losing OpenVPN connection every 20 - 120 seconds
-
Hi,
This is something I didn't see before :
@akkiz said in losing OpenVPN connection every 20 - 120 seconds:
Jan 8 18:52:14 php-fpm 342 /rc.newwanip: rc.newwanip called with empty interface.
This is an error condition.
Way back, the pfSense coders said this about the event of a "empty interface" :/* XXX: This really possible? */( see the rc.rc.newwanip file )
So, a very special situation - I can't tell anything more. Never saw such a issue.
The result will be :
Filters - firewall re reloaled.
Packages get restarted.
... and bail out.Btw : this is me just thinking out loud.
I do have an Express VPN account, but never set it up with pfSense.re-edit : "Empty interface" is normal after all: The VPN clients is bound to an Interface (bu you : the OPT1 interface) without an IPv4 or IPv6 specified. That's ok.
-
Ok so it connects and there is two way traffic and then presumably it disconnects.
Let see more OpenVPN logs showing that happening.
-
-
@stephenw10
Last 50 OpenVPN Log Entries. (Maximum 50)
Jan 10 20:18:52 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Jan 10 20:18:52 openvpn 79060 MANAGEMENT: CMD 'state 1'
Jan 10 20:18:52 openvpn 79060 MANAGEMENT: Client disconnected
Jan 10 20:18:55 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Jan 10 20:18:55 openvpn 79060 MANAGEMENT: CMD 'state 1'
Jan 10 20:18:55 openvpn 79060 MANAGEMENT: Client disconnected
Jan 10 20:18:59 openvpn 79060 [UNDEF] Inactivity timeout (--ping-restart), restarting
Jan 10 20:18:59 openvpn 79060 SIGUSR1[soft,ping-restart] received, process restarting
Jan 10 20:18:59 openvpn 79060 Restart pause, 10 second(s)
Jan 10 20:19:09 openvpn 79060 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 10 20:19:09 openvpn 79060 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 10 20:19:09 openvpn 79060 TCP/UDP: Preserving recently used remote address: [AF_INET]185.128.27.148:1195
Jan 10 20:19:09 openvpn 79060 Socket Buffers: R=[42080->524288] S=[57344->524288]
Jan 10 20:19:09 openvpn 79060 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
Jan 10 20:19:09 openvpn 79060 UDPv4 link remote: [AF_INET]185.128.27.148:1195
Jan 10 20:19:15 openvpn 79060 TLS: Initial packet from [AF_INET]185.128.27.148:1195, sid=e15210b7 adc6f7b9
Jan 10 20:19:15 openvpn 79060 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Jan 10 20:19:15 openvpn 79060 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
Jan 10 20:19:15 openvpn 79060 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-3360-1a, emailAddress=support@expressvpn.com
Jan 10 20:19:15 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Jan 10 20:19:15 openvpn 79060 MANAGEMENT: CMD 'state 1'
Jan 10 20:19:15 openvpn 79060 MANAGEMENT: Client disconnected
Jan 10 20:19:24 openvpn 79060 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1606'
Jan 10 20:19:24 openvpn 79060 WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
Jan 10 20:19:24 openvpn 79060 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Jan 10 20:19:24 openvpn 79060 [Server-3360-1a] Peer Connection Initiated with [AF_INET]185.128.27.148:1195
Jan 10 20:19:25 openvpn 79060 SENT CONTROL [Server-3360-1a]: 'PUSH_REQUEST' (status=1)
Jan 10 20:19:25 openvpn 79060 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.187.0.1,comp-lzo no,route 10.187.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.187.0.38 10.187.0.37,peer-id 7'
Jan 10 20:19:25 openvpn 79060 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Jan 10 20:19:25 openvpn 79060 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Jan 10 20:19:25 openvpn 79060 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Jan 10 20:19:25 openvpn 79060 OPTIONS IMPORT: timers and/or timeouts modified
Jan 10 20:19:25 openvpn 79060 OPTIONS IMPORT: compression parms modified
Jan 10 20:19:25 openvpn 79060 OPTIONS IMPORT: --ifconfig/up options modified
Jan 10 20:19:25 openvpn 79060 OPTIONS IMPORT: peer-id set
