Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    losing OpenVPN connection every 20 - 120 seconds

    Scheduled Pinned Locked Moved OpenVPN
    76 Posts 7 Posters 12.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      akkiz @akkiz
      last edited by

      @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

      didnt help and custom options was blank

      Jan 10 21:23:17 openvpn 51111 MANAGEMENT: Client disconnected
      Jan 10 21:23:18 openvpn 51111 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
      Jan 10 21:23:18 openvpn 51111 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Jan 10 21:23:18 openvpn 51111 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.135.136:1195
      Jan 10 21:23:18 openvpn 51111 Socket Buffers: R=[42080->524288] S=[57344->524288]
      Jan 10 21:23:18 openvpn 51111 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
      Jan 10 21:23:18 openvpn 51111 UDPv4 link remote: [AF_INET]37.120.135.136:1195
      Jan 10 21:23:37 openvpn 51111 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
      Jan 10 21:23:37 openvpn 51111 MANAGEMENT: CMD 'state 1'
      Jan 10 21:23:37 openvpn 51111 MANAGEMENT: Client disconnected
      Jan 10 21:24:18 openvpn 51111 [UNDEF] Inactivity timeout (--ping-restart), restarting
      Jan 10 21:24:18 openvpn 51111 SIGUSR1[soft,ping-restart] received, process restarting
      Jan 10 21:24:18 openvpn 51111 Restart pause, 10 second(s)
      Jan 10 21:24:28 openvpn 51111 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
      Jan 10 21:24:28 openvpn 51111 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
      Jan 10 21:24:28 openvpn 51111 TCP/UDP: Preserving recently used remote address: [AF_INET]185.183.105.194:1195
      Jan 10 21:24:28 openvpn 51111 Socket Buffers: R=[42080->524288] S=[57344->524288]
      Jan 10 21:24:28 openvpn 51111 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
      Jan 10 21:24:28 openvpn 51111 UDPv4 link remote: [AF_INET]185.183.105.194:1195
      Jan 10 21:24:28 openvpn 51111 TLS: Initial packet from [AF_INET]185.183.105.194:1195, sid=bca25ec8 d3025870
      Jan 10 21:24:28 openvpn 51111 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
      Jan 10 21:24:28 openvpn 51111 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-2719-0a, emailAddress=support@expressvpn.com
      Jan 10 21:24:29 openvpn 51111 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1606'
      Jan 10 21:24:29 openvpn 51111 WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
      Jan 10 21:24:29 openvpn 51111 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
      Jan 10 21:24:29 openvpn 51111 [Server-2719-0a] Peer Connection Initiated with [AF_INET]185.183.105.194:1195
      Jan 10 21:24:30 openvpn 51111 SENT CONTROL [Server-2719-0a]: 'PUSH_REQUEST' (status=1)
      Jan 10 21:24:30 openvpn 51111 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.87.0.1,comp-lzo no,route 10.87.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.87.0.38 10.87.0.37,peer-id 6'
      Jan 10 21:24:30 openvpn 51111 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
      Jan 10 21:24:30 openvpn 51111 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
      Jan 10 21:24:30 openvpn 51111 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
      Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: timers and/or timeouts modified
      Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: compression parms modified
      Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: --ifconfig/up options modified
      Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: peer-id set
      Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: adjusting link_mtu to 1625
      Jan 10 21:24:30 openvpn 51111 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
      Jan 10 21:24:30 openvpn 51111 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
      Jan 10 21:24:30 openvpn 51111 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
      Jan 10 21:24:30 openvpn 51111 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
      Jan 10 21:24:30 openvpn 51111 Preserving previous TUN/TAP instance: ovpnc2
      Jan 10 21:24:30 openvpn 51111 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
      Jan 10 21:24:30 openvpn 51111 Closing TUN/TAP interface
      Jan 10 21:24:30 openvpn 51111 /usr/local/sbin/ovpn-linkdown ovpnc2 1500 1605 10.17.0.98 10.17.0.97 init
      Jan 10 21:24:31 openvpn 51111 TUN/TAP device ovpnc2 exists previously, keep at program end
      Jan 10 21:24:31 openvpn 51111 TUN/TAP device /dev/tun2 opened
      Jan 10 21:24:31 openvpn 51111 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
      Jan 10 21:24:31 openvpn 51111 /sbin/ifconfig ovpnc2 10.87.0.38 10.87.0.37 mtu 1500 netmask 255.255.255.255 up
      Jan 10 21:24:31 openvpn 51111 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.87.0.38 10.87.0.37 init
      Jan 10 21:24:31 openvpn 51111 Initialization Sequence Completed

