Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Restarting OpenVPN interrupts non-VPN traffic

    Scheduled Pinned Locked Moved OpenVPN
    14 Posts 5 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mig
      last edited by

      FWIW I never figured out why OpenVPN restarts interfere with traffic over other interfaces. I was able to resolve my OpenVPN connectivity problem and when the tunnel is stable (like it should be and like it is in majority of cases), naturally, there is no interference.

      To summarise:

      • I do believe that there is a bug (when OpenVPN starts at least some connections on other interfaces drop) which manifests itself only rarely because properly configured OpenVPN does not do "yo-yo" restarts.
      • It appears impossible to disable 60-second "ping-restart" which is not good when one needs to debug an OpenVPN connectivity problems.
      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Impossible?

        Screen Shot 2020-03-14 at 2.11.15 PM.png

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • M
          mig
          last edited by

          Thanks but I cannot find "Ping settings" anywhere in the menus. Please tell me where it is.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            OpenVPN Server.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • M
              mig
              last edited by

              I only run the client and I have no control of the server - it's a commercial VPN provider.

              To clarify the problem - is it possible to avoid pfSense's OpenVPN client from automatically reconnecting when there is no ping reply? It makes debugging a connection nearly impossible (one typically only has <60 seconds before the client drops the connection and attempts to reconnect).

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by Derelict

                Then in the client, but the server will still have its own ping/keepalive times.

                They are generally necessary. If it dies for a minute you want to reestablish the connection anyway.

                If you rebuilt with the old config it will be working the same way and any difference can be attributed to something else, perhaps misperception or misblame, but not that.

                Everything there is to know is here:

                https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage

                See Also: ping, ping-restart, and the keepalive helper to manage them both.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • RicoR
                  Rico LAYER 8 Rebel Alliance
                  last edited by

                  "Ping settings" are available in both, Open VPN Server and Client, but in 2.4.5-RC not 2.4.4-RELEASE-p3.

                  -Rico

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    Ah. You'll have to use the keywords in advanced options in 2.4.4-p3 I guess. Thanks. Still not "impossible."

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • M
                      mig
                      last edited by

                      @mig said in Restarting OpenVPN interrupts non-VPN traffic:

                      I tried to add ping-restart 0 to OpenVPN-Clients-"Advanced configuration"-"Custom options" but it doesn't suppress ping-restarts

                      1 Reply Last reply Reply Quote 0
                      • W
                        Www.pelispedia.cloud Banned @mig
                        last edited by

                        This post is deleted!
                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.