Jan 10 20:19:25 openvpn 79060 OPTIONS IMPORT: adjusting link_mtu to 1625
Jan 10 20:19:25 openvpn 79060 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Jan 10 20:19:25 openvpn 79060 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Jan 10 20:19:25 openvpn 79060 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Jan 10 20:19:25 openvpn 79060 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Jan 10 20:19:25 openvpn 79060 TUN/TAP device ovpnc2 exists previously, keep at program end
Jan 10 20:19:25 openvpn 79060 TUN/TAP device /dev/tun2 opened
Jan 10 20:19:25 openvpn 79060 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jan 10 20:19:25 openvpn 79060 /sbin/ifconfig ovpnc2 10.187.0.38 10.187.0.37 mtu 1500 netmask 255.255.255.255 up
Jan 10 20:19:25 openvpn 79060 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.187.0.38 10.187.0.37 init
Jan 10 20:19:25 openvpn 79060 Initialization Sequence Completed
Jan 10 20:19:35 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Jan 10 20:19:35 openvpn 79060 MANAGEMENT: CMD 'state 1'
Jan 10 20:19:35 openvpn 79060 MANAGEMENT: CMD 'status 2'
Jan 10 20:19:35 openvpn 79060 MANAGEMENT: Client disconnected
Jan 10 20:21:54 openvpn 79060 OPTIONS IMPORT: --ifconfig/up options modified
Jan 10 20:21:54 openvpn 79060 OPTIONS IMPORT: peer-id set
Jan 10 20:21:54 openvpn 79060 OPTIONS IMPORT: adjusting link_mtu to 1625
Jan 10 20:21:54 openvpn 79060 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Jan 10 20:21:54 openvpn 79060 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Jan 10 20:21:54 openvpn 79060 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Jan 10 20:21:54 openvpn 79060 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Jan 10 20:21:54 openvpn 79060 Preserving previous TUN/TAP instance: ovpnc2
Jan 10 20:21:54 openvpn 79060 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Jan 10 20:21:54 openvpn 79060 Closing TUN/TAP interface
Jan 10 20:21:54 openvpn 79060 /usr/local/sbin/ovpn-linkdown ovpnc2 1500 1605 10.187.0.38 10.187.0.37 init
Jan 10 20:21:55 openvpn 79060 TUN/TAP device ovpnc2 exists previously, keep at program end
Jan 10 20:21:55 openvpn 79060 TUN/TAP device /dev/tun2 opened
Jan 10 20:21:55 openvpn 79060 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jan 10 20:21:55 openvpn 79060 /sbin/ifconfig ovpnc2 10.87.0.90 10.87.0.89 mtu 1500 netmask 255.255.255.255 up
Jan 10 20:21:55 openvpn 79060 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.87.0.90 10.87.0.89 init
Jan 10 20:21:55 openvpn 79060 Initialization Sequence Completed
Jan 10 20:22:04 openvpn 79060 Bad compression stub decompression header byte: 0
Jan 10 20:22:14 openvpn 79060 Bad compression stub decompression header byte: 0
Jan 10 20:22:19 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Jan 10 20:22:19 openvpn 79060 MANAGEMENT: CMD 'state 1'
Jan 10 20:22:19 openvpn 79060 MANAGEMENT: CMD 'status 2'
Jan 10 20:22:19 openvpn 79060 MANAGEMENT: Client disconnected
Jan 10 20:22:19 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Jan 10 20:22:19 openvpn 79060 MANAGEMENT: CMD 'state 1'
Jan 10 20:22:19 openvpn 79060 MANAGEMENT: CMD 'status 2'
Jan 10 20:22:19 openvpn 79060 MANAGEMENT: Client disconnected
Jan 10 20:22:22 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Jan 10 20:22:22 openvpn 79060 MANAGEMENT: CMD 'state 1'
Jan 10 20:22:22 openvpn 79060 MANAGEMENT: CMD 'status 2'
Jan 10 20:22:22 openvpn 79060 MANAGEMENT: Client disconnected
Jan 10 20:22:45 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Jan 10 20:22:45 openvpn 79060 MANAGEMENT: CMD 'state 1'
Jan 10 20:22:45 openvpn 79060 MANAGEMENT: CMD 'status 2'
Jan 10 20:22:45 openvpn 79060 MANAGEMENT: Client disconnected
Jan 10 20:22:54 openvpn 79060 [Server-2719-0a] Inactivity timeout (--ping-restart), restarting
Jan 10 20:22:54 openvpn 79060 SIGUSR1[soft,ping-restart] received, process restarting
Jan 10 20:22:54 openvpn 79060 Restart pause, 10 second(s)
