route_default_metric = 0
08:29:27 openvpn[10452]:   route_noexec = DISABLED
08:29:27 openvpn[10452]:   route_delay = 0
08:29:27 openvpn[10452]:   route_delay_window = 30
08:29:27 openvpn[10452]:   route_delay_defined = DISABLED
08:29:27 openvpn[10452]:   route_nopull = ENABLED
08:29:27 openvpn[10452]:   route_gateway_via_dhcp = DISABLED
08:29:27 openvpn[10452]:   max_routes = 100
08:29:27 openvpn[10452]:   allow_pull_fqdn = DISABLED
08:29:27 openvpn[10452]:   management_addr = '/var/etc/openvpn/client9.sock'
08:29:27 openvpn[10452]:   management_port = 0
08:29:27 openvpn[10452]:   management_user_pass = '[UNDEF]'
08:29:27 openvpn[10452]:   management_log_history_cache = 250
08:29:27 openvpn[10452]:   management_echo_buffer_size = 100
08:29:27 openvpn[10452]:   management_write_peer_info_file = '[UNDEF]'
08:29:27 openvpn[10452]:   management_client_user = '[UNDEF]'
08:29:27 openvpn[10452]:   management_client_group = '[UNDEF]'
08:29:27 openvpn[10452]:   management_flags = 256
08:29:27 openvpn[10452]:   shared_secret_file = '[UNDEF]'
08:29:27 openvpn[10452]:   key_direction = 2
08:29:27 openvpn[10452]:   ciphername_defined = ENABLED
08:29:27 openvpn[10452]:   ciphername = 'AES-256-CBC'
08:29:27 openvpn[10452]:   authname_defined = ENABLED
08:29:27 openvpn[10452]:   authname = 'SHA1'
08:29:27 openvpn[10452]:   prng_hash = 'SHA1'
08:29:27 openvpn[10452]:   prng_nonce_secret_len = 16
08:29:27 openvpn[10452]:   keysize = 32
08:29:27 openvpn[10452]:   engine = ENABLED
08:29:27 openvpn[10452]:   replay = ENABLED
08:29:27 openvpn[10452]:   mute_replay_warnings = DISABLED
08:29:27 openvpn[10452]:   replay_window = 64
08:29:27 openvpn[10452]:   replay_time = 15
08:29:27 openvpn[10452]:   packet_id_file = '[UNDEF]'
08:29:27 openvpn[10452]:   use_iv = ENABLED
08:29:27 openvpn[10452]:   test_crypto = DISABLED
08:29:27 openvpn[10452]:   tls_server = DISABLED
08:29:27 openvpn[10452]:   tls_client = ENABLED
08:29:27 openvpn[10452]:   key_method = 2
08:29:27 openvpn[10452]:   ca_file = '/var/etc/openvpn/client9.ca'
08:29:27 openvpn[10452]:   ca_path = '[UNDEF]'
08:29:27 openvpn[10452]:   dh_file = '[UNDEF]'
08:29:27 openvpn[10452]:   cert_file = '/var/etc/openvpn/client9.cert'
08:29:27 openvpn[10452]:   priv_key_file = '/var/etc/openvpn/client9.key'
08:29:27 openvpn[10452]:   pkcs12_file = '[UNDEF]'
08:29:27 openvpn[10452]:   cipher_list = 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA'
08:29:27 openvpn[10452]:   tls_verify = '[UNDEF]'
08:29:27 openvpn[10452]:   tls_export_cert = '[UNDEF]'
08:29:27 openvpn[10452]:   verify_x509_type = 0
08:29:27 openvpn[10452]:   verify_x509_name = '[UNDEF]'
08:29:27 openvpn[10452]:   crl_file = '[UNDEF]'
08:29:27 openvpn[10452]:   ns_cert_type = 0
08:29:27 openvpn[10452]:   remote_cert_ku[i] = 160
08:29:27 openvpn[10452]:   remote_cert_ku[i] = 136
08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
08:29:27 openvpn[10452]:   remote_cert_ku[i] = 0
08:29:27 openvpn[10452]:   remote_cert_eku = 'TLS Web Server Authentication'
08:29:27 openvpn[10452]:   ssl_flags = 0
08:29:27 openvpn[10452]:   tls_timeout = 2
08:29:27 openvpn[10452]:   renegotiate_bytes = 0
08:29:27 openvpn[10452]:   renegotiate_packets = 0
08:29:27 openvpn[10452]:   renegotiate_seconds = 3600
08:29:27 openvpn[10452]:   handshake_window = 60
08:29:27 openvpn[10452]:   transition_window = 3600
08:29:27 openvpn[10452]:   single_session = DISABLED
08:29:27 openvpn[10452]:   push_peer_info = DISABLED
08:29:27 openvpn[10452]:   tls_exit = DISABLED
08:29:27 openvpn[10452]:   tls_auth_file = '/var/etc/openvpn/client9.tls-auth'
08:29:27 openvpn[10452]:   server_network = 0.0.0.0
08:29:27 openvpn[10452]:   server_netmask = 0.0.0.0
08:29:27 openvpn[10452]:   server_network_ipv6 = ::
08:29:27 openvpn[10452]:   server_netbits_ipv6 = 0
08:29:27 openvpn[10452]:   server_bridge_ip = 0.0.0.0
08:29:27 openvpn[10452]:   server_bridge_netmask = 0.0.0.0
08:29:27 openvpn[10452]:   server_bridge_pool_start = 0.0.0.0
08:29:27 openvpn[10452]:   server_bridge_pool_end = 0.0.0.0
08:29:27 openvpn[10452]:   ifconfig_pool_defined = DISABLED
08:29:27 openvpn[10452]:   ifconfig_pool_start = 0.0.0.0
08:29:27 openvpn[10452]:   ifconfig_pool_end = 0.0.0.0
08:29:27 openvpn[10452]:   ifconfig_pool_netmask = 0.0.0.0
08:29:27 openvpn[10452]:   ifconfig_pool_persist_filename = '[UNDEF]'
08:29:27 openvpn[10452]:   ifconfig_pool_persist_refresh_freq = 600
08:29:27 openvpn[10452]:   ifconfig_ipv6_pool_defined = DISABLED
08:29:27 openvpn[10452]:   ifconfig_ipv6_pool_base = ::
08:29:27 openvpn[10452]:   ifconfig_ipv6_pool_netbits = 0
