Disconnects every 30min on the dot



  • Can someone tell me why OpenVPN client disconnects me every 30min, and how do I make it stop? I want it to stay connected indefinitely. This is a client to site connection on a windows 10 desktop.


  • Rebel Alliance Global Moderator

    Off the top I don't know of anything that would do such a thing.  What is your dhcp lease time your getting for your vpn IP?  Do you have it checked to allow connection if their IP changes?

    I connected into my home vpn from work pretty much every single day, it stays up the whole day..



  • @johnpoz:

    Off the top I don't know of anything that would do such a thing.  What is your dhcp lease time your getting for your vpn IP?  Do you have it checked to allow connection if their IP changes?

    I connected into my home vpn from work pretty much every single day, it stays up the whole day..

    "Allow connected clients to retain their connections if their IP address changes." is checked

    Not sure where the DHCP lease time for tunnel addresses would be. I know the endpoint ip lease time is the same as everything else on my network, default 86400.


  • Rebel Alliance Global Moderator

    What is in the server log or client log?

    Can you post up your configs..  You might need to up the verb on your logging..

    you can find it in /var/etc/openvpn/ you should see like server1.conf depending on how many instances of opevpn you have setup.

    There should be a
    keepalive 10 60

    what does your topology look like
    topology subnet

    So you have anything in there about
    reneg-sec



  • @johnpoz:

    What is in the server log or client log?

    Can you post up your configs..  You might need to up the verb on your logging..

    you can find it in /var/etc/openvpn/ you should see like server1.conf depending on how many instances of opevpn you have setup.

    There should be a
    keepalive 10 60

    what does your topology look like
    topology subnet

    So you have anything in there about
    reneg-sec

    dev ovpns9
    verb 1
    dev-type tun
    dev-node /dev/tun9
    writepid /var/run/openvpn_server9.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto tcp-server
    cipher AES-256-OFB
    auth RSA-SHA512
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    client-connect /usr/local/sbin/openvpn.attributes.sh
    client-disconnect /usr/local/sbin/openvpn.attributes.sh
    local my.ip.address.yall
    engine cryptodev
    tls-server
    server 10.0.16.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc/server9
    username-as-common-name
    auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'TFRM AD' false server9" via-env
    tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'my.outside.fdqn.address.com.yall' 1"
    lport 1201
    management /var/etc/openvpn/server9.sock unix
    push "route 192.168.70.0 255.255.255.0"
    push "dhcp-option DOMAIN xxx.pr0n.local"
    push "dhcp-option DNS 192.168.70.3"
    push "register-dns"
    client-to-client
    duplicate-cn
    ca /var/etc/openvpn/server9.ca 
    cert /var/etc/openvpn/server9.cert 
    key /var/etc/openvpn/server9.key 
    dh /etc/dh-parameters.4096
    tls-auth /var/etc/openvpn/server9.tls-auth 0
    comp-lzo adaptive
    passtos
    persist-remote-ip
    float
    topology subnet
    
    

    My home where I'm connecting from is on a 192.168.1.0/24 setup with a ubnt unifi gateway/router. My office is one of your netgate boxes connecting thru 10.0.16.0/24 vpn tunnel into 192.168.70.0/24 subnet.


  • Netgate

    Try setting Compression to No preference and re-exporting/loading the profile.

    Else we'll need to see the logs from the server and maybe the client to see why.

    Should stay connected until you disconnect.

    What is the reason for straying so far from the defaults at every opportunity? TCP? RSA-SHA512? AES-256-OFB? You just want to be different or something?



  • @Derelict:

    Try setting Compression to No preference and re-exporting/loading the profile.

    Else we'll need to see the logs from the server and maybe the client to see why.

    Should stay connected until you disconnect.

    What is the reason for straying so far from the defaults at every opportunity? TCP? RSA-SHA512? AES-256-OFB? You just want to be different or something?

    I just like to touch everything and find things that shouldn't be broken :P haha. I'll get back to you when I give that a try.


  • Netgate

    The answer is in the logs.