Jan 10 20:23:04 openvpn 79060 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 10 20:23:04 openvpn 79060 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 10 20:23:04 openvpn 79060 TCP/UDP: Preserving recently used remote address: [AF_INET]185.183.105.194:1195
Jan 10 20:23:04 openvpn 79060 Socket Buffers: R=[42080->524288] S=[57344->524288]
Jan 10 20:23:04 openvpn 79060 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
Jan 10 20:23:04 openvpn 79060 UDPv4 link remote: [AF_INET]185.183.105.194:1195
Jan 10 20:23:20 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Jan 10 20:23:20 openvpn 79060 MANAGEMENT: CMD 'state 1'
Jan 10 20:23:20 openvpn 79060 MANAGEMENT: Client disconnected
Jan 10 20:23:26 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Jan 10 20:23:26 openvpn 79060 MANAGEMENT: CMD 'state 1'
Jan 10 20:23:26 openvpn 79060 MANAGEMENT: Client disconnected
Jan 10 20:23:04 openvpn 79060 Socket Buffers: R=[42080->524288] S=[57344->524288]
Jan 10 20:23:04 openvpn 79060 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
Jan 10 20:23:04 openvpn 79060 UDPv4 link remote: [AF_INET]185.183.105.194:1195
Jan 10 20:23:20 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Jan 10 20:23:20 openvpn 79060 MANAGEMENT: CMD 'state 1'
Jan 10 20:23:20 openvpn 79060 MANAGEMENT: Client disconnected
Jan 10 20:23:26 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Jan 10 20:23:26 openvpn 79060 MANAGEMENT: CMD 'state 1'
Jan 10 20:23:26 openvpn 79060 MANAGEMENT: Client disconnected
Jan 10 20:24:04 openvpn 79060 [UNDEF] Inactivity timeout (--ping-restart), restarting
Jan 10 20:24:04 openvpn 79060 SIGUSR1[soft,ping-restart] received, process restarting
Jan 10 20:24:04 openvpn 79060 Restart pause, 10 second(s)
Jan 10 20:24:14 openvpn 79060 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 10 20:24:14 openvpn 79060 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 10 20:24:14 openvpn 79060 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.135.136:1195
Jan 10 20:24:14 openvpn 79060 Socket Buffers: R=[42080->524288] S=[57344->524288]
Jan 10 20:24:14 openvpn 79060 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
Jan 10 20:24:14 openvpn 79060 UDPv4 link remote: [AF_INET]37.120.135.136:1195
Jan 10 20:24:20 openvpn 79060 TLS: Initial packet from [AF_INET]37.120.135.136:1195, sid=9315b41a e4a2f938
Jan 10 20:24:20 openvpn 79060 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
Jan 10 20:24:20 openvpn 79060 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-5165-1a, emailAddress=support@expressvpn.com
Jan 10 20:24:20 openvpn 79060 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1606'
Jan 10 20:24:20 openvpn 79060 WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
Jan 10 20:24:20 openvpn 79060 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Jan 10 20:24:20 openvpn 79060 [Server-5165-1a] Peer Connection Initiated with [AF_INET]37.120.135.136:1195
Jan 10 20:24:21 openvpn 79060 SENT CONTROL [Server-5165-1a]: 'PUSH_REQUEST' (status=1)
Jan 10 20:24:21 openvpn 79060 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.17.0.1,comp-lzo no,route 10.17.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.17.0.66 10.17.0.65,peer-id 13'
Jan 10 20:24:21 openvpn 79060 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Jan 10 20:24:21 openvpn 79060 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Jan 10 20:24:21 openvpn 79060 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Jan 10 20:24:21 openvpn 79060 OPTIONS IMPORT: timers and/or timeouts modified
Jan 10 20:24:21 openvpn 79060 OPTIONS IMPORT: compression parms modified
Jan 10 20:24:21 openvpn 79060 OPTIONS IMPORT: --ifconfig/up options modified
Jan 10 20:24:21 openvpn 79060 OPTIONS IMPORT: peer-id set
Jan 10 20:24:21 openvpn 79060 OPTIONS IMPORT: adjusting link_mtu to 1625
Jan 10 20:24:21 openvpn 79060 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Jan 10 20:24:21 openvpn 79060 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Jan 10 20:24:21 openvpn 79060 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Jan 10 20:24:21 openvpn 79060 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Jan 10 20:24:21 openvpn 79060 Preserving previous TUN/TAP instance: ovpnc2