08:29:27 openvpn[10452]:   n_bcast_buf = 256
08:29:27 openvpn[10452]:   tcp_queue_limit = 64
08:29:27 openvpn[10452]:   real_hash_size = 256
08:29:27 openvpn[10452]:   virtual_hash_size = 256
08:29:27 openvpn[10452]:   client_connect_script = '[UNDEF]'
08:29:27 openvpn[10452]:   learn_address_script = '[UNDEF]'
08:29:27 openvpn[10452]:   client_disconnect_script = '[UNDEF]'
08:29:27 openvpn[10452]:   client_config_dir = '[UNDEF]'
08:29:27 openvpn[10452]:   ccd_exclusive = DISABLED
08:29:27 openvpn[10452]:   tmp_dir = '/tmp'
08:29:27 openvpn[10452]:   push_ifconfig_defined = DISABLED
08:29:27 openvpn[10452]:   push_ifconfig_local = 0.0.0.0
08:29:27 openvpn[10452]:   push_ifconfig_remote_netmask = 0.0.0.0
08:29:27 openvpn[10452]:   push_ifconfig_ipv6_defined = DISABLED
08:29:27 openvpn[10452]:   push_ifconfig_ipv6_local = ::/0
08:29:27 openvpn[10452]:   push_ifconfig_ipv6_remote = ::
08:29:27 openvpn[10452]:   enable_c2c = DISABLED
08:29:27 openvpn[10452]:   duplicate_cn = DISABLED
08:29:27 openvpn[10452]:   cf_max = 0
08:29:27 openvpn[10452]:   cf_per = 0
08:29:27 openvpn[10452]:   max_clients = 1024
08:29:27 openvpn[10452]:   max_routes_per_client = 256
08:29:27 openvpn[10452]:   auth_user_pass_verify_script = '[UNDEF]'
08:29:27 openvpn[10452]:   auth_user_pass_verify_script_via_file = DISABLED
08:29:27 openvpn[10452]:   port_share_host = '[UNDEF]'
08:29:27 openvpn[10452]:   port_share_port = 0
08:29:27 openvpn[10452]:   client = ENABLED
08:29:27 openvpn[10452]:   pull = ENABLED
08:29:27 openvpn[10452]:   auth_user_pass_file = '[UNDEF]'
08:29:27 openvpn[10452]: OpenVPN 2.3.8 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 21 2015
08:29:27 openvpn[10452]: library versions: OpenSSL 1.0.1l-freebsd 15 Jan 2015, LZO 2.09
08:29:27 openvpn[9476]: library versions: OpenSSL 1.0.1l-freebsd 15 Jan 2015, LZO 2.09
08:29:27 openvpn[10572]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client9.sock
08:29:27 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
08:29:27 openvpn[10572]: Initializing OpenSSL support for engine 'cryptodev'
08:29:27 openvpn[10695]: Could not retrieve default gateway from route socket:: No such process (errno=3)
08:29:27 openvpn[10695]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
08:29:27 openvpn[10695]: Initializing OpenSSL support for engine 'cryptodev'
08:29:27 openvpn[10572]: Control Channel Authentication: using '/var/etc/openvpn/client9.tls-auth' as a OpenVPN static key file
08:29:27 openvpn[10572]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
08:29:27 openvpn[10572]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
08:29:27 openvpn[10572]: LZO compression initialized
08:29:27 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
08:29:27 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
08:29:27 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
08:29:27 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
08:29:27 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
08:29:27 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
08:29:27 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
08:29:27 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
08:29:27 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
08:29:27 openvpn[10572]: write UDPv4: No route to host (code=65)
08:29:27 openvpn[10695]: Control Channel Authentication: using '/var/etc/openvpn/server8.tls-auth' as a OpenVPN static key file
08:29:27 openvpn[10695]: TUN/TAP device ovpns8 exists previously, keep at program end
08:29:27 openvpn[10695]: TUN/TAP device /dev/tun8 opened
08:29:27 openvpn[10695]: ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
08:29:27 openvpn[10695]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
08:29:27 openvpn[10695]: /sbin/ifconfig ovpns8 10.10.10.1 10.10.10.2 mtu 1500 netmask 255.255.255.0 up
08:29:27 openvpn[10695]: /usr/local/sbin/ovpn-linkup ovpns8 1500 1602 10.10.10.1 255.255.255.0 init
08:29:27 openvpn[10695]: UDPv4 link local (bound): [undef]
08:29:27 openvpn[10695]: UDPv4 link remote: [undef]
08:29:27 openvpn[10695]: Initialization Sequence Completed
08:29:29 openvpn[10572]: TLS: Initial packet from [AF_INET]XX.XX.XX.XX:443, sid=fc1edd59 c31db681
08:29:29 openvpn[10572]: VERIFY OK: depth=1, <snip>
08:29:29 openvpn[10572]: Validating certificate key usage
08:29:29 openvpn[10572]: ++ Certificate has key usage  00a0, expects 00a0
08:29:29 openvpn[10572]: VERIFY KU OK
08:29:29 openvpn[10572]: Validating certificate extended key usage
08:29:29 openvpn[10572]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
08:29:29 openvpn[10572]: VERIFY EKU OK
