PFsense OpenVPN disconnects

cbft · Oct 8, 2018, 5:22 PM

Hi there,

I've got a problem with my openvpn server. The connection drops spontaneously but connects automatically after the disconnect again. But meanwhile the RDP connection breaks up.

Currently I'm using pfsense 2.4.4 release.
This is the openvpn server config:
dev ovpns1
verb 4
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp4-server
cipher AES-256-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local 10.zz.zz.zz
tls-server
server 10.yy.yy.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server1
verify-client-cert none
username-as-common-name
plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth_verify_async user xxx= false server1 33030
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'xyz-VPN' 1"
lport 33030
management /var/etc/openvpn/server1.sock unix
max-clients 5
push "route 10.xxx.xx.0 255.255.255.0"
duplicate-cn
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
ncp-ciphers AES-256-GCM
topology subnet
float

It's TCP VPN and the port is getting forwarded from the firewall + firewall rules in and outbound are set.

Have you got any idea, how to fix the disconnects?

Many thanks!
florian

Derelict · Oct 8, 2018, 6:55 PM

What is in the logs when it disconnects?

cbft · Oct 8, 2018, 7:16 PM

@derelict said in PFsense OpenVPN disconnects:

What is in the logs when it disconnects?

Hi Derelict,

here the logoutput:

Oct 8 14:18:13 xxx_router openvpn[48788]: x.y/client-public-ip:56810 Connection reset, restarting [-1]
Oct 8 14:18:13 xxx_router openvpn[48788]: x.y/client-public-ip:56810 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 8 14:18:13 xxx_router openvpn[48788]: TCP/UDP: Closing socket

Thank you!
Florian

Derelict · Oct 8, 2018, 7:17 PM

Going to need more than that.