      A 1 Reply Last reply Reply Quote 0
      • A
        akkiz @akkiz
        last edited by

        @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

        @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

        didnt help and custom options was blank

        Jan 10 21:23:17 openvpn 51111 MANAGEMENT: Client disconnected
        Jan 10 21:23:18 openvpn 51111 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
        Jan 10 21:23:18 openvpn 51111 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
        Jan 10 21:23:18 openvpn 51111 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.135.136:1195
        Jan 10 21:23:18 openvpn 51111 Socket Buffers: R=[42080->524288] S=[57344->524288]
        Jan 10 21:23:18 openvpn 51111 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
        Jan 10 21:23:18 openvpn 51111 UDPv4 link remote: [AF_INET]37.120.135.136:1195
        Jan 10 21:23:37 openvpn 51111 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
        Jan 10 21:23:37 openvpn 51111 MANAGEMENT: CMD 'state 1'
        Jan 10 21:23:37 openvpn 51111 MANAGEMENT: Client disconnected
        Jan 10 21:24:18 openvpn 51111 [UNDEF] Inactivity timeout (--ping-restart), restarting
        Jan 10 21:24:18 openvpn 51111 SIGUSR1[soft,ping-restart] received, process restarting
        Jan 10 21:24:18 openvpn 51111 Restart pause, 10 second(s)
        Jan 10 21:24:28 openvpn 51111 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
        Jan 10 21:24:28 openvpn 51111 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
        Jan 10 21:24:28 openvpn 51111 TCP/UDP: Preserving recently used remote address: [AF_INET]185.183.105.194:1195
        Jan 10 21:24:28 openvpn 51111 Socket Buffers: R=[42080->524288] S=[57344->524288]
        Jan 10 21:24:28 openvpn 51111 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
        Jan 10 21:24:28 openvpn 51111 UDPv4 link remote: [AF_INET]185.183.105.194:1195
        Jan 10 21:24:28 openvpn 51111 TLS: Initial packet from [AF_INET]185.183.105.194:1195, sid=bca25ec8 d3025870
        Jan 10 21:24:28 openvpn 51111 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
        Jan 10 21:24:28 openvpn 51111 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-2719-0a, emailAddress=support@expressvpn.com
        Jan 10 21:24:29 openvpn 51111 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1606'
        Jan 10 21:24:29 openvpn 51111 WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
        Jan 10 21:24:29 openvpn 51111 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
        Jan 10 21:24:29 openvpn 51111 [Server-2719-0a] Peer Connection Initiated with [AF_INET]185.183.105.194:1195
        Jan 10 21:24:30 openvpn 51111 SENT CONTROL [Server-2719-0a]: 'PUSH_REQUEST' (status=1)
        Jan 10 21:24:30 openvpn 51111 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.87.0.1,comp-lzo no,route 10.87.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.87.0.38 10.87.0.37,peer-id 6'
        Jan 10 21:24:30 openvpn 51111 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
        Jan 10 21:24:30 openvpn 51111 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
        Jan 10 21:24:30 openvpn 51111 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
        Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: timers and/or timeouts modified
        Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: compression parms modified
        Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: --ifconfig/up options modified
        Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: peer-id set
        Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: adjusting link_mtu to 1625
        Jan 10 21:24:30 openvpn 51111 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
        Jan 10 21:24:30 openvpn 51111 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
        Jan 10 21:24:30 openvpn 51111 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
        Jan 10 21:24:30 openvpn 51111 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
        Jan 10 21:24:30 openvpn 51111 Preserving previous TUN/TAP instance: ovpnc2
        Jan 10 21:24:30 openvpn 51111 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
        Jan 10 21:24:30 openvpn 51111 Closing TUN/TAP interface
        Jan 10 21:24:30 openvpn 51111 /usr/local/sbin/ovpn-linkdown ovpnc2 1500 1605 10.17.0.98 10.17.0.97 init
        Jan 10 21:24:31 openvpn 51111 TUN/TAP device ovpnc2 exists previously, keep at program end
        Jan 10 21:24:31 openvpn 51111 TUN/TAP device /dev/tun2 opened
        Jan 10 21:24:31 openvpn 51111 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
        Jan 10 21:24:31 openvpn 51111 /sbin/ifconfig ovpnc2 10.87.0.38 10.87.0.37 mtu 1500 netmask 255.255.255.255 up
        Jan 10 21:24:31 openvpn 51111 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.87.0.38 10.87.0.37 init
        Jan 10 21:24:31 openvpn 51111 Initialization Sequence Completed

