Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Disconnects every 30min on the dot

    Scheduled Pinned Locked Moved OpenVPN
    15 Posts 4 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elementalwindx
      last edited by

      @johnpoz:

      Off the top I don't know of anything that would do such a thing.  What is your dhcp lease time your getting for your vpn IP?  Do you have it checked to allow connection if their IP changes?

      I connected into my home vpn from work pretty much every single day, it stays up the whole day..

      "Allow connected clients to retain their connections if their IP address changes." is checked

      Not sure where the DHCP lease time for tunnel addresses would be. I know the endpoint ip lease time is the same as everything else on my network, default 86400.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        What is in the server log or client log?

        Can you post up your configs..  You might need to up the verb on your logging..

        you can find it in /var/etc/openvpn/ you should see like server1.conf depending on how many instances of opevpn you have setup.

        There should be a
        keepalive 10 60

        what does your topology look like
        topology subnet

        So you have anything in there about
        reneg-sec

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • E
          elementalwindx
          last edited by

          @johnpoz:

          What is in the server log or client log?

          Can you post up your configs..  You might need to up the verb on your logging..

          you can find it in /var/etc/openvpn/ you should see like server1.conf depending on how many instances of opevpn you have setup.

          There should be a
          keepalive 10 60

          what does your topology look like
          topology subnet

          So you have anything in there about
          reneg-sec

          dev ovpns9
verb 1
dev-type tun
dev-node /dev/tun9
writepid /var/run/openvpn_server9.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto tcp-server
cipher AES-256-OFB
auth RSA-SHA512
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local my.ip.address.yall
engine cryptodev
tls-server
server 10.0.16.0 255.255.255.0
client-config-dir /var/etc/openvpn-csc/server9
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user 'TFRM AD' false server9" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'my.outside.fdqn.address.com.yall' 1"
lport 1201
management /var/etc/openvpn/server9.sock unix
push "route 192.168.70.0 255.255.255.0"
push "dhcp-option DOMAIN xxx.pr0n.local"
push "dhcp-option DNS 192.168.70.3"
push "register-dns"
client-to-client
duplicate-cn
ca /var/etc/openvpn/server9.ca 
cert /var/etc/openvpn/server9.cert 
key /var/etc/openvpn/server9.key 
dh /etc/dh-parameters.4096
tls-auth /var/etc/openvpn/server9.tls-auth 0
comp-lzo adaptive
passtos
persist-remote-ip
float
topology subnet

          My home where I'm connecting from is on a 192.168.1.0/24 setup with a ubnt unifi gateway/router. My office is one of your netgate boxes connecting thru 10.0.16.0/24 vpn tunnel into 192.168.70.0/24 subnet.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Try setting Compression to No preference and re-exporting/loading the profile.

            Else we'll need to see the logs from the server and maybe the client to see why.

            Should stay connected until you disconnect.

            What is the reason for straying so far from the defaults at every opportunity? TCP? RSA-SHA512? AES-256-OFB? You just want to be different or something?

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • E
              elementalwindx
              last edited by

              @Derelict:

              Try setting Compression to No preference and re-exporting/loading the profile.

              Else we'll need to see the logs from the server and maybe the client to see why.

              Should stay connected until you disconnect.

              What is the reason for straying so far from the defaults at every opportunity? TCP? RSA-SHA512? AES-256-OFB? You just want to be different or something?

              I just like to touch everything and find things that shouldn't be broken :P haha. I'll get back to you when I give that a try.

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                The answer is in the logs.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • E
                  elementalwindx
                  last edited by

                  @Derelict:

                  The answer is in the logs.

