Issue with Openvpn Reconnect?
-
Well keepalive 10 60 is the default and already set by pfSense.
-Rico
-
hmm..so everything is good on my part? or how can i demonstrate the issue is not pfSense?
-
Please share your Client Config file.
-Rico
-
Thanks for the reply i download the bundled and the ovpn is this for the client
dev tun persist-tun persist-key cipher AES-128-CBC ncp-ciphers AES-128-GCM auth SHA256 tls-client client resolv-retry infinite remote 181.xx.xx.xx 1194 udp verify-x509-name "pfSense OpenVPN" name auth-user-pass pkcs12 Olympus-UDP4-1194-test.p12 tls-auth Olympus-UDP4-1194-test-tls.key 1 remote-cert-tls serverI was looking at the logs to see and got alots of this
Feb 12 13:26:29 openvpn 18543 Authenticate/Decrypt packet error: bad packet ID (may be a replay): [ #101914 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings -
Authenticate/Decrypt packet error could be the clock drifted off on one or both sides, wrong MTU or again, flaky internet connection. AGAIN the question, you have this issue with all your clients or only some?
You could also try to switch from UDP to TCP which is not recommended in general for OpenVPN, but can help with unstable connections.-Rico
-
Thanks for the reply, ill keep it right now UDP as for the encryption everything else is good?
-
Well you can‘t do much wrong with the encryption part, everything is fine as long both sides match.
-Rico
-
While TCP for sure is not going to be as fast as UDP.. Huge advantage with it is works over proxies... And if you run it on standard 443 port.. You prob can access it from almost anywhere.. While standard port and UDP not so much..
I just run 2 instances, one on standard 1194 UDP, and than another on 443 TCP. If can not get to the UDP from where I am at - never had issue with getting to the tcp one.
-
Thanks for the reply, so recommended to run UDP better?
-
UDP should be better yeah - unless you can not get to it, then is useless ;)
Takes nothing more than some simple setup to run both. And if you configure the client settings correctly - it will first try your UDP connection, and if can not connect it will then try TCP.
