VPN client times out, can't reconnect. Requires service restart.
-
I'm having a problem where the OpenVPN client on pfSense will connect to a server with no problems, but later the connection will timeout and it cannot reconnect to the server. It will just ping-restart every minute until I restart the service. At that point it reconnects normally with no problems.
Setup: pfSense 2.2.6 > wireless bridge > internet
I realize the above is not ideal, but I have no choice. I believe what is happening is that the wireless connection is getting interrupted. This only seems to happen while I'm sleeping (with only a couple of exceptions), so I can't pinpoint the source of the interruption. It does not always happen at the same time, nor does it happen after being connected for XX hours. In the logs below, I rebooted the wireless router used for the bridge at around 08:58 and the results were the same as what I've been seeing. While the client is constantly restarting, I can plug another device into the router and connect to the VPN server, so it's not a connectivity problem.
I've tried connecting to different servers. I've tried changing keepalive values, but they get overriden by the values pushed from the server. I've rebooted all the devices I can get my hands on. The issue started when I was on 2.2.5, so I tried reverting to 2.2.4 and upgrading to 2.2.6. I've changed the gateway monitor IP. Nothing fixes it. At this point I'm just throwing darts in the dark.
The ideal solution would be for me to find and fix the source of the interruption. Until I can do that, how can I get the OpenVPN service to restart rather than ping-restart endlessly?
08:29:27 openvpn[9476]: OpenVPN 2.3.8 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 21 2015 08:29:27 openvpn[10452]: Current Parameter Settings: 08:29:27 openvpn[10452]: config = '/var/etc/openvpn/client9.conf' 08:29:27 openvpn[10452]: mode = 0 08:29:27 openvpn[10452]: show_ciphers = DISABLED 08:29:27 openvpn[10452]: show_digests = DISABLED 08:29:27 openvpn[10452]: show_engines = DISABLED 08:29:27 openvpn[10452]: genkey = DISABLED 08:29:27 openvpn[10452]: key_pass_file = '[UNDEF]' 08:29:27 openvpn[10452]: show_tls_ciphers = DISABLED 08:29:27 openvpn[10452]: Connection profiles [default]: 08:29:27 openvpn[10452]: proto = udp 08:29:27 openvpn[10452]: local = '10.0.0.2' 08:29:27 openvpn[10452]: local_port = 0 08:29:27 openvpn[10452]: remote = 'XX.XX.XX.XX' 08:29:27 openvpn[10452]: remote_port = 443 08:29:27 openvpn[10452]: remote_float = DISABLED 08:29:27 openvpn[10452]: bind_defined = DISABLED 08:29:27 openvpn[10452]: bind_local = ENABLED 08:29:27 openvpn[10452]: connect_retry_seconds = 5 08:29:27 openvpn[10452]: connect_timeout = 10 08:29:27 openvpn[10452]: connect_retry_max = 0 08:29:27 openvpn[10452]: socks_proxy_server = '[UNDEF]' 08:29:27 openvpn[10452]: socks_proxy_port = 0 08:29:27 openvpn[10452]: socks_proxy_retry = DISABLED 08:29:27 openvpn[10452]: tun_mtu = 1500 08:29:27 openvpn[10452]: tun_mtu_defined = ENABLED 08:29:27 openvpn[10452]: link_mtu = 1500 08:29:27 openvpn[10452]: link_mtu_defined = DISABLED 08:29:27 openvpn[10452]: tun_mtu_extra = 0 08:29:27 openvpn[10452]: tun_mtu_extra_defined = DISABLED 08:29:27 openvpn[10452]: mtu_discover_type = -1 08:29:27 openvpn[10452]: fragment = 0 08:29:27 openvpn[10452]: mssfix = 1450 08:29:27 openvpn[10452]: explicit_exit_notification = 5 08:29:27 openvpn[10452]: Connection profiles END 08:29:27 openvpn[10452]: remote_random = DISABLED 08:29:27 openvpn[10452]: ipchange = '[UNDEF]' 08:29:27 openvpn[10452]: dev = 'ovpnc9' 08:29:27 openvpn[10452]: dev_type = 'tun' 08:29:27 openvpn[10452]: dev_node = '/dev/tun9' 08:29:27 openvpn[10452]: lladdr = '[UNDEF]' 08:29:27 openvpn[10452]: topology = 1 08:29:27 openvpn[10452]: tun_ipv6 = ENABLED 08:29:27 openvpn[10452]: ifconfig_local = '[UNDEF]' 08:29:27 openvpn[10452]: ifconfig_remote_netmask = '[UNDEF]' 08:29:27 openvpn[10452]: ifconfig_noexec = DISABLED 08:29:27 openvpn[10452]: ifconfig_nowarn = DISABLED 08:29:27 openvpn[10452]: ifconfig_ipv6_local = '[UNDEF]' 08:29:27 openvpn[10452]: ifconfig_ipv6_netbits = 0 08:29:27 openvpn[10452]: ifconfig_ipv6_remote = '[UNDEF]' 08:29:27 openvpn[10452]: shaper = 0 08:29:27 openvpn[10452]: mtu_test = 0 08:29:27 openvpn[10452]: mlock = DISABLED 08:29:27 openvpn[10452]: keepalive_ping = 10 08:29:27 openvpn[10452]: keepalive_timeout = 90 08:29:27 openvpn[10452]: inactivity_timeout = 0 08:29:27 openvpn[10452]: ping_send_timeout = 10 08:29:27 openvpn[10452]: ping_rec_timeout = 90 08:29:27 openvpn[10452]: ping_rec_timeout_action = 2 08:29:27 openvpn[10452]: ping_timer_remote = ENABLED 08:29:27 openvpn[10452]: remap_sigusr1 = 0 08:29:27 openvpn[10452]: persist_tun = ENABLED 08:29:27 openvpn[10452]: persist_local_ip = DISABLED 08:29:27 openvpn[10452]: persist_remote_ip = DISABLED 08:29:27 openvpn[10452]: persist_key = ENABLED 