cbft · Oct 8, 2018, 7:31 PM

Oct 8 14:15:21 xxx_router openvpn[48788]: MANAGEMENT: Client disconnected
Oct 8 14:16:22 xxx_router openvpn[48788]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Oct 8 14:16:23 xxx_router openvpn[48788]: MANAGEMENT: CMD 'status 2'
Oct 8 14:16:23 xxx_router openvpn[48788]: MANAGEMENT: CMD 'quit'
Oct 8 14:16:23 xxx_router openvpn[48788]: MANAGEMENT: Client disconnected
Oct 8 14:17:10 xxx_router openvpn[48788]: MULTI: multi_create_instance called
Oct 8 14:17:10 xxx_router openvpn[48788]: Re-using SSL/TLS context
Oct 8 14:17:10 xxx_router openvpn[48788]: Control Channel MTU parms [ L:1623 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Oct 8 14:17:10 xxx_router openvpn[48788]: Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Oct 8 14:17:10 xxx_router openvpn[48788]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Oct 8 14:17:10 xxx_router openvpn[48788]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Oct 8 14:17:10 xxx_router openvpn[48788]: TCP connection established with [AF_INET]client-public-ip:62792
Oct 8 14:17:10 xxx_router openvpn[48788]: TCPv4_SERVER link local: (not bound)
Oct 8 14:17:10 xxx_router openvpn[48788]: TCPv4_SERVER link remote: [AF_INET]client-public-ip:62792
Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 TLS: Initial packet from [AF_INET]client-public-ip:62792, sid=9e96f9e1 f69e7b34
Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 peer info: IV_VER=2.4.3
Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 peer info: IV_PLAT=win
Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 peer info: IV_PROTO=2
Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 peer info: IV_NCP=2
Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 peer info: IV_LZ4=1
Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 peer info: IV_LZ4v2=1
Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 peer info: IV_LZO=1
Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 peer info: IV_COMP_STUB=1
Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 peer info: IV_COMP_STUBv2=1
Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 peer info: IV_TCPNL=1
Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 PLUGIN_CALL: POST /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 TLS: Username/Password authentication deferred for username 'user1' [CN SET]
Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384
Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 [user1] Peer Connection Initiated with [AF_INET]client-public-ip:62792
Oct 8 14:17:11 xxx_router openvpn: user 'user1' authenticated
Oct 8 14:17:12 xxx_router openvpn[48788]: client-public-ip:62792 PUSH: Received control message: 'PUSH_REQUEST'
Oct 8 14:17:12 xxx_router openvpn[48788]: user1/client-public-ip:62792 MULTI_sva: pool returned IPv4=openvpn-subnet.2, IPv6=(Not enabled)
Oct 8 14:17:12 xxx_router openvpn[48788]: user1/client-public-ip:62792 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_6af84ee7c33905310a99af86229e938.tmp
Oct 8 14:17:12 xxx_router openvpn[48788]: user1/client-public-ip:62792 MULTI: Learn: openvpn-subnet.2 -> user1/client-public-ip:62792
Oct 8 14:17:12 xxx_router openvpn[48788]: user1/client-public-ip:62792 MULTI: primary virtual IP for user1/client-public-ip:62792: openvpn-subnet.2
Oct 8 14:17:18 xxx_router openvpn[48788]: user1/client-public-ip:62792 PUSH: Received control message: 'PUSH_REQUEST'
Oct 8 14:17:18 xxx_router openvpn[48788]: user1/client-public-ip:62792 SENT CONTROL [user1]: 'PUSH_REPLY,route pfsense-lan-subnet.0 255.255.255.0,route-gateway openvpn-subnet.1,topology subnet,ping 10,ping-restart 60,ifconfig openvpn-subnet.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Oct 8 14:17:18 xxx_router openvpn[48788]: user1/client-public-ip:62792 Data Channel: using negotiated cipher 'AES-256-GCM'
Oct 8 14:17:18 xxx_router openvpn[48788]: user1/client-public-ip:62792 Data Channel MTU parms [ L:1551 D:1450 EF:51 EB:406 ET:0 EL:3 ]
Oct 8 14:17:18 xxx_router openvpn[48788]: user1/client-public-ip:62792 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Oct 8 14:17:18 xxx_router openvpn[48788]: user1/client-public-ip:62792 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Oct 8 14:17:19 xxx_router openvpn[48788]: user1/client-public-ip:62792 MULTI: bad source address from client [::], packet dropped
Oct 8 14:17:24 xxx_router openvpn[48788]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Oct 8 14:17:24 xxx_router openvpn[48788]: MANAGEMENT: CMD 'status 2'
Oct 8 14:17:24 xxx_router openvpn[48788]: MANAGEMENT: CMD 'quit'
Oct 8 14:17:24 xxx_router openvpn[48788]: MANAGEMENT: Client disconnected
