Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    losing OpenVPN connection every 20 - 120 seconds

    Scheduled Pinned Locked Moved OpenVPN
    76 Posts 7 Posters 12.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      akkiz @stephenw10
      last edited by akkiz

      @stephenw10 ok i enabled monitoring as u adviced,yes i added 2 clients but enabled only one but no effect still disconnecting
      23.png 22.png

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @akkiz
        last edited by Gertjan

        Hi,

        This is something I didn't see before :

        @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

        Jan 8 18:52:14 php-fpm 342 /rc.newwanip: rc.newwanip called with empty interface.

        This is an error condition.
        Way back, the pfSense coders said this about the event of a "empty interface" :

        /* XXX: This really possible? */

        ( see the rc.rc.newwanip file )
        So, a very special situation - I can't tell anything more. Never saw such a issue.
        The result will be :
        Filters - firewall re reloaled.
        Packages get restarted.
        ... and bail out.

        Btw : this is me just thinking out loud.
        I do have an Express VPN account, but never set it up with pfSense.

        re-edit : "Empty interface" is normal after all: The VPN clients is bound to an Interface (bu you : the OPT1 interface) without an IPv4 or IPv6 specified. That's ok.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        A 1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Ok so it connects and there is two way traffic and then presumably it disconnects.

          Let see more OpenVPN logs showing that happening.

          1 Reply Last reply Reply Quote 0
          • A
            akkiz @Gertjan
            last edited by akkiz

            @Gertjan @stephenw10 ok

            A 1 Reply Last reply Reply Quote 0
            • A
              akkiz @akkiz
              last edited by akkiz