                  Logs:

                  pfSense
System	
Interfaces	
Firewall	
Services	
VPN	
Status	
Diagnostics	
Gold	
Help	
StatusSystem LogsOpenVPN
System
Firewall
DHCP
Captive Portal Auth
IPsec
PPP
VPN
Load Balancer
OpenVPN
NTP
Settings
Last 2000 OpenVPN Log Entries. (Maximum 2000)
Time	Process	PID	Message
Nov 18 20:25:12	openvpn	28986	myusername/my.personal.home.ip:49762 send_push_reply(): safe_cap=940
Nov 18 20:25:11	openvpn	28986	myusername/my.personal.home.ip:49762 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
Nov 18 20:25:11	openvpn	28986	my.personal.home.ip:49762 [myusername] Peer Connection Initiated with [AF_INET]my.personal.home.ip:49762
Nov 18 20:25:11	openvpn	28986	my.personal.home.ip:49762 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 18 20:25:11	openvpn		user 'myusername' authenticated
Nov 18 20:25:09	openvpn	28986	TCP connection established with [AF_INET]my.personal.home.ip:49762
Nov 18 09:52:07	openvpn	28986	myusername/my.personal.home.ip:60376 Connection reset, restarting [-1]
Nov 18 09:51:04	openvpn	28986	myusername/my.personal.home.ip:60376 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 18 09:51:04	openvpn		user 'myusername' authenticated
Nov 18 08:51:04	openvpn	28986	myusername/my.personal.home.ip:60376 send_push_reply(): safe_cap=940
Nov 18 08:51:02	openvpn	28986	myusername/my.personal.home.ip:60376 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
Nov 18 08:51:02	openvpn	28986	my.personal.home.ip:60376 [myusername] Peer Connection Initiated with [AF_INET]my.personal.home.ip:60376
Nov 18 08:51:02	openvpn	28986	my.personal.home.ip:60376 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 18 08:51:02	openvpn		user 'myusername' authenticated
Nov 18 08:51:00	openvpn	28986	TCP connection established with [AF_INET]my.personal.home.ip:60376
Nov 18 04:29:31	openvpn	28986	myusername/my.personal.home.ip:58251 Connection reset, restarting [-1]
Nov 18 04:28:28	openvpn	28986	myusername/my.personal.home.ip:58251 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 18 04:28:28	openvpn		user 'myusername' authenticated
Nov 18 03:28:27	openvpn	28986	myusername/my.personal.home.ip:58251 send_push_reply(): safe_cap=940
Nov 18 03:28:26	openvpn	28986	myusername/my.personal.home.ip:58251 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
Nov 18 03:28:26	openvpn	28986	my.personal.home.ip:58251 [myusername] Peer Connection Initiated with [AF_INET]my.personal.home.ip:58251
Nov 18 03:28:26	openvpn	28986	my.personal.home.ip:58251 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 18 03:28:26	openvpn		user 'myusername' authenticated
Nov 18 03:28:24	openvpn	28986	TCP connection established with [AF_INET]my.personal.home.ip:58251
Nov 18 03:26:58	openvpn	28986	myusername/my.personal.home.ip:64244 Connection reset, restarting [-1]
Nov 18 03:25:59	openvpn	28986	myusername/my.personal.home.ip:64244 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 18 03:25:59	openvpn		user 'myusername' authenticated
Nov 18 02:26:00	openvpn	28986	myusername/my.personal.home.ip:64244 send_push_reply(): safe_cap=940
Nov 18 02:25:58	openvpn	28986	myusername/my.personal.home.ip:64244 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
Nov 18 02:25:58	openvpn	28986	my.personal.home.ip:64244 [myusername] Peer Connection Initiated with [AF_INET]my.personal.home.ip:64244
Nov 18 02:25:58	openvpn	28986	my.personal.home.ip:64244 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 18 02:25:58	openvpn		user 'myusername' authenticated
Nov 18 02:25:56	openvpn	28986	TCP connection established with [AF_INET]my.personal.home.ip:64244
Nov 18 02:25:44	openvpn	28986	myusername/my.personal.home.ip:54568 Connection reset, restarting [-1]