Jan 10 20:24:21 openvpn 79060 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Jan 10 20:24:21 openvpn 79060 Closing TUN/TAP interface
Jan 10 20:24:21 openvpn 79060 /usr/local/sbin/ovpn-linkdown ovpnc2 1500 1605 10.87.0.90 10.87.0.89 init
Jan 10 20:24:22 openvpn 79060 TUN/TAP device ovpnc2 exists previously, keep at program end
Jan 10 20:24:22 openvpn 79060 TUN/TAP device /dev/tun2 opened
Jan 10 20:24:22 openvpn 79060 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jan 10 20:24:22 openvpn 79060 /sbin/ifconfig ovpnc2 10.17.0.66 10.17.0.65 mtu 1500 netmask 255.255.255.255 up
Jan 10 20:24:22 openvpn 79060 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.17.0.66 10.17.0.65 init
Jan 10 20:24:22 openvpn 79060 Initialization Sequence Completed
Jan 10 20:24:31 openvpn 79060 Bad compression stub decompression header byte: 0
Jan 10 20:24:31 openvpn 79060 Bad compression stub decompression header byte: 0
Jan 10 20:24:39 openvpn 79060 Bad compression stub decompression header byte: 0
Jan 10 20:25:21 openvpn 79060 [Server-5165-1a] Inactivity timeout (--ping-restart), restarting
Jan 10 20:25:21 openvpn 79060 SIGUSR1[soft,ping-restart] received, process restarting
Jan 10 20:25:21 openvpn 79060 Restart pause, 10 second(s)
Jan 10 20:25:31 openvpn 79060 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 10 20:25:31 openvpn 79060 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 10 20:25:31 openvpn 79060 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.135.136:1195
Jan 10 20:25:31 openvpn 79060 Socket Buffers: R=[42080->524288] S=[57344->524288]
Jan 10 20:25:31 openvpn 79060 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
Jan 10 20:25:31 openvpn 79060 UDPv4 link remote: [AF_INET]37.120.135.136:1195
Jan 10 20:26:31 openvpn 79060 [UNDEF] Inactivity timeout (--ping-restart), restarting
Jan 10 20:26:31 openvpn 79060 SIGUSR1[soft,ping-restart] received, process restarting
Jan 10 20:26:31 openvpn 79060 Restart pause, 10 second(s)
Jan 10 20:26:41 openvpn 79060 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 10 20:26:41 openvpn 79060 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 10 20:26:41 openvpn 79060 TCP/UDP: Preserving recently used remote address: [AF_INET]185.128.27.148:1195
Jan 10 20:26:41 openvpn 79060 Socket Buffers: R=[42080->524288] S=[57344->524288]
Jan 10 20:26:41 openvpn 79060 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
Jan 10 20:26:41 openvpn 79060 UDPv4 link remote: [AF_INET]185.128.27.148:1195
Jan 10 20:27:41 openvpn 79060 [UNDEF] Inactivity timeout (--ping-restart), restarting
Jan 10 20:27:41 openvpn 79060 SIGUSR1[soft,ping-restart] received, process restarting
Jan 10 20:27:41 openvpn 79060 Restart pause, 10 second(s) -
Looks like you have a compression mismatch. The server is pushing
comp-lzo nobut you have it enabled in both the gui setup and custom options (if you still have those). Try setting it to 'Omit Preference' instead.Steve
-
didnt help and custom options was blank
-
@akkiz said in losing OpenVPN connection every 20 - 120 seconds:
didnt help and custom options was blank
Jan 10 21:23:17 openvpn 51111 MANAGEMENT: Client disconnected
Jan 10 21:23:18 openvpn 51111 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 10 21:23:18 openvpn 51111 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 10 21:23:18 openvpn 51111 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.135.136:1195
Jan 10 21:23:18 openvpn 51111 Socket Buffers: R=[42080->524288] S=[57344->524288]
Jan 10 21:23:18 openvpn 51111 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
Jan 10 21:23:18 openvpn 51111 UDPv4 link remote: [AF_INET]37.120.135.136:1195
Jan 10 21:23:37 openvpn 51111 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Jan 10 21:23:37 openvpn 51111 MANAGEMENT: CMD 'state 1'