              @stephenw10
              Last 50 OpenVPN Log Entries. (Maximum 50)
              Jan 10 20:18:52 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
              Jan 10 20:18:52 openvpn 79060 MANAGEMENT: CMD 'state 1'
              Jan 10 20:18:52 openvpn 79060 MANAGEMENT: Client disconnected
              Jan 10 20:18:55 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
              Jan 10 20:18:55 openvpn 79060 MANAGEMENT: CMD 'state 1'
              Jan 10 20:18:55 openvpn 79060 MANAGEMENT: Client disconnected
              Jan 10 20:18:59 openvpn 79060 [UNDEF] Inactivity timeout (--ping-restart), restarting
              Jan 10 20:18:59 openvpn 79060 SIGUSR1[soft,ping-restart] received, process restarting
              Jan 10 20:18:59 openvpn 79060 Restart pause, 10 second(s)
              Jan 10 20:19:09 openvpn 79060 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
              Jan 10 20:19:09 openvpn 79060 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
              Jan 10 20:19:09 openvpn 79060 TCP/UDP: Preserving recently used remote address: [AF_INET]185.128.27.148:1195
              Jan 10 20:19:09 openvpn 79060 Socket Buffers: R=[42080->524288] S=[57344->524288]
              Jan 10 20:19:09 openvpn 79060 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
              Jan 10 20:19:09 openvpn 79060 UDPv4 link remote: [AF_INET]185.128.27.148:1195
              Jan 10 20:19:15 openvpn 79060 TLS: Initial packet from [AF_INET]185.128.27.148:1195, sid=e15210b7 adc6f7b9
              Jan 10 20:19:15 openvpn 79060 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
              Jan 10 20:19:15 openvpn 79060 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
              Jan 10 20:19:15 openvpn 79060 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-3360-1a, emailAddress=support@expressvpn.com
              Jan 10 20:19:15 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
              Jan 10 20:19:15 openvpn 79060 MANAGEMENT: CMD 'state 1'
              Jan 10 20:19:15 openvpn 79060 MANAGEMENT: Client disconnected
              Jan 10 20:19:24 openvpn 79060 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1606'
              Jan 10 20:19:24 openvpn 79060 WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
              Jan 10 20:19:24 openvpn 79060 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
              Jan 10 20:19:24 openvpn 79060 [Server-3360-1a] Peer Connection Initiated with [AF_INET]185.128.27.148:1195
              Jan 10 20:19:25 openvpn 79060 SENT CONTROL [Server-3360-1a]: 'PUSH_REQUEST' (status=1)
              Jan 10 20:19:25 openvpn 79060 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.187.0.1,comp-lzo no,route 10.187.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.187.0.38 10.187.0.37,peer-id 7'
              Jan 10 20:19:25 openvpn 79060 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
              Jan 10 20:19:25 openvpn 79060 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
              Jan 10 20:19:25 openvpn 79060 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
              Jan 10 20:19:25 openvpn 79060 OPTIONS IMPORT: timers and/or timeouts modified
              Jan 10 20:19:25 openvpn 79060 OPTIONS IMPORT: compression parms modified
              Jan 10 20:19:25 openvpn 79060 OPTIONS IMPORT: --ifconfig/up options modified
              Jan 10 20:19:25 openvpn 79060 OPTIONS IMPORT: peer-id set
              Jan 10 20:19:25 openvpn 79060 OPTIONS IMPORT: adjusting link_mtu to 1625
              Jan 10 20:19:25 openvpn 79060 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
              Jan 10 20:19:25 openvpn 79060 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
              Jan 10 20:19:25 openvpn 79060 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
              Jan 10 20:19:25 openvpn 79060 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
              Jan 10 20:19:25 openvpn 79060 TUN/TAP device ovpnc2 exists previously, keep at program end
              Jan 10 20:19:25 openvpn 79060 TUN/TAP device /dev/tun2 opened
              Jan 10 20:19:25 openvpn 79060 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
              Jan 10 20:19:25 openvpn 79060 /sbin/ifconfig ovpnc2 10.187.0.38 10.187.0.37 mtu 1500 netmask 255.255.255.255 up
              Jan 10 20:19:25 openvpn 79060 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.187.0.38 10.187.0.37 init
              Jan 10 20:19:25 openvpn 79060 Initialization Sequence Completed
              Jan 10 20:19:35 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
              Jan 10 20:19:35 openvpn 79060 MANAGEMENT: CMD 'state 1'
              Jan 10 20:19:35 openvpn 79060 MANAGEMENT: CMD 'status 2'
              Jan 10 20:19:35 openvpn 79060 MANAGEMENT: Client disconnected
              Jan 10 20:21:54 openvpn 79060 OPTIONS IMPORT: --ifconfig/up options modified
              Jan 10 20:21:54 openvpn 79060 OPTIONS IMPORT: peer-id set
              Jan 10 20:21:54 openvpn 79060 OPTIONS IMPORT: adjusting link_mtu to 1625
              Jan 10 20:21:54 openvpn 79060 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
              Jan 10 20:21:54 openvpn 79060 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
              Jan 10 20:21:54 openvpn 79060 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