Nov 18 02:24:45	openvpn	28986	myusername/my.personal.home.ip:54568 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 18 02:24:45	openvpn		user 'myusername' authenticated
Nov 18 01:24:45	openvpn	28986	myusername/my.personal.home.ip:54568 send_push_reply(): safe_cap=940
Nov 18 01:24:44	openvpn	28986	myusername/my.personal.home.ip:54568 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
Nov 18 01:24:44	openvpn	28986	my.personal.home.ip:54568 [myusername] Peer Connection Initiated with [AF_INET]my.personal.home.ip:54568
Nov 18 01:24:44	openvpn	28986	my.personal.home.ip:54568 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 18 01:24:44	openvpn		user 'myusername' authenticated
Nov 18 01:24:42	openvpn	28986	TCP connection established with [AF_INET]my.personal.home.ip:54568
Nov 18 01:24:14	openvpn	28986	myusername/my.personal.home.ip:61423 Connection reset, restarting [-1]
Nov 18 01:23:06	openvpn	28986	myusername/my.personal.home.ip:61423 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 18 01:23:06	openvpn		user 'myusername' authenticated
Nov 18 00:23:06	openvpn	28986	myusername/my.personal.home.ip:61423 send_push_reply(): safe_cap=940
Nov 18 00:23:05	openvpn	28986	myusername/my.personal.home.ip:61423 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
Nov 18 00:23:05	openvpn	28986	my.personal.home.ip:61423 [myusername] Peer Connection Initiated with [AF_INET]my.personal.home.ip:61423
Nov 18 00:23:05	openvpn	28986	my.personal.home.ip:61423 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 18 00:23:05	openvpn		user 'myusername' authenticated
Nov 18 00:23:02	openvpn	28986	TCP connection established with [AF_INET]my.personal.home.ip:61423
Nov 17 18:46:24	openvpn	15335	WARNING: 'ifconfig' is used inconsistently, local='ifconfig 10.0.9.1 10.0.9.2', remote='ifconfig 10.0.5.1 10.0.5.2'
Nov 17 18:46:18	openvpn	19653	Initialization Sequence Completed
Nov 17 18:46:16	openvpn	19653	Peer Connection Initiated with [AF_INET]184.3.85.169:54903
Nov 17 18:46:17	openvpn	19653	TCPv4_SERVER link remote: [AF_INET]184.3.85.169:54903
Nov 17 18:46:17	openvpn	19653	TCPv4_SERVER link local (bound): [AF_INET]my.pfsense.router.address:1198
Nov 17 18:46:17	openvpn	19653	TCP connection established with [AF_INET]184.3.85.169:54903
Nov 17 18:46:17	openvpn	13756	Initialization Sequence Completed
Nov 17 18:46:17	openvpn	13756	Peer Connection Initiated with [AF_INET]24.106.211.234:52758
Nov 17 18:46:16	openvpn	13756	TCPv4_SERVER link remote: [AF_INET]24.106.211.234:52758
Nov 17 18:46:16	openvpn	13756	TCPv4_SERVER link local (bound): [AF_INET]my.pfsense.router.address:1194
Nov 17 18:46:16	openvpn	13756	TCP connection established with [AF_INET]24.106.211.234:52758
Nov 17 18:46:14	openvpn	15335	Initialization Sequence Completed
Nov 17 18:46:13	openvpn	15335	Peer Connection Initiated with [AF_INET]24.39.130.108:45052
Nov 17 18:46:13	openvpn	15335	TCPv4_SERVER link remote: [AF_INET]24.39.130.108:45052
Nov 17 18:46:13	openvpn	15335	TCPv4_SERVER link local (bound): [AF_INET]my.pfsense.router.address:1195
Nov 17 18:46:13	openvpn	15335	TCP connection established with [AF_INET]24.39.130.108:45052
Nov 17 18:45:21	openvpn	28986	Initialization Sequence Completed
Nov 17 18:45:21	openvpn	28986	TCPv4_SERVER link remote: [undef]
Nov 17 18:45:21	openvpn	28986	TCPv4_SERVER link local (bound): [AF_INET]my.pfsense.router.address:1201
Nov 17 18:45:21	openvpn	28986	Listening for incoming TCP connection on [AF_INET]my.pfsense.router.address:1201
Nov 17 18:45:21	openvpn	28986	/usr/local/sbin/ovpn-linkup ovpns9 1500 1593 10.0.16.1 255.255.255.0 init
Nov 17 18:45:21	openvpn	28986	/sbin/ifconfig ovpns9 10.0.16.1 10.0.16.2 mtu 1500 netmask 255.255.255.0 up
