losing OpenVPN connection every 20 - 120 seconds

akkiz

@bcruze I tried 6 servers they behaved similar shall I post results from a german or a uk server

akkiz

@akkiz said in losing OpenVPN connection every 20 - 120 seconds:

@bcruze I tried 6 servers they behaved similar shall I post results from a german or a uk server

german server same disconects see logs
Jan 11 08:23:51 openvpn 57875 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 11 08:23:51 openvpn 57875 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.86:1195
Jan 11 08:23:51 openvpn 57875 Socket Buffers: R=[42080->42080] S=[57344->57344]
Jan 11 08:23:51 openvpn 57875 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
Jan 11 08:23:51 openvpn 57875 UDPv4 link remote: [AF_INET]85.203.15.86:1195
Jan 11 08:24:51 openvpn 57875 [UNDEF] Inactivity timeout (--ping-restart), restarting
Jan 11 08:24:51 openvpn 57875 SIGUSR1[soft,ping-restart] received, process restarting
Jan 11 08:24:51 openvpn 57875 Restart pause, 10 second(s)
Jan 11 08:25:01 openvpn 57875 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 11 08:25:01 openvpn 57875 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 11 08:25:01 openvpn 57875 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.85:1195
Jan 11 08:25:01 openvpn 57875 Socket Buffers: R=[42080->42080] S=[57344->57344]
Jan 11 08:25:01 openvpn 57875 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
Jan 11 08:25:01 openvpn 57875 UDPv4 link remote: [AF_INET]85.203.15.85:1195
Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:25:14 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:25:14 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:25:17 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:25:17 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:25:17 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:25:19 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:25:19 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:25:19 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:26:01 openvpn 57875 [UNDEF] Inactivity timeout (--ping-restart), restarting
Jan 11 08:26:01 openvpn 57875 SIGUSR1[soft,ping-restart] received, process restarting
Jan 11 08:26:01 openvpn 57875 Restart pause, 10 second(s)
Jan 11 08:26:11 openvpn 57875 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Jan 11 08:26:11 openvpn 57875 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 11 08:26:11 openvpn 57875 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.86:1195
Jan 11 08:26:11 openvpn 57875 Socket Buffers: R=[42080->42080] S=[57344->57344]
Jan 11 08:26:11 openvpn 57875 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
Jan 11 08:26:11 openvpn 57875 UDPv4 link remote: [AF_INET]85.203.15.86:1195
Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:27:04 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:27:04 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:27:07 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:27:07 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:27:07 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:27:09 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:27:09 openvpn 57875 MANAGEMENT: CMD 'state 1'
Jan 11 08:27:09 openvpn 57875 MANAGEMENT: Client disconnected
Jan 11 08:27:11 openvpn 57875 [UNDEF] Inactivity timeout (--ping-restart), restarting
Jan 11 08:27:11 openvpn 57875 SIGUSR1[soft,ping-restart] received, process restarting
Jan 11 08:27:11 openvpn 57875 Restart pause, 10 second(s)

