Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN: Connection reset, restarting [0]

    Scheduled Pinned Locked Moved OpenVPN
    8 Posts 4 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Dimix971
      last edited by

      Bonjour,

      pfSense 2.4.4-RELEASE-p3 under Hyper-V
      I have a problem with my OpenVPN servers present on pfSense. My problem is that regulary I have a « Connection reset, restarting [0] » on my clients (see screenshot) but I don’t know where my problem can come from.

      Log client:

      Mon Jul 29 15:50:32 2019 Connection reset, restarting [0]
Mon Jul 29 15:50:32 2019 SIGUSR1[soft,connection-reset] received, process restarting
Mon Jul 29 15:50:37 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.X:5131
Mon Jul 29 15:50:37 2019 Attempting to establish TCP connection with [AF_INET]X.X.X.X:5131 [nonblock]
Mon Jul 29 15:50:38 2019 TCP connection established with [AF_INET]X.X.X.X:5131
Mon Jul 29 15:50:38 2019 TCP_CLIENT link local: (not bound)
Mon Jul 29 15:50:38 2019 TCP_CLIENT link remote: [AF_INET]X.X.X.X:5131
Mon Jul 29 15:50:38 2019 [vpn-Radius] Peer Connection Initiated with [AF_INET]X.X.X.X:5131
Mon Jul 29 15:50:39 2019 Preserving previous TUN/TAP instance: Ethernet 2
Mon Jul 29 15:50:39 2019 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Mon Jul 29 15:50:40 2019 open_tun
Mon Jul 29 15:50:40 2019 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{F92A5ED8-E886-4DC3-BAD5-DA95A9A2EADF}.tap
Mon Jul 29 15:50:40 2019 Set TAP-Windows TUN subnet mode network/local/netmask = 10.1.4.0/10.1.4.3/255.255.255.0 [SUCCEEDED]
Mon Jul 29 15:50:40 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.1.4.3/255.255.255.0 on interface {F92A5ED8-E886-4DC3-BAD5-DA95A9A2EADF} [DHCP-serv: 10.1.4.254, lease-time: 31536000]
Mon Jul 29 15:50:40 2019 Successful ARP Flush on interface [19] {F92A5ED8-E886-4DC3-BAD5-DA95A9A2EADF}
Mon Jul 29 15:50:45 2019 Initialization Sequence Completed

Mon Jul 29 15:58:12 2019 Connection reset, restarting [0]
Mon Jul 29 15:58:12 2019 SIGUSR1[soft,connection-reset] received, process restarting
Mon Jul 29 15:58:17 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.X:5131
Mon Jul 29 15:58:17 2019 Attempting to establish TCP connection with [AF_INET]X.X.X.X:5131 [nonblock]
Mon Jul 29 15:58:18 2019 TCP connection established with [AF_INET]X.X.X.X:5131
Mon Jul 29 15:58:18 2019 TCP_CLIENT link local: (not bound)
Mon Jul 29 15:58:18 2019 TCP_CLIENT link remote: [AF_INET]X.X.X.X:5131
Mon Jul 29 15:58:18 2019 [vpn-Radius] Peer Connection Initiated with [AF_INET]X.X.X.X:5131
Mon Jul 29 15:58:19 2019 Preserving previous TUN/TAP instance: Ethernet 2
Mon Jul 29 15:58:19 2019 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Mon Jul 29 15:58:20 2019 open_tun
Mon Jul 29 15:58:20 2019 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{F92A5ED8-E886-4DC3-BAD5-DA95A9A2EADF}.tap
Mon Jul 29 15:58:20 2019 Set TAP-Windows TUN subnet mode network/local/netmask = 10.1.4.0/10.1.4.2/255.255.255.0 [SUCCEEDED]
Mon Jul 29 15:58:20 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.1.4.2/255.255.255.0 on interface {F92A5ED8-E886-4DC3-BAD5-DA95A9A2EADF} [DHCP-serv: 10.1.4.254, lease-time: 31536000]
Mon Jul 29 15:58:20 2019 Successful ARP Flush on interface [19] {F92A5ED8-E886-4DC3-BAD5-DA95A9A2EADF}
Mon Jul 29 15:58:25 2019 Initialization Sequence Completed

      Configuration of one of the servers

      Server mode: Remote Access (SSL/TLS + User Auth)
Backend for authentication: Radius
Protocol: TCP IPv4 and IPv6 on all interfaces
Interface: WAN
Local Port: 5131
TLS Key Usage Mode: TLS Authentication
DH Parameter Length: 2048 bit
Encryption Algorithm: ARS-256-CBC (256 bit key, 128 bit block)
Auth digest algorithm: SHA256 (256-bit)
Hardware Crypto: No Hardware Crypto Acceleration
Certificate Depth: One (Cient+Server)
Inter-client communication: Allow