              Jan 10 20:21:54 openvpn 79060 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
              Jan 10 20:21:54 openvpn 79060 Preserving previous TUN/TAP instance: ovpnc2
              Jan 10 20:21:54 openvpn 79060 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
              Jan 10 20:21:54 openvpn 79060 Closing TUN/TAP interface
              Jan 10 20:21:54 openvpn 79060 /usr/local/sbin/ovpn-linkdown ovpnc2 1500 1605 10.187.0.38 10.187.0.37 init
              Jan 10 20:21:55 openvpn 79060 TUN/TAP device ovpnc2 exists previously, keep at program end
              Jan 10 20:21:55 openvpn 79060 TUN/TAP device /dev/tun2 opened
              Jan 10 20:21:55 openvpn 79060 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
              Jan 10 20:21:55 openvpn 79060 /sbin/ifconfig ovpnc2 10.87.0.90 10.87.0.89 mtu 1500 netmask 255.255.255.255 up
              Jan 10 20:21:55 openvpn 79060 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.87.0.90 10.87.0.89 init
              Jan 10 20:21:55 openvpn 79060 Initialization Sequence Completed
              Jan 10 20:22:04 openvpn 79060 Bad compression stub decompression header byte: 0
              Jan 10 20:22:14 openvpn 79060 Bad compression stub decompression header byte: 0
              Jan 10 20:22:19 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
              Jan 10 20:22:19 openvpn 79060 MANAGEMENT: CMD 'state 1'
              Jan 10 20:22:19 openvpn 79060 MANAGEMENT: CMD 'status 2'
              Jan 10 20:22:19 openvpn 79060 MANAGEMENT: Client disconnected
              Jan 10 20:22:19 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
              Jan 10 20:22:19 openvpn 79060 MANAGEMENT: CMD 'state 1'
              Jan 10 20:22:19 openvpn 79060 MANAGEMENT: CMD 'status 2'
              Jan 10 20:22:19 openvpn 79060 MANAGEMENT: Client disconnected
              Jan 10 20:22:22 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
              Jan 10 20:22:22 openvpn 79060 MANAGEMENT: CMD 'state 1'
              Jan 10 20:22:22 openvpn 79060 MANAGEMENT: CMD 'status 2'
              Jan 10 20:22:22 openvpn 79060 MANAGEMENT: Client disconnected
              Jan 10 20:22:45 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
              Jan 10 20:22:45 openvpn 79060 MANAGEMENT: CMD 'state 1'
              Jan 10 20:22:45 openvpn 79060 MANAGEMENT: CMD 'status 2'
              Jan 10 20:22:45 openvpn 79060 MANAGEMENT: Client disconnected
              Jan 10 20:22:54 openvpn 79060 [Server-2719-0a] Inactivity timeout (--ping-restart), restarting
              Jan 10 20:22:54 openvpn 79060 SIGUSR1[soft,ping-restart] received, process restarting
              Jan 10 20:22:54 openvpn 79060 Restart pause, 10 second(s)
              Jan 10 20:23:04 openvpn 79060 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
              Jan 10 20:23:04 openvpn 79060 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
              Jan 10 20:23:04 openvpn 79060 TCP/UDP: Preserving recently used remote address: [AF_INET]185.183.105.194:1195
              Jan 10 20:23:04 openvpn 79060 Socket Buffers: R=[42080->524288] S=[57344->524288]
              Jan 10 20:23:04 openvpn 79060 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
              Jan 10 20:23:04 openvpn 79060 UDPv4 link remote: [AF_INET]185.183.105.194:1195
              Jan 10 20:23:20 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
              Jan 10 20:23:20 openvpn 79060 MANAGEMENT: CMD 'state 1'
              Jan 10 20:23:20 openvpn 79060 MANAGEMENT: Client disconnected
              Jan 10 20:23:26 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
              Jan 10 20:23:26 openvpn 79060 MANAGEMENT: CMD 'state 1'
              Jan 10 20:23:26 openvpn 79060 MANAGEMENT: Client disconnected
              Jan 10 20:23:04 openvpn 79060 Socket Buffers: R=[42080->524288] S=[57344->524288]
              Jan 10 20:23:04 openvpn 79060 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
              Jan 10 20:23:04 openvpn 79060 UDPv4 link remote: [AF_INET]185.183.105.194:1195
              Jan 10 20:23:20 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
              Jan 10 20:23:20 openvpn 79060 MANAGEMENT: CMD 'state 1'
              Jan 10 20:23:20 openvpn 79060 MANAGEMENT: Client disconnected
              Jan 10 20:23:26 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
              Jan 10 20:23:26 openvpn 79060 MANAGEMENT: CMD 'state 1'
              Jan 10 20:23:26 openvpn 79060 MANAGEMENT: Client disconnected
              Jan 10 20:24:04 openvpn 79060 [UNDEF] Inactivity timeout (--ping-restart), restarting
              Jan 10 20:24:04 openvpn 79060 SIGUSR1[soft,ping-restart] received, process restarting
              Jan 10 20:24:04 openvpn 79060 Restart pause, 10 second(s)
              Jan 10 20:24:14 openvpn 79060 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
              Jan 10 20:24:14 openvpn 79060 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
              Jan 10 20:24:14 openvpn 79060 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.135.136:1195
              Jan 10 20:24:14 openvpn 79060 Socket Buffers: R=[42080->524288] S=[57344->524288]
              Jan 10 20:24:14 openvpn 79060 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
              Jan 10 20:24:14 openvpn 79060 UDPv4 link remote: [AF_INET]37.120.135.136:1195