Oct 8 14:17:43 xxx_router openvpn[48788]: user1/client-public-ip:62475 Connection reset, restarting [-1]
Oct 8 14:17:43 xxx_router openvpn[48788]: user1/client-public-ip:62475 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 8 14:17:43 xxx_router openvpn[48788]: TCP/UDP: Closing socket
Oct 8 14:17:53 xxx_router openvpn[48788]: MULTI: multi_create_instance called
Oct 8 14:17:53 xxx_router openvpn[48788]: Re-using SSL/TLS context
Oct 8 14:17:53 xxx_router openvpn[48788]: Control Channel MTU parms [ L:1623 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Oct 8 14:17:53 xxx_router openvpn[48788]: Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Oct 8 14:17:53 xxx_router openvpn[48788]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Oct 8 14:17:53 xxx_router openvpn[48788]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Oct 8 14:17:53 xxx_router openvpn[48788]: TCP connection established with [AF_INET]client-public-ip:57863
Oct 8 14:17:53 xxx_router openvpn[48788]: TCPv4_SERVER link local: (not bound)
Oct 8 14:17:53 xxx_router openvpn[48788]: TCPv4_SERVER link remote: [AF_INET]client-public-ip:57863
Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 TLS: Initial packet from [AF_INET]client-public-ip:57863, sid=6556a30e 7edd0b19
Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 peer info: IV_VER=2.4.3
Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 peer info: IV_PLAT=win
Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 peer info: IV_PROTO=2
Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 peer info: IV_NCP=2
Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 peer info: IV_LZ4=1
Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 peer info: IV_LZ4v2=1
Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 peer info: IV_LZO=1
Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 peer info: IV_COMP_STUB=1
Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 peer info: IV_COMP_STUBv2=1
Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 peer info: IV_TCPNL=1
Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 PLUGIN_CALL: POST /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 TLS: Username/Password authentication deferred for username 'user2' [CN SET]
Oct 8 14:17:54 xxx_router openvpn: user 'user2' authenticated
Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384
Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 [user2] Peer Connection Initiated with [AF_INET]client-public-ip:57863
Oct 8 14:17:54 xxx_router openvpn[48788]: user2/client-public-ip:57863 MULTI_sva: pool returned IPv4=openvpn-subnet.4, IPv6=(Not enabled)
Oct 8 14:17:54 xxx_router openvpn[48788]: user2/client-public-ip:57863 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_7068972ab540ab9c5eb049bc10c5375b.tmp
Oct 8 14:17:54 xxx_router openvpn[48788]: user2/client-public-ip:57863 MULTI: Learn: openvpn-subnet.4 -> user2/client-public-ip:57863
Oct 8 14:17:54 xxx_router openvpn[48788]: user2/client-public-ip:57863 MULTI: primary virtual IP for user2/client-public-ip:57863: openvpn-subnet.4
Oct 8 14:17:55 xxx_router openvpn[48788]: user2/client-public-ip:57863 PUSH: Received control message: 'PUSH_REQUEST'
Oct 8 14:17:55 xxx_router openvpn[48788]: user2/client-public-ip:57863 SENT CONTROL [user2]: 'PUSH_REPLY,route pfsense-lan-subnet.0 255.255.255.0,route-gateway openvpn-subnet.1,topology subnet,ping 10,ping-restart 60,ifconfig openvpn-subnet.4 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Oct 8 14:17:55 xxx_router openvpn[48788]: user2/client-public-ip:57863 Data Channel: using negotiated cipher 'AES-256-GCM'
Oct 8 14:17:55 xxx_router openvpn[48788]: user2/client-public-ip:57863 Data Channel MTU parms [ L:1551 D:1450 EF:51 EB:406 ET:0 EL:3 ]
Oct 8 14:17:55 xxx_router openvpn[48788]: user2/client-public-ip:57863 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Oct 8 14:17:55 xxx_router openvpn[48788]: user2/client-public-ip:57863 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Oct 8 14:17:57 xxx_router openvpn[48788]: user2/client-public-ip:57863 MULTI: bad source address from client [::], packet dropped
Oct 8 14:18:13 xxx_router openvpn[48788]: MULTI: multi_create_instance called
Oct 8 14:18:13 xxx_router openvpn[48788]: Re-using SSL/TLS context
Oct 8 14:18:13 xxx_router openvpn[48788]: Control Channel MTU parms [ L:1623 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Oct 8 14:18:13 xxx_router openvpn[48788]: Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Oct 8 14:18:13 xxx_router openvpn[48788]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Oct 8 14:18:13 xxx_router openvpn[48788]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Oct 8 14:18:13 xxx_router openvpn[48788]: TCP connection established with [AF_INET]client-public-ip:62824