        123.jpg

        1 Reply Last reply Reply Quote 0
        • B
          bcruze
          last edited by

          try omit preference + disable lzo compression

          A 1 Reply Last reply Reply Quote 0
          • A
            akkiz @bcruze
            last edited by akkiz

            @bcruze ok but it creates compression stub message see the log didnt help

            A 1 Reply Last reply Reply Quote 0
            • A
              akkiz @akkiz
              last edited by akkiz

              @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

              Jan 10 21:57:24 openvpn 88382 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
              Jan 10 21:57:24 openvpn 88382 /sbin/ifconfig ovpnc2 10.136.0.54 10.136.0.53 mtu 1500 netmask 255.255.255.255 up
              Jan 10 21:57:24 openvpn 88382 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.136.0.54 10.136.0.53 init
              Jan 10 21:57:24 openvpn 88382 Initialization Sequence Completed
              Jan 10 21:57:33 openvpn 88382 Bad compression stub decompression header byte: 0
              Jan 10 21:57:43 openvpn 88382 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
              Jan 10 21:57:43 openvpn 88382 MANAGEMENT: CMD 'state 1'
              Jan 10 21:57:43 openvpn 88382 MANAGEMENT: CMD 'status 2'
              Jan 10 21:57:43 openvpn 88382 MANAGEMENT: Client disconnected

              A 1 Reply Last reply Reply Quote 0
              • A
                akkiz @akkiz
                last edited by akkiz

                @akkiz I really am happy to see such a active helpful community here willing to help thanks guys!!!!
                Hope one of you guys will crack my issue....

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  What does ExpressVPN say the compression should be set to?

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  A 1 Reply Last reply Reply Quote 0
                  • B
                    bcruze
                    last edited by bcruze

                    Well my post is flagged as spam if I post the express pfsense tutorial link

                    Adaptive lzo... so it’s almost like there is something wrong with the particular server he is using

                    I don’t have an account with express to see what will work..

                    A 1 Reply Last reply Reply Quote 0
                    • A
                      akkiz @Derelict
                      last edited by

                      @Derelict adaptive lzo

                      1 Reply Last reply Reply Quote 0
                      • A
                        akkiz @bcruze
                        last edited by

                        @bcruze I tried 6 servers they behaved similar shall I post results from a german or a uk server

                        A 1 Reply Last reply Reply Quote 0
                        • A
                          akkiz @akkiz
                          last edited by

                          @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

                          @bcruze I tried 6 servers they behaved similar shall I post results from a german or a uk server