  • @Derelict:

    The answer is in the logs.

    Logs:

    pfSense
    System	
    Interfaces	
    Firewall	
    Services	
    VPN	
    Status	
    Diagnostics	
    Gold	
    Help	
    StatusSystem LogsOpenVPN
    System
    Firewall
    DHCP
    Captive Portal Auth
    IPsec
    PPP
    VPN
    Load Balancer
    OpenVPN
    NTP
    Settings
    Last 2000 OpenVPN Log Entries. (Maximum 2000)
    Time	Process	PID	Message
    Nov 18 20:25:12	openvpn	28986	myusername/my.personal.home.ip:49762 send_push_reply(): safe_cap=940
    Nov 18 20:25:11	openvpn	28986	myusername/my.personal.home.ip:49762 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
    Nov 18 20:25:11	openvpn	28986	my.personal.home.ip:49762 [myusername] Peer Connection Initiated with [AF_INET]my.personal.home.ip:49762
    Nov 18 20:25:11	openvpn	28986	my.personal.home.ip:49762 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 18 20:25:11	openvpn		user 'myusername' authenticated
    Nov 18 20:25:09	openvpn	28986	TCP connection established with [AF_INET]my.personal.home.ip:49762
    Nov 18 09:52:07	openvpn	28986	myusername/my.personal.home.ip:60376 Connection reset, restarting [-1]
    Nov 18 09:51:04	openvpn	28986	myusername/my.personal.home.ip:60376 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 18 09:51:04	openvpn		user 'myusername' authenticated
    Nov 18 08:51:04	openvpn	28986	myusername/my.personal.home.ip:60376 send_push_reply(): safe_cap=940
    Nov 18 08:51:02	openvpn	28986	myusername/my.personal.home.ip:60376 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
    Nov 18 08:51:02	openvpn	28986	my.personal.home.ip:60376 [myusername] Peer Connection Initiated with [AF_INET]my.personal.home.ip:60376
    Nov 18 08:51:02	openvpn	28986	my.personal.home.ip:60376 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 18 08:51:02	openvpn		user 'myusername' authenticated
    Nov 18 08:51:00	openvpn	28986	TCP connection established with [AF_INET]my.personal.home.ip:60376
    Nov 18 04:29:31	openvpn	28986	myusername/my.personal.home.ip:58251 Connection reset, restarting [-1]
    Nov 18 04:28:28	openvpn	28986	myusername/my.personal.home.ip:58251 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 18 04:28:28	openvpn		user 'myusername' authenticated
    Nov 18 03:28:27	openvpn	28986	myusername/my.personal.home.ip:58251 send_push_reply(): safe_cap=940
    Nov 18 03:28:26	openvpn	28986	myusername/my.personal.home.ip:58251 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
    Nov 18 03:28:26	openvpn	28986	my.personal.home.ip:58251 [myusername] Peer Connection Initiated with [AF_INET]my.personal.home.ip:58251
    Nov 18 03:28:26	openvpn	28986	my.personal.home.ip:58251 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 18 03:28:26	openvpn		user 'myusername' authenticated
    Nov 18 03:28:24	openvpn	28986	TCP connection established with [AF_INET]my.personal.home.ip:58251
    Nov 18 03:26:58	openvpn	28986	myusername/my.personal.home.ip:64244 Connection reset, restarting [-1]
    Nov 18 03:25:59	openvpn	28986	myusername/my.personal.home.ip:64244 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 18 03:25:59	openvpn		user 'myusername' authenticated
    Nov 18 02:26:00	openvpn	28986	myusername/my.personal.home.ip:64244 send_push_reply(): safe_cap=940
    Nov 18 02:25:58	openvpn	28986	myusername/my.personal.home.ip:64244 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
    Nov 18 02:25:58	openvpn	28986	my.personal.home.ip:64244 [myusername] Peer Connection Initiated with [AF_INET]my.personal.home.ip:64244
    Nov 18 02:25:58	openvpn	28986	my.personal.home.ip:64244 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 18 02:25:58	openvpn		user 'myusername' authenticated
    Nov 18 02:25:56	openvpn	28986	TCP connection established with [AF_INET]my.personal.home.ip:64244
