OpenVPN with PureVPN using Interface
-
I'm new to OpenVPN and this is my first tunnel with PFSense. I've setup a tunnel to my VPN provider, PureVPN, and created the Firewall/NAT rules as needed as well as assigning the tunnel to an interface that I can route to. I currently have 1 device on my network that uses the VPN tunnel, everything else uses the regular WAN interface. Everything works great… until the tunnel negotiates a new IP.
The tunnel itself stays up but the interface does not get the updated IP. It's still using the original IP/Gateway that no longer exists.
What am I missing here? Restarting the openvpn service will get it back up and running, but that's obviously not the answer I'm looking for.
-
If their config has persist-tun in it, then remove it/comment it out and try again.
-
Would that be in the custom options?
Aside from the certificates and the private key there are no non default options for this connection. UDP on port 53, the server name, and my user/pass.
I mostly followed this:
https://support.purevpn.com/pfsense-openvpn-configuration-guideIt's a little outdated just based on pfsense version… I also added some outgoing NAT and assigned the tunnel to an interface. Other than that there really isn't much of a config for the connection.
Are there custom options I should be using to not have the persistent tunnel?
-
If you would like to try, here are the custom options I used to connect to PureVPN:
mute 20;
auth-retry interact;
explicit-exit-notify 2;
ifconfig-nowarn;
tls-client;
persist-key;
persist-tun;
remote-cert-tls server;
auth-nocache;
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA;
keysize 256;
fast-io;
sndbuf 524288;
rcvbuf 524288 -
Thanks for the suggestion. I've put them in and the tunnel comes up fine, but the act of doing it seems to cause the issue as well. My Interface IP sticks to the old one and the tunnel has a new one. So it doesn't give me much hope the issue won't reoccur when the tunnel IP changes naturally.
Is there a better way to do it other than assigning it to an interface? Are you routing certain devices through the tunnel or all of them?
I guess, to be more specific on the terminology… In the OpenVPN status. The Remote Host IP does update, but the Virtual Address does not.
-
Thanks for the suggestion. I've put them in and the tunnel comes up fine, but the act of doing it seems to cause the issue as well. My Interface IP sticks to the old one and the tunnel has a new one. So it doesn't give me much hope the issue won't reoccur when the tunnel IP changes naturally.
Is there a better way to do it other than assigning it to an interface? Are you routing certain devices through the tunnel or all of them?
I guess, to be more specific on the terminology… In the OpenVPN status. The Remote Host IP does update, but the Virtual Address does not.
Are you saying that if you stop the service from Status> OpenVPN and you re-enable it after a while, the virtual address does not change?
-
If I manually stop it, give it some time, and then start it again, it does pick up a new Virtual Address on the correct subnet. That is how I fix the issue when it happens.
The issue seems to be when it negotiates a new IP without a service stop/start. The Remote Host Ip changes, but the Virtual Address does not. Meaning they are on different subnets and can't route anything. It's happened 3 times so far in the past week or so.
-
From the last four weeks I'm using two PureVPN connections to two different countries and I have never had this kind of problem.
Honestly I don't know what it may be due. Have you tried to connect to different servers?
As for your question about the assigning to an interface, I don't know any other method.
We should wait for a forum's guru. -
Did you try Reply #1
-
I apologize with Pippin, I didn't realize that suggested options have the "persist-tun" parameter.
-
Did you try Reply #1
As I said, there were no custom options at all to begin with. I'm not exactly sure how to try it.
-
Ok, I looked at their config given in above link
https://support.purevpn.com/pfsense-openvpn-configuration-guide
and it has persist-tun in it.Just remove it from the config and see if it helps.
-
I must admit I am confused. Remove persist-tun from what config? The only things in my OpenVPN setup are the certs/key, server name, UDP port 53, and my username/pass.
If you are refering to the files downloaded for the cert and whatnot, the only thing used from the opvn file is the server name, as per that setup document. I do see that it has persist tun in there, but there are no custom settings in mysetup as the guide did not refernce using anything but the server name for a pfsense setup.
-
I see (now :))
Probably the config is stored in /var/etc somewhere.
Try to find it and see if persist-tun is in it.