08:29:27 openvpn[10452]: passtos = DISABLED 08:29:27 openvpn[10452]: resolve_retry_seconds = 1000000000 08:29:27 openvpn[10452]: username = '[UNDEF]' 08:29:27 openvpn[10452]: groupname = '[UNDEF]' 08:29:27 openvpn[10452]: chroot_dir = '[UNDEF]' 08:29:27 openvpn[10452]: cd_dir = '[UNDEF]' 08:29:27 openvpn[10452]: writepid = '/var/run/openvpn_client9.pid' 08:29:27 openvpn[10452]: up_script = '/usr/local/sbin/ovpn-linkup' 08:29:27 openvpn[10452]: down_script = '/usr/local/sbin/ovpn-linkdown' 08:29:27 openvpn[10452]: down_pre = DISABLED 08:29:27 openvpn[10452]: up_restart = DISABLED 08:29:27 openvpn[10452]: up_delay = DISABLED 08:29:27 openvpn[10452]: daemon = ENABLED 08:29:27 openvpn[10452]: inetd = 0 08:29:27 openvpn[10452]: log = DISABLED 08:29:27 openvpn[10452]: suppress_timestamps = DISABLED 08:29:27 openvpn[10452]: nice = 0 08:29:27 openvpn[10452]: verbosity = 4 08:29:27 openvpn[10452]: mute = 0 08:29:27 openvpn[10452]: gremlin = 0 08:29:27 openvpn[10452]: status_file = '[UNDEF]' 08:29:27 openvpn[10452]: status_file_version = 1 08:29:27 openvpn[10452]: status_file_update_freq = 60 08:29:27 openvpn[10452]: occ = ENABLED 08:29:27 openvpn[10452]: rcvbuf = 65536 08:29:27 openvpn[10452]: sndbuf = 65536 08:29:27 openvpn[10452]: sockflags = 0 08:29:27 openvpn[10452]: fast_io = DISABLED 08:29:27 openvpn[10452]: lzo = 1 08:29:27 openvpn[10452]: route_script = '[UNDEF]' 08:29:27 openvpn[10452]: route_default_gateway = '[UNDEF]' 08:29:27 openvpn[10452]: route_default_metric = 0 08:29:27 openvpn[10452]: route_noexec = DISABLED 08:29:27 openvpn[10452]: route_delay = 0 08:29:27 openvpn[10452]: route_delay_window = 30 08:29:27 openvpn[10452]: route_delay_defined = DISABLED 08:29:27 openvpn[10452]: route_nopull = ENABLED 08:29:27 openvpn[10452]: route_gateway_via_dhcp = DISABLED 08:29:27 openvpn[10452]: max_routes = 100 08:29:27 openvpn[10452]: allow_pull_fqdn = DISABLED 08:29:27 openvpn[10452]: management_addr = '/var/etc/openvpn/client9.sock' 08:29:27 openvpn[10452]: management_port = 0 08:29:27 openvpn[10452]: management_user_pass = '[UNDEF]' 08:29:27 openvpn[10452]: management_log_history_cache = 250 08:29:27 openvpn[10452]: management_echo_buffer_size = 100 08:29:27 openvpn[10452]: management_write_peer_info_file = '[UNDEF]' 08:29:27 openvpn[10452]: management_client_user = '[UNDEF]' 08:29:27 openvpn[10452]: management_client_group = '[UNDEF]' 08:29:27 openvpn[10452]: management_flags = 256 08:29:27 openvpn[10452]: shared_secret_file = '[UNDEF]' 08:29:27 openvpn[10452]: key_direction = 2 08:29:27 openvpn[10452]: ciphername_defined = ENABLED 08:29:27 openvpn[10452]: ciphername = 'AES-256-CBC' 08:29:27 openvpn[10452]: authname_defined = ENABLED 08:29:27 openvpn[10452]: authname = 'SHA1' 08:29:27 openvpn[10452]: prng_hash = 'SHA1' 08:29:27 openvpn[10452]: prng_nonce_secret_len = 16 08:29:27 openvpn[10452]: keysize = 32 08:29:27 openvpn[10452]: engine = ENABLED 08:29:27 openvpn[10452]: replay = ENABLED 08:29:27 openvpn[10452]: mute_replay_warnings = DISABLED 08:29:27 openvpn[10452]: replay_window = 64 08:29:27 openvpn[10452]: replay_time = 15 08:29:27 openvpn[10452]: packet_id_file = '[UNDEF]' 08:29:27 openvpn[10452]: use_iv = ENABLED 08:29:27 openvpn[10452]: test_crypto = DISABLED 08:29:27 openvpn[10452]: tls_server = DISABLED 08:29:27 openvpn[10452]: tls_client = ENABLED 08:29:27 openvpn[10452]: key_method = 2 08:29:27 openvpn[10452]: ca_file = '/var/etc/openvpn/client9.ca' 08:29:27 openvpn[10452]: ca_path = '[UNDEF]' 08:29:27 openvpn[10452]: dh_file = '[UNDEF]' 08:29:27 openvpn[10452]: cert_file = '/var/etc/openvpn/client9.cert' 08:29:27 openvpn[10452]: priv_key_file = '/var/etc/openvpn/client9.key' 08:29:27 openvpn[10452]: pkcs12_file = '[UNDEF]' 08:29:27 openvpn[10452]: cipher_list = 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA' 08:29:27 openvpn[10452]: tls_verify = '[UNDEF]' 08:29:27 openvpn[10452]: tls_export_cert = '[UNDEF]' 08:29:27 openvpn[10452]: verify_x509_type = 0 08:29:27 openvpn[10452]: verify_x509_name = '[UNDEF]' 08:29:27 openvpn[10452]: crl_file = '[UNDEF]' 08:29:27 openvpn[10452]: ns_cert_type = 0 08:29:27 openvpn[10452]: remote_cert_ku[i] = 160 08:29:27 openvpn[10452]: remote_cert_ku[i] = 136 08:29:27 openvpn[10452]: remote_cert_ku[i] = 0 08:29:27 openvpn[10452]: remote_cert_ku[i] = 0 08:29:27 openvpn[10452]: remote_cert_ku[i] = 0 08:29:27 openvpn[10452]: remote_cert_ku[i] = 0 08:29:27 openvpn[10452]: remote_cert_ku[i] = 0 08:29:27 openvpn[10452]: remote_cert_ku[i] = 0 08:29:27 openvpn[10452]: remote_cert_ku[i] = 0 08:29:27 openvpn[10452]: remote_cert_ku[i] = 0 08:29:27 openvpn[10452]: remote_cert_ku[i] = 0 08:29:27 openvpn[10452]: remote_cert_ku[i] = 0 08:29:27 openvpn[10452]: remote_cert_ku[i] = 0 08:29:27 openvpn[10452]: remote_cert_ku[i] = 0 08:29:27 openvpn[10452]: remote_cert_ku[i] = 0 08:29:27 openvpn[10452]: remote_cert_ku[i] = 0 08:29:27 openvpn[10452]: remote_cert_eku = 'TLS Web Server Authentication' 08:29:27 openvpn[10452]: ssl_flags = 0 08:29:27 openvpn[10452]: tls_timeout = 2 08:29:27 openvpn[10452]: renegotiate_bytes = 0 08:29:27 openvpn[10452]: renegotiate_packets = 0 08:29:27 openvpn[10452]: renegotiate_seconds = 3600 08:29:27 openvpn[10452]: handshake_window = 60 08:29:27 openvpn[10452]: transition_window = 3600 08:29:27 openvpn[10452]: single_session = DISABLED 08:29:27 openvpn[10452]: push_peer_info = DISABLED 08:29:27 openvpn[10452]: tls_exit = DISABLED 08:29:27 openvpn[10452]: tls_auth_file = '/var/etc/openvpn/client9.tls-auth' 08:29:27 openvpn[10452]: server_network = 0.0.0.0 08:29:27 openvpn[10452]: server_netmask = 0.0.0.0 08:29:27 openvpn[10452]: server_network_ipv6 = :: 08:29:27 openvpn[10452]: server_netbits_ipv6 = 0 08:29:27 openvpn[10452]: server_bridge_ip = 0.0.0.0 08:29:27 openvpn[10452]: server_bridge_netmask = 0.0.0.0 08:29:27 openvpn[10452]: server_bridge_pool_start = 0.0.0.0 08:29:27 openvpn[10452]: server_bridge_pool_end = 0.0.0.0 08:29:27 openvpn[10452]: ifconfig_pool_defined = DISABLED 08:29:27 openvpn[10452]: ifconfig_pool_start = 0.0.0.0 08:29:27 openvpn[10452]: ifconfig_pool_end = 0.0.0.0 08:29:27 openvpn[10452]: ifconfig_pool_netmask = 0.0.0.0 08:29:27 openvpn[10452]: ifconfig_pool_persist_filename = '[UNDEF]' 08:29:27 openvpn[10452]: ifconfig_pool_persist_refresh_freq = 600 08:29:27 openvpn[10452]: ifconfig_ipv6_pool_defined = DISABLED 08:29:27 openvpn[10452]: ifconfig_ipv6_pool_base = :: 08:29:27 openvpn[10452]: ifconfig_ipv6_pool_netbits = 0 08:29:27 openvpn[10452]: n_bcast_buf = 256 08:29:27 openvpn[10452]: tcp_queue_limit = 64 08:29:27 openvpn[10452]: real_hash_size = 256 08:29:27 openvpn[10452]: virtual_hash_size = 256 08:29:27 openvpn[10452]: client_connect_script = '[UNDEF]' 08:29:27 openvpn[10452]: learn_address_script = '[UNDEF]' 08:29:27 openvpn[10452]: client_disconnect_script = '[UNDEF]' 08:29:27 openvpn[10452]: client_config_dir = '[UNDEF]' 08:29:27 openvpn[10452]: ccd_exclusive = DISABLED 08:29:27 openvpn[10452]: tmp_dir = '/tmp' 08:29:27 openvpn[10452]: push_ifconfig_defined = DISABLED 08:29:27 openvpn[10452]: push_ifconfig_local = 0.0.0.0 08:29:27 openvpn[10452]: push_ifconfig_remote_netmask = 0.0.0.0 08:29:27 openvpn[10452]: push_ifconfig_ipv6_defined = DISABLED 08:29:27 openvpn[10452]: push_ifconfig_ipv6_local = ::/0 08:29:27 openvpn[10452]: push_ifconfig_ipv6_remote = :: 08:29:27 openvpn[10452]: enable_c2c = DISABLED 08:29:27 openvpn[10452]: duplicate_cn = DISABLED 08:29:27 openvpn[10452]: cf_max = 0 08:29:27 openvpn[10452]: cf_per = 0 08:29:27 openvpn[10452]: max_clients = 1024 08:29:27 openvpn[10452]: max_routes_per_client = 256 08:29:27 openvpn[10452]: auth_user_pass_verify_script = '[UNDEF]' 08:29:27 openvpn[10452]: auth_user_pass_verify_script_via_file = DISABLED 08:29:27 openvpn[10452]: port_share_host = '[UNDEF]' 08:29:27 openvpn[10452]: port_share_port = 0 08:29:27 openvpn[10452]: client = ENABLED 08:29:27 openvpn[10452]: pull = ENABLED 08:29:27 openvpn[10452]: auth_user_pass_file = '[UNDEF]' 08:29:27 openvpn[10452]: OpenVPN 2.3.8 amd64-portbld-freebsd10.1 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Aug 21 2015 08:29:27 openvpn[10452]: library versions: OpenSSL 1.0.1l-freebsd 15 Jan 2015, LZO 2.09 08:29:27 openvpn[9476]: library versions: OpenSSL 1.0.1l-freebsd 15 Jan 2015, LZO 2.09 08:29:27 openvpn[10572]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/client9.sock 08:29:27 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 08:29:27 openvpn[10572]: Initializing OpenSSL support for engine 'cryptodev' 08:29:27 openvpn[10695]: Could not retrieve default gateway from route socket:: No such process (errno=3) 08:29:27 openvpn[10695]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 08:29:27 openvpn[10695]: Initializing OpenSSL support for engine 'cryptodev' 08:29:27 openvpn[10572]: Control Channel Authentication: using '/var/etc/openvpn/client9.tls-auth' as a OpenVPN static key file 08:29:27 openvpn[10572]: Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 08:29:27 openvpn[10572]: Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 08:29:27 openvpn[10572]: LZO compression initialized 08:29:27 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ] 08:29:27 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536] 08:29:27 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] 08:29:27 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' 08:29:27 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' 08:29:27 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2' 08:29:27 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de' 08:29:27 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2 08:29:27 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443 08:29:27 openvpn[10572]: write UDPv4: No route to host (code=65) 08:29:27 openvpn[10695]: Control Channel