losing OpenVPN connection every 20 - 120 seconds

bcruze

try omit preference + disable lzo compression

akkiz

@bcruze ok but it creates compression stub message see the log didnt help

akkiz

@akkiz said in losing OpenVPN connection every 20 - 120 seconds:

Jan 10 21:57:24 openvpn 88382 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jan 10 21:57:24 openvpn 88382 /sbin/ifconfig ovpnc2 10.136.0.54 10.136.0.53 mtu 1500 netmask 255.255.255.255 up
Jan 10 21:57:24 openvpn 88382 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.136.0.54 10.136.0.53 init
Jan 10 21:57:24 openvpn 88382 Initialization Sequence Completed
Jan 10 21:57:33 openvpn 88382 Bad compression stub decompression header byte: 0
Jan 10 21:57:43 openvpn 88382 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
Jan 10 21:57:43 openvpn 88382 MANAGEMENT: CMD 'state 1'
Jan 10 21:57:43 openvpn 88382 MANAGEMENT: CMD 'status 2'
Jan 10 21:57:43 openvpn 88382 MANAGEMENT: Client disconnected

akkiz

@akkiz I really am happy to see such a active helpful community here willing to help thanks guys!!!!
Hope one of you guys will crack my issue....

Derelict

What does ExpressVPN say the compression should be set to?

bcruze

Well my post is flagged as spam if I post the express pfsense tutorial link

Adaptive lzo... so it’s almost like there is something wrong with the particular server he is using

I don’t have an account with express to see what will work..

akkiz

@Derelict adaptive lzo

akkiz

@bcruze I tried 6 servers they behaved similar shall I post results from a german or a uk server

akkiz

@akkiz said in losing OpenVPN connection every 20 - 120 seconds:

@bcruze I tried 6 servers they behaved similar shall I post results from a german or a uk server

german server same disconects see logs
Jan 11 08:23:51 openvpn 57875 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 11 08:23:51 openvpn 57875 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.86:1195
Jan 11 08:23:51 openvpn 57875 Socket Buffers: R=[42080->42080] S=[57344->57344]
Jan 11 08:23:51 openvpn 57875 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
Jan 11 08:23:51 openvpn 57875 UDPv4 link remote: [AF_INET]85.203.15.86:1195
Jan 11 08:24:51 openvpn 57875 [UNDEF] Inactivity timeout (--ping-restart), restarting
Jan 11 08:24:51 openvpn 57875 SIGUSR1[soft,ping-restart] received, process restarting
Jan 11 08:24:51 openvpn 57875 Restart pause, 10 second(s)
Jan 11 08:25:01 openvpn 57875 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 11 08:25:01 openvpn 57875 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 11 08:25:01 openvpn 57875 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.85:1195
Jan 11 08:25:01 openvpn 57875 Socket Buffers: R=[42080->42080] S=[57344->57344]
Jan 11 08:25:01 openvpn 57875 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
Jan 11 08:25:01 openvpn 57875 UDPv4 link remote: [AF_INET]85.203.15.85:1195
Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:25:14 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:25:14 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:25:17 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:25:17 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:25:17 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:25:19 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:25:19 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:25:19 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:26:01 openvpn 57875 [UNDEF] Inactivity timeout (--ping-restart), restarting
Jan 11 08:26:01 openvpn 57875 SIGUSR1[soft,ping-restart] received, process restarting
Jan 11 08:26:01 openvpn 57875 Restart pause, 10 second(s)
Jan 11 08:26:11 openvpn 57875 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 11 08:26:11 openvpn 57875 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 11 08:26:11 openvpn 57875 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.86:1195
Jan 11 08:26:11 openvpn 57875 Socket Buffers: R=[42080->42080] S=[57344->57344]
Jan 11 08:26:11 openvpn 57875 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
Jan 11 08:26:11 openvpn 57875 UDPv4 link remote: [AF_INET]85.203.15.86:1195
Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:27:04 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:27:04 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:27:07 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:27:07 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:27:07 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:27:09 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:27:09 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:27:09 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:27:11 openvpn 57875 [UNDEF] Inactivity timeout (--ping-restart), restarting
Jan 11 08:27:11 openvpn 57875 SIGUSR1[soft,ping-restart] received, process restarting
Jan 11 08:27:11 openvpn 57875 Restart pause, 10 second(s)