Nov 17 18:45:21	openvpn	28986	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Nov 17 18:45:21	openvpn	28986	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
Nov 17 18:45:21	openvpn	28986	TUN/TAP device /dev/tun9 opened
Nov 17 18:45:21	openvpn	28986	TUN/TAP device ovpns9 exists previously, keep at program end
Nov 17 18:45:21	openvpn	28986	Control Channel Authentication: using '/var/etc/openvpn/server9.tls-auth' as a OpenVPN static key file
Nov 17 18:45:21	openvpn	28986	Initializing OpenSSL support for engine 'cryptodev'
Nov 17 18:45:21	openvpn	28986	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 17 18:45:21	openvpn	28986	Could not retrieve default gateway from route socket:: No such process (errno=3)
Nov 17 18:45:21	openvpn	28986	WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Nov 17 18:45:21	openvpn	28707	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
Nov 17 18:45:21	openvpn	28707	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
Nov 17 18:45:21	openvpn	26697	Listening for incoming TCP connection on [AF_INET]my.pfsense.router.address:1200
Nov 17 18:45:21	openvpn	26697	ERROR: FreeBSD route add command failed: external program exited with error status: 1
Nov 17 18:45:21	openvpn	26697	/usr/local/sbin/ovpn-linkup ovpns8 1500 1591 10.0.15.1 10.0.15.2 init
Nov 17 18:45:21	openvpn	26697	/sbin/ifconfig ovpns8 10.0.15.1 10.0.15.2 mtu 1500 netmask 255.255.255.255 up
Nov 17 18:45:21	openvpn	26697	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Nov 17 18:45:21	openvpn	26697	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
Nov 17 18:45:21	openvpn	26697	TUN/TAP device /dev/tun8 opened
Nov 17 18:45:21	openvpn	26697	TUN/TAP device ovpns8 exists previously, keep at program end
Nov 17 18:45:21	openvpn	26697	Could not retrieve default gateway from route socket:: No such process (errno=3)
Nov 17 18:45:21	openvpn	26697	Initializing OpenSSL support for engine 'rdrand'
Nov 17 18:45:21	openvpn	26697	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 17 18:45:21	openvpn	26146	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
Nov 17 18:45:21	openvpn	26146	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
Nov 17 18:45:21	openvpn	24030	UDPv4 link remote: [undef]
Nov 17 18:45:21	openvpn	24030	UDPv4 link local (bound): [AF_INET]my.pfsense.router.address:1193
Nov 17 18:45:21	openvpn	24030	/usr/local/sbin/ovpn-linkup ovpns7 1500 1561 10.0.14.1 10.0.14.2 init
Nov 17 18:45:21	openvpn	24030	/sbin/ifconfig ovpns7 10.0.14.1 10.0.14.2 mtu 1500 netmask 255.255.255.255 up
Nov 17 18:45:21	openvpn	24030	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Nov 17 18:45:21	openvpn	24030	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
Nov 17 18:45:21	openvpn	24030	TUN/TAP device /dev/tun7 opened
Nov 17 18:45:21	openvpn	24030	TUN/TAP device ovpns7 exists previously, keep at program end
Nov 17 18:45:21	openvpn	24030	Could not retrieve default gateway from route socket:: No such process (errno=3)
Nov 17 18:45:21	openvpn	24030	Initializing OpenSSL support for engine 'cryptodev'
Nov 17 18:45:21	openvpn	24030	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 17 18:45:21	openvpn	23382	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
Nov 17 18:45:21	openvpn	23382	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
Nov 17 18:45:21	openvpn	21905	Initialization Sequence Completed
Nov 17 18:45:21	openvpn	21905	TCPv4_SERVER link remote: [undef]
Nov 17 18:45:21	openvpn	21905	TCPv4_SERVER link local (bound): [AF_INET]my.pfsense.router.address:1199
Nov 17 18:45:21	openvpn	21905	Listening for incoming TCP connection on [AF_INET]my.pfsense.router.address:1199