    Nov 18 02:25:44	openvpn	28986	myusername/my.personal.home.ip:54568 Connection reset, restarting [-1]
    Nov 18 02:24:45	openvpn	28986	myusername/my.personal.home.ip:54568 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 18 02:24:45	openvpn		user 'myusername' authenticated
    Nov 18 01:24:45	openvpn	28986	myusername/my.personal.home.ip:54568 send_push_reply(): safe_cap=940
    Nov 18 01:24:44	openvpn	28986	myusername/my.personal.home.ip:54568 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
    Nov 18 01:24:44	openvpn	28986	my.personal.home.ip:54568 [myusername] Peer Connection Initiated with [AF_INET]my.personal.home.ip:54568
    Nov 18 01:24:44	openvpn	28986	my.personal.home.ip:54568 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 18 01:24:44	openvpn		user 'myusername' authenticated
    Nov 18 01:24:42	openvpn	28986	TCP connection established with [AF_INET]my.personal.home.ip:54568
    Nov 18 01:24:14	openvpn	28986	myusername/my.personal.home.ip:61423 Connection reset, restarting [-1]
    Nov 18 01:23:06	openvpn	28986	myusername/my.personal.home.ip:61423 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 18 01:23:06	openvpn		user 'myusername' authenticated
    Nov 18 00:23:06	openvpn	28986	myusername/my.personal.home.ip:61423 send_push_reply(): safe_cap=940
    Nov 18 00:23:05	openvpn	28986	myusername/my.personal.home.ip:61423 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
    Nov 18 00:23:05	openvpn	28986	my.personal.home.ip:61423 [myusername] Peer Connection Initiated with [AF_INET]my.personal.home.ip:61423
    Nov 18 00:23:05	openvpn	28986	my.personal.home.ip:61423 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 18 00:23:05	openvpn		user 'myusername' authenticated
    Nov 18 00:23:02	openvpn	28986	TCP connection established with [AF_INET]my.personal.home.ip:61423
    Nov 17 18:46:24	openvpn	15335	WARNING: 'ifconfig' is used inconsistently, local='ifconfig 10.0.9.1 10.0.9.2', remote='ifconfig 10.0.5.1 10.0.5.2'
    Nov 17 18:46:18	openvpn	19653	Initialization Sequence Completed
    Nov 17 18:46:16	openvpn	19653	Peer Connection Initiated with [AF_INET]184.3.85.169:54903
    Nov 17 18:46:17	openvpn	19653	TCPv4_SERVER link remote: [AF_INET]184.3.85.169:54903
    Nov 17 18:46:17	openvpn	19653	TCPv4_SERVER link local (bound): [AF_INET]my.pfsense.router.address:1198
    Nov 17 18:46:17	openvpn	19653	TCP connection established with [AF_INET]184.3.85.169:54903
    Nov 17 18:46:17	openvpn	13756	Initialization Sequence Completed
    Nov 17 18:46:17	openvpn	13756	Peer Connection Initiated with [AF_INET]24.106.211.234:52758
    Nov 17 18:46:16	openvpn	13756	TCPv4_SERVER link remote: [AF_INET]24.106.211.234:52758
    Nov 17 18:46:16	openvpn	13756	TCPv4_SERVER link local (bound): [AF_INET]my.pfsense.router.address:1194
    Nov 17 18:46:16	openvpn	13756	TCP connection established with [AF_INET]24.106.211.234:52758
    Nov 17 18:46:14	openvpn	15335	Initialization Sequence Completed
    Nov 17 18:46:13	openvpn	15335	Peer Connection Initiated with [AF_INET]24.39.130.108:45052
    Nov 17 18:46:13	openvpn	15335	TCPv4_SERVER link remote: [AF_INET]24.39.130.108:45052
    Nov 17 18:46:13	openvpn	15335	TCPv4_SERVER link local (bound): [AF_INET]my.pfsense.router.address:1195
    Nov 17 18:46:13	openvpn	15335	TCP connection established with [AF_INET]24.39.130.108:45052
    Nov 17 18:45:21	openvpn	28986	Initialization Sequence Completed
    Nov 17 18:45:21	openvpn	28986	TCPv4_SERVER link remote: [undef]
    Nov 17 18:45:21	openvpn	28986	TCPv4_SERVER link local (bound): [AF_INET]my.pfsense.router.address:1201
    Nov 17 18:45:21	openvpn	28986	Listening for incoming TCP connection on [AF_INET]my.pfsense.router.address:1201