              Jan 10 20:24:20 openvpn 79060 TLS: Initial packet from [AF_INET]37.120.135.136:1195, sid=9315b41a e4a2f938
              Jan 10 20:24:20 openvpn 79060 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
              Jan 10 20:24:20 openvpn 79060 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-5165-1a, emailAddress=support@expressvpn.com
              Jan 10 20:24:20 openvpn 79060 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1606'
              Jan 10 20:24:20 openvpn 79060 WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
              Jan 10 20:24:20 openvpn 79060 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
              Jan 10 20:24:20 openvpn 79060 [Server-5165-1a] Peer Connection Initiated with [AF_INET]37.120.135.136:1195
              Jan 10 20:24:21 openvpn 79060 SENT CONTROL [Server-5165-1a]: 'PUSH_REQUEST' (status=1)
              Jan 10 20:24:21 openvpn 79060 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.17.0.1,comp-lzo no,route 10.17.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.17.0.66 10.17.0.65,peer-id 13'
              Jan 10 20:24:21 openvpn 79060 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
              Jan 10 20:24:21 openvpn 79060 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
              Jan 10 20:24:21 openvpn 79060 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
              Jan 10 20:24:21 openvpn 79060 OPTIONS IMPORT: timers and/or timeouts modified
              Jan 10 20:24:21 openvpn 79060 OPTIONS IMPORT: compression parms modified
              Jan 10 20:24:21 openvpn 79060 OPTIONS IMPORT: --ifconfig/up options modified
              Jan 10 20:24:21 openvpn 79060 OPTIONS IMPORT: peer-id set
              Jan 10 20:24:21 openvpn 79060 OPTIONS IMPORT: adjusting link_mtu to 1625
              Jan 10 20:24:21 openvpn 79060 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
              Jan 10 20:24:21 openvpn 79060 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
              Jan 10 20:24:21 openvpn 79060 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
              Jan 10 20:24:21 openvpn 79060 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
              Jan 10 20:24:21 openvpn 79060 Preserving previous TUN/TAP instance: ovpnc2
              Jan 10 20:24:21 openvpn 79060 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
              Jan 10 20:24:21 openvpn 79060 Closing TUN/TAP interface
              Jan 10 20:24:21 openvpn 79060 /usr/local/sbin/ovpn-linkdown ovpnc2 1500 1605 10.87.0.90 10.87.0.89 init
              Jan 10 20:24:22 openvpn 79060 TUN/TAP device ovpnc2 exists previously, keep at program end
              Jan 10 20:24:22 openvpn 79060 TUN/TAP device /dev/tun2 opened
              Jan 10 20:24:22 openvpn 79060 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
              Jan 10 20:24:22 openvpn 79060 /sbin/ifconfig ovpnc2 10.17.0.66 10.17.0.65 mtu 1500 netmask 255.255.255.255 up
              Jan 10 20:24:22 openvpn 79060 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.17.0.66 10.17.0.65 init
              Jan 10 20:24:22 openvpn 79060 Initialization Sequence Completed
              Jan 10 20:24:31 openvpn 79060 Bad compression stub decompression header byte: 0
              Jan 10 20:24:31 openvpn 79060 Bad compression stub decompression header byte: 0
              Jan 10 20:24:39 openvpn 79060 Bad compression stub decompression header byte: 0
              Jan 10 20:25:21 openvpn 79060 [Server-5165-1a] Inactivity timeout (--ping-restart), restarting
              Jan 10 20:25:21 openvpn 79060 SIGUSR1[soft,ping-restart] received, process restarting
              Jan 10 20:25:21 openvpn 79060 Restart pause, 10 second(s)
              Jan 10 20:25:31 openvpn 79060 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
              Jan 10 20:25:31 openvpn 79060 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
              Jan 10 20:25:31 openvpn 79060 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.135.136:1195
              Jan 10 20:25:31 openvpn 79060 Socket Buffers: R=[42080->524288] S=[57344->524288]
              Jan 10 20:25:31 openvpn 79060 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
              Jan 10 20:25:31 openvpn 79060 UDPv4 link remote: [AF_INET]37.120.135.136:1195
              Jan 10 20:26:31 openvpn 79060 [UNDEF] Inactivity timeout (--ping-restart), restarting
              Jan 10 20:26:31 openvpn 79060 SIGUSR1[soft,ping-restart] received, process restarting
              Jan 10 20:26:31 openvpn 79060 Restart pause, 10 second(s)
              Jan 10 20:26:41 openvpn 79060 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
              Jan 10 20:26:41 openvpn 79060 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
              Jan 10 20:26:41 openvpn 79060 TCP/UDP: Preserving recently used remote address: [AF_INET]185.128.27.148:1195
              Jan 10 20:26:41 openvpn 79060 Socket Buffers: R=[42080->524288] S=[57344->524288]
              Jan 10 20:26:41 openvpn 79060 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
              Jan 10 20:26:41 openvpn 79060 UDPv4 link remote: [AF_INET]185.128.27.148:1195
              Jan 10 20:27:41 openvpn 79060 [UNDEF] Inactivity timeout (--ping-restart), restarting
              Jan 10 20:27:41 openvpn 79060 SIGUSR1[soft,ping-restart] received, process restarting
              Jan 10 20:27:41 openvpn 79060 Restart pause, 10 second(s)