      Log OpenVPN on pfSense

      Jul 29 15:58:12	openvpn	22545	Completel/X.X.X.X [Completel] Inactivity timeout (--ping-restart), restarting
Jul 29 15:54:38	openvpn	98731	TCP connection established with [AF_INET6]::ffff:X.X.X.X:58045
Jul 29 15:54:38	openvpn	98731	X.X.X.X TCP connection established with [AF_INET6]::ffff:X.X.X.X:59198
Jul 29 15:54:38	openvpn	98731	X.X.X.X TCP connection established with [AF_INET6]::ffff:X.X.X.X:37830
Jul 29 15:54:39	openvpn	98731	X.X.X.X peer info: IV_VER=2.4.7
Jul 29 15:54:39	openvpn	98731	X.X.X.X peer info: IV_PLAT=win
Jul 29 15:54:39	openvpn	98731	X.X.X.X peer info: IV_PROTO=2
Jul 29 15:54:39	openvpn	98731	X.X.X.X peer info: IV_NCP=2
Jul 29 15:54:39	openvpn	98731	X.X.X.X peer info: IV_LZ4=1
Jul 29 15:54:39	openvpn	98731	X.X.X.X peer info: IV_LZ4v2=1
Jul 29 15:54:39	openvpn	98731	X.X.X.X peer info: IV_LZO=1
Jul 29 15:54:39	openvpn	98731	X.X.X.X peer info: IV_COMP_STUB=1
Jul 29 15:54:39	openvpn	98731	X.X.X.X peer info: IV_COMP_STUBv2=1
Jul 29 15:54:39	openvpn	98731	X.X.X.X peer info: IV_TCPNL=1
Jul 29 15:54:39	openvpn	98731	X.X.X.X peer info: IV_GUI_VER=OpenVPN_GUI_11

      Everything worked very well last Friday and nothing was changed in the meantime. Anyone have any idea what my problem is ?

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        Flappy connection between server and client?
        Routing/peering issue?

        -Rico

        1 Reply Last reply Reply Quote 0
        • D
          Dimix971
          last edited by

          I am able to connect correctly to the different servers, just that every 10 minutes the connection restart.
          Apart from the cut-off while the VPN reconnects, I have no problem routing.

          I forgot to mention that ports 5130 5131 and 5132 are open in TCP on the WAN.

          Sorry for my English, it's not my native language

          R 1 Reply Last reply Reply Quote 0
          • R
            renat_kaa @Dimix971
            last edited by

            @Dimix971 please delete or comment ping-timer-rem parameter on client-side and check.

            1 Reply Last reply Reply Quote 0
            • PippinP
              Pippin
              last edited by

              Logs at --verb 4 can be more helpful ...

              NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.

              Did you alter the --keepalive or ping(-restart) setting client side?
              If so, see --keepalive interval timeout in manual 2.4:
              https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage

              I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
              Halton Arp

              1 Reply Last reply Reply Quote 0
              • D
                Dimix971
                last edited by Dimix971

                I don't have the line "ping-timer-rem" in the client-side. Here's what I have.

                dev tun
persist-tun
persist-key
cipher AES-256-CBC
ncp-ciphers AES-256-GCM:AES-128-GCM
auth SHA256
tls-client
client
resolv-retry infinite
remote WAN 5131 tcp-client
lport 0
verify-x509-name "vpn-Radius" name
auth-user-pass
remote-cert-tls server

<ca>
-----BEGIN CERTIFICATE-----
...

                Here are the client-side log with verb 4

                Tue Jul 30 10:25:34 2019 [vpn-Radius] Peer Connection Initiated with [AF_INET]X.X.X.X:5131
Tue Jul 30 10:25:41 2019 open_tun
Tue Jul 30 10:25:41 2019 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{F92A5ED8-E886-4DC3-BAD5-DA95A9A2EADF}.tap
Tue Jul 30 10:25:41 2019 Set TAP-Windows TUN subnet mode network/local/netmask = 10.1.4.0/10.1.4.3/255.255.255.0 [SUCCEEDED]
Tue Jul 30 10:25:41 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.1.4.3/255.255.255.0 on interface {F92A5ED8-E886-4DC3-BAD5-DA95A9A2EADF} [DHCP-serv: 10.1.4.254, lease-time: 31536000]
Tue Jul 30 10:25:41 2019 Successful ARP Flush on interface [19] {F92A5ED8-E886-4DC3-BAD5-DA95A9A2EADF}
Tue Jul 30 10:25:46 2019 Initialization Sequence Completed
Tue Jul 30 10:44:51 2019 Connection reset, restarting [0]
Tue Jul 30 10:44:51 2019 SIGUSR1[soft,connection-reset] received, process restarting
Tue Jul 30 10:44:56 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.X:5131
Tue Jul 30 10:44:56 2019 Attempting to establish TCP connection with [AF_INET]X.X.X.X:5131 [nonblock]
Tue Jul 30 10:44:57 2019 TCP connection established with [AF_INET]X.X.X.X:5131
Tue Jul 30 10:44:57 2019 TCP_CLIENT link local (bound): [AF_INET][undef]:0
Tue Jul 30 10:44:57 2019 TCP_CLIENT link remote: [AF_INET]X.X.X.X:5131
Tue Jul 30 10:44:57 2019 [vpn-Radius] Peer Connection Initiated with [AF_INET]X.X.X.X:5131
Tue Jul 30 10:44:58 2019 Preserving previous TUN/TAP instance: Ethernet 2
Tue Jul 30 10:44:58 2019 Initialization Sequence Completed
Tue Jul 30 10:53:15 2019 Connection reset, restarting [0]

                I had not set up keepalive, so I tried with --keepalive 10 60 but still the same problem.

                1 Reply Last reply Reply Quote 0
                • D
                  Dimix971
                  last edited by

                  @Pippin NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device. I didn’t quite understand what that means

                  1 Reply Last reply Reply Quote 0
                  • D
                    Dimix971
                    last edited by

                    No one would have a clue what my problem is ?

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.