    Nov 17 18:45:21	openvpn	28986	/usr/local/sbin/ovpn-linkup ovpns9 1500 1593 10.0.16.1 255.255.255.0 init
    Nov 17 18:45:21	openvpn	28986	/sbin/ifconfig ovpns9 10.0.16.1 10.0.16.2 mtu 1500 netmask 255.255.255.0 up
    Nov 17 18:45:21	openvpn	28986	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Nov 17 18:45:21	openvpn	28986	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
    Nov 17 18:45:21	openvpn	28986	TUN/TAP device /dev/tun9 opened
    Nov 17 18:45:21	openvpn	28986	TUN/TAP device ovpns9 exists previously, keep at program end
    Nov 17 18:45:21	openvpn	28986	Control Channel Authentication: using '/var/etc/openvpn/server9.tls-auth' as a OpenVPN static key file
    Nov 17 18:45:21	openvpn	28986	Initializing OpenSSL support for engine 'cryptodev'
    Nov 17 18:45:21	openvpn	28986	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Nov 17 18:45:21	openvpn	28986	Could not retrieve default gateway from route socket:: No such process (errno=3)
    Nov 17 18:45:21	openvpn	28986	WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
    Nov 17 18:45:21	openvpn	28707	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
    Nov 17 18:45:21	openvpn	28707	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
    Nov 17 18:45:21	openvpn	26697	Listening for incoming TCP connection on [AF_INET]my.pfsense.router.address:1200
    Nov 17 18:45:21	openvpn	26697	ERROR: FreeBSD route add command failed: external program exited with error status: 1
    Nov 17 18:45:21	openvpn	26697	/usr/local/sbin/ovpn-linkup ovpns8 1500 1591 10.0.15.1 10.0.15.2 init
    Nov 17 18:45:21	openvpn	26697	/sbin/ifconfig ovpns8 10.0.15.1 10.0.15.2 mtu 1500 netmask 255.255.255.255 up
    Nov 17 18:45:21	openvpn	26697	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Nov 17 18:45:21	openvpn	26697	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
    Nov 17 18:45:21	openvpn	26697	TUN/TAP device /dev/tun8 opened
    Nov 17 18:45:21	openvpn	26697	TUN/TAP device ovpns8 exists previously, keep at program end
    Nov 17 18:45:21	openvpn	26697	Could not retrieve default gateway from route socket:: No such process (errno=3)
    Nov 17 18:45:21	openvpn	26697	Initializing OpenSSL support for engine 'rdrand'
    Nov 17 18:45:21	openvpn	26697	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Nov 17 18:45:21	openvpn	26146	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
    Nov 17 18:45:21	openvpn	26146	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
    Nov 17 18:45:21	openvpn	24030	UDPv4 link remote: [undef]
    Nov 17 18:45:21	openvpn	24030	UDPv4 link local (bound): [AF_INET]my.pfsense.router.address:1193
    Nov 17 18:45:21	openvpn	24030	/usr/local/sbin/ovpn-linkup ovpns7 1500 1561 10.0.14.1 10.0.14.2 init
    Nov 17 18:45:21	openvpn	24030	/sbin/ifconfig ovpns7 10.0.14.1 10.0.14.2 mtu 1500 netmask 255.255.255.255 up
    Nov 17 18:45:21	openvpn	24030	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Nov 17 18:45:21	openvpn	24030	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
    Nov 17 18:45:21	openvpn	24030	TUN/TAP device /dev/tun7 opened
    Nov 17 18:45:21	openvpn	24030	TUN/TAP device ovpns7 exists previously, keep at program end
    Nov 17 18:45:21	openvpn	24030	Could not retrieve default gateway from route socket:: No such process (errno=3)
    Nov 17 18:45:21	openvpn	24030	Initializing OpenSSL support for engine 'cryptodev'
    Nov 17 18:45:21	openvpn	24030	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Nov 17 18:45:21	openvpn	23382	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
    Nov 17 18:45:21	openvpn	23382	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
    Nov 17 18:45:21	openvpn	21905	Initialization Sequence Completed
    Nov 17 18:45:21	openvpn	21905	TCPv4_SERVER link remote: [undef]