Jan 10 21:23:37 openvpn 51111 MANAGEMENT: Client disconnected
Jan 10 21:24:18 openvpn 51111 [UNDEF] Inactivity timeout (--ping-restart), restarting
Jan 10 21:24:18 openvpn 51111 SIGUSR1[soft,ping-restart] received, process restarting
Jan 10 21:24:18 openvpn 51111 Restart pause, 10 second(s)
Jan 10 21:24:28 openvpn 51111 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 10 21:24:28 openvpn 51111 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 10 21:24:28 openvpn 51111 TCP/UDP: Preserving recently used remote address: [AF_INET]185.183.105.194:1195
Jan 10 21:24:28 openvpn 51111 Socket Buffers: R=[42080->524288] S=[57344->524288]
Jan 10 21:24:28 openvpn 51111 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
Jan 10 21:24:28 openvpn 51111 UDPv4 link remote: [AF_INET]185.183.105.194:1195
Jan 10 21:24:28 openvpn 51111 TLS: Initial packet from [AF_INET]185.183.105.194:1195, sid=bca25ec8 d3025870
Jan 10 21:24:28 openvpn 51111 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
Jan 10 21:24:28 openvpn 51111 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-2719-0a, emailAddress=support@expressvpn.com
Jan 10 21:24:29 openvpn 51111 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1606'
Jan 10 21:24:29 openvpn 51111 WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
Jan 10 21:24:29 openvpn 51111 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Jan 10 21:24:29 openvpn 51111 [Server-2719-0a] Peer Connection Initiated with [AF_INET]185.183.105.194:1195
Jan 10 21:24:30 openvpn 51111 SENT CONTROL [Server-2719-0a]: 'PUSH_REQUEST' (status=1)
Jan 10 21:24:30 openvpn 51111 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.87.0.1,comp-lzo no,route 10.87.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.87.0.38 10.87.0.37,peer-id 6'
Jan 10 21:24:30 openvpn 51111 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Jan 10 21:24:30 openvpn 51111 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Jan 10 21:24:30 openvpn 51111 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: timers and/or timeouts modified
Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: compression parms modified
Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: --ifconfig/up options modified
Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: peer-id set
Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: adjusting link_mtu to 1625
Jan 10 21:24:30 openvpn 51111 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Jan 10 21:24:30 openvpn 51111 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Jan 10 21:24:30 openvpn 51111 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Jan 10 21:24:30 openvpn 51111 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Jan 10 21:24:30 openvpn 51111 Preserving previous TUN/TAP instance: ovpnc2
Jan 10 21:24:30 openvpn 51111 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Jan 10 21:24:30 openvpn 51111 Closing TUN/TAP interface
Jan 10 21:24:30 openvpn 51111 /usr/local/sbin/ovpn-linkdown ovpnc2 1500 1605 10.17.0.98 10.17.0.97 init
Jan 10 21:24:31 openvpn 51111 TUN/TAP device ovpnc2 exists previously, keep at program end
Jan 10 21:24:31 openvpn 51111 TUN/TAP device /dev/tun2 opened
Jan 10 21:24:31 openvpn 51111 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jan 10 21:24:31 openvpn 51111 /sbin/ifconfig ovpnc2 10.87.0.38 10.87.0.37 mtu 1500 netmask 255.255.255.255 up
Jan 10 21:24:31 openvpn 51111 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.87.0.38 10.87.0.37 init
Jan 10 21:24:31 openvpn 51111 Initialization Sequence Completed -
@akkiz said in losing OpenVPN connection every 20 - 120 seconds:
@akkiz said in losing OpenVPN connection every 20 - 120 seconds:
didnt help and custom options was blank
Jan 10 21:23:17 openvpn 51111 MANAGEMENT: Client disconnected
Jan 10 21:23:18 openvpn 51111 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 10 21:23:18 openvpn 51111 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 10 21:23:18 openvpn 51111 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.135.136:1195
