OpenVPN: Connection reset, restarting [0]
-
Bonjour,
pfSense 2.4.4-RELEASE-p3 under Hyper-V
I have a problem with my OpenVPN servers present on pfSense. My problem is that regulary I have a « Connection reset, restarting [0] » on my clients (see screenshot) but I don’t know where my problem can come from.Log client:
Mon Jul 29 15:50:32 2019 Connection reset, restarting [0] Mon Jul 29 15:50:32 2019 SIGUSR1[soft,connection-reset] received, process restarting Mon Jul 29 15:50:37 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.X:5131 Mon Jul 29 15:50:37 2019 Attempting to establish TCP connection with [AF_INET]X.X.X.X:5131 [nonblock] Mon Jul 29 15:50:38 2019 TCP connection established with [AF_INET]X.X.X.X:5131 Mon Jul 29 15:50:38 2019 TCP_CLIENT link local: (not bound) Mon Jul 29 15:50:38 2019 TCP_CLIENT link remote: [AF_INET]X.X.X.X:5131 Mon Jul 29 15:50:38 2019 [vpn-Radius] Peer Connection Initiated with [AF_INET]X.X.X.X:5131 Mon Jul 29 15:50:39 2019 Preserving previous TUN/TAP instance: Ethernet 2 Mon Jul 29 15:50:39 2019 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device. Mon Jul 29 15:50:40 2019 open_tun Mon Jul 29 15:50:40 2019 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{F92A5ED8-E886-4DC3-BAD5-DA95A9A2EADF}.tap Mon Jul 29 15:50:40 2019 Set TAP-Windows TUN subnet mode network/local/netmask = 10.1.4.0/10.1.4.3/255.255.255.0 [SUCCEEDED] Mon Jul 29 15:50:40 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.1.4.3/255.255.255.0 on interface {F92A5ED8-E886-4DC3-BAD5-DA95A9A2EADF} [DHCP-serv: 10.1.4.254, lease-time: 31536000] Mon Jul 29 15:50:40 2019 Successful ARP Flush on interface [19] {F92A5ED8-E886-4DC3-BAD5-DA95A9A2EADF} Mon Jul 29 15:50:45 2019 Initialization Sequence Completed Mon Jul 29 15:58:12 2019 Connection reset, restarting [0] Mon Jul 29 15:58:12 2019 SIGUSR1[soft,connection-reset] received, process restarting Mon Jul 29 15:58:17 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.X:5131 Mon Jul 29 15:58:17 2019 Attempting to establish TCP connection with [AF_INET]X.X.X.X:5131 [nonblock] Mon Jul 29 15:58:18 2019 TCP connection established with [AF_INET]X.X.X.X:5131 Mon Jul 29 15:58:18 2019 TCP_CLIENT link local: (not bound) Mon Jul 29 15:58:18 2019 TCP_CLIENT link remote: [AF_INET]X.X.X.X:5131 Mon Jul 29 15:58:18 2019 [vpn-Radius] Peer Connection Initiated with [AF_INET]X.X.X.X:5131 Mon Jul 29 15:58:19 2019 Preserving previous TUN/TAP instance: Ethernet 2 Mon Jul 29 15:58:19 2019 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device. Mon Jul 29 15:58:20 2019 open_tun Mon Jul 29 15:58:20 2019 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{F92A5ED8-E886-4DC3-BAD5-DA95A9A2EADF}.tap Mon Jul 29 15:58:20 2019 Set TAP-Windows TUN subnet mode network/local/netmask = 10.1.4.0/10.1.4.2/255.255.255.0 [SUCCEEDED] Mon Jul 29 15:58:20 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.1.4.2/255.255.255.0 on interface {F92A5ED8-E886-4DC3-BAD5-DA95A9A2EADF} [DHCP-serv: 10.1.4.254, lease-time: 31536000] Mon Jul 29 15:58:20 2019 Successful ARP Flush on interface [19] {F92A5ED8-E886-4DC3-BAD5-DA95A9A2EADF} Mon Jul 29 15:58:25 2019 Initialization Sequence Completed
Configuration of one of the servers
Server mode: Remote Access (SSL/TLS + User Auth) Backend for authentication: Radius Protocol: TCP IPv4 and IPv6 on all interfaces Interface: WAN Local Port: 5131 TLS Key Usage Mode: TLS Authentication DH Parameter Length: 2048 bit Encryption Algorithm: ARS-256-CBC (256 bit key, 128 bit block) Auth digest algorithm: SHA256 (256-bit) Hardware Crypto: No Hardware Crypto Acceleration Certificate Depth: One (Cient+Server) Inter-client communication: Allow
Log OpenVPN on pfSense