    Nov 17 18:45:21	openvpn	21905	TCPv4_SERVER link local (bound): [AF_INET]my.pfsense.router.address:1199
    Nov 17 18:45:21	openvpn	21905	Listening for incoming TCP connection on [AF_INET]my.pfsense.router.address:1199
    Nov 17 18:45:21	openvpn	21905	/usr/local/sbin/ovpn-linkup ovpns6 1500 1593 10.0.13.1 255.255.255.0 init
    Nov 17 18:45:21	openvpn	21905	/sbin/ifconfig ovpns6 10.0.13.1 10.0.13.2 mtu 1500 netmask 255.255.255.0 up
    Nov 17 18:45:21	openvpn	21905	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Nov 17 18:45:21	openvpn	21905	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
    Nov 17 18:45:21	openvpn	21905	TUN/TAP device /dev/tun6 opened
    Nov 17 18:45:21	openvpn	21905	TUN/TAP device ovpns6 exists previously, keep at program end
    Nov 17 18:45:21	openvpn	21905	Control Channel Authentication: using '/var/etc/openvpn/server6.tls-auth' as a OpenVPN static key file
    Nov 17 18:45:21	openvpn	21905	Initializing OpenSSL support for engine 'cryptodev'
    Nov 17 18:45:21	openvpn	21905	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Nov 17 18:45:21	openvpn	21905	Could not retrieve default gateway from route socket:: No such process (errno=3)
    Nov 17 18:45:21	openvpn	21905	WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
    Nov 17 18:45:21	openvpn	21584	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
    Nov 17 18:45:21	openvpn	21584	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
    Nov 17 18:45:21	openvpn	19653	Listening for incoming TCP connection on [AF_INET]my.pfsense.router.address:1198
    Nov 17 18:45:21	openvpn	19653	/usr/local/sbin/ovpn-linkup ovpns5 1500 1563 10.0.12.1 10.0.12.2 init
    Nov 17 18:45:21	openvpn	19653	/sbin/ifconfig ovpns5 10.0.12.1 10.0.12.2 mtu 1500 netmask 255.255.255.255 up
    Nov 17 18:45:21	openvpn	19653	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Nov 17 18:45:21	openvpn	19653	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
    Nov 17 18:45:21	openvpn	19653	TUN/TAP device /dev/tun5 opened
    Nov 17 18:45:21	openvpn	19653	TUN/TAP device ovpns5 exists previously, keep at program end
    Nov 17 18:45:21	openvpn	19653	Could not retrieve default gateway from route socket:: No such process (errno=3)
    Nov 17 18:45:21	openvpn	19653	Initializing OpenSSL support for engine 'cryptodev'
    Nov 17 18:45:21	openvpn	19653	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Nov 17 18:45:21	openvpn	19326	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
    Nov 17 18:45:21	openvpn	19326	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
    Nov 17 18:45:21	openvpn	17725	Listening for incoming TCP connection on [AF_INET]my.pfsense.router.address:1197
    Nov 17 18:45:21	openvpn	17725	/usr/local/sbin/ovpn-linkup ovpns4 1500 1563 10.0.11.1 10.0.11.2 init
    Nov 17 18:45:21	openvpn	17725	/sbin/ifconfig ovpns4 10.0.11.1 10.0.11.2 mtu 1500 netmask 255.255.255.255 up
    Nov 17 18:45:21	openvpn	17725	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Nov 17 18:45:21	openvpn	17725	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
    Nov 17 18:45:21	openvpn	17725	TUN/TAP device /dev/tun4 opened
    Nov 17 18:45:21	openvpn	17725	TUN/TAP device ovpns4 exists previously, keep at program end
    Nov 17 18:45:21	openvpn	17725	Could not retrieve default gateway from route socket:: No such process (errno=3)
    Nov 17 18:45:21	openvpn	17725	Initializing OpenSSL support for engine 'cryptodev'
    Nov 17 18:45:21	openvpn	17725	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Nov 17 18:45:21	openvpn	17418	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
    Nov 17 18:45:21	openvpn	17418	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
    Nov 17 18:45:21	openvpn	15335	Listening for incoming TCP connection on [AF_INET]my.pfsense.router.address:1195