Nov 17 18:45:21	openvpn	21905	/usr/local/sbin/ovpn-linkup ovpns6 1500 1593 10.0.13.1 255.255.255.0 init
Nov 17 18:45:21	openvpn	21905	/sbin/ifconfig ovpns6 10.0.13.1 10.0.13.2 mtu 1500 netmask 255.255.255.0 up
Nov 17 18:45:21	openvpn	21905	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Nov 17 18:45:21	openvpn	21905	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
Nov 17 18:45:21	openvpn	21905	TUN/TAP device /dev/tun6 opened
Nov 17 18:45:21	openvpn	21905	TUN/TAP device ovpns6 exists previously, keep at program end
Nov 17 18:45:21	openvpn	21905	Control Channel Authentication: using '/var/etc/openvpn/server6.tls-auth' as a OpenVPN static key file
Nov 17 18:45:21	openvpn	21905	Initializing OpenSSL support for engine 'cryptodev'
Nov 17 18:45:21	openvpn	21905	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 17 18:45:21	openvpn	21905	Could not retrieve default gateway from route socket:: No such process (errno=3)
Nov 17 18:45:21	openvpn	21905	WARNING: using --duplicate-cn and --client-config-dir together is probably not what you want
Nov 17 18:45:21	openvpn	21584	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
Nov 17 18:45:21	openvpn	21584	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
Nov 17 18:45:21	openvpn	19653	Listening for incoming TCP connection on [AF_INET]my.pfsense.router.address:1198
Nov 17 18:45:21	openvpn	19653	/usr/local/sbin/ovpn-linkup ovpns5 1500 1563 10.0.12.1 10.0.12.2 init
Nov 17 18:45:21	openvpn	19653	/sbin/ifconfig ovpns5 10.0.12.1 10.0.12.2 mtu 1500 netmask 255.255.255.255 up
Nov 17 18:45:21	openvpn	19653	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Nov 17 18:45:21	openvpn	19653	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
Nov 17 18:45:21	openvpn	19653	TUN/TAP device /dev/tun5 opened
Nov 17 18:45:21	openvpn	19653	TUN/TAP device ovpns5 exists previously, keep at program end
Nov 17 18:45:21	openvpn	19653	Could not retrieve default gateway from route socket:: No such process (errno=3)
Nov 17 18:45:21	openvpn	19653	Initializing OpenSSL support for engine 'cryptodev'
Nov 17 18:45:21	openvpn	19653	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 17 18:45:21	openvpn	19326	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
Nov 17 18:45:21	openvpn	19326	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
Nov 17 18:45:21	openvpn	17725	Listening for incoming TCP connection on [AF_INET]my.pfsense.router.address:1197
Nov 17 18:45:21	openvpn	17725	/usr/local/sbin/ovpn-linkup ovpns4 1500 1563 10.0.11.1 10.0.11.2 init
Nov 17 18:45:21	openvpn	17725	/sbin/ifconfig ovpns4 10.0.11.1 10.0.11.2 mtu 1500 netmask 255.255.255.255 up
Nov 17 18:45:21	openvpn	17725	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Nov 17 18:45:21	openvpn	17725	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
Nov 17 18:45:21	openvpn	17725	TUN/TAP device /dev/tun4 opened
Nov 17 18:45:21	openvpn	17725	TUN/TAP device ovpns4 exists previously, keep at program end
Nov 17 18:45:21	openvpn	17725	Could not retrieve default gateway from route socket:: No such process (errno=3)
Nov 17 18:45:21	openvpn	17725	Initializing OpenSSL support for engine 'cryptodev'
Nov 17 18:45:21	openvpn	17725	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 17 18:45:21	openvpn	17418	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
Nov 17 18:45:21	openvpn	17418	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
Nov 17 18:45:21	openvpn	15335	Listening for incoming TCP connection on [AF_INET]my.pfsense.router.address:1195
Nov 17 18:45:21	openvpn	15335	/usr/local/sbin/ovpn-linkup ovpns2 1500 1563 10.0.9.1 10.0.9.2 init
Nov 17 18:45:21	openvpn	15335	/sbin/ifconfig ovpns2 10.0.9.1 10.0.9.2 mtu 1500 netmask 255.255.255.255 up