akkiz

@akkiz
Jan 11 08:37:19 openvpn 12072 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Jan 11 08:37:19 openvpn 12072 TUN/TAP device ovpnc3 exists previously, keep at program end
Jan 11 08:37:19 openvpn 12072 TUN/TAP device /dev/tun3 opened
Jan 11 08:37:19 openvpn 12072 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jan 11 08:37:19 openvpn 12072 /sbin/ifconfig ovpnc3 10.199.0.146 10.199.0.145 mtu 1500 netmask 255.255.255.255 up
Jan 11 08:37:19 openvpn 12072 /usr/local/sbin/ovpn-linkup ovpnc3 1500 1609 10.199.0.146 10.199.0.145 init
Jan 11 08:37:22 openvpn 12072 Initialization Sequence Completed
Jan 11 08:37:28 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:37:28 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:37:28 openvpn 12072 MANAGEMENT: CMD 'status 2'
Jan 11 08:37:28 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'status 2'
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'status 2'
Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:37:44 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:37:44 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:37:44 openvpn 12072 MANAGEMENT: CMD 'status 2'
Jan 11 08:37:44 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:37:48 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:37:48 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:37:48 openvpn 12072 MANAGEMENT: CMD 'status 2'
Jan 11 08:37:48 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:38:49 openvpn 12072 [Server-4256-0a] Inactivity timeout (--ping-restart), restarting
Jan 11 08:38:49 openvpn 12072 SIGUSR1[soft,ping-restart] received, process restarting
Jan 11 08:38:49 openvpn 12072 Restart pause, 10 second(s)
Jan 11 08:38:59 openvpn 12072 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan 11 08:38:59 openvpn 12072 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.86:1195
Jan 11 08:38:59 openvpn 12072 Socket Buffers: R=[42080->524288] S=[57344->524288]
Jan 11 08:38:59 openvpn 12072 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
Jan 11 08:38:59 openvpn 12072 UDPv4 link remote: [AF_INET]85.203.15.86:1195
Jan 11 08:39:41 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:39:41 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:39:41 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:39:48 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:39:48 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:39:52 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:39:52 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:39:52 openvpn 12072 MANAGEMENT: Client disconnected
Jan 11 08:39:56 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
Jan 11 08:39:56 openvpn 12072 MANAGEMENT: CMD 'state 1'
Jan 11 08:39:56 openvpn 12072 MANAGEMENT: Client disconnected

stephenw10

It looks like it connects OK and then timesout with no data after 1min. There is some data shown though.

During that 1 min can you send/receive anything over the tunnel?

You are using the same login info from a host client and are able to connect OK? You have the connection log showing the successful connection from there?

Steve

akkiz

@stephenw10 let me check and get back to u

akkiz

@akkiz couldnt see any traffic coming out of OPT1 port (which is assigned ovp3) problem still persist

stephenw10

Ok are you able to connect to ExpressVPN using that same config from a local client directly?

Can you get the connection logs from that so we can see how it connects?

Steve

chpalmer

@akkiz said in losing OpenVPN connection every 20 - 120 seconds:

@akkiz couldnt see any traffic coming out of OPT1 port (which is assigned ovp3) problem still persist

You do not generally need to assign a VPN connection to an interface.. (not sure if this is the case when transferring all traffic to a "VPN service".

Is it possible to remove this "assignment" to test?

stephenw10

It shouldn't make any difference here but it's easy to test so...

I notice it's setting the send and receive buffers everytime. You might try removing that setting so it just uses the default values.

Connecting but not passing traffic really looks like a compression mismatch though. If you can connect using those settings from a host client instead of pfSense then we will at least have a known set of connection settings.

akkiz

@stephenw10 let me set up and see but through their app it works fine for some countries but for some countries it connects but no traffic flows since ISP is blocking or throttling vpn connection here

akkiz

@chpalmer it didnt make any difference

stephenw10

Ok so no connection logs from a phone app, you're going to need to connect from a PC to get that I think.

However the fact it connects and doesn't pass traffic to some servers seems exactly like what you're seeing in pfSense. It could just be your ISP blocking the traffic.

Steve

akkiz

@stephenw10 yes i just came to know here they are blocking open vpn protocol but ipsec is open but i cant find any write up for it do u know how to configure ipsec in pf sense

akkiz

@akkiz because i tried open vpn on my work pc it connects fine but no internet flows so i think my isp blocks open vpn from ipsec works fine here

akkiz

@stephenw10 through phone app it works fine since it had all 3 protocols see attached pic

bcruze

to be clear.

its not working using their equipment + pfsense and openvpn

but its working over wireless using the same equipment using the app + openvpn?

stephenw10

That looks like a Windows application. Are there logs there showing how it is connecting?

You might try using their TCP setting instead, if you know what those are.

IPSec is far more likely to be blocked, on the standard ports at least.

Steve

akkiz

@bcruze express vpn app works fine in android and in windows laptop but open vpn does not work in pf sense or in windows ,but ipsec is working in windows

akkiz

@stephenw10 my goal is to create 2 wireless access point one regular internet one vpn internet,so i can switch between the 2 networks

akkiz

the internet speed is nearly same as before vpn