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Looks like you have a compression mismatch. The server is pushing comp-lzo no but you have it enabled in both the gui setup and custom options (if you still have those). Try setting it to 'Omit Preference' instead.

                Steve

                A 1 Reply Last reply Reply Quote 0
                • A
                  akkiz @stephenw10
                  last edited by akkiz

                  didnt help and custom options was blank

                  A 1 Reply Last reply Reply Quote 0
                  • A
                    akkiz @akkiz
                    last edited by

                    @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

                    didnt help and custom options was blank

                    Jan 10 21:23:17 openvpn 51111 MANAGEMENT: Client disconnected
                    Jan 10 21:23:18 openvpn 51111 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
                    Jan 10 21:23:18 openvpn 51111 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
                    Jan 10 21:23:18 openvpn 51111 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.135.136:1195
                    Jan 10 21:23:18 openvpn 51111 Socket Buffers: R=[42080->524288] S=[57344->524288]
                    Jan 10 21:23:18 openvpn 51111 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
                    Jan 10 21:23:18 openvpn 51111 UDPv4 link remote: [AF_INET]37.120.135.136:1195
                    Jan 10 21:23:37 openvpn 51111 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
                    Jan 10 21:23:37 openvpn 51111 MANAGEMENT: CMD 'state 1'
                    Jan 10 21:23:37 openvpn 51111 MANAGEMENT: Client disconnected
                    Jan 10 21:24:18 openvpn 51111 [UNDEF] Inactivity timeout (--ping-restart), restarting
                    Jan 10 21:24:18 openvpn 51111 SIGUSR1[soft,ping-restart] received, process restarting
                    Jan 10 21:24:18 openvpn 51111 Restart pause, 10 second(s)
                    Jan 10 21:24:28 openvpn 51111 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
                    Jan 10 21:24:28 openvpn 51111 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
                    Jan 10 21:24:28 openvpn 51111 TCP/UDP: Preserving recently used remote address: [AF_INET]185.183.105.194:1195
                    Jan 10 21:24:28 openvpn 51111 Socket Buffers: R=[42080->524288] S=[57344->524288]
                    Jan 10 21:24:28 openvpn 51111 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
                    Jan 10 21:24:28 openvpn 51111 UDPv4 link remote: [AF_INET]185.183.105.194:1195
                    Jan 10 21:24:28 openvpn 51111 TLS: Initial packet from [AF_INET]185.183.105.194:1195, sid=bca25ec8 d3025870
                    Jan 10 21:24:28 openvpn 51111 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
                    Jan 10 21:24:28 openvpn 51111 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-2719-0a, emailAddress=support@expressvpn.com
                    Jan 10 21:24:29 openvpn 51111 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1606'
                    Jan 10 21:24:29 openvpn 51111 WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
                    Jan 10 21:24:29 openvpn 51111 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
                    Jan 10 21:24:29 openvpn 51111 [Server-2719-0a] Peer Connection Initiated with [AF_INET]185.183.105.194:1195
                    Jan 10 21:24:30 openvpn 51111 SENT CONTROL [Server-2719-0a]: 'PUSH_REQUEST' (status=1)
                    Jan 10 21:24:30 openvpn 51111 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.87.0.1,comp-lzo no,route 10.87.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.87.0.38 10.87.0.37,peer-id 6'
                    Jan 10 21:24:30 openvpn 51111 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
                    Jan 10 21:24:30 openvpn 51111 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
                    Jan 10 21:24:30 openvpn 51111 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
                    Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: timers and/or timeouts modified
                    Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: compression parms modified
                    Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: --ifconfig/up options modified
                    Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: peer-id set
                    Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: adjusting link_mtu to 1625
                    Jan 10 21:24:30 openvpn 51111 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
                    Jan 10 21:24:30 openvpn 51111 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
                    Jan 10 21:24:30 openvpn 51111 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
                    Jan 10 21:24:30 openvpn 51111 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
                    Jan 10 21:24:30 openvpn 51111 Preserving previous TUN/TAP instance: ovpnc2
                    Jan 10 21:24:30 openvpn 51111 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
                    Jan 10 21:24:30 openvpn 51111 Closing TUN/TAP interface
                    Jan 10 21:24:30 openvpn 51111 /usr/local/sbin/ovpn-linkdown ovpnc2 1500 1605 10.17.0.98 10.17.0.97 init
                    Jan 10 21:24:31 openvpn 51111 TUN/TAP device ovpnc2 exists previously, keep at program end
                    Jan 10 21:24:31 openvpn 51111 TUN/TAP device /dev/tun2 opened
                    Jan 10 21:24:31 openvpn 51111 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
                    Jan 10 21:24:31 openvpn 51111 /sbin/ifconfig ovpnc2 10.87.0.38 10.87.0.37 mtu 1500 netmask 255.255.255.255 up
                    Jan 10 21:24:31 openvpn 51111 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.87.0.38 10.87.0.37 init
                    Jan 10 21:24:31 openvpn 51111 Initialization Sequence Completed

                    A 1 Reply Last reply Reply Quote 0
                    • A
                      akkiz @akkiz
                      last edited by