Authentication: using '/var/etc/openvpn/server8.tls-auth' as a OpenVPN static key file 08:29:27 openvpn[10695]: TUN/TAP device ovpns8 exists previously, keep at program end 08:29:27 openvpn[10695]: TUN/TAP device /dev/tun8 opened 08:29:27 openvpn[10695]: ioctl(TUNSIFMODE): Device busy: Device busy (errno=16) 08:29:27 openvpn[10695]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0 08:29:27 openvpn[10695]: /sbin/ifconfig ovpns8 10.10.10.1 10.10.10.2 mtu 1500 netmask 255.255.255.0 up 08:29:27 openvpn[10695]: /usr/local/sbin/ovpn-linkup ovpns8 1500 1602 10.10.10.1 255.255.255.0 init 08:29:27 openvpn[10695]: UDPv4 link local (bound): [undef] 08:29:27 openvpn[10695]: UDPv4 link remote: [undef] 08:29:27 openvpn[10695]: Initialization Sequence Completed 08:29:29 openvpn[10572]: TLS: Initial packet from [AF_INET]XX.XX.XX.XX:443, sid=fc1edd59 c31db681 08:29:29 openvpn[10572]: VERIFY OK: depth=1, <snip> 08:29:29 openvpn[10572]: Validating certificate key usage 08:29:29 openvpn[10572]: ++ Certificate has key usage 00a0, expects 00a0 08:29:29 openvpn[10572]: VERIFY KU OK 08:29:29 openvpn[10572]: Validating certificate extended key usage 08:29:29 openvpn[10572]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 08:29:29 openvpn[10572]: VERIFY EKU OK 08:29:29 openvpn[10572]: VERIFY OK: depth=0, <snip> 08:29:36 openvpn[10572]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key 08:29:36 openvpn[10572]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 08:29:36 openvpn[10572]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key 08:29:36 openvpn[10572]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication 08:29:36 openvpn[10572]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA 08:29:36 openvpn[10572]: [server] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:443 08:29:38 openvpn[10572]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.42.148 255.255.0.0' 08:29:38 openvpn[10572]: Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS]) 08:29:38 openvpn[10572]: Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS]) 08:29:38 openvpn[10572]: OPTIONS IMPORT: timers and/or timeouts modified 08:29:38 openvpn[10572]: OPTIONS IMPORT: LZO parms modified 08:29:38 openvpn[10572]: OPTIONS IMPORT: --ifconfig/up options modified 08:29:38 openvpn[10572]: OPTIONS IMPORT: route-related options modified 08:29:38 openvpn[10572]: TUN/TAP device ovpnc9 exists previously, keep at program end 08:29:38 openvpn[10572]: TUN/TAP device /dev/tun9 opened 08:29:38 openvpn[10572]: ioctl(TUNSIFMODE): Device busy: Device busy (errno=16) 08:29:38 openvpn[10572]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0 08:29:38 openvpn[10572]: /sbin/ifconfig ovpnc9 10.4.42.148 10.4.0.1 mtu 1500 netmask 255.255.0.0 up 08:29:38 openvpn[10572]: /sbin/route add -net 10.4.0.0 10.4.42.148 255.255.0.0 08:29:38 openvpn[10572]: /usr/local/sbin/ovpn-linkup ovpnc9 1500 1558 10.4.42.148 255.255.0.0 init 08:29:38 openvpn[10572]: Initialization Sequence Completed 08:30:10 openvpn[10572]: MANAGEMENT: Client connected from /var/etc/openvpn/client9.sock 08:30:10 openvpn[10572]: MANAGEMENT: CMD 'state 1' 08:30:10 openvpn[10572]: MANAGEMENT: CMD 'status 2' 08:30:10 openvpn[10572]: MANAGEMENT: Client disconnected 08:30:29 openvpn[10572]: MANAGEMENT: Client connected from /var/etc/openvpn/client9.sock 08:30:29 openvpn[10572]: MANAGEMENT: CMD 'state 1' 08:30:29 openvpn[10572]: MANAGEMENT: CMD 'status 2' 08:30:29 openvpn[10572]: MANAGEMENT: Client disconnected 08:32:38 openvpn[10572]: PID_ERR replay-window backtrack occurred [3] [SSL-0] [0___0000000015>>>>>>>>EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE] 0:390 0:387 t=1451568786[28] r=[28,64,15,3,1] sl=[58,64,64,528] 08:58:06 openvpn[10572]: [server] Inactivity timeout (--ping-restart), restarting 08:58:06 openvpn[10572]: TCP/UDP: Closing socket 08:58:06 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting 08:58:06 openvpn[10572]: Restart pause, 2 second(s) 08:58:08 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 08:58:08 openvpn[10572]: Re-using SSL/TLS context 08:58:08 openvpn[10572]: LZO compression initialized 08:58:08 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ] 08:58:08 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536] 08:58:08 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] 08:58:08 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' 08:58:08 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' 08:58:08 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2' 08:58:08 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de' 08:58:08 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2 08:58:08 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443 08:59:08 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting 08:59:08 openvpn[10572]: TCP/UDP: Closing socket 08:59:08 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting 08:59:08 openvpn[10572]: Restart pause, 2 second(s) 08:59:10 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 08:59:10 openvpn[10572]: Re-using SSL/TLS context 08:59:10 openvpn[10572]: LZO compression initialized 08:59:10 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ] 08:59:10 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536] 08:59:10 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] 08:59:10 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' 08:59:10 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' 08:59:10 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2' 08:59:10 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de' 08:59:10 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2 08:59:10 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443 09:00:10 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting 09:00:10 openvpn[10572]: TCP/UDP: Closing socket 09:00:10 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting 09:00:10 openvpn[10572]: Restart pause, 2 second(s) 09:00:12 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 09:00:12 openvpn[10572]: Re-using SSL/TLS context 09:00:12 openvpn[10572]: LZO compression initialized 09:00:12 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ] 09:00:12 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536] 09:00:12 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] 09:00:12 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' 09:00:12 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' 09:00:12 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2' 09:00:12 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de' 09:00:12 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2 09:00:12 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443 09:01:12 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting 09:01:12 openvpn[10572]: TCP/UDP: Closing socket 09:01:12 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting 09:01:12 openvpn[10572]: Restart pause, 2 second(s) 09:01:14 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 09:01:14 openvpn[10572]: Re-using SSL/TLS context 09:01:14 openvpn[10572]: LZO compression initialized 09:01:14 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ] 09:01:14 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536] 09:01:14 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] 09:01:14 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' 09:01:14 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' 09:01:14 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2' 09:01:14 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de' 09:01:14 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2 09:01:14 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443 09:02:14 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting 09:02:14 openvpn[10572]: TCP/UDP: Closing socket 09:02:14 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting 09:02:14 openvpn[10572]: Restart pause, 2 second(s) 09:02:16 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 09:02:16 openvpn[10572]: Re-using SSL/TLS context 09:02:16 openvpn[10572]: LZO compression initialized 09:02:16 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ] 09:02:16 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536] 09:02:16 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] 09:02:16 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' 09:02:16 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' 09:02:16 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2' 09:02:16 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de' 09:02:16 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2 09:02:16 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443 09:03:16 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting 09:03:16 openvpn[10572]: TCP/UDP: Closing socket 09:03:16 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting 09:03:16 openvpn[10572]: Restart pause, 2 second(s) 09:03:18 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 09:03:18 openvpn[10572]: Re-using SSL/TLS context 09:03:18 openvpn[10572]: LZO compression initialized 09:03:18 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ] 09:03:18 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536] 09:03:18 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] 09:03:18 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' 09:03:18 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' 09:03:18 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2' 09:03:18 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de' 09:03:18 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2 09:03:18 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443 09:04:18 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting 09:04:18 openvpn[10572]: TCP/UDP: Closing socket 09:04:18 