    Nov 17 18:45:21	openvpn	15335	/usr/local/sbin/ovpn-linkup ovpns2 1500 1563 10.0.9.1 10.0.9.2 init
    Nov 17 18:45:21	openvpn	15335	/sbin/ifconfig ovpns2 10.0.9.1 10.0.9.2 mtu 1500 netmask 255.255.255.255 up
    Nov 17 18:45:21	openvpn	15335	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Nov 17 18:45:21	openvpn	15335	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
    Nov 17 18:45:21	openvpn	15335	TUN/TAP device /dev/tun2 opened
    Nov 17 18:45:21	openvpn	15335	TUN/TAP device ovpns2 exists previously, keep at program end
    Nov 17 18:45:21	openvpn	15335	Could not retrieve default gateway from route socket:: No such process (errno=3)
    Nov 17 18:45:21	openvpn	15335	Initializing OpenSSL support for engine 'cryptodev'
    Nov 17 18:45:21	openvpn	15335	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Nov 17 18:45:21	openvpn	14916	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
    Nov 17 18:45:21	openvpn	14916	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
    Nov 17 18:45:21	openvpn	13756	Listening for incoming TCP connection on [AF_INET]my.pfsense.router.address:1194
    Nov 17 18:45:21	openvpn	13756	/usr/local/sbin/ovpn-linkup ovpns1 1500 1563 10.0.8.1 10.0.8.2 init
    Nov 17 18:45:21	openvpn	13756	/sbin/ifconfig ovpns1 10.0.8.1 10.0.8.2 mtu 1500 netmask 255.255.255.255 up
    Nov 17 18:45:21	openvpn	13756	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
    Nov 17 18:45:21	openvpn	13756	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
    Nov 17 18:45:21	openvpn	13756	TUN/TAP device /dev/tun1 opened
    Nov 17 18:45:21	openvpn	13756	TUN/TAP device ovpns1 exists previously, keep at program end
    Nov 17 18:45:21	openvpn	13756	Could not retrieve default gateway from route socket:: No such process (errno=3)
    Nov 17 18:45:21	openvpn	13756	Initializing OpenSSL support for engine 'rsax'
    Nov 17 18:45:21	openvpn	13756	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Nov 17 18:45:21	openvpn	13283	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
    Nov 17 18:45:21	openvpn	13283	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
    Nov 17 15:36:47	openvpn	12099	anotherusername/99.111.16.39:59086 Connection reset, restarting [0]
    Nov 17 15:36:40	openvpn	12099	anotherusername/99.111.16.39:59086 send_push_reply(): safe_cap=940
    Nov 17 15:36:38	openvpn	12099	anotherusername/99.111.16.39:59086 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
    Nov 17 15:36:38	openvpn	12099	99.111.16.39:59086 [anotherusername] Peer Connection Initiated with [AF_INET]99.111.16.39:59086
    Nov 17 15:36:38	openvpn	12099	99.111.16.39:59086 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 17 15:36:38	openvpn		user 'anotherusername' authenticated
    Nov 17 15:36:35	openvpn	12099	TCP connection established with [AF_INET]99.111.16.39:59086
    Nov 17 11:43:17	openvpn	12099	myusername/my.personal.home.ip:52340 Connection reset, restarting [-1]
    Nov 17 11:42:14	openvpn	12099	myusername/my.personal.home.ip:52340 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 17 11:42:14	openvpn		user 'myusername' authenticated
    Nov 17 11:26:13	openvpn	12099	anotherusername/99.111.16.39:58085 Connection reset, restarting [0]
    Nov 17 10:42:14	openvpn	12099	myusername/my.personal.home.ip:52340 send_push_reply(): safe_cap=940
    Nov 17 10:42:13	openvpn	12099	myusername/my.personal.home.ip:52340 MULTI_sva: pool returned IPv4=10.0.16.3, IPv6=(Not enabled)
    Nov 17 10:42:13	openvpn	12099	my.personal.home.ip:52340 [myusername] Peer Connection Initiated with [AF_INET]my.personal.home.ip:52340
    Nov 17 10:42:13	openvpn	12099	my.personal.home.ip:52340 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 17 10:42:13	openvpn		user 'myusername' authenticated