Jan 10 21:23:18 openvpn 51111 Socket Buffers: R=[42080->524288] S=[57344->524288]
Jan 10 21:23:18 openvpn 51111 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
Jan 10 21:23:18 openvpn 51111 UDPv4 link remote: [AF_INET]37.120.135.136:1195
Jan 10 21:23:37 openvpn 51111 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Jan 10 21:23:37 openvpn 51111 MANAGEMENT: CMD 'state 1'
Jan 10 21:23:37 openvpn 51111 MANAGEMENT: Client disconnected
Jan 10 21:24:18 openvpn 51111 [UNDEF] Inactivity timeout (--ping-restart), restarting
Jan 10 21:24:18 openvpn 51111 SIGUSR1[soft,ping-restart] received, process restarting
Jan 10 21:24:18 openvpn 51111 Restart pause, 10 second(s)
Jan 10 21:24:28 openvpn 51111 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 10 21:24:28 openvpn 51111 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 10 21:24:28 openvpn 51111 TCP/UDP: Preserving recently used remote address: [AF_INET]185.183.105.194:1195
Jan 10 21:24:28 openvpn 51111 Socket Buffers: R=[42080->524288] S=[57344->524288]
Jan 10 21:24:28 openvpn 51111 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
Jan 10 21:24:28 openvpn 51111 UDPv4 link remote: [AF_INET]185.183.105.194:1195
Jan 10 21:24:28 openvpn 51111 TLS: Initial packet from [AF_INET]185.183.105.194:1195, sid=bca25ec8 d3025870
Jan 10 21:24:28 openvpn 51111 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
Jan 10 21:24:28 openvpn 51111 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-2719-0a, emailAddress=support@expressvpn.com
Jan 10 21:24:29 openvpn 51111 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1606'
Jan 10 21:24:29 openvpn 51111 WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
Jan 10 21:24:29 openvpn 51111 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Jan 10 21:24:29 openvpn 51111 [Server-2719-0a] Peer Connection Initiated with [AF_INET]185.183.105.194:1195
Jan 10 21:24:30 openvpn 51111 SENT CONTROL [Server-2719-0a]: 'PUSH_REQUEST' (status=1)
Jan 10 21:24:30 openvpn 51111 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.87.0.1,comp-lzo no,route 10.87.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.87.0.38 10.87.0.37,peer-id 6'
Jan 10 21:24:30 openvpn 51111 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Jan 10 21:24:30 openvpn 51111 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
Jan 10 21:24:30 openvpn 51111 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: timers and/or timeouts modified
Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: compression parms modified
Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: --ifconfig/up options modified
Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: peer-id set
Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: adjusting link_mtu to 1625
Jan 10 21:24:30 openvpn 51111 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Jan 10 21:24:30 openvpn 51111 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Jan 10 21:24:30 openvpn 51111 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Jan 10 21:24:30 openvpn 51111 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Jan 10 21:24:30 openvpn 51111 Preserving previous TUN/TAP instance: ovpnc2
Jan 10 21:24:30 openvpn 51111 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Jan 10 21:24:30 openvpn 51111 Closing TUN/TAP interface
Jan 10 21:24:30 openvpn 51111 /usr/local/sbin/ovpn-linkdown ovpnc2 1500 1605 10.17.0.98 10.17.0.97 init
Jan 10 21:24:31 openvpn 51111 TUN/TAP device ovpnc2 exists previously, keep at program end
Jan 10 21:24:31 openvpn 51111 TUN/TAP device /dev/tun2 opened
Jan 10 21:24:31 openvpn 51111 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jan 10 21:24:31 openvpn 51111 /sbin/ifconfig ovpnc2 10.87.0.38 10.87.0.37 mtu 1500 netmask 255.255.255.255 up
Jan 10 21:24:31 openvpn 51111 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.87.0.38 10.87.0.37 init
Jan 10 21:24:31 openvpn 51111 Initialization Sequence Completed