08:29:29 openvpn[10572]: VERIFY OK: depth=0, <snip>
08:29:36 openvpn[10572]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
08:29:36 openvpn[10572]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
08:29:36 openvpn[10572]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
08:29:36 openvpn[10572]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
08:29:36 openvpn[10572]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
08:29:36 openvpn[10572]: [server] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:443
08:29:38 openvpn[10572]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.42.148 255.255.0.0'
08:29:38 openvpn[10572]: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
08:29:38 openvpn[10572]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
08:29:38 openvpn[10572]: OPTIONS IMPORT: timers and/or timeouts modified
08:29:38 openvpn[10572]: OPTIONS IMPORT: LZO parms modified
08:29:38 openvpn[10572]: OPTIONS IMPORT: --ifconfig/up options modified
08:29:38 openvpn[10572]: OPTIONS IMPORT: route-related options modified
08:29:38 openvpn[10572]: TUN/TAP device ovpnc9 exists previously, keep at program end
08:29:38 openvpn[10572]: TUN/TAP device /dev/tun9 opened
08:29:38 openvpn[10572]: ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
08:29:38 openvpn[10572]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0
08:29:38 openvpn[10572]: /sbin/ifconfig ovpnc9 10.4.42.148 10.4.0.1 mtu 1500 netmask 255.255.0.0 up
08:29:38 openvpn[10572]: /sbin/route add -net 10.4.0.0 10.4.42.148 255.255.0.0
08:29:38 openvpn[10572]: /usr/local/sbin/ovpn-linkup ovpnc9 1500 1558 10.4.42.148 255.255.0.0 init
08:29:38 openvpn[10572]: Initialization Sequence Completed
08:30:10 openvpn[10572]: MANAGEMENT: Client connected from /var/etc/openvpn/client9.sock
08:30:10 openvpn[10572]: MANAGEMENT: CMD 'state 1'
08:30:10 openvpn[10572]: MANAGEMENT: CMD 'status 2'
08:30:10 openvpn[10572]: MANAGEMENT: Client disconnected
08:30:29 openvpn[10572]: MANAGEMENT: Client connected from /var/etc/openvpn/client9.sock
08:30:29 openvpn[10572]: MANAGEMENT: CMD 'state 1'
08:30:29 openvpn[10572]: MANAGEMENT: CMD 'status 2'
08:30:29 openvpn[10572]: MANAGEMENT: Client disconnected
08:32:38 openvpn[10572]: PID_ERR replay-window backtrack occurred [3] [SSL-0] [0___0000000015>>>>>>>>EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE] 0:390 0:387 t=1451568786[28] r=[28,64,15,3,1] sl=[58,64,64,528]
08:58:06 openvpn[10572]: [server] Inactivity timeout (--ping-restart), restarting
08:58:06 openvpn[10572]: TCP/UDP: Closing socket
08:58:06 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
08:58:06 openvpn[10572]: Restart pause, 2 second(s)
08:58:08 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
08:58:08 openvpn[10572]: Re-using SSL/TLS context
08:58:08 openvpn[10572]: LZO compression initialized
08:58:08 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
08:58:08 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
08:58:08 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
08:58:08 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
08:58:08 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
08:58:08 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
08:58:08 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
08:58:08 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
08:58:08 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
08:59:08 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting
08:59:08 openvpn[10572]: TCP/UDP: Closing socket
08:59:08 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
08:59:08 openvpn[10572]: Restart pause, 2 second(s)
08:59:10 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
08:59:10 openvpn[10572]: Re-using SSL/TLS context
08:59:10 openvpn[10572]: LZO compression initialized
08:59:10 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
08:59:10 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
08:59:10 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
08:59:10 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
08:59:10 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
08:59:10 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
08:59:10 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
08:59:10 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
08:59:10 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
09:00:10 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting
09:00:10 openvpn[10572]: TCP/UDP: Closing socket
09:00:10 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
09:00:10 openvpn[10572]: Restart pause, 2 second(s)