                          german server same disconects see logs
                          Jan 11 08:23:51 openvpn 57875 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
                          Jan 11 08:23:51 openvpn 57875 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.86:1195
                          Jan 11 08:23:51 openvpn 57875 Socket Buffers: R=[42080->42080] S=[57344->57344]
                          Jan 11 08:23:51 openvpn 57875 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
                          Jan 11 08:23:51 openvpn 57875 UDPv4 link remote: [AF_INET]85.203.15.86:1195
                          Jan 11 08:24:51 openvpn 57875 [UNDEF] Inactivity timeout (--ping-restart), restarting
                          Jan 11 08:24:51 openvpn 57875 SIGUSR1[soft,ping-restart] received, process restarting
                          Jan 11 08:24:51 openvpn 57875 Restart pause, 10 second(s)
                          Jan 11 08:25:01 openvpn 57875 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
                          Jan 11 08:25:01 openvpn 57875 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
                          Jan 11 08:25:01 openvpn 57875 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.85:1195
                          Jan 11 08:25:01 openvpn 57875 Socket Buffers: R=[42080->42080] S=[57344->57344]
                          Jan 11 08:25:01 openvpn 57875 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
                          Jan 11 08:25:01 openvpn 57875 UDPv4 link remote: [AF_INET]85.203.15.85:1195
                          Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                          Jan 11 08:25:14 openvpn 57875 MANAGEMENT: CMD 'state 1'
                          Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client disconnected
                          Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                          Jan 11 08:25:14 openvpn 57875 MANAGEMENT: CMD 'state 1'
                          Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client disconnected
                          Jan 11 08:25:17 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                          Jan 11 08:25:17 openvpn 57875 MANAGEMENT: CMD 'state 1'
                          Jan 11 08:25:17 openvpn 57875 MANAGEMENT: Client disconnected
                          Jan 11 08:25:19 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                          Jan 11 08:25:19 openvpn 57875 MANAGEMENT: CMD 'state 1'
                          Jan 11 08:25:19 openvpn 57875 MANAGEMENT: Client disconnected
                          Jan 11 08:26:01 openvpn 57875 [UNDEF] Inactivity timeout (--ping-restart), restarting
                          Jan 11 08:26:01 openvpn 57875 SIGUSR1[soft,ping-restart] received, process restarting
                          Jan 11 08:26:01 openvpn 57875 Restart pause, 10 second(s)
                          Jan 11 08:26:11 openvpn 57875 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
                          Jan 11 08:26:11 openvpn 57875 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
                          Jan 11 08:26:11 openvpn 57875 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.86:1195
                          Jan 11 08:26:11 openvpn 57875 Socket Buffers: R=[42080->42080] S=[57344->57344]
                          Jan 11 08:26:11 openvpn 57875 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
                          Jan 11 08:26:11 openvpn 57875 UDPv4 link remote: [AF_INET]85.203.15.86:1195
                          Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                          Jan 11 08:27:04 openvpn 57875 MANAGEMENT: CMD 'state 1'
                          Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client disconnected
                          Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                          Jan 11 08:27:04 openvpn 57875 MANAGEMENT: CMD 'state 1'
                          Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client disconnected
                          Jan 11 08:27:07 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                          Jan 11 08:27:07 openvpn 57875 MANAGEMENT: CMD 'state 1'
                          Jan 11 08:27:07 openvpn 57875 MANAGEMENT: Client disconnected
                          Jan 11 08:27:09 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                          Jan 11 08:27:09 openvpn 57875 MANAGEMENT: CMD 'state 1'
                          Jan 11 08:27:09 openvpn 57875 MANAGEMENT: Client disconnected
                          Jan 11 08:27:11 openvpn 57875 [UNDEF] Inactivity timeout (--ping-restart), restarting
                          Jan 11 08:27:11 openvpn 57875 SIGUSR1[soft,ping-restart] received, process restarting
                          Jan 11 08:27:11 openvpn 57875 Restart pause, 10 second(s)

                          A 1 Reply Last reply Reply Quote 0
                          • A
                            akkiz @akkiz
                            last edited by akkiz

