Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Wierd OpenVPN client behaviour causing disconnections

    Scheduled Pinned Locked Moved OpenVPN
    14 Posts 4 Posters 1.5k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      techtester-m @Pippin
      last edited by

      @Pippin Thank you, I set up a maximum, but could you please answer the other questions?

      Why is this happening? who's fault is it? etc...

      1 Reply Last reply Reply Quote 0
      • GrimetonG Offline
        Grimeton
        last edited by

        Is the remote a road warrior whose IP-address changes? OpenVPN can handle changing addresses when enabled, if not enabled it just times out.
        But more info is needed...

        T 1 Reply Last reply Reply Quote 0
        • A Offline
          aminosama
          last edited by aminosama

          I Have Problem With NordVpn, When I Try to Surf Online Shopping Mart , Its Not Accessible while other Websites Is Accessible such as Google And Youtube, May be due to same proxy or tunnel, Any One have Solution of why not accessible specific domain on Nord VPN.

          1 Reply Last reply Reply Quote 0
          • T Offline
            techtester-m @Grimeton
            last edited by techtester-m

            @Grimeton The remote server never changes its own IP, but can dynamically change the IP of its clients - in this case my pfSense router. If I understood you correctly and this is what you meant than how do I enable that handling of IP changes?

            EDIT: Just chatted with NordVPN's support team. They say that the problem is not on my end (pfSense router) and it's probably because UDP problems. They assume my ISP blocks UDP or something. So I asked them why does it happen only few times a day and they answered "because that's the way it is" ahhh Go figure....Sometimes they really useful and sometimes just giving me a headache. Anyway...if it's really not on my end than I don't care and I'll live with it because TCP if SLOW AF!!!

            If anyone has a different idea than NordVPN's support team, by all means go ahead.

            Thank you,

            1 Reply Last reply Reply Quote 0
            • GrimetonG Offline
              Grimeton
              last edited by

              Hi,

              when you use UDP as the outer connection protocol of the VPN, then the VPN-Server can accept a changed client IP (OUTER) without killing the VPN connection. Obviously this is only possible via UDP.

              From the OpenVPN manual:

              –float
              Allow remote peer to change its IP address and/or port number, such as due to DHCP (this is the default if –remote is not used). –float when specified with –remote allows an OpenVPN session to initially connect to a peer at a known address, however if packets arrive from a new address and pass all authentication tests, the new address will take control of the session. This is useful when you are connecting to a peer which holds a dynamic address such as a dial-in user or DHCP client.Essentially, –float tells OpenVPN to accept authenticated packets from any address, not only the address which was specified in the –remote option.

              This has nothing to do with the stuff inside the connection/VPN only with the outer connection itself.

              Cu

              T 1 Reply Last reply Reply Quote 0
              • T Offline
                techtester-m @Grimeton
                last edited by

                @Grimeton So you're saying it has nothing to do with my pfSense router. It's on the server's end?

                GrimetonG 1 Reply Last reply Reply Quote 0
                • GrimetonG Offline
                  Grimeton @techtester-m
                  last edited by

                  @techtester-m you wrote:

                  The remote server never changes its own IP, but can dynamically change the IP of its clients - in this case my pfSense router.

                  So I clarified what I meant by that. I doubt the server is able to dynamically change your public IP-address.

                  T 1 Reply Last reply Reply Quote 0
                  • T Offline
                    techtester-m @Grimeton
                    last edited by techtester-m

                    @Grimeton Ohhh lol...of course not! I meant the virtual IP of the VPN client, for inner VPN purposes - 10.x.x.x etc.

                    EDIT: So...nobody knows why the disconnections?

                    GrimetonG 1 Reply Last reply Reply Quote 0
                    • GrimetonG Offline
                      Grimeton @techtester-m
                      last edited by

                      @techtester-m

                      Just as a tip on the side: When looking into connection issues and monitoring traffic via tools like tcpdump, ngrep or wireshark, always include ICMP packets and check the messages sent, because they usually contain a hint wtf is going on. Especially when it comes to UDP where you don't have RST or anything else.

                      T 1 Reply Last reply Reply Quote 1
                      • T Offline
                        techtester-m @Grimeton
                        last edited by

                        @Grimeton So...nobody knows why the disconnections?

                        1 Reply Last reply Reply Quote 0
                        • GrimetonG Offline
                          Grimeton
                          last edited by

                          There aren't a lot of reasons here:

                          • Networking issues, followed by an ICMP package containing proto or port unreachable.
                          • Networking issues causing OpenVPNs internal timer to timeout and disconnect/reconnect.

                          Whatever it is, it's up to you to figure it out and when the disconnect comes from the other side, then you'd need the logs from there. No logs, no cookies.

                          I doubt your ISP is just randomly blocking UDP packets, unless they think it's some kind of flooding or something, then you should talk to them and make clear that it is not.

                          Cu

                          T 1 Reply Last reply Reply Quote 1
                          • T Offline
                            techtester-m @Grimeton
                            last edited by techtester-m

                            @Grimeton said in Wierd OpenVPN client behaviour causing disconnections:

                            Networking issues, followed by an ICMP package containing proto or port unreachable.

                            ICMP package coming from me out to the server or vice versa?

                            @Grimeton said in Wierd OpenVPN client behaviour causing disconnections:

                            Networking issues causing OpenVPNs internal timer to timeout and disconnect/reconnect.

                            What should I do in such case?

                            EDIT: I've noticed that it usually happens when one of the VPNs in the VPN group (of 2) is going down (for maintenance or whatever) and because both/all of them are marked as Tier1 it may cause such reconnection attempts...on the other hand that's why we have VPN groups and Tier priority LOL

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.