-
try omit preference + disable lzo compression
-
@bcruze ok but it creates compression stub message see the log didnt help
-
@akkiz said in losing OpenVPN connection every 20 - 120 seconds:
Jan 10 21:57:24 openvpn 88382 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jan 10 21:57:24 openvpn 88382 /sbin/ifconfig ovpnc2 10.136.0.54 10.136.0.53 mtu 1500 netmask 255.255.255.255 up
Jan 10 21:57:24 openvpn 88382 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.136.0.54 10.136.0.53 init
Jan 10 21:57:24 openvpn 88382 Initialization Sequence Completed
Jan 10 21:57:33 openvpn 88382 Bad compression stub decompression header byte: 0
Jan 10 21:57:43 openvpn 88382 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Jan 10 21:57:43 openvpn 88382 MANAGEMENT: CMD 'state 1'
Jan 10 21:57:43 openvpn 88382 MANAGEMENT: CMD 'status 2'
Jan 10 21:57:43 openvpn 88382 MANAGEMENT: Client disconnected -
@akkiz I really am happy to see such a active helpful community here willing to help thanks guys!!!!
Hope one of you guys will crack my issue.... -
What does ExpressVPN say the compression should be set to?
-
Well my post is flagged as spam if I post the express pfsense tutorial link
Adaptive lzo... so it’s almost like there is something wrong with the particular server he is using
I don’t have an account with express to see what will work..
-
@Derelict adaptive lzo
-
@bcruze I tried 6 servers they behaved similar shall I post results from a german or a uk server
-
@akkiz said in losing OpenVPN connection every 20 - 120 seconds:
@bcruze I tried 6 servers they behaved similar shall I post results from a german or a uk server
german server same disconects see logs
Jan 11 08:23:51 openvpn 57875 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 11 08:23:51 openvpn 57875 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.86:1195
Jan 11 08:23:51 openvpn 57875 Socket Buffers: R=[42080->42080] S=[57344->57344]
Jan 11 08:23:51 openvpn 57875 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
Jan 11 08:23:51 openvpn 57875 UDPv4 link remote: [AF_INET]85.203.15.86:1195
Jan 11 08:24:51 openvpn 57875 [UNDEF] Inactivity timeout (--ping-restart), restarting
Jan 11 08:24:51 openvpn 57875 SIGUSR1[soft,ping-restart] received, process restarting
Jan 11 08:24:51 openvpn 57875 Restart pause, 10 second(s)
Jan 11 08:25:01 openvpn 57875 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 11 08:25:01 openvpn 57875 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 11 08:25:01 openvpn 57875 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.85:1195
Jan 11 08:25:01 openvpn 57875 Socket Buffers: R=[42080->42080] S=[57344->57344]
Jan 11 08:25:01 openvpn 57875 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
Jan 11 08:25:01 openvpn 57875 UDPv4 link remote: [AF_INET]85.203.15.85:1195
Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:25:14 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:25:14 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:25:17 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:25:17 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:25:17 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:25:19 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:25:19 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:25:19 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:26:01 openvpn 57875 [UNDEF] Inactivity timeout (--ping-restart), restarting
Jan 11 08:26:01 openvpn 57875 SIGUSR1[soft,ping-restart] received, process restarting
Jan 11 08:26:01 openvpn 57875 Restart pause, 10 second(s)
Jan 11 08:26:11 openvpn 57875 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 11 08:26:11 openvpn 57875 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 11 08:26:11 openvpn 57875 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.86:1195
Jan 11 08:26:11 openvpn 57875 Socket Buffers: R=[42080->42080] S=[57344->57344]
Jan 11 08:26:11 openvpn 57875 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