                      @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

                      @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

                      didnt help and custom options was blank

                      Jan 10 21:23:17 openvpn 51111 MANAGEMENT: Client disconnected
                      Jan 10 21:23:18 openvpn 51111 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
                      Jan 10 21:23:18 openvpn 51111 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
                      Jan 10 21:23:18 openvpn 51111 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.135.136:1195
                      Jan 10 21:23:18 openvpn 51111 Socket Buffers: R=[42080->524288] S=[57344->524288]
                      Jan 10 21:23:18 openvpn 51111 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
                      Jan 10 21:23:18 openvpn 51111 UDPv4 link remote: [AF_INET]37.120.135.136:1195
                      Jan 10 21:23:37 openvpn 51111 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
                      Jan 10 21:23:37 openvpn 51111 MANAGEMENT: CMD 'state 1'
                      Jan 10 21:23:37 openvpn 51111 MANAGEMENT: Client disconnected
                      Jan 10 21:24:18 openvpn 51111 [UNDEF] Inactivity timeout (--ping-restart), restarting
                      Jan 10 21:24:18 openvpn 51111 SIGUSR1[soft,ping-restart] received, process restarting
                      Jan 10 21:24:18 openvpn 51111 Restart pause, 10 second(s)
                      Jan 10 21:24:28 openvpn 51111 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
                      Jan 10 21:24:28 openvpn 51111 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
                      Jan 10 21:24:28 openvpn 51111 TCP/UDP: Preserving recently used remote address: [AF_INET]185.183.105.194:1195
                      Jan 10 21:24:28 openvpn 51111 Socket Buffers: R=[42080->524288] S=[57344->524288]
                      Jan 10 21:24:28 openvpn 51111 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
                      Jan 10 21:24:28 openvpn 51111 UDPv4 link remote: [AF_INET]185.183.105.194:1195
                      Jan 10 21:24:28 openvpn 51111 TLS: Initial packet from [AF_INET]185.183.105.194:1195, sid=bca25ec8 d3025870
                      Jan 10 21:24:28 openvpn 51111 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
                      Jan 10 21:24:28 openvpn 51111 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-2719-0a, emailAddress=support@expressvpn.com
                      Jan 10 21:24:29 openvpn 51111 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1606'
                      Jan 10 21:24:29 openvpn 51111 WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
                      Jan 10 21:24:29 openvpn 51111 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
                      Jan 10 21:24:29 openvpn 51111 [Server-2719-0a] Peer Connection Initiated with [AF_INET]185.183.105.194:1195
                      Jan 10 21:24:30 openvpn 51111 SENT CONTROL [Server-2719-0a]: 'PUSH_REQUEST' (status=1)
                      Jan 10 21:24:30 openvpn 51111 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.87.0.1,comp-lzo no,route 10.87.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.87.0.38 10.87.0.37,peer-id 6'
                      Jan 10 21:24:30 openvpn 51111 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
                      Jan 10 21:24:30 openvpn 51111 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
                      Jan 10 21:24:30 openvpn 51111 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
                      Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: timers and/or timeouts modified
                      Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: compression parms modified
                      Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: --ifconfig/up options modified
                      Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: peer-id set
                      Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: adjusting link_mtu to 1625
                      Jan 10 21:24:30 openvpn 51111 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
                      Jan 10 21:24:30 openvpn 51111 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
                      Jan 10 21:24:30 openvpn 51111 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
                      Jan 10 21:24:30 openvpn 51111 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
                      Jan 10 21:24:30 openvpn 51111 Preserving previous TUN/TAP instance: ovpnc2
                      Jan 10 21:24:30 openvpn 51111 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
                      Jan 10 21:24:30 openvpn 51111 Closing TUN/TAP interface
                      Jan 10 21:24:30 openvpn 51111 /usr/local/sbin/ovpn-linkdown ovpnc2 1500 1605 10.17.0.98 10.17.0.97 init
                      Jan 10 21:24:31 openvpn 51111 TUN/TAP device ovpnc2 exists previously, keep at program end
                      Jan 10 21:24:31 openvpn 51111 TUN/TAP device /dev/tun2 opened
                      Jan 10 21:24:31 openvpn 51111 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
                      Jan 10 21:24:31 openvpn 51111 /sbin/ifconfig ovpnc2 10.87.0.38 10.87.0.37 mtu 1500 netmask 255.255.255.255 up
                      Jan 10 21:24:31 openvpn 51111 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.87.0.38 10.87.0.37 init
                      Jan 10 21:24:31 openvpn 51111 Initialization Sequence Completed

                      123.jpg

                      1 Reply Last reply Reply Quote 0
                      • B
                        bcruze
                        last edited by

                        try omit preference + disable lzo compression

                        A 1 Reply Last reply Reply Quote 0
                        • A
                          akkiz @bcruze
                          last edited by akkiz

                          @bcruze ok but it creates compression stub message see the log didnt help

                          A 1 Reply Last reply Reply Quote 0
                          • A
                            akkiz @akkiz
                            last edited by akkiz

                            @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

                            Jan 10 21:57:24 openvpn 88382 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
                            Jan 10 21:57:24 openvpn 88382 /sbin/ifconfig ovpnc2 10.136.0.54 10.136.0.53 mtu 1500 netmask 255.255.255.255 up
                            Jan 10 21:57:24 openvpn 88382 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.136.0.54 10.136.0.53 init
                            Jan 10 21:57:24 openvpn 88382 Initialization Sequence Completed
                            Jan 10 21:57:33 openvpn 88382 Bad compression stub decompression header byte: 0
                            Jan 10 21:57:43 openvpn 88382 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
                            Jan 10 21:57:43 openvpn 88382 MANAGEMENT: CMD 'state 1'
                            Jan 10 21:57:43 openvpn 88382 MANAGEMENT: CMD 'status 2'
                            Jan 10 21:57:43 openvpn 88382 MANAGEMENT: Client disconnected

                            A 1 Reply Last reply Reply Quote 0
                            • A
                              akkiz @akkiz
                              last edited by akkiz

                              @akkiz I really am happy to see such a active helpful community here willing to help thanks guys!!!!
                              Hope one of you guys will crack my issue....

