Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Client VPN is closing its connection randomly

    Scheduled Pinned Locked Moved OpenVPN
    35 Posts 3 Posters 9.1k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mcury Rebel Alliance @jonny.b74
      last edited by

      @jonny-b74 said in Client VPN is closing its connection randomly:

      running a ping in the background now.. will test and report

      In theory, with the ping happening, the connection won't ping-exit anymore

      https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/

      –inactive n [bytes]
      Causes OpenVPN to exit after n seconds of inactivity on the TUN/TAP device. The time length of inactivity is measured since the last incoming or outgoing tunnel packet. The default value is 0 seconds, which disables this feature.If the optional bytes parameter is included, exit if less than bytes of combined in/out traffic are produced on the tun/tap device in n seconds.
      In any case, OpenVPN’s internal ping packets (which are just keepalives) and TLS control packets are not considered “activity”, nor are they counted as traffic, as they are used internally by OpenVPN and are not an indication of actual user activity.
      
      –ping n
      Ping remote over the TCP/UDP control channel if no packets have been sent for at least n seconds (specify –ping on both peers to cause ping packets to be sent in both directions since OpenVPN ping packets are not echoed like IP ping packets). When used in one of OpenVPN’s secure modes (where –secret, –tls-server, or –tls-client is specified), the ping packet will be cryptographically secure.This option has two intended uses:
      (1) Compatibility with stateful firewalls. The periodic ping will ensure that a stateful firewall rule which allows OpenVPN UDP packets to pass will not time out.
      
      (2) To provide a basis for the remote to test the existence of its peer using the –ping-exit option.
      
      –ping-exit n
      Causes OpenVPN to exit after n seconds pass without reception of a ping or other packet from remote. This option can be combined with –inactive, –ping, and –ping-exit to create a two-tiered inactivity disconnect.For example,
      openvpn [options…] –inactive 3600 –ping 10 –ping-exit 60
      
      when used on both peers will cause OpenVPN to exit within 60 seconds if its peer disconnects, but will exit after one hour if no actual tunnel data is exchanged.
      

      dead on arrival, nowhere to be found.

      J 1 Reply Last reply Reply Quote 0
      • J Offline
        jonny.b74 @mcury
        last edited by

        @mcury
        here is my states table (1st line is 8.8.8.8 monitor ip, second line is my ping running)
        14067598-57b8-4266-944d-b5887a1f84ba-image.png

        connection is solid so far, let me stop the other 2nd line ping in the background

        thanks for the link , I did read that man page, so what do i do to keep ping alive or why does the monitor ip ping not keep alive?

        M 1 Reply Last reply Reply Quote 0
        • M Offline
          mcury Rebel Alliance @jonny.b74
          last edited by mcury

          @jonny-b74 said in Client VPN is closing its connection randomly:

          here is my states table (1st line is 8.8.8.8 monitor ip, second line is my ping running)

          If Google is blocking pings from your VPN IP, I would change the VPN monitor IP, choose one that replies back.

          thanks for the link , I did read that man page, so what do i do to keep ping alive or why does the monitor ip ping not keep alive?

          Change your VPN monitor IP as per my comment above.
          I suppose that the ping 5 setting needs an openvpn interface in pfsense, to source that ping.. I see that you created one, lets see how it goes.

          dead on arrival, nowhere to be found.

          J 1 Reply Last reply Reply Quote 0
          • J Offline
            jonny.b74 @mcury
            last edited by

            @mcury

            Just to clarify , in my states image above it shows monitor ip icmp working, is that using my WAN interface to monitor the VPN? and hence it is not blocked

            not sure how to source a ping on the openvpn Interface and would you recommend that to run infinitely?

            i have tried a few monitor ip's 1.1.1.1 etc did not help keep connection alive

            M 1 Reply Last reply Reply Quote 0
            • J Offline
              jonny.b74
              last edited by jonny.b74

              do i need any firewall rules on my openvpn interface ?
              edit: did not make any difference adding any rules
              75bd8f29-b5ea-4229-9ba6-d699e1b81346-image.png

              I am using a vlans interface with gateway keepsolid_v4 and has allow all
              My computer is connected to the vlan and can surf the openvpn for that 10 mins

              1 Reply Last reply Reply Quote 0
              • M Offline
                mcury Rebel Alliance @jonny.b74
                last edited by

                @jonny-b74 Your image is showing interface KEEPSOLID_US as the source, so how you have replies from 8.8.8.8 and the ping you tried earlier didn't work?

                I would confirm if 8.8.8.8 is reachable through the VPN by pinging it directly, you can use a computer that is set to go out through the VPN, so you wouldn't need to choose any source interface in pfsense..
                Just make sure that the computer is indeed being routed through the VPN..

                dead on arrival, nowhere to be found.