akkiz

@akkiz
Jan 11 08:37:19 openvpn 12072 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Jan 11 08:37:19 openvpn 12072 TUN/TAP device ovpnc3 exists previously, keep at program end
Jan 11 08:37:19 openvpn 12072 TUN/TAP device /dev/tun3 opened
Jan 11 08:37:19 openvpn 12072 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jan 11 08:37:19 openvpn 12072 /sbin/ifconfig ovpnc3 10.199.0.146 10.199.0.145 mtu 1500 netmask 255.255.255.255 up
Jan 11 08:37:19 openvpn 12072 /usr/local/sbin/ovpn-linkup ovpnc3 1500 1609 10.199.0.146 10.199.0.145 init
Jan 11 08:37:22 openvpn 12072 Initialization Sequence Completed
Jan 11 08:37:28 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:37:28 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:37:28 openvpn 12072 MANAGEMENT: CMD 'status 2'
Jan 11 08:37:28 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'status 2'
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'status 2'
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:37:44 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:37:44 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:37:44 openvpn 12072 MANAGEMENT: CMD 'status 2'
Jan 11 08:37:44 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:37:48 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:37:48 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:37:48 openvpn 12072 MANAGEMENT: CMD 'status 2'
Jan 11 08:37:48 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:38:49 openvpn 12072 [Server-4256-0a] Inactivity timeout (--ping-restart), restarting
Jan 11 08:38:49 openvpn 12072 SIGUSR1[soft,ping-restart] received, process restarting
Jan 11 08:38:49 openvpn 12072 Restart pause, 10 second(s)
Jan 11 08:38:59 openvpn 12072 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 11 08:38:59 openvpn 12072 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.86:1195
Jan 11 08:38:59 openvpn 12072 Socket Buffers: R=[42080->524288] S=[57344->524288]
Jan 11 08:38:59 openvpn 12072 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
Jan 11 08:38:59 openvpn 12072 UDPv4 link remote: [AF_INET]85.203.15.86:1195
Jan 11 08:39:41 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:39:41 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:39:41 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:39:48 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:39:48 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:39:52 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:39:52 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:39:52 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:39:56 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:39:56 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:39:56 openvpn 12072 MANAGEMENT: Client disconnected

stephenw10

It looks like it connects OK and then timesout with no data after 1min. There is some data shown though.

During that 1 min can you send/receive anything over the tunnel?

You are using the same login info from a host client and are able to connect OK? You have the connection log showing the successful connection from there?

Steve

akkiz

@stephenw10 let me check and get back to u

akkiz

@akkiz couldnt see any traffic coming out of OPT1 port (which is assigned ovp3) problem still persist

stephenw10

Ok are you able to connect to ExpressVPN using that same config from a local client directly?

Can you get the connection logs from that so we can see how it connects?

Steve

chpalmer

@akkiz said in losing OpenVPN connection every 20 - 120 seconds:

@akkiz couldnt see any traffic coming out of OPT1 port (which is assigned ovp3) problem still persist

You do not generally need to assign a VPN connection to an interface.. (not sure if this is the case when transferring all traffic to a "VPN service".

Is it possible to remove this "assignment" to test?

stephenw10

It shouldn't make any difference here but it's easy to test so...

I notice it's setting the send and receive buffers everytime. You might try removing that setting so it just uses the default values.

Connecting but not passing traffic really looks like a compression mismatch though. If you can connect using those settings from a host client instead of pfSense then we will at least have a known set of connection settings.

akkiz

@stephenw10 let me set up and see but through their app it works fine for some countries but for some countries it connects but no traffic flows since ISP is blocking or throttling vpn connection here

akkiz

@chpalmer it didnt make any difference

stephenw10

Ok so no connection logs from a phone app, you're going to need to connect from a PC to get that I think.

However the fact it connects and doesn't pass traffic to some servers seems exactly like what you're seeing in pfSense. It could just be your ISP blocking the traffic.

Steve

akkiz

@stephenw10 yes i just came to know here they are blocking open vpn protocol but ipsec is open but i cant find any write up for it do u know how to configure ipsec in pf sense