[SOLVED..followup problem] Client Creating hundreds of connections OpenVPN



  • I have a issue where  a client that was working just fine suddenly started creating a bunch of undef connections. (See Attached)

    I've rebooted the server side and bounced the services, but the client just starts connecting again over and over. I don't have access to the client site at the moment so I've just disabled access at the firewall rule for that IP address to keep it from overwhelming my firewall for the other remote sites.

    I'm having my client reset the firewall in case it is stuck in a loop or something. Any other thoughts as to what could be causing this?

    Configuration is an OpenVPN SSL site to site connection. Other clients can connect fine. This was previously working.
    Only thing "weird" about the config is the customer side is behind a NAT so there is a double NAT on that side.




  • Fixed it.

    Logged in at the client site and discovered the time and date was WAY off. (Feb 2011). Turns out the ESX host it is running on crashed NTP and it took the bios time stamp instead. Reset the BIOS time, Reset NTP, restarted everything and now back and good again.

    It is strange that even though NTP is set and running properly on the FW, it won't check the NTP time unless you go in and manually save the screen.

    Is this a bug? What's the best way ensure that it is always synchronizing?



  • Fix time on client side, cmos bat.?
    Push NTP to the client(s) …



  • @Pippin:

    Fix time on client side, cmos bat.?
    Push NTP to the client(s) …

    Client is a VM. The host had its time set improperly (ESXi). I set the time manually on the host because the NTP service wasn't starting properly. Not sure the deal there, will troubleshoot that eventually.

    What concerns me is the VM rebooted and even though it had NTP enabled it pulled time from the host and never updated itself. In order to fix it I logged in, went to system-> settings, saw the NTP was enabled, clicked "save" and the time updated. Trying to figure out why the pfsense VM didn't automatically update until I logged in and clicked "save", seems like it should've noticed that NTP and local time were off and auto-corrected without me intervening.