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting 09:04:18 openvpn[10572]: Restart pause, 2 second(s) 09:04:20 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 09:04:20 openvpn[10572]: Re-using SSL/TLS context 09:04:20 openvpn[10572]: LZO compression initialized 09:04:20 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ] 09:04:20 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536] 09:04:20 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] 09:04:20 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' 09:04:20 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' 09:04:20 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2' 09:04:20 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de' 09:04:20 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2 09:04:20 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443 09:05:20 openvpn[10572]: TCP/UDP: Closing socket 09:05:20 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting 09:05:20 openvpn[10572]: Restart pause, 2 second(s) 09:05:22 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 09:05:22 openvpn[10572]: Re-using SSL/TLS context 09:05:22 openvpn[10572]: LZO compression initialized 09:05:22 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ] 09:05:22 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536] 09:05:22 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] 09:05:22 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' 09:05:22 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' 09:05:22 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2' 09:05:22 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de' 09:05:22 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2 09:05:22 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443 09:05:24 openvpn[10572]: MANAGEMENT: Client connected from /var/etc/openvpn/client9.sock 09:05:24 openvpn[10572]: MANAGEMENT: CMD 'state 1' 09:05:24 openvpn[10572]: MANAGEMENT: Client disconnected 09:05:48 openvpn[10572]: MANAGEMENT: Client connected from /var/etc/openvpn/client9.sock 09:05:48 openvpn[10572]: MANAGEMENT: CMD 'state 1' 09:05:48 openvpn[10572]: MANAGEMENT: Client disconnected 09:06:03 openvpn[10572]: MANAGEMENT: Client connected from /var/etc/openvpn/client9.sock 09:06:03 openvpn[10572]: MANAGEMENT: CMD 'state 1' 09:06:03 openvpn[10572]: MANAGEMENT: Client disconnected 09:06:22 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting 09:06:22 openvpn[10572]: TCP/UDP: Closing socket 09:06:22 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting 09:06:22 openvpn[10572]: Restart pause, 2 second(s) 09:06:24 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 09:06:24 openvpn[10572]: Re-using SSL/TLS context 09:06:24 openvpn[10572]: LZO compression initialized 09:06:24 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ] 09:06:24 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536] 09:06:24 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] 09:06:24 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' 09:06:24 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' 09:06:24 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2' 09:06:24 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de' 09:06:24 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2 09:06:24 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443 09:07:23 openvpn[10572]: MANAGEMENT: Client connected from /var/etc/openvpn/client9.sock 09:07:23 openvpn[10572]: MANAGEMENT: CMD 'state 1' 09:07:23 openvpn[10572]: MANAGEMENT: Client disconnected 09:07:24 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting 09:07:24 openvpn[10572]: TCP/UDP: Closing socket 09:07:24 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting 09:07:24 openvpn[10572]: Restart pause, 2 second(s) 09:07:26 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 09:07:26 openvpn[10572]: Re-using SSL/TLS context 09:07:26 openvpn[10572]: LZO compression initialized 09:07:26 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ] 09:07:26 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536] 09:07:26 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] 09:07:26 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' 09:07:26 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' 09:07:26 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2' 09:07:26 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de' 09:07:26 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2 09:07:26 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443 09:08:26 openvpn[10572]: [UNDEF] Inactivity timeout (--ping-restart), restarting 09:08:26 openvpn[10572]: TCP/UDP: Closing socket 09:08:26 openvpn[10572]: SIGUSR1[soft,ping-restart] received, process restarting 09:08:26 openvpn[10572]: Restart pause, 2 second(s) 09:08:28 openvpn[10572]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 09:08:28 