09:00:12 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
09:00:12 openvpn[10572]: Re-using SSL/TLS context
09:00:12 openvpn[10572]: LZO compression initialized
09:00:12 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
09:00:12 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
09:00:12 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
09:00:12 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
09:00:12 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
09:00:12 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
09:00:12 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
09:00:12 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
09:00:12 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
09:01:12 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting
09:01:12 openvpn[10572]: TCP/UDP: Closing socket
09:01:12 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
09:01:12 openvpn[10572]: Restart pause, 2 second(s)
09:01:14 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
09:01:14 openvpn[10572]: Re-using SSL/TLS context
09:01:14 openvpn[10572]: LZO compression initialized
09:01:14 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
09:01:14 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
09:01:14 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
09:01:14 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
09:01:14 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
09:01:14 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
09:01:14 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
09:01:14 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
09:01:14 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
09:02:14 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting
09:02:14 openvpn[10572]: TCP/UDP: Closing socket
09:02:14 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
09:02:14 openvpn[10572]: Restart pause, 2 second(s)
09:02:16 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
09:02:16 openvpn[10572]: Re-using SSL/TLS context
09:02:16 openvpn[10572]: LZO compression initialized
09:02:16 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
09:02:16 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
09:02:16 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
09:02:16 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
09:02:16 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
09:02:16 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
09:02:16 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
09:02:16 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
09:02:16 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
09:03:16 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting
09:03:16 openvpn[10572]: TCP/UDP: Closing socket
09:03:16 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
09:03:16 openvpn[10572]: Restart pause, 2 second(s)
09:03:18 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
09:03:18 openvpn[10572]: Re-using SSL/TLS context
09:03:18 openvpn[10572]: LZO compression initialized
09:03:18 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
09:03:18 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
09:03:18 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
09:03:18 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
09:03:18 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
09:03:18 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
09:03:18 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
09:03:18 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
09:03:18 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
09:04:18 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting
09:04:18 openvpn[10572]: TCP/UDP: Closing socket
09:04:18 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
09:04:18 openvpn[10572]: Restart pause, 2 second(s)
09:04:20 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
09:04:20 openvpn[10572]: Re-using SSL/TLS context
09:04:20 openvpn[10572]: LZO compression initialized
09:04:20 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
09:04:20 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
09:04:20 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
09:04:20 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
09:04:20 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
09:04:20 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
09:04:20 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
09:04:20 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
09:04:20 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