                              1 Reply Last reply Reply Quote 0
                              • DerelictD
                                Derelict LAYER 8 Netgate
                                last edited by

                                What does ExpressVPN say the compression should be set to?

                                Chattanooga, Tennessee, USA
                                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                                A 1 Reply Last reply Reply Quote 0
                                • B
                                  bcruze
                                  last edited by bcruze

                                  Well my post is flagged as spam if I post the express pfsense tutorial link

                                  Adaptive lzo... so it’s almost like there is something wrong with the particular server he is using

                                  I don’t have an account with express to see what will work..

                                  A 1 Reply Last reply Reply Quote 0
                                  • A
                                    akkiz @Derelict
                                    last edited by

                                    @Derelict adaptive lzo

                                    1 Reply Last reply Reply Quote 0
                                    • A
                                      akkiz @bcruze
                                      last edited by

                                      @bcruze I tried 6 servers they behaved similar shall I post results from a german or a uk server

                                      A 1 Reply Last reply Reply Quote 0
                                      • A
                                        akkiz @akkiz
                                        last edited by

                                        @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

                                        @bcruze I tried 6 servers they behaved similar shall I post results from a german or a uk server

                                        german server same disconects see logs
                                        Jan 11 08:23:51 openvpn 57875 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
                                        Jan 11 08:23:51 openvpn 57875 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.86:1195
                                        Jan 11 08:23:51 openvpn 57875 Socket Buffers: R=[42080->42080] S=[57344->57344]
                                        Jan 11 08:23:51 openvpn 57875 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
                                        Jan 11 08:23:51 openvpn 57875 UDPv4 link remote: [AF_INET]85.203.15.86:1195
                                        Jan 11 08:24:51 openvpn 57875 [UNDEF] Inactivity timeout (--ping-restart), restarting
                                        Jan 11 08:24:51 openvpn 57875 SIGUSR1[soft,ping-restart] received, process restarting
                                        Jan 11 08:24:51 openvpn 57875 Restart pause, 10 second(s)
                                        Jan 11 08:25:01 openvpn 57875 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
                                        Jan 11 08:25:01 openvpn 57875 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
                                        Jan 11 08:25:01 openvpn 57875 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.85:1195
                                        Jan 11 08:25:01 openvpn 57875 Socket Buffers: R=[42080->42080] S=[57344->57344]
                                        Jan 11 08:25:01 openvpn 57875 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
                                        Jan 11 08:25:01 openvpn 57875 UDPv4 link remote: [AF_INET]85.203.15.85:1195
                                        Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                        Jan 11 08:25:14 openvpn 57875 MANAGEMENT: CMD 'state 1'
                                        Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client disconnected
                                        Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                        Jan 11 08:25:14 openvpn 57875 MANAGEMENT: CMD 'state 1'
                                        Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client disconnected
                                        Jan 11 08:25:17 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                        Jan 11 08:25:17 openvpn 57875 MANAGEMENT: CMD 'state 1'
                                        Jan 11 08:25:17 openvpn 57875 MANAGEMENT: Client disconnected
                                        Jan 11 08:25:19 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                        Jan 11 08:25:19 openvpn 57875 MANAGEMENT: CMD 'state 1'
                                        Jan 11 08:25:19 openvpn 57875 MANAGEMENT: Client disconnected
                                        Jan 11 08:26:01 openvpn 57875 [UNDEF] Inactivity timeout (--ping-restart), restarting
                                        Jan 11 08:26:01 openvpn 57875 SIGUSR1[soft,ping-restart] received, process restarting
                                        Jan 11 08:26:01 openvpn 57875 Restart pause, 10 second(s)
                                        Jan 11 08:26:11 openvpn 57875 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
                                        Jan 11 08:26:11 openvpn 57875 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
                                        Jan 11 08:26:11 openvpn 57875 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.86:1195
                                        Jan 11 08:26:11 openvpn 57875 Socket Buffers: R=[42080->42080] S=[57344->57344]
                                        Jan 11 08:26:11 openvpn 57875 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
                                        Jan 11 08:26:11 openvpn 57875 UDPv4 link remote: [AF_INET]85.203.15.86:1195
                                        Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                        Jan 11 08:27:04 openvpn 57875 MANAGEMENT: CMD 'state 1'
                                        Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client disconnected
                                        Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                        Jan 11 08:27:04 openvpn 57875 MANAGEMENT: CMD 'state 1'
                                        Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client disconnected
                                        Jan 11 08:27:07 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                        Jan 11 08:27:07 openvpn 57875 MANAGEMENT: CMD 'state 1'
                                        Jan 11 08:27:07 openvpn 57875 MANAGEMENT: Client disconnected
                                        Jan 11 08:27:09 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                        Jan 11 08:27:09 openvpn 57875 MANAGEMENT: CMD 'state 1'
                                        Jan 11 08:27:09 openvpn 57875 MANAGEMENT: Client disconnected
                                        Jan 11 08:27:11 openvpn 57875 [UNDEF] Inactivity timeout (--ping-restart), restarting
                                        Jan 11 08:27:11 openvpn 57875 SIGUSR1[soft,ping-restart] received, process restarting
                                        Jan 11 08:27:11 openvpn 57875 Restart pause, 10 second(s)