Oct 8 14:18:13 xxx_router openvpn[48788]: TCPv4_SERVER link local: (not bound)
Oct 8 14:18:13 xxx_router openvpn[48788]: TCPv4_SERVER link remote: [AF_INET]client-public-ip:62824
Oct 8 14:18:13 xxx_router openvpn[48788]: user2/client-public-ip:56810 Connection reset, restarting [-1]
Oct 8 14:18:13 xxx_router openvpn[48788]: user2/client-public-ip:56810 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 8 14:18:13 xxx_router openvpn[48788]: TCP/UDP: Closing socket
Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 TLS: Initial packet from [AF_INET]client-public-ip:62824, sid=35b566c4 64180896
Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 peer info: IV_VER=2.4.3
Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 peer info: IV_PLAT=win
Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 peer info: IV_PROTO=2
Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 peer info: IV_NCP=2
Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 peer info: IV_LZ4=1
Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 peer info: IV_LZ4v2=1
Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 peer info: IV_LZO=1
Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 peer info: IV_COMP_STUB=1
Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 peer info: IV_COMP_STUBv2=1
Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 peer info: IV_TCPNL=1
Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 PLUGIN_CALL: POST /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 TLS: Username/Password authentication deferred for username 'user1' [CN SET]
Oct 8 14:18:14 xxx_router openvpn: user 'user1' authenticated
Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384
Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 [user1] Peer Connection Initiated with [AF_INET]client-public-ip:62824
Oct 8 14:18:14 xxx_router openvpn[48788]: user1/client-public-ip:62824 MULTI_sva: pool returned IPv4=openvpn-subnet.3, IPv6=(Not enabled)
Oct 8 14:18:14 xxx_router openvpn[48788]: user1/client-public-ip:62824 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_768071e60ec2cfe31027440378a90bc2.tmp
Oct 8 14:18:14 xxx_router openvpn[48788]: user1/client-public-ip:62824 MULTI: Learn: openvpn-subnet.3 -> user1/client-public-ip:62824
Oct 8 14:18:14 xxx_router openvpn[48788]: user1/client-public-ip:62824 MULTI: primary virtual IP for user1/client-public-ip:62824: openvpn-subnet.3
Oct 8 14:18:15 xxx_router openvpn[48788]: user1/client-public-ip:62824 PUSH: Received control message: 'PUSH_REQUEST'
Oct 8 14:18:15 xxx_router openvpn[48788]: user1/client-public-ip:62824 SENT CONTROL [user1]: 'PUSH_REPLY,route pfsense-lan-subnet.0 255.255.255.0,route-gateway openvpn-subnet.1,topology subnet,ping 10,ping-restart 60,ifconfig openvpn-subnet.3 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Oct 8 14:18:15 xxx_router openvpn[48788]: user1/client-public-ip:62824 Data Channel: using negotiated cipher 'AES-256-GCM'
Oct 8 14:18:15 xxx_router openvpn[48788]: user1/client-public-ip:62824 Data Channel MTU parms [ L:1551 D:1450 EF:51 EB:406 ET:0 EL:3 ]
Oct 8 14:18:15 xxx_router openvpn[48788]: user1/client-public-ip:62824 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Oct 8 14:18:15 xxx_router openvpn[48788]: user1/client-public-ip:62824 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Oct 8 14:18:17 xxx_router openvpn[48788]: user1/client-public-ip:62824 MULTI: bad source address from client [::], packet dropped
Oct 8 14:18:26 xxx_router openvpn[48788]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
Oct 8 14:18:26 xxx_router openvpn[48788]: MANAGEMENT: CMD 'status 2'
Oct 8 14:18:26 xxx_router openvpn[48788]: MANAGEMENT: CMD 'quit'
Oct 8 14:18:26 xxx_router openvpn[48788]: MANAGEMENT: Client disconnected
Oct 8 14:18:36 xxx_router openvpn[48788]: user1/client-public-ip:62792 Connection reset, restarting [-1]
Oct 8 14:18:36 xxx_router openvpn[48788]: user1/client-public-ip:62792 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 8 14:18:36 xxx_router openvpn[48788]: TCP/UDP: Closing socket
Oct 8 14:18:40 xxx_router openvpn[48788]: MULTI: multi_create_instance called
Oct 8 14:18:40 xxx_router openvpn[48788]: Re-using SSL/TLS context
Oct 8 14:18:40 xxx_router openvpn[48788]: Control Channel MTU parms [ L:1623 D:1182 EF:68 EB:0 ET:0 EL:3 ]
Oct 8 14:18:40 xxx_router openvpn[48788]: Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Oct 8 14:18:40 xxx_router openvpn[48788]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Oct 8 14:18:40 xxx_router openvpn[48788]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Oct 8 14:18:40 xxx_router openvpn[48788]: TCP connection established with [AF_INET]client-public-ip:62860