09:05:20 openvpn[10572]: TCP/UDP: Closing socket
09:05:20 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
09:05:20 openvpn[10572]: Restart pause, 2 second(s)
09:05:22 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
09:05:22 openvpn[10572]: Re-using SSL/TLS context
09:05:22 openvpn[10572]: LZO compression initialized
09:05:22 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
09:05:22 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
09:05:22 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
09:05:22 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
09:05:22 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
09:05:22 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
09:05:22 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
09:05:22 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
09:05:22 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
09:05:24 openvpn[10572]: MANAGEMENT: Client connected from /var/etc/openvpn/client9.sock
09:05:24 openvpn[10572]: MANAGEMENT: CMD 'state 1'
09:05:24 openvpn[10572]: MANAGEMENT: Client disconnected
09:05:48 openvpn[10572]: MANAGEMENT: Client connected from /var/etc/openvpn/client9.sock
09:05:48 openvpn[10572]: MANAGEMENT: CMD 'state 1'
09:05:48 openvpn[10572]: MANAGEMENT: Client disconnected
09:06:03 openvpn[10572]: MANAGEMENT: Client connected from /var/etc/openvpn/client9.sock
09:06:03 openvpn[10572]: MANAGEMENT: CMD 'state 1'
09:06:03 openvpn[10572]: MANAGEMENT: Client disconnected
09:06:22 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting
09:06:22 openvpn[10572]: TCP/UDP: Closing socket
09:06:22 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
09:06:22 openvpn[10572]: Restart pause, 2 second(s)
09:06:24 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
09:06:24 openvpn[10572]: Re-using SSL/TLS context
09:06:24 openvpn[10572]: LZO compression initialized
09:06:24 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
09:06:24 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
09:06:24 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
09:06:24 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
09:06:24 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
09:06:24 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
09:06:24 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
09:06:24 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
09:06:24 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
09:07:23 openvpn[10572]: MANAGEMENT: Client connected from /var/etc/openvpn/client9.sock
09:07:23 openvpn[10572]: MANAGEMENT: CMD 'state 1'
09:07:23 openvpn[10572]: MANAGEMENT: Client disconnected
09:07:24 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting
09:07:24 openvpn[10572]: TCP/UDP: Closing socket
09:07:24 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
09:07:24 openvpn[10572]: Restart pause, 2 second(s)
09:07:26 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
09:07:26 openvpn[10572]: Re-using SSL/TLS context
09:07:26 openvpn[10572]: LZO compression initialized
09:07:26 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
09:07:26 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
09:07:26 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
09:07:26 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
09:07:26 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
09:07:26 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
09:07:26 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
09:07:26 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
09:07:26 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443
09:08:26 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting
09:08:26 openvpn[10572]: TCP/UDP: Closing socket
09:08:26 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting
09:08:26 openvpn[10572]: Restart pause, 2 second(s)
09:08:28 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
09:08:28 openvpn[10572]: Re-using SSL/TLS context
09:08:28 openvpn[10572]: LZO compression initialized
09:08:28 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ]
09:08:28 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536]
09:08:28 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ]
09:08:28 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
09:08:28 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
09:08:28 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2'
09:08:28 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de'
09:08:28 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2
09:08:28 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443

