Openvpn connection to Torguard doesn't reconnect after interruption
-
Hi everyone,
I have my pfsense connected to TG using this method: https://torguard.net/knowledgebase.php?action=displayarticle&id=208
Everything is working fine, but over the past few weeks I've noticed that my pfsense 2.3.2 loses connection w/ Torguard and the connection does not automatically restart. If I go in to pfsense from the LAN side, I can restart the client service, and everything is back up immediately. However, during this TG connection interruption, I cannot connect back in from the WAN side through my OVPN server on the pfsense.
During one of the interruptions, I was out of town so I didn't have the ability to restart the client service. After ~2 days, the connection resumed on its own.
Is there a way I can set the connection (client service) to restart automatically? -
You might be seeing an authentication failure. OpenVPN treats that as a hard failure and exits (as opposed to just an inability to connect, it is being told "go away")
See if Services > Service Watchdog gets you where you need to be.
-
I had torguard for 2-3y until they double billed me once and had no interest in resolving the issue.
Anyway, if it us auth related, what worked for me was the following advanced parameter:
auth-retry nointeract
none – Client will exit with a fatal error (this is the default).
nointeract -- Client will retry the connection without requerying for an --auth-user-pass username/password. Use this option for unattended clients.
interact -- Client will requery for an --auth-user-pass username/password and/or private key password before attempting a reconnection. -
Thank you both for the suggestions.
I've updated my advanced configuration from - to:***From this*** auth-user-pass /etc/openvpn-passwd.txt; verb 5; remote-cert-tls server ***To this*** auth-user-pass /etc/openvpn-passwd.txt; verb 5; remote-cert-tls server; auth-retry nointeract
And have installed the Service-Watchdog package and will see if either fixes the issue.
-
Nobody needs to use those auth user/pass files any more. Just use the username and password in the gui config.
Perfect example of old internet "walk throughs" not being updated with current information.