                J 1 Reply Last reply Reply Quote 0
                • J Offline
                  jonny.b74 @mcury
                  last edited by jonny.b74

                  @mcury said in Client VPN is closing its connection randomly:

                  @jonny-b74 Your image is showing interface KEEPSOLID_US as the source, so how you have replies from 8.8.8.8 and the ping you tried earlier didn't work?

                  I would confirm if 8.8.8.8 is reachable through the VPN by pinging it directly, you can use a computer that is set to go out through the VPN, so you wouldn't need to choose any source interface in pfsense..

                  8.8.8.8 is not reachable from my computer via the vpn ... apologies it just did

                  Just make sure that the computer is indeed being routed through the VPN..

                  M 1 Reply Last reply Reply Quote 0
                  • M Offline
                    mcury Rebel Alliance @jonny.b74
                    last edited by mcury

                    @jonny-b74 said in Client VPN is closing its connection randomly:

                    8.8.8.8 is not reachable from my computer via the vpn ... apologies it just did

                    If the ping is working , OK, but note that Google drops some ICMP packets, at least they used to drop.

                    Based on your ping/ping-exit config, if no packets sent/received for at least 5 seconds, one ping would be sent, and if this ping is not replied by remote 6 times in a roll (5 x 6 = 30), a ping-exit will happen..

                    So, keep using the computer for at least 30 minutes, just use the VPN, to confirm if it will drop..
                    Then report back

                    You can leave a ping running to 8.8.8.8 from this computer, check if you have drops..

                    dead on arrival, nowhere to be found.

                    J 1 Reply Last reply Reply Quote 0
                    • J Offline
                      jonny.b74 @mcury
                      last edited by

                      @mcury

                      vpn just dropped aroung 20 mins total time
                      Feb 15 20:02:49 openvpn 35548 SIGTERM[soft,ping-exit] received, process exiting

                      I was running ping 8.8.8.8 in the background

                      M 1 Reply Last reply Reply Quote 0
                      • M Offline
                        mcury Rebel Alliance @jonny.b74
                        last edited by mcury

                        hm, that is really strange, ping,soft-exit, received..

                        It seems that they are dropping you, and it's not your side (pfsense), that is dropping the connection..

                        Are you sure that you have the most up to date ovpn file? Try to check if they have a newer version.. Do they have a guide to connect pfsense or any other client to their servers?
                        Somehow they are saying that you are not using the tunnel, so they drop the connection for inactivity..

                        do i need any firewall rules on my openvpn interface ?

                        No, delete any rule from the openvpn interface, that would disrupt the reply-to to work.
                        Leave only the rules in the KEEPSOLID interface you created..

                        dead on arrival, nowhere to be found.

                        J 1 Reply Last reply Reply Quote 0
                        • J Offline
                          jonny.b74 @mcury
                          last edited by

                          @mcury

                          They said they are not dropping me, i cannot be sure of that statement from them

                          Yes it generates the config.ovpn file with a cert and key only for me everytime using their guide

                          I have tried many of their servers various us, japan does not hold for more that 10-30 mins

                          Their other protocols "L2TP" in pfsense work

                          Works in windows openvpn client software with no changes direct import.

                          Not sure why in pfsense Openvpn it drops for this provider, other provider i tested with works OOB

                          M 1 Reply Last reply Reply Quote 0
                          • M Offline
                            mcury Rebel Alliance @jonny.b74
                            last edited by mcury

                            @jonny-b74 Well, unfortunately I don't know either..

                            If it works in Windows, and not in pfsense, maybe there is a difference in the openvpn version, or maybe you are not importing all the .opvn settings to pfsense..

                            I would edit the .opvn file in Windows, and try to configure exactly as it is in the pfsense, are you using the custom options in pfsense?

                            Edit: You can set a higher debug level in the openvpn configuration to see more details about the problem

                            dead on arrival, nowhere to be found.

                            J 1 Reply Last reply Reply Quote 0
                            • J Offline
                              jonny.b74 @mcury
                              last edited by jonny.b74

                              @mcury said in Client VPN is closing its connection randomly:

                              @jonny-b74 Well, unfortunately I don't know either..

                              If it works in Windows, and not in pfsense, maybe there is a difference in the openvpn version, or maybe you are not importing all the .opvn settings to pfsense..

                              I would edit the .opvn file in Windows, and try to configure exactly as it is in the pfsense, are you using the custom options in pfsense?