and so on...
[/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i]</snip></snip>
      1 Reply Last reply Reply Quote 0
      • N
        NUT
        last edited by

        I'm having the same issues, started exactly the same way. no problem with 2.2.4 and started disconnecting and unable to restart the connection without restarting the service, but sometimes a reboot is the only way to fix it…

        Pfsense 2.2.5 and up on both sides...

        1 Reply Last reply Reply Quote 0
        • K
          killerb81
          last edited by

          Same issue.. except that I've been experiencing it since 2.2.1.
          I've been browsing the forums for a while now and have seen people with similar issues but so far haven't found a concrete solution.

          VPN provider is PIA.

          1 Reply Last reply Reply Quote 0
          • Z
            zayrn9efir
            last edited by

            My solution is not the most elegant, but it seems to be working. I run this script every 10 minutes via cron.

            
#!/bin/sh
#updated 2016-02-05

if ping -c3 XXX.XXX.XXX.XXX; then
	#do nothing
else
	#log time
	touch /root/timestamps.txt
	date "+%Y-%m-%d %H:%M:%S" >> /root/timestamps.txt

	#restart vpn clients
	for i in `seq 30`
		do /usr/local/sbin/pfSsh.php playback svc restart openvpn client $i
	done
fi

exit 0

            XXX.XXX.XXX.XXX = an internal IP address only accessible through the VPN. For example, if your VPN provider has an internal DNS server with a static IP or always uses 172.16.0.1 as the gateway.

            If you only use one VPN client, you can get rid of the for loop and just run the command with $i replaced by your client number. I use multiple client connections and don't want to hardcode numbers in the script. As far as I can tell, there is no way to restart only active clients.

            echo "" | php -q

            The above command will restart running clients and servers. It worked on the command line but didn't work for me via cron/scripting. Maybe it was something as simple as needing the full path for php. I probably won't bother to investigate farther unless my solution stops working.

            1 Reply Last reply Reply Quote 0
            • N
              NUT
              last edited by

              @zayrn9efir:

              My solution is not the most elegant, but it seems to be working. I run this script every 10 minutes via cron.

              #!/bin/sh

if ping -c3 XXX.XXX.XXX.XXX; then
	#do nothing
else
	#restart vpn clients
	for i in `seq 30`
		do /usr/local/sbin/pfSsh.php playback svc restart openvpn client $i
	done
fi

exit 0

              XXX.XXX.XXX.XXX = an internal IP address only accessible through the VPN. For example, if your VPN provider has an internal DNS server with a static IP or always uses 172.16.0.1 as the gateway.