openvpn[10572]: Re-using SSL/TLS context 09:08:28 openvpn[10572]: LZO compression initialized 09:08:28 openvpn[10572]: Control Channel MTU parms [ L:1558 D:166 EF:66 EB:0 ET:0 EL:3 ] 09:08:28 openvpn[10572]: Socket Buffers: R=[42080->65536] S=[57344->65536] 09:08:28 openvpn[10572]: Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:143 ET:0 EL:3 AF:3/1 ] 09:08:28 openvpn[10572]: Local Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client' 09:08:28 openvpn[10572]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server' 09:08:28 openvpn[10572]: Local Options hash (VER=V4): '9e7066d2' 09:08:28 openvpn[10572]: Expected Remote Options hash (VER=V4): '162b04de' 09:08:28 openvpn[10572]: UDPv4 link local (bound): [AF_INET]10.0.0.2 09:08:28 openvpn[10572]: UDPv4 link remote: [AF_INET]XX.XX.XX.XX:443 and so on... [/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i][/i]</snip></snip>
-
I'm having the same issues, started exactly the same way. no problem with 2.2.4 and started disconnecting and unable to restart the connection without restarting the service, but sometimes a reboot is the only way to fix it…
Pfsense 2.2.5 and up on both sides...
-
Same issue.. except that I've been experiencing it since 2.2.1.
I've been browsing the forums for a while now and have seen people with similar issues but so far haven't found a concrete solution.VPN provider is PIA.
-
My solution is not the most elegant, but it seems to be working. I run this script every 10 minutes via cron.
#!/bin/sh #updated 2016-02-05 if ping -c3 XXX.XXX.XXX.XXX; then #do nothing else #log time touch /root/timestamps.txt date "+%Y-%m-%d %H:%M:%S" >> /root/timestamps.txt #restart vpn clients for i in `seq 30` do /usr/local/sbin/pfSsh.php playback svc restart openvpn client $i done fi exit 0
XXX.XXX.XXX.XXX = an internal IP address only accessible through the VPN. For example, if your VPN provider has an internal DNS server with a static IP or always uses 172.16.0.1 as the gateway.
If you only use one VPN client, you can get rid of the for loop and just run the command with $i replaced by your client number. I use multiple client connections and don't want to hardcode numbers in the script. As far as I can tell, there is no way to restart only active clients.
echo "" | php -q
The above command will restart running clients and servers. It worked on the command line but didn't work for me via cron/scripting. Maybe it was something as simple as needing the full path for php. I probably won't bother to investigate farther unless my solution stops working.
-
My solution is not the most elegant, but it seems to be working. I run this script every 10 minutes via cron.
#!/bin/sh if ping -c3 XXX.XXX.XXX.XXX; then #do nothing else #restart vpn clients for i in `seq 30` do /usr/local/sbin/pfSsh.php playback svc restart openvpn client $i done fi exit 0
XXX.XXX.XXX.XXX = an internal IP address only accessible through the VPN. For example, if your VPN provider has an internal DNS server with a static IP or always uses 172.16.0.1 as the gateway.
If you only use one VPN client, you can get rid of the for loop and just run the command with $i replaced by your client number. I use multiple client connections and don't want to hardcode numbers in the script. As far as I can tell, there is no way to restart only active clients.
echo "" | php -q
The above command will restart running clients and servers. It worked on the command line but didn't work for me via cron/scripting. Maybe it was something as simple as needing the full path for php. I probably won't bother to investigate farther unless my solution stops working.
Even though it is a nice work around, it's no option for me, as it will also kill running connections (uploads, downloads, ssh) …
I really wonder why this started happening... :-\
-
@[NUT:
link=topic=104699.msg586805#msg586805 date=1452746063]
Even though it is a nice work around, it's no option for me, as it will also kill running connections (uploads, downloads, ssh) …I really wonder why this started happening... :-\
If you're having the same problem that I have, you don't have any connection through the VPN anyway, so there's nothing left to kill with a restart. Everything has timed out by the time 1-10 minutes pass and the script kicks in. Obviously you can run it more frequently if needed.
The script only resets VPN clients, and you can specify which ones if you don't want to reset everything. You can even direct pings through specific interfaces and then reset VPN clients on a per-connection basis. I didn't need that for my situation, so I did all or nothing.
for i in `ifconfig | cut -d: -f1 | grep ovpnc` do #ping address through interface $i #restart $i if ping fails done
Maybe that would be more useful for you.
-
My solution is not the most elegant, but it seems to be working. I run this script every 10 minutes via cron.
