OpenVPN Issue with 2.4 upgrade
-
Hitting the same issues and I'm also using AirVPN as my vpn provider. I have 3 OpenVPN connections on my 2.4.2 install:
Site to Site with shared key
Remote access
Client connection to AirVPNSite to site and remote access haven't had any problems and the client connection to AirVPN only causes troubles when I've set an explicit monitor IP. Once I removed the monitor IP, the AirVPN connection hasn't caused me any problems. Once I add the monitor IP, the connection is fine until it drops and needs to reconnect (for whatever reason) then it won't reconnect with the same ifconfig error as reported by others. That same static route for the monitor IP hangs around as reported by others and I simply can't get it to go away nor can I get the tunnel to AirVPN to reconnect unless I:
- reboot pfSense OR
- Change the port I connect to AirVPN on, which then changes the link IP on the connection from 10.6.0.0/16 to say 10.4.0.0/16 which then let's everything reconnect but with that extra static route hanging around and then when it disconnects again then I now have two static routes that hang around, etc.
And to answer the questions posed earlier in the thread:
1. Is the VPN interface assigned/enabled under the Interfaces menu? Yes
2. Does the VPN gateway have an alternate monitoring IP address? Yes (when I hit this problem, but for now I've removed the explicit monitor IP and haven't had any problems)
3. Is there a DNS server set to use the VPN gateway? No
4. Are there any manually-defined static routes set to the use VPN gateway? (there should never be, but some people add them not realizing they are a problem) No
5. Any dynamic routing protocols using the VPN? No -
So now my question is this: Is there anyone having this problem that is NOT using AirVPN?
It may be triggered by some option pushed to the client by AirVPN. Rather than focusing on the disconnection, get some logs from when AirVPN connects, maybe with an increased verb level that will show what they are pushing.
-
So now my question is this: Is there anyone having this problem that is NOT using AirVPN?
It may be triggered by some option pushed to the client by AirVPN. Rather than focusing on the disconnection, get some logs from when AirVPN connects, maybe with an increased verb level that will show what they are pushing.
Here is a full log from OpenVPN set to the highest verbosity level.
https://pastebin.com/29eWQCGY
-
@SirJohnEh:
Site to site and remote access haven't had any problems and the client connection to AirVPN only causes troubles when I've set an explicit monitor IP. Once I removed the monitor IP, the AirVPN connection hasn't caused me any problems. Once I add the monitor IP, the connection is fine until it drops and needs to reconnect (for whatever reason) then it won't reconnect with the same ifconfig error as reported by others. That same static route for the monitor IP hangs around as reported by others and I simply can't get it to go away nor can I get the tunnel to AirVPN to reconnect unless I:
Leave gateway monitoring enabled, but do not put in an IP address to monitor. Does that work for you?
-
Yes it does. The only issue is it ends up monitoring its own IP address, which isn't very useful, but yes it does work (and it's what I'm actually doing now as a workaround).
-
That seems to be a workaround for me as well.
-
For me the solution was to stop using AirVPN's gateway (10.4.0.1) as monitoring ip. I set 8.8.8.8 as the monitoring ip about two weeks ago and since then there were not any more OpenVPN crashes.
-
So now my question is this: Is there anyone having this problem that is NOT using AirVPN?
It may be triggered by some option pushed to the client by AirVPN. Rather than focusing on the disconnection, get some logs from when AirVPN connects, maybe with an increased verb level that will show what they are pushing.
Sorry for the late reply, but yes I had this issue and I am not using AirVPN, I have my own private VPN server setup and had this issue also. Seems to be linked to the monitoring IP on the remote end. After changing the remote monitoring end IP address it seems to clear the route in the routing table.
RHLinux
-
Ran into the same issue with Mullvad.
-
Hi @jimp I have the same issue and updated the redmine: https://redmine.pfsense.org/issues/8142
As you can see I have full control over the VPN server (and options) so I can do whatever test/log is needed in order to sort out the issue.