Jul 29 15:58:12 openvpn 22545 Completel/X.X.X.X [Completel] Inactivity timeout (--ping-restart), restarting Jul 29 15:54:38 openvpn 98731 TCP connection established with [AF_INET6]::ffff:X.X.X.X:58045 Jul 29 15:54:38 openvpn 98731 X.X.X.X TCP connection established with [AF_INET6]::ffff:X.X.X.X:59198 Jul 29 15:54:38 openvpn 98731 X.X.X.X TCP connection established with [AF_INET6]::ffff:X.X.X.X:37830 Jul 29 15:54:39 openvpn 98731 X.X.X.X peer info: IV_VER=2.4.7 Jul 29 15:54:39 openvpn 98731 X.X.X.X peer info: IV_PLAT=win Jul 29 15:54:39 openvpn 98731 X.X.X.X peer info: IV_PROTO=2 Jul 29 15:54:39 openvpn 98731 X.X.X.X peer info: IV_NCP=2 Jul 29 15:54:39 openvpn 98731 X.X.X.X peer info: IV_LZ4=1 Jul 29 15:54:39 openvpn 98731 X.X.X.X peer info: IV_LZ4v2=1 Jul 29 15:54:39 openvpn 98731 X.X.X.X peer info: IV_LZO=1 Jul 29 15:54:39 openvpn 98731 X.X.X.X peer info: IV_COMP_STUB=1 Jul 29 15:54:39 openvpn 98731 X.X.X.X peer info: IV_COMP_STUBv2=1 Jul 29 15:54:39 openvpn 98731 X.X.X.X peer info: IV_TCPNL=1 Jul 29 15:54:39 openvpn 98731 X.X.X.X peer info: IV_GUI_VER=OpenVPN_GUI_11
Everything worked very well last Friday and nothing was changed in the meantime. Anyone have any idea what my problem is ?
-
Flappy connection between server and client?
Routing/peering issue?-Rico
-
I am able to connect correctly to the different servers, just that every 10 minutes the connection restart.
Apart from the cut-off while the VPN reconnects, I have no problem routing.I forgot to mention that ports 5130 5131 and 5132 are open in TCP on the WAN.
Sorry for my English, it's not my native language
-
@Dimix971 please delete or comment ping-timer-rem parameter on client-side and check.
-
Logs at --verb 4 can be more helpful ...
NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Did you alter the --keepalive or ping(-restart) setting client side?
If so, see --keepalive interval timeout in manual 2.4:
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage -
I don't have the line "ping-timer-rem" in the client-side. Here's what I have.
dev tun persist-tun persist-key cipher AES-256-CBC ncp-ciphers AES-256-GCM:AES-128-GCM auth SHA256 tls-client client resolv-retry infinite remote WAN 5131 tcp-client lport 0 verify-x509-name "vpn-Radius" name auth-user-pass remote-cert-tls server <ca> -----BEGIN CERTIFICATE----- ...
Here are the client-side log with verb 4
Tue Jul 30 10:25:34 2019 [vpn-Radius] Peer Connection Initiated with [AF_INET]X.X.X.X:5131 Tue Jul 30 10:25:41 2019 open_tun Tue Jul 30 10:25:41 2019 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{F92A5ED8-E886-4DC3-BAD5-DA95A9A2EADF}.tap Tue Jul 30 10:25:41 2019 Set TAP-Windows TUN subnet mode network/local/netmask = 10.1.4.0/10.1.4.3/255.255.255.0 [SUCCEEDED] Tue Jul 30 10:25:41 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.1.4.3/255.255.255.0 on interface {F92A5ED8-E886-4DC3-BAD5-DA95A9A2EADF} [DHCP-serv: 10.1.4.254, lease-time: 31536000] Tue Jul 30 10:25:41 2019 Successful ARP Flush on interface [19] {F92A5ED8-E886-4DC3-BAD5-DA95A9A2EADF} Tue Jul 30 10:25:46 2019 Initialization Sequence Completed Tue Jul 30 10:44:51 2019 Connection reset, restarting [0] Tue Jul 30 10:44:51 2019 SIGUSR1[soft,connection-reset] received, process restarting Tue Jul 30 10:44:56 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.X:5131 Tue Jul 30 10:44:56 2019 Attempting to establish TCP connection with [AF_INET]X.X.X.X:5131 [nonblock] Tue Jul 30 10:44:57 2019 TCP connection established with [AF_INET]X.X.X.X:5131 Tue Jul 30 10:44:57 2019 TCP_CLIENT link local (bound): [AF_INET][undef]:0 Tue Jul 30 10:44:57 2019 TCP_CLIENT link remote: [AF_INET]X.X.X.X:5131 Tue Jul 30 10:44:57 2019 [vpn-Radius] Peer Connection Initiated with [AF_INET]X.X.X.X:5131 Tue Jul 30 10:44:58 2019 Preserving previous TUN/TAP instance: Ethernet 2 Tue Jul 30 10:44:58 2019 Initialization Sequence Completed Tue Jul 30 10:53:15 2019 Connection reset, restarting [0]
I had not set up keepalive, so I tried with --keepalive 10 60 but still the same problem.
-
@Pippin NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device. I didn’t quite understand what that means
-
No one would have a clue what my problem is ?