    Nov 17 10:42:11	openvpn	12099	TCP connection established with [AF_INET]my.personal.home.ip:52340
    Nov 17 10:36:36	openvpn	12099	anotherusername/99.111.16.39:58085 send_push_reply(): safe_cap=940
    Nov 17 10:36:34	openvpn	12099	anotherusername/99.111.16.39:58085 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
    Nov 17 10:36:34	openvpn	12099	99.111.16.39:58085 [anotherusername] Peer Connection Initiated with [AF_INET]99.111.16.39:58085
    Nov 17 10:36:34	openvpn	12099	99.111.16.39:58085 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 17 10:36:34	openvpn		user 'anotherusername' authenticated
    Nov 17 10:36:31	openvpn	12099	TCP connection established with [AF_INET]99.111.16.39:58085
    Nov 17 03:33:34	openvpn	12099	myusername/my.personal.home.ip:51008 Connection reset, restarting [-1]
    Nov 17 03:32:33	openvpn	12099	myusername/my.personal.home.ip:51008 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 17 03:32:33	openvpn		user 'myusername' authenticated
    Nov 17 02:32:33	openvpn	12099	myusername/my.personal.home.ip:51008 send_push_reply(): safe_cap=940
    Nov 17 02:32:32	openvpn	12099	myusername/my.personal.home.ip:51008 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
    Nov 17 02:32:32	openvpn	12099	my.personal.home.ip:51008 [myusername] Peer Connection Initiated with [AF_INET]my.personal.home.ip:51008
    Nov 17 02:32:32	openvpn	12099	my.personal.home.ip:51008 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 17 02:32:32	openvpn		user 'myusername' authenticated
    Nov 17 02:32:30	openvpn	12099	TCP connection established with [AF_INET]my.personal.home.ip:51008
    Nov 17 02:31:46	openvpn	12099	myusername/my.personal.home.ip:56966 Connection reset, restarting [-1]
    Nov 17 02:30:42	openvpn	12099	myusername/my.personal.home.ip:56966 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 17 02:30:42	openvpn		user 'myusername' authenticated
    Nov 17 01:30:42	openvpn	12099	myusername/my.personal.home.ip:56966 send_push_reply(): safe_cap=940
    Nov 17 01:30:41	openvpn	12099	myusername/my.personal.home.ip:56966 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
    Nov 17 01:30:41	openvpn	12099	my.personal.home.ip:56966 [myusername] Peer Connection Initiated with [AF_INET]my.personal.home.ip:56966
    Nov 17 01:30:41	openvpn	12099	my.personal.home.ip:56966 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 17 01:30:41	openvpn		user 'myusername' authenticated
    Nov 17 01:30:39	openvpn	12099	TCP connection established with [AF_INET]my.personal.home.ip:56966
    Nov 17 01:23:51	openvpn	12099	myusername/my.personal.home.ip:62784 Connection reset, restarting [-1]
    Nov 17 01:22:52	openvpn	12099	myusername/my.personal.home.ip:62784 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 17 01:22:52	openvpn		user 'myusername' authenticated
    Nov 17 00:22:52	openvpn	12099	myusername/my.personal.home.ip:62784 send_push_reply(): safe_cap=940
    Nov 17 00:22:51	openvpn	12099	myusername/my.personal.home.ip:62784 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
    Nov 17 00:22:51	openvpn	12099	my.personal.home.ip:62784 [myusername] Peer Connection Initiated with [AF_INET]my.personal.home.ip:62784
    Nov 17 00:22:51	openvpn	12099	my.personal.home.ip:62784 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 17 00:22:51	openvpn		user 'myusername' authenticated
    Nov 17 00:22:49	openvpn	12099	TCP connection established with [AF_INET]my.personal.home.ip:62784
    Nov 17 00:22:37	openvpn	12099	myusername/my.personal.home.ip:53176 Connection reset, restarting [-1]
    Nov 17 00:21:38	openvpn	12099	myusername/my.personal.home.ip:53176 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
    Nov 17 00:21:38	openvpn		user 'myusername' authenticated
    