#!/bin/sh if ping -c3 XXX.XXX.XXX.XXX; then #do nothing else #restart vpn clients for i in `seq 30` do /usr/local/sbin/pfSsh.php playback svc restart openvpn client $i done fi exit 0
XXX.XXX.XXX.XXX = an internal IP address only accessible through the VPN. For example, if your VPN provider has an internal DNS server with a static IP or always uses 172.16.0.1 as the gateway.
If you only use one VPN client, you can get rid of the for loop and just run the command with $i replaced by your client number. I use multiple client connections and don't want to hardcode numbers in the script. As far as I can tell, there is no way to restart only active clients.
echo "" | php -q
The above command will restart running clients and servers. It worked on the command line but didn't work for me via cron/scripting. Maybe it was something as simple as needing the full path for php. I probably won't bother to investigate farther unless my solution stops working.
Yea same thing happens to me and this looks like a pretty cool work around. Ill give it a whirl when i can get back in town and reset my openvpn interface as im currently locked out now.
Thx#
-
Since I only have one VPN client, it should probably look something like this correct??
#!/bin/sh if ping -c3 XXX.XXX.XXX.XXX; then #do nothing else #restart vpn clients /usr/local/sbin/pfSsh.php playback svc restart openvpn client $i fi exit 0
Also, is there a way to track how many/often it restarts your VPN
-
Since I only have one VPN client, it should probably look something like this correct??
#!/bin/sh if ping -c3 XXX.XXX.XXX.XXX; then #do nothing else #restart vpn clients /usr/local/sbin/pfSsh.php playback svc restart openvpn client $i fi exit 0
Also, is there a way to track how many/often it restarts your VPN
Just replace $i with your client number (probably 1) and you should be good to go.
If you look at Status > OpenVPN in pfSense, you can see the last restart time (connected since …). You can also check the OpenVPN log files for restarts. Depending on what your verbosity level is set at and how long between restarts, you will probably see at least 1-2 restarts in there. It will also show in the System > General logs. Look for "pfSsh.php: OpenVPN ID client## PID #### still running, killing."
You could modify the script to increment a counter and write it to a file every time it restarts the VPN. You could even have it put in a time stamp. ...Actually, I like this idea. I may implement it myself. A long enough series of time stamps may help me track down my problem.
EDIT: I added this below the "else" in my script. EDIT 2: note that I have already added this to the script posted above.
#log time touch /root/timestamps.txt date "+%Y-%m-%d %H:%M:%S" >> /root/timestamps.txt
You could run "wc -l /root/timestamps.txt" to get a count.
-
Sweet! I really like that timestamp addition to the script. And yea, I would like to have some kind of way to monitor it and make sure it doesnt cause probs or conflict with anything.
Also, would it be something you would have to manually check from time to time, or is there a way the script could notify you by email or something when it restarts? Not that important really, just brainstorming here. It would be nice.
-
Sweet! I really like that timestamp addition to the script. And yea, I would like to have some kind of way to monitor it and make sure it doesnt cause probs or conflict with anything.
Also, would it be something you would have to manually check from time to time, or is there a way the script could notify you by email or something when it restarts? Not that important really, just brainstorming here. It would be nice.
As is, it would have to be checked periodically. You can definitely send e-mails via script. You may even be able to use the e-mail notification function built into pfSense, rather than scripting it all manually.
The difficulty I have is that I don't have access to a trustworthy SMTP server to test with. This isn't something I'm familiar with, so I wouldn't be able to whip out a script and say "fill in the blanks." I'd have to experiment and learn as I go.
-
Yea I hear ya, just curious really. Ill use it as an educational opportunity and look into it myself as well.
Anyways, thanks again!
-
You could run "wc -l /path/to/timestamp/file" to get a count.
Where do I run this? On the CLI in putty? When I did I got "no such file name exists blah, blah, blah"
Is it because it has yet to report an OpenVPN restart yet?
-
You could run "wc -l /path/to/timestamp/file" to get a count.
Where do I run this? On the CLI in putty? When I did I got "no such file name exists blah, blah, blah"
Is it because it has yet to report an OpenVPN restart yet?
You run that on the command line using putty or through the pfSense web interface. I assume you're putting the full path to wherever you have the timestamp file. When I used the relative path, like in the script I posted, it put the file at /var/log/timestamps.txt (which is not the location I expected). If you're not sure where it is, you can run this to find the absolute path:
find / -name "timestamps.txt"
In light of the above issue, I would recommend editing the script and changing "./timestamps.txt" to "/root/timestamps.txt" or some other absolute path so there is no question as to where it is. I will go back and change what I posted earlier.
If the script hasn't kicked in and restarted your VPN yet, the file won't exist. If you want to see what the file will look like, run this from the command line:```
date "+%Y-%m-%d %H:%M:%S" >> /absolute/path/to/timestamps.txtThat will create the file, insert a timestamp, and then you should be able to run the "wc" command (with absolute path) successfully with a result of 1. * I'm not sure how much you know about this stuff, so I apologize if the absolute/relative path comments are unnecessary.