                              I am using the settings from their config file and many combinations as such,
                              I have edited the config.ovpn in pfsense directly and pasted the entire config file in there run the openvpn daemon manually in shell

                              here are their settings

                              reneg-sec 0
                              persist-tun
                              persist-key
                              ping 5
                              ping-exit 30
                              comp-lzo no
                              remote-random
                              remote-cert-tls server
                              auth-nocache
                              route-metric 1
                              cipher AES-256-CBC
                              auth sha512

                              Edit: tired with debug level 11 in openvpn pfsense not more details only the extra around the close time was was the SSL alert (write): warning: close notify

                              M 1 Reply Last reply Reply Quote 0
                              • J Offline
                                jonny.b74
                                last edited by jonny.b74

                                Interfaces
                                c17f5eec-bcc7-44bc-8228-4a37e735fcaf-image.png

                                Firewalls
                                3832f71d-3ee7-4334-8c18-fb5e4bf77cdd-image.png

                                4ab97cf9-7d0d-47b3-a21c-5b580c631e02-image.png

                                NAT
                                85f8069d-73af-40f8-a06f-674f9415ea4f-image.png

                                M 1 Reply Last reply Reply Quote 0
                                • M Offline
                                  mcury Rebel Alliance @jonny.b74
                                  last edited by mcury

                                  @jonny-b74 said in Client VPN is closing its connection randomly:

                                  I am using the settings from their config file and many combinations as such,
                                  I have edited the config.ovpn in pfsense directly and pasted the entire config file in there run the openvpn daemon manually in shell

                                  I'm not sure if this is the way to go, in the past, I used PIA and Protonvpn, and at that time there was a guide to pfsense in their site which I followed and never faced any problems..
                                  The guide was all inside the pfsense GUI, no need to replace .opvn files in the pfsense..

                                  SSL alert (write): warning: close notify

                                  I just read a little about this error but so far I can't reach any conclusion about it, not even sure if this is really an error..

                                  dead on arrival, nowhere to be found.

                                  J 1 Reply Last reply Reply Quote 0
                                  • M Offline
                                    mcury Rebel Alliance @jonny.b74
                                    last edited by

                                    @jonny-b74 Regarding your firewall rules, NAT and interface images, can't see any problems there.
                                    If you had a problem there, it wouldn't work.. You are browsing for 20 minutes, so it's not the NAT, rules and the interface..

                                    1 - I would ask them a guide to pfsense, or the logs of your connection dropping..
                                    2 - I would try to configure everything through the GUI, using the options available, and the rest I would use the custom options field.

                                    This is all I can think at this moment.. Already started to drink a beer here hehehe

                                    dead on arrival, nowhere to be found.

                                    M J 2 Replies Last reply Reply Quote 0
                                    • J Offline
                                      jonny.b74 @mcury
                                      last edited by

                                      @mcury said in Client VPN is closing its connection randomly:

                                      @jonny-b74 said in Client VPN is closing its connection randomly:

                                      I am using the settings from their config file and many combinations as such,
                                      I have edited the config.ovpn in pfsense directly and pasted the entire config file in there run the openvpn daemon manually in shell

                                      I'm not sure if this is the way to go, in the past, I used PIA and Protonvpn, and at that time there was a guide to pfsense in their site which I followed and never faced any problems..
                                      The guide was all inside the pfsense GUI, no need to replace .opvn files in the pfsense..

                                      I did this only to test their entire config file to make sure the gui was not adding/excluding anything,
                                      windscribe, proton works for me too, unfortunately i put money down towards vpnunlimited/keepsolid

                                      SSL alert (write): warning: close notify

                                      I just read a little about this error but so far I can't reach any conclusion about it, not even sure if this is really an error..

                                      yes that is not conclusive or arrive to the issue

                                      1 Reply Last reply Reply Quote 0
                                      • M Offline
                                        mcury Rebel Alliance @mcury
                                        last edited by

                                        @mcury said in Client VPN is closing its connection randomly:

                                        2 - I would try to configure everything through the GUI, using the options available, and the rest I would use the custom options field.

                                        I'm saying this because usually pfsense overwrites everything you change through the CLI with the GUI configuration.

                                        But I don't know if this happens to .ovpn file..

                                        dead on arrival, nowhere to be found.

                                        1 Reply Last reply Reply Quote 0
                                        • J Offline
                                          jonny.b74 @mcury
                                          last edited by jonny.b74

                                          @mcury said in Client VPN is closing its connection randomly:

                                          @jonny-b74 Regarding your firewall rules, NAT and interface images, can't see any problems there.
                                          If you had a problem there, it wouldn't work.. You are browsing for 20 minutes, so it's not the NAT, rules and the interface..

                                          1 - I would ask them a guide to pfsense, or the logs of your connection dropping..
                                          2 - I would try to configure everything through the GUI, using the options available, and the rest I would use the custom options field.

                                          They are not willing to work with me, saying nothing they can do from their side and to use other software

                                          This is all I can think at this moment.. Already started to drink a beer here hehehe

                                          I must say thank you v. much for this so far, it makes me revisit and confirm on things
                                          Cheers and enjoy your evening, will hopefully reach out tomorow :-)

                                          M 1 Reply Last reply Reply Quote 1
                                          • M Offline
                                            mcury Rebel Alliance @jonny.b74
                                            last edited by

                                            @jonny-b74 =) Cheers

                                            dead on arrival, nowhere to be found.

                                            B 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.