                                        A 1 Reply Last reply Reply Quote 0
                                        • A
                                          akkiz @akkiz
                                          last edited by akkiz

                                          @akkiz express1.jpg
                                          Jan 11 08:37:19 openvpn 12072 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
                                          Jan 11 08:37:19 openvpn 12072 TUN/TAP device ovpnc3 exists previously, keep at program end
                                          Jan 11 08:37:19 openvpn 12072 TUN/TAP device /dev/tun3 opened
                                          Jan 11 08:37:19 openvpn 12072 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
                                          Jan 11 08:37:19 openvpn 12072 /sbin/ifconfig ovpnc3 10.199.0.146 10.199.0.145 mtu 1500 netmask 255.255.255.255 up
                                          Jan 11 08:37:19 openvpn 12072 /usr/local/sbin/ovpn-linkup ovpnc3 1500 1609 10.199.0.146 10.199.0.145 init
                                          Jan 11 08:37:22 openvpn 12072 Initialization Sequence Completed
                                          Jan 11 08:37:28 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                          Jan 11 08:37:28 openvpn 12072 MANAGEMENT: CMD 'state 1'
                                          Jan 11 08:37:28 openvpn 12072 MANAGEMENT: CMD 'status 2'
                                          Jan 11 08:37:28 openvpn 12072 MANAGEMENT: Client disconnected
                                          Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                          Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'state 1'
                                          Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'status 2'
                                          Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client disconnected
                                          Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                          Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'state 1'
                                          Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'status 2'
                                          Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client disconnected
                                          Jan 11 08:37:44 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                          Jan 11 08:37:44 openvpn 12072 MANAGEMENT: CMD 'state 1'
                                          Jan 11 08:37:44 openvpn 12072 MANAGEMENT: CMD 'status 2'
                                          Jan 11 08:37:44 openvpn 12072 MANAGEMENT: Client disconnected
                                          Jan 11 08:37:48 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                          Jan 11 08:37:48 openvpn 12072 MANAGEMENT: CMD 'state 1'
                                          Jan 11 08:37:48 openvpn 12072 MANAGEMENT: CMD 'status 2'
                                          Jan 11 08:37:48 openvpn 12072 MANAGEMENT: Client disconnected
                                          Jan 11 08:38:49 openvpn 12072 [Server-4256-0a] Inactivity timeout (--ping-restart), restarting
                                          Jan 11 08:38:49 openvpn 12072 SIGUSR1[soft,ping-restart] received, process restarting
                                          Jan 11 08:38:49 openvpn 12072 Restart pause, 10 second(s)
                                          Jan 11 08:38:59 openvpn 12072 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
                                          Jan 11 08:38:59 openvpn 12072 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.86:1195
                                          Jan 11 08:38:59 openvpn 12072 Socket Buffers: R=[42080->524288] S=[57344->524288]
                                          Jan 11 08:38:59 openvpn 12072 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
                                          Jan 11 08:38:59 openvpn 12072 UDPv4 link remote: [AF_INET]85.203.15.86:1195
                                          Jan 11 08:39:41 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                          Jan 11 08:39:41 openvpn 12072 MANAGEMENT: CMD 'state 1'
                                          Jan 11 08:39:41 openvpn 12072 MANAGEMENT: Client disconnected
                                          Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                          Jan 11 08:39:48 openvpn 12072 MANAGEMENT: CMD 'state 1'
                                          Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client disconnected
                                          Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                          Jan 11 08:39:48 openvpn 12072 MANAGEMENT: CMD 'state 1'
                                          Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client disconnected
                                          Jan 11 08:39:52 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                          Jan 11 08:39:52 openvpn 12072 MANAGEMENT: CMD 'state 1'
                                          Jan 11 08:39:52 openvpn 12072 MANAGEMENT: Client disconnected
                                          Jan 11 08:39:56 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                          Jan 11 08:39:56 openvpn 12072 MANAGEMENT: CMD 'state 1'
                                          Jan 11 08:39:56 openvpn 12072 MANAGEMENT: Client disconnected

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            It looks like it connects OK and then timesout with no data after 1min. There is some data shown though.

                                            During that 1 min can you send/receive anything over the tunnel?

                                            You are using the same login info from a host client and are able to connect OK? You have the connection log showing the successful connection from there?

                                            Steve

                                            A 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.