OpenVPN won't accept connections after WAN disconnects



  • Hello,

    I've started having weird issue – any time when my internet connection drops (cable modem power cycles, or ISP doing some work), my OpenVPN servers will continue to work, but won't accept connections. The only way to fix this is to login via ssh, kill running openvpn servers and then start them from the openvpn services menu.

    Is there a way to automate this, so I don't have to loose connectivity from outside? Why pfSense doesn't handle this automatically -- kill OpenVPN when WAN connection goes down and re-start it when it back up? (I think it's started around 2.2.x). Note, that my WAN connection uses DHCP and cable modem, when it's unable to connect to upstream might give IP address to DHCP in 192.168.100.x range.

    Thanks



  • I'm way over my head replying to this but aren't there checkboxes in the GUI that ask something about "if machine isn't always connected to the internet" and "if machine's IP address changes"?



  • I'm way over my head replying to this but aren't there checkboxes in the GUI that ask something about "if machine isn't always connected to the internet" and "if machine's IP address changes"?

    there – where? In OpenVPN server setup?



  • Sorry. Yes. You are way ahead of me… I can't even figure out how to connect pfSense as client to my OpenVPN server... but in the VPN >> OpenVPN (clients section, +Add) there is a field that is "Server Hostname Resolution" (2.2.2-Release x64) and then in the VPN >> OpenVPN (servers section) at the bottom, under "Client settings" there is a checkbox for "Dynamic IP" "Allow connected clients to retain their connections if their IP address changes".

    Vague but hope it helps or points you in a direction that solves your problem.



  • @pf2.0nyc nope, that's completely different thing – it's if client's IP changes. I have server IP connectivity issue causing openvpn not properly restart.



  • This is some really strange behavior, but you can try to somewhat mitigate it:
    move your VPN server to Localhost interface (bind to localhost) and NAT needed port from WAN interface.


Log in to reply