Oct 8 14:18:40 xxx_router openvpn[48788]: TCPv4_SERVER link local: (not bound)
Oct 8 14:18:40 xxx_router openvpn[48788]: TCPv4_SERVER link remote: [AF_INET]client-public-ip:62860
Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 TLS: Initial packet from [AF_INET]client-public-ip:62860, sid=ec993c74 2ad49ac8
Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 peer info: IV_VER=2.4.3
Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 peer info: IV_PLAT=win
Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 peer info: IV_PROTO=2
Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 peer info: IV_NCP=2
Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 peer info: IV_LZ4=1
Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 peer info: IV_LZ4v2=1
Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 peer info: IV_LZO=1
Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 peer info: IV_COMP_STUB=1
Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 peer info: IV_COMP_STUBv2=1
Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 peer info: IV_TCPNL=1
Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 PLUGIN_CALL: POST /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 TLS: Username/Password authentication deferred for username 'user1' [CN SET]
Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384
Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 [user1] Peer Connection Initiated with [AF_INET]client-public-ip:62860
Oct 8 14:18:41 xxx_router openvpn: user 'user1' authenticated
Oct 8 14:18:42 xxx_router openvpn[48788]: client-public-ip:62860 PUSH: Received control message: 'PUSH_REQUEST'
Oct 8 14:18:42 xxx_router openvpn[48788]: user1/client-public-ip:62860 MULTI_sva: pool returned IPv4=openvpn-subnet.2, IPv6=(Not enabled)
Oct 8 14:18:42 xxx_router openvpn[48788]: user1/client-public-ip:62860 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_3699f25ab231896c11c3a20d466bbfcf.tmp
Oct 8 14:18:42 xxx_router openvpn[48788]: user1/client-public-ip:62860 MULTI: Learn: openvpn-subnet.2 -> user1/client-public-ip:62860
Oct 8 14:18:42 xxx_router openvpn[48788]: user1/client-public-ip:62860 MULTI: primary virtual IP for user1/client-public-ip:62860: openvpn-subnet.2
Oct 8 14:18:47 xxx_router openvpn[48788]: user1/client-public-ip:62860 PUSH: Received control message: 'PUSH_REQUEST'
Oct 8 14:18:47 xxx_router openvpn[48788]: user1/client-public-ip:62860 SENT CONTROL [user1]: 'PUSH_REPLY,route pfsense-lan-subnet.0 255.255.255.0,route-gateway openvpn-subnet.1,topology subnet,ping 10,ping-restart 60,ifconfig openvpn-subnet.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
Oct 8 14:18:47 xxx_router openvpn[48788]: user1/client-public-ip:62860 Data Channel: using negotiated cipher 'AES-256-GCM'
Oct 8 14:18:47 xxx_router openvpn[48788]: user1/client-public-ip:62860 Data Channel MTU parms [ L:1551 D:1450 EF:51 EB:406 ET:0 EL:3 ]
Oct 8 14:18:47 xxx_router openvpn[48788]: user1/client-public-ip:62860 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Oct 8 14:18:47 xxx_router openvpn[48788]: user1/client-public-ip:62860 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Oct 8 14:18:48 xxx_router openvpn[48788]: user1/client-public-ip:62860 MULTI: bad source address from client [::], packet dropped
Oct 8 14:19:13 xxx_router openvpn[48788]: user1/client-public-ip:62824 Connection reset, restarting [-1]
Oct 8 14:19:13 xxx_router openvpn[48788]: user1/client-public-ip:62824 SIGUSR1[soft,connection-reset] received, client-instance restarting
Oct 8 14:19:14 xxx_router openvpn[48788]: TCP/UDP: Closing socket

this keeps repeating...

and some of this:

Oct 8 15:36:05 xxx_router openvpn[48788]: user1/client-public-ip:63254 MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
Oct 8 15:36:05 xxx_router openvpn[48788]: user1/client-public-ip:63254 MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
Oct 8 15:36:05 xxx_router openvpn[48788]: user1/client-public-ip:63254 MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
Oct 8 15:36:05 xxx_router openvpn[48788]: user1/client-public-ip:63254 MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
Oct 8 15:36:05 xxx_router openvpn[48788]: user1/client-public-ip:63254 MULTI: packet dropped due to output saturation (multi_process_incoming_tun)

cbft · Oct 11, 2018, 7:32 AM

could you see something in the logs?

cbft · Oct 12, 2018, 10:42 AM

would be very happy to get help :-)

cbft · Oct 14, 2018, 9:40 AM

Maybe somebody could help me please.

Rico · Oct 14, 2018, 9:58 AM

Why do you use OpenVPN in TCP Mode? Switch over to UDP and try again.

-Rico