                            @akkiz express1.jpg
                            Jan 11 08:37:19 openvpn 12072 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
                            Jan 11 08:37:19 openvpn 12072 TUN/TAP device ovpnc3 exists previously, keep at program end
                            Jan 11 08:37:19 openvpn 12072 TUN/TAP device /dev/tun3 opened
                            Jan 11 08:37:19 openvpn 12072 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
                            Jan 11 08:37:19 openvpn 12072 /sbin/ifconfig ovpnc3 10.199.0.146 10.199.0.145 mtu 1500 netmask 255.255.255.255 up
                            Jan 11 08:37:19 openvpn 12072 /usr/local/sbin/ovpn-linkup ovpnc3 1500 1609 10.199.0.146 10.199.0.145 init
                            Jan 11 08:37:22 openvpn 12072 Initialization Sequence Completed
                            Jan 11 08:37:28 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                            Jan 11 08:37:28 openvpn 12072 MANAGEMENT: CMD 'state 1'
                            Jan 11 08:37:28 openvpn 12072 MANAGEMENT: CMD 'status 2'
                            Jan 11 08:37:28 openvpn 12072 MANAGEMENT: Client disconnected
                            Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                            Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'state 1'
                            Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'status 2'
                            Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client disconnected
                            Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                            Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'state 1'
                            Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'status 2'
                            Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client disconnected
                            Jan 11 08:37:44 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                            Jan 11 08:37:44 openvpn 12072 MANAGEMENT: CMD 'state 1'
                            Jan 11 08:37:44 openvpn 12072 MANAGEMENT: CMD 'status 2'
                            Jan 11 08:37:44 openvpn 12072 MANAGEMENT: Client disconnected
                            Jan 11 08:37:48 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                            Jan 11 08:37:48 openvpn 12072 MANAGEMENT: CMD 'state 1'
                            Jan 11 08:37:48 openvpn 12072 MANAGEMENT: CMD 'status 2'
                            Jan 11 08:37:48 openvpn 12072 MANAGEMENT: Client disconnected
                            Jan 11 08:38:49 openvpn 12072 [Server-4256-0a] Inactivity timeout (--ping-restart), restarting
                            Jan 11 08:38:49 openvpn 12072 SIGUSR1[soft,ping-restart] received, process restarting
                            Jan 11 08:38:49 openvpn 12072 Restart pause, 10 second(s)
                            Jan 11 08:38:59 openvpn 12072 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
                            Jan 11 08:38:59 openvpn 12072 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.86:1195
                            Jan 11 08:38:59 openvpn 12072 Socket Buffers: R=[42080->524288] S=[57344->524288]
                            Jan 11 08:38:59 openvpn 12072 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
                            Jan 11 08:38:59 openvpn 12072 UDPv4 link remote: [AF_INET]85.203.15.86:1195
                            Jan 11 08:39:41 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                            Jan 11 08:39:41 openvpn 12072 MANAGEMENT: CMD 'state 1'
                            Jan 11 08:39:41 openvpn 12072 MANAGEMENT: Client disconnected
                            Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                            Jan 11 08:39:48 openvpn 12072 MANAGEMENT: CMD 'state 1'
                            Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client disconnected
                            Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                            Jan 11 08:39:48 openvpn 12072 MANAGEMENT: CMD 'state 1'
                            Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client disconnected
                            Jan 11 08:39:52 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                            Jan 11 08:39:52 openvpn 12072 MANAGEMENT: CMD 'state 1'
                            Jan 11 08:39:52 openvpn 12072 MANAGEMENT: Client disconnected
                            Jan 11 08:39:56 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                            Jan 11 08:39:56 openvpn 12072 MANAGEMENT: CMD 'state 1'
                            Jan 11 08:39:56 openvpn 12072 MANAGEMENT: Client disconnected

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by

                              It looks like it connects OK and then timesout with no data after 1min. There is some data shown though.

                              During that 1 min can you send/receive anything over the tunnel?

                              You are using the same login info from a host client and are able to connect OK? You have the connection log showing the successful connection from there?

                              Steve

                              A 1 Reply Last reply Reply Quote 0
                              • A
                                akkiz @stephenw10
                                last edited by

                                @stephenw10 let me check and get back to u

                                A 1 Reply Last reply Reply Quote 0
                                • A
                                  akkiz @akkiz
                                  last edited by akkiz

                                  @akkiz couldnt see any traffic coming out of OPT1 port (which is assigned ovp3) problem still persist

                                  chpalmerC 1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    Ok are you able to connect to ExpressVPN using that same config from a local client directly?

                                    Can you get the connection logs from that so we can see how it connects?

                                    Steve

                                    A 1 Reply Last reply Reply Quote 0
                                    • chpalmerC
                                      chpalmer @akkiz
                                      last edited by

                                      @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

                                      @akkiz couldnt see any traffic coming out of OPT1 port (which is assigned ovp3) problem still persist

                                      You do not generally need to assign a VPN connection to an interface.. (not sure if this is the case when transferring all traffic to a "VPN service".

                                      Is it possible to remove this "assignment" to test?

                                      Triggering snowflakes one by one..
                                      Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                                      A 1 Reply Last reply Reply Quote 0
                                      • stephenw10S
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        It shouldn't make any difference here but it's easy to test so...

                                        I notice it's setting the send and receive buffers everytime. You might try removing that setting so it just uses the default values.

                                        Connecting but not passing traffic really looks like a compression mismatch though. If you can connect using those settings from a host client instead of pfSense then we will at least have a known set of connection settings.

                                        1 Reply Last reply Reply Quote 0
                                        • A
                                          akkiz @stephenw10
                                          last edited by

                                          @stephenw10 let me set up and see but through their app it works fine for some countries but for some countries it connects but no traffic flows since ISP is blocking or throttling vpn connection hereScreenshot_20200114-075447_ExpressVPN.jpg

                                          1 Reply Last reply Reply Quote 0
                                          • A
                                            akkiz @chpalmer
                                            last edited by

                                            @chpalmer it didnt make any difference Screenshot_20200114-075817_Chrome.jpg

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.