Nov 17 18:45:21	openvpn	15335	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Nov 17 18:45:21	openvpn	15335	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
Nov 17 18:45:21	openvpn	15335	TUN/TAP device /dev/tun2 opened
Nov 17 18:45:21	openvpn	15335	TUN/TAP device ovpns2 exists previously, keep at program end
Nov 17 18:45:21	openvpn	15335	Could not retrieve default gateway from route socket:: No such process (errno=3)
Nov 17 18:45:21	openvpn	15335	Initializing OpenSSL support for engine 'cryptodev'
Nov 17 18:45:21	openvpn	15335	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 17 18:45:21	openvpn	14916	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
Nov 17 18:45:21	openvpn	14916	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
Nov 17 18:45:21	openvpn	13756	Listening for incoming TCP connection on [AF_INET]my.pfsense.router.address:1194
Nov 17 18:45:21	openvpn	13756	/usr/local/sbin/ovpn-linkup ovpns1 1500 1563 10.0.8.1 10.0.8.2 init
Nov 17 18:45:21	openvpn	13756	/sbin/ifconfig ovpns1 10.0.8.1 10.0.8.2 mtu 1500 netmask 255.255.255.255 up
Nov 17 18:45:21	openvpn	13756	do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Nov 17 18:45:21	openvpn	13756	ioctl(TUNSIFMODE): Device busy: Device busy (errno=16)
Nov 17 18:45:21	openvpn	13756	TUN/TAP device /dev/tun1 opened
Nov 17 18:45:21	openvpn	13756	TUN/TAP device ovpns1 exists previously, keep at program end
Nov 17 18:45:21	openvpn	13756	Could not retrieve default gateway from route socket:: No such process (errno=3)
Nov 17 18:45:21	openvpn	13756	Initializing OpenSSL support for engine 'rsax'
Nov 17 18:45:21	openvpn	13756	NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 17 18:45:21	openvpn	13283	library versions: OpenSSL 1.0.1s-freebsd 1 Mar 2016, LZO 2.09
Nov 17 18:45:21	openvpn	13283	OpenVPN 2.3.11 amd64-portbld-freebsd10.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on May 16 2016
Nov 17 15:36:47	openvpn	12099	anotherusername/99.111.16.39:59086 Connection reset, restarting [0]
Nov 17 15:36:40	openvpn	12099	anotherusername/99.111.16.39:59086 send_push_reply(): safe_cap=940
Nov 17 15:36:38	openvpn	12099	anotherusername/99.111.16.39:59086 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
Nov 17 15:36:38	openvpn	12099	99.111.16.39:59086 [anotherusername] Peer Connection Initiated with [AF_INET]99.111.16.39:59086
Nov 17 15:36:38	openvpn	12099	99.111.16.39:59086 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 17 15:36:38	openvpn		user 'anotherusername' authenticated
Nov 17 15:36:35	openvpn	12099	TCP connection established with [AF_INET]99.111.16.39:59086
Nov 17 11:43:17	openvpn	12099	myusername/my.personal.home.ip:52340 Connection reset, restarting [-1]
Nov 17 11:42:14	openvpn	12099	myusername/my.personal.home.ip:52340 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 17 11:42:14	openvpn		user 'myusername' authenticated
Nov 17 11:26:13	openvpn	12099	anotherusername/99.111.16.39:58085 Connection reset, restarting [0]
Nov 17 10:42:14	openvpn	12099	myusername/my.personal.home.ip:52340 send_push_reply(): safe_cap=940
Nov 17 10:42:13	openvpn	12099	myusername/my.personal.home.ip:52340 MULTI_sva: pool returned IPv4=10.0.16.3, IPv6=(Not enabled)
Nov 17 10:42:13	openvpn	12099	my.personal.home.ip:52340 [myusername] Peer Connection Initiated with [AF_INET]my.personal.home.ip:52340
Nov 17 10:42:13	openvpn	12099	my.personal.home.ip:52340 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 17 10:42:13	openvpn		user 'myusername' authenticated
Nov 17 10:42:11	openvpn	12099	TCP connection established with [AF_INET]my.personal.home.ip:52340
Nov 17 10:36:36	openvpn	12099	anotherusername/99.111.16.39:58085 send_push_reply(): safe_cap=940