  • Netgate

    Looks like something is closing the TCP session. Computer sleeping or something?

    Nov 18 09:52:07 openvpn 28986 myusername/my.personal.home.ip:60376 Connection reset, restarting [-1]

    You might need to packet capture on WAN TCP:1201 to see what's happening there or check the logs on the client.

    You're still using TCP. Why?



  • @Derelict:

    Looks like something is closing the TCP session. Computer sleeping or something?

    Nov 18 09:52:07 openvpn 28986 myusername/my.personal.home.ip:60376 Connection reset, restarting [-1]

    You might need to packet capture on WAN TCP:1201 to see what's happening there or check the logs on the client.

    You're still using TCP. Why?

    Where do you find the logs on the client? My pc never goes to sleep but it makes me wonder if the adapter has power saving features turned on or not. I can wireshark it if I need to.


  • Netgate

    Right click on the connection > View Log



  • Sat Nov 19 21:05:21 2016 open_tun
    Sat Nov 19 21:05:21 2016 TAP-WIN32 device [Ethernet 4] opened: \\.\Global\{26461399-D2E9-4B17-B9BE-706F71488A9F}.tap
    Sat Nov 19 21:05:21 2016 Set TAP-Windows TUN subnet mode network/local/netmask = 10.0.16.0/10.0.16.2/255.255.255.0 [SUCCEEDED]
    Sat Nov 19 21:05:21 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.16.2/255.255.255.0 on interface {26461399-D2E9-4B17-B9BE-706F71488A9F} [DHCP-serv: 10.0.16.254, lease-time: 31536000]
    Sat Nov 19 21:05:21 2016 Successful ARP Flush on interface [3] {26461399-D2E9-4B17-B9BE-706F71488A9F}
    Sat Nov 19 21:05:21 2016 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Sat Nov 19 21:05:26 2016 Initialization Sequence Completed
    Sat Nov 19 21:05:26 2016 Register_dns request sent to the service
    Sat Nov 19 22:05:21 2016 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1608', remote='link-mtu 1593'
    Sat Nov 19 22:06:22 2016 Assertion failed at crypto.c:626 (opt->flags & CO_USE_IV)
    Sat Nov 19 22:06:22 2016 Exiting due to fatal error
    
    

    Exiting due to fatal error? O_o That is the log on my home pc.

    Found this on google, but it's 6 years old….. https://community.openvpn.net/openvpn/ticket/89 and claims to have been fixed......


  • Netgate

    Looks like a client problem. I never see such a think with viscosity.


  • Rebel Alliance Developer Netgate

    Definitely a client error. Completely uninstall OpenVPN and the tap adapter from the client and then download the most recent release from the OpenVPN site and try that.