OpenVPN keeps disconnecting randomly
-
I have 3 machines at various locations over the Internet connecting via OpenVPN to my pfsense. Two of my machines are Linux and the other is Windows 10 Pro. Each one has a unique certificate, user, etc. However, it seems to randomly restart the VPN (every 5 - 40 mins). I don't think its due to my internet connection since I'm able to chrome remote in with no delay or lag. I scoured the logs for anything that could indicate what is causing the issue. There were too many logs so I set my log setting to default (4).
I keep seeing
openvpn1/123.123.123.123:48484 [openvpn1] Inactivity timeout (--ping-restart), restarting
or
openvpn1/123.123.123.123:9795 GET INST BY VIRT: 192.168.12.61 [failed] openvpn1/123.123.123.123:9795 GET INST BY VIRT: 10.2.0.3 -> openvpn1/123.123.123.123:48484:9795 via 10.2.0.3
for each machine.
My client config is
dev tun persist-tun persist-key cipher AES-256-CBC auth SHA1 tls-client client resolv-retry infinite remote 121.121.121.121 1194 udp lport 0 verify-x509-name "www.somewebsite.com" name auth-user-pass pkcs12 test-udp-1194-openvpn1.p12 tls-auth test-udp-1194-openvpn1-tls.key 1 remote-cert-tls server comp-lzo adaptive
I'm not sure how to output my server config but its
Server Mode: Remote Access (SSL/TLS + User Auth)
Protocol: UDP
Device mode: tun
Interface: WAN
Local Port: 1194
Enabled auth of TLS packets
DH Parameter length: 2048
Auth digest algo: SHA1 (160-bit)
Certificate Depth: (Client + Server)Tunnel Settings:
IPv4 Tunnel: 10.0.2.0/24
IPv4 Local: 192.168.12.0/24
Concurrent connections: 10
Compression: Enabled with Adaptive Compression
Inter-client comm: Allowed communication between clients connected this server.Client settings:
Dynamic IP: Allowed connected clients to retain their connections if their IP address changes
Address Pool: Provided a virtual adapter IP address to clientsAdvance Client Settings:
DNS Server enabled with an another computer directed as the DNS serverVerbosity level: default
I'm on pfsense version 2.3.2, which I believe means I'm on OpenVPN 2.3.
I been working on this for over a week and have not be able to make sense of the problem. Please help.
-
In case my firewall rules are important
Firewall / Rules / WANProtocol: IPv4 UDP - Source: 123.123.123.123 - Port:* - Destination: WAN address - Port:1194 (OpenVPN) - Gateway: * - Queue: none - Schedule: "" - Description: OpenVPN1Rule
(I have a similar rule for each external ip address that I want to allow in)
Firewall / Rules / OpenVPN
Protocol: IPv4 TCP/UDP - Source: * - Port: * - Destination: 192.168.12.61 - Port: 3389 (MS RDP) - Gateway: * - Queue: none - Schedule:"" - Description: SomeRDPServer
I'm not sure how keepalive works but does it need ICMP to be active?
-
I started looking at my pfsense system logs. For one of the "disconnects", the system logged the following:
nginx: 2018/02/16 13:27:09 [error] 29525#100071: send() failed (54: Connection reset by peer)
Not sure what is sending this. Why does this cause all OpenVPN clients to crash. For testing, I disabled all users and disabled the firewall rules except one user and 2 firewall rules for my testing site / rdp server. Also, could squid be causing this issue?
-
I've confirmed its due to the pfsense router. How do I check if the keepalive signal is transmitted?
-
In case someone else faces a similar problem, it seems the advanced configuration can override prior settings like keepalive (this fact was not found in the pfsense manual… ). After adjusting keepalive's parameters, I no longer face the numerous random disconnects.
-
@TriStarGod what did u adjust