Jan 11 08:26:11 openvpn 57875 UDPv4 link remote: [AF_INET]85.203.15.86:1195
Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:27:04 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:27:04 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:27:07 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:27:07 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:27:07 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:27:09 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:27:09 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:27:09 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:27:11 openvpn 57875 [UNDEF] Inactivity timeout (--ping-restart), restarting
Jan 11 08:27:11 openvpn 57875 SIGUSR1[soft,ping-restart] received, process restarting
Jan 11 08:27:11 openvpn 57875 Restart pause, 10 second(s) -
@akkiz
Jan 11 08:37:19 openvpn 12072 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Jan 11 08:37:19 openvpn 12072 TUN/TAP device ovpnc3 exists previously, keep at program end
Jan 11 08:37:19 openvpn 12072 TUN/TAP device /dev/tun3 opened
Jan 11 08:37:19 openvpn 12072 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jan 11 08:37:19 openvpn 12072 /sbin/ifconfig ovpnc3 10.199.0.146 10.199.0.145 mtu 1500 netmask 255.255.255.255 up
Jan 11 08:37:19 openvpn 12072 /usr/local/sbin/ovpn-linkup ovpnc3 1500 1609 10.199.0.146 10.199.0.145 init
Jan 11 08:37:22 openvpn 12072 Initialization Sequence Completed
Jan 11 08:37:28 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:37:28 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:37:28 openvpn 12072 MANAGEMENT: CMD 'status 2'
Jan 11 08:37:28 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'status 2'
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'status 2'
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:37:44 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:37:44 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:37:44 openvpn 12072 MANAGEMENT: CMD 'status 2'
Jan 11 08:37:44 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:37:48 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:37:48 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:37:48 openvpn 12072 MANAGEMENT: CMD 'status 2'
Jan 11 08:37:48 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:38:49 openvpn 12072 [Server-4256-0a] Inactivity timeout (--ping-restart), restarting
Jan 11 08:38:49 openvpn 12072 SIGUSR1[soft,ping-restart] received, process restarting
Jan 11 08:38:49 openvpn 12072 Restart pause, 10 second(s)
Jan 11 08:38:59 openvpn 12072 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 11 08:38:59 openvpn 12072 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.86:1195
Jan 11 08:38:59 openvpn 12072 Socket Buffers: R=[42080->524288] S=[57344->524288]
Jan 11 08:38:59 openvpn 12072 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
Jan 11 08:38:59 openvpn 12072 UDPv4 link remote: [AF_INET]85.203.15.86:1195
Jan 11 08:39:41 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:39:41 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:39:41 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:39:48 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:39:48 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:39:52 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:39:52 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:39:52 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:39:56 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:39:56 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:39:56 openvpn 12072 MANAGEMENT: Client disconnected -
It looks like it connects OK and then timesout with no data after 1min. There is some data shown though.
During that 1 min can you send/receive anything over the tunnel?
You are using the same login info from a host client and are able to connect OK? You have the connection log showing the successful connection from there?
Steve
-
@stephenw10 let me check and get back to u
