Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to auto-reset VPN when gateway offline

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 4 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      apara
      last edited by

      A couple times per day I get into a situation of 100% packet loss on the VPNClient gateway.  The gateway status clearly shows offline, but when I go to VPN status it shows 'up'.  If I manually reset OpenVPN client things start working immediately.  Is there a way to automate this?

      When the gateway goes offline, I would like to automatically reset the VPN Client.
      ![Screen Shot 2017-05-22 at 9.40.54 PM.png](/public/imported_attachments/1/Screen Shot 2017-05-22 at 9.40.54 PM.png)
      ![Screen Shot 2017-05-22 at 9.40.54 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-05-22 at 9.40.54 PM.png_thumb)

      1 Reply Last reply Reply Quote 0
      • kb8wfhK
        kb8wfh
        last edited by

        Did you ever find a solution to this? I am having the same problem and can not figure out why it is happening.

        1 Reply Last reply Reply Quote 0
        • dragoangelD
          dragoangel
          last edited by

          Maybe you can use services_servicewatchdog.php for monitor of OpenVPN Client Service you need?
          And change you client configuration for OpenVPN:

          keepalive 10 60
          

          or

          ping 10
          ping-restart 60
          

          in Advanced Configuration => Custom options

          Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
          Unifi AP-AC-LR with EAP RADIUS, US-24

          1 Reply Last reply