              If you only use one VPN client, you can get rid of the for loop and just run the command with $i replaced by your client number. I use multiple client connections and don't want to hardcode numbers in the script. As far as I can tell, there is no way to restart only active clients.

              echo "" | php -q

              The above command will restart running clients and servers. It worked on the command line but didn't work for me via cron/scripting. Maybe it was something as simple as needing the full path for php. I probably won't bother to investigate farther unless my solution stops working.

              Even though it is a nice work around, it's no option for me, as it will also kill running connections (uploads, downloads, ssh) …

              I really wonder why this started happening...  :-\

              1 Reply Last reply Reply Quote 0
              • Z
                zayrn9efir
                last edited by

                @[NUT:

                link=topic=104699.msg586805#msg586805 date=1452746063]
                Even though it is a nice work around, it's no option for me, as it will also kill running connections (uploads, downloads, ssh) …

                I really wonder why this started happening...  :-\

                If you're having the same problem that I have, you don't have any connection through the VPN anyway, so there's nothing left to kill with a restart. Everything has timed out by the time 1-10 minutes pass and the script kicks in. Obviously you can run it more frequently if needed.

                The script only resets VPN clients, and you can specify which ones if you don't want to reset everything. You can even direct pings through specific interfaces and then reset VPN clients on a per-connection basis. I didn't need that for my situation, so I did all or nothing.

                
for i in `ifconfig | cut -d: -f1 | grep ovpnc`
do
    #ping address through interface $i
    #restart $i if ping fails
done

                Maybe that would be more useful for you.

                1 Reply Last reply Reply Quote 0
                • T
                  TDJ211
                  last edited by

                  @zayrn9efir:

                  My solution is not the most elegant, but it seems to be working. I run this script every 10 minutes via cron.

                  #!/bin/sh

if ping -c3 XXX.XXX.XXX.XXX; then
	#do nothing
else
	#restart vpn clients
	for i in `seq 30`
		do /usr/local/sbin/pfSsh.php playback svc restart openvpn client $i
	done
fi

exit 0

                  XXX.XXX.XXX.XXX = an internal IP address only accessible through the VPN. For example, if your VPN provider has an internal DNS server with a static IP or always uses 172.16.0.1 as the gateway.

                  If you only use one VPN client, you can get rid of the for loop and just run the command with $i replaced by your client number. I use multiple client connections and don't want to hardcode numbers in the script. As far as I can tell, there is no way to restart only active clients.

                  echo "" | php -q

                  The above command will restart running clients and servers. It worked on the command line but didn't work for me via cron/scripting. Maybe it was something as simple as needing the full path for php. I probably won't bother to investigate farther unless my solution stops working.

                  Yea same thing happens to me and this looks like a pretty cool work around. Ill give it a whirl when i can get back in town and reset my openvpn interface as im currently locked out now.

                  Thx#

                  1 Reply Last reply Reply Quote 0
                  • T
                    TDJ211
                    last edited by

                    Since I only have one VPN client, it should probably look something like this correct??

                    
#!/bin/sh

if ping -c3 XXX.XXX.XXX.XXX; then
	#do nothing
else
	#restart vpn clients
         /usr/local/sbin/pfSsh.php playback svc restart openvpn client $i

fi
exit 0

                    Also, is there a way to track how many/often it restarts your VPN

                    1 Reply Last reply Reply Quote 0
                    • Z
                      zayrn9efir
                      last edited by

                      @TDJ211:

                      Since I only have one VPN client, it should probably look something like this correct??

                      
#!/bin/sh

if ping -c3 XXX.XXX.XXX.XXX; then
	#do nothing
else
	#restart vpn clients
         /usr/local/sbin/pfSsh.php playback svc restart openvpn client $i

fi
exit 0

                      Also, is there a way to track how many/often it restarts your VPN

                      Just replace $i with your client number (probably 1) and you should be good to go.