Nov 17 10:36:34	openvpn	12099	anotherusername/99.111.16.39:58085 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
Nov 17 10:36:34	openvpn	12099	99.111.16.39:58085 [anotherusername] Peer Connection Initiated with [AF_INET]99.111.16.39:58085
Nov 17 10:36:34	openvpn	12099	99.111.16.39:58085 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 17 10:36:34	openvpn		user 'anotherusername' authenticated
Nov 17 10:36:31	openvpn	12099	TCP connection established with [AF_INET]99.111.16.39:58085
Nov 17 03:33:34	openvpn	12099	myusername/my.personal.home.ip:51008 Connection reset, restarting [-1]
Nov 17 03:32:33	openvpn	12099	myusername/my.personal.home.ip:51008 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 17 03:32:33	openvpn		user 'myusername' authenticated
Nov 17 02:32:33	openvpn	12099	myusername/my.personal.home.ip:51008 send_push_reply(): safe_cap=940
Nov 17 02:32:32	openvpn	12099	myusername/my.personal.home.ip:51008 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
Nov 17 02:32:32	openvpn	12099	my.personal.home.ip:51008 [myusername] Peer Connection Initiated with [AF_INET]my.personal.home.ip:51008
Nov 17 02:32:32	openvpn	12099	my.personal.home.ip:51008 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 17 02:32:32	openvpn		user 'myusername' authenticated
Nov 17 02:32:30	openvpn	12099	TCP connection established with [AF_INET]my.personal.home.ip:51008
Nov 17 02:31:46	openvpn	12099	myusername/my.personal.home.ip:56966 Connection reset, restarting [-1]
Nov 17 02:30:42	openvpn	12099	myusername/my.personal.home.ip:56966 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 17 02:30:42	openvpn		user 'myusername' authenticated
Nov 17 01:30:42	openvpn	12099	myusername/my.personal.home.ip:56966 send_push_reply(): safe_cap=940
Nov 17 01:30:41	openvpn	12099	myusername/my.personal.home.ip:56966 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
Nov 17 01:30:41	openvpn	12099	my.personal.home.ip:56966 [myusername] Peer Connection Initiated with [AF_INET]my.personal.home.ip:56966
Nov 17 01:30:41	openvpn	12099	my.personal.home.ip:56966 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 17 01:30:41	openvpn		user 'myusername' authenticated
Nov 17 01:30:39	openvpn	12099	TCP connection established with [AF_INET]my.personal.home.ip:56966
Nov 17 01:23:51	openvpn	12099	myusername/my.personal.home.ip:62784 Connection reset, restarting [-1]
Nov 17 01:22:52	openvpn	12099	myusername/my.personal.home.ip:62784 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 17 01:22:52	openvpn		user 'myusername' authenticated
Nov 17 00:22:52	openvpn	12099	myusername/my.personal.home.ip:62784 send_push_reply(): safe_cap=940
Nov 17 00:22:51	openvpn	12099	myusername/my.personal.home.ip:62784 MULTI_sva: pool returned IPv4=10.0.16.2, IPv6=(Not enabled)
Nov 17 00:22:51	openvpn	12099	my.personal.home.ip:62784 [myusername] Peer Connection Initiated with [AF_INET]my.personal.home.ip:62784
Nov 17 00:22:51	openvpn	12099	my.personal.home.ip:62784 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 17 00:22:51	openvpn		user 'myusername' authenticated
Nov 17 00:22:49	openvpn	12099	TCP connection established with [AF_INET]my.personal.home.ip:62784
Nov 17 00:22:37	openvpn	12099	myusername/my.personal.home.ip:53176 Connection reset, restarting [-1]
Nov 17 00:21:38	openvpn	12099	myusername/my.personal.home.ip:53176 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1593', remote='link-mtu 1608'
Nov 17 00:21:38	openvpn		user 'myusername' authenticated
                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    Looks like something is closing the TCP session. Computer sleeping or something?