                      If you look at Status > OpenVPN in pfSense, you can see the last restart time (connected since …). You can also check the OpenVPN log files for restarts. Depending on what your verbosity level is set at and how long between restarts, you will probably see at least 1-2 restarts in there. It will also show in the System > General logs. Look for "pfSsh.php: OpenVPN ID client## PID #### still running, killing."

                      You could modify the script to increment a counter and write it to a file every time it restarts the VPN. You could even have it put in a time stamp. ...Actually, I like this idea. I may implement it myself. A long enough series of time stamps may help me track down my problem.

                      EDIT: I added this below the "else" in my script. EDIT 2: note that I have already added this to the script posted above.

                      
#log time
touch /root/timestamps.txt
date "+%Y-%m-%d %H:%M:%S" >> /root/timestamps.txt

                      You could run "wc -l /root/timestamps.txt" to get a count.

                      1 Reply Last reply Reply Quote 0
                      • T
                        TDJ211
                        last edited by

                        Sweet!  I really like that timestamp addition to the script. And yea, I would like to have some kind of way to monitor it and make sure it doesnt cause probs or conflict with anything.

                        Also, would it be something you would have to manually check from time to time, or is there a way the script could notify you by email or something when it restarts? Not that important really, just brainstorming here. It would be nice.

                        1 Reply Last reply Reply Quote 0
                        • Z
                          zayrn9efir
                          last edited by

                          @TDJ211:

                          Sweet!  I really like that timestamp addition to the script. And yea, I would like to have some kind of way to monitor it and make sure it doesnt cause probs or conflict with anything.

                          Also, would it be something you would have to manually check from time to time, or is there a way the script could notify you by email or something when it restarts? Not that important really, just brainstorming here. It would be nice.

                          As is, it would have to be checked periodically. You can definitely send e-mails via script. You may even be able to use the e-mail notification function built into pfSense, rather than scripting it all manually.

                          The difficulty I have is that I don't have access to a trustworthy SMTP server to test with. This isn't something I'm familiar with, so I wouldn't be able to whip out a script and say "fill in the blanks." I'd have to experiment and learn as I go.

                          1 Reply Last reply Reply Quote 0
                          • T
                            TDJ211
                            last edited by

                            Yea I hear ya, just curious really. Ill use it as an educational opportunity and look into it myself as well.

                            Anyways, thanks again!

                            1 Reply Last reply Reply Quote 0
                            • T
                              TDJ211
                              last edited by

                              You could run "wc -l /path/to/timestamp/file" to get a count.

                              Where do I run this? On the CLI in putty? When I did I got "no such file name exists blah, blah, blah"

                              Is it because it has yet to report an OpenVPN restart yet?

                              1 Reply Last reply Reply Quote 0
                              • Z
                                zayrn9efir
                                last edited by

                                @TDJ211:

                                You could run "wc -l /path/to/timestamp/file" to get a count.

                                Where do I run this? On the CLI in putty? When I did I got "no such file name exists blah, blah, blah"

                                Is it because it has yet to report an OpenVPN restart yet?

                                You run that on the command line using putty or through the pfSense web interface. I assume you're putting the full path to wherever you have the timestamp file. When I used the relative path, like in the script I posted, it put the file at /var/log/timestamps.txt (which is not the location I expected). If you're not sure where it is, you can run this to find the absolute path:

                                find / -name "timestamps.txt"

                                In light of the above issue, I would recommend editing the script and changing "./timestamps.txt" to "/root/timestamps.txt" or some other absolute path so there is no question as to where it is. I will go back and change what I posted earlier.

                                If the script hasn't kicked in and restarted your VPN yet, the file won't exist. If you want to see what the file will look like, run this from the command line:```
                                date "+%Y-%m-%d %H:%M:%S" >> /absolute/path/to/timestamps.txt

                                
That will create the file, insert a timestamp, and then you should be able to run the "wc" command (with absolute path) successfully with a result of 1.

* I'm not sure how much you know about this stuff, so I apologize if the absolute/relative path comments are unnecessary.
                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.