                    Nov 18 09:52:07 openvpn 28986 myusername/my.personal.home.ip:60376 Connection reset, restarting [-1]

                    You might need to packet capture on WAN TCP:1201 to see what's happening there or check the logs on the client.

                    You're still using TCP. Why?

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • E
                      elementalwindx
                      last edited by

                      @Derelict:

                      Looks like something is closing the TCP session. Computer sleeping or something?

                      Nov 18 09:52:07 openvpn 28986 myusername/my.personal.home.ip:60376 Connection reset, restarting [-1]

                      You might need to packet capture on WAN TCP:1201 to see what's happening there or check the logs on the client.

                      You're still using TCP. Why?

                      Where do you find the logs on the client? My pc never goes to sleep but it makes me wonder if the adapter has power saving features turned on or not. I can wireshark it if I need to.

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        Right click on the connection > View Log

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • E
                          elementalwindx
                          last edited by 

                          Sat Nov 19 21:05:21 2016 open_tun
Sat Nov 19 21:05:21 2016 TAP-WIN32 device [Ethernet 4] opened: \\.\Global\{26461399-D2E9-4B17-B9BE-706F71488A9F}.tap
Sat Nov 19 21:05:21 2016 Set TAP-Windows TUN subnet mode network/local/netmask = 10.0.16.0/10.0.16.2/255.255.255.0 [SUCCEEDED]
Sat Nov 19 21:05:21 2016 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.0.16.2/255.255.255.0 on interface {26461399-D2E9-4B17-B9BE-706F71488A9F} [DHCP-serv: 10.0.16.254, lease-time: 31536000]
Sat Nov 19 21:05:21 2016 Successful ARP Flush on interface [3] {26461399-D2E9-4B17-B9BE-706F71488A9F}
Sat Nov 19 21:05:21 2016 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Nov 19 21:05:26 2016 Initialization Sequence Completed
Sat Nov 19 21:05:26 2016 Register_dns request sent to the service
Sat Nov 19 22:05:21 2016 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1608', remote='link-mtu 1593'
Sat Nov 19 22:06:22 2016 Assertion failed at crypto.c:626 (opt->flags & CO_USE_IV)
Sat Nov 19 22:06:22 2016 Exiting due to fatal error

                          Exiting due to fatal error? O_o That is the log on my home pc.

                          Found this on google, but it's 6 years old….. https://community.openvpn.net/openvpn/ticket/89 and claims to have been fixed......

                          1 Reply Last reply Reply Quote 0
                          • DerelictD
                            Derelict LAYER 8 Netgate
                            last edited by

                            Looks like a client problem. I never see such a think with viscosity.

                            Chattanooga, Tennessee, USA
                            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                            1 Reply Last reply Reply Quote 0
                            • jimpJ
                              jimp Rebel Alliance Developer Netgate
                              last edited by

                              Definitely a client error. Completely uninstall OpenVPN and the tap adapter from the client and then download the most recent release from the OpenVPN site and try that.

                              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                              Need help fast? Netgate Global Support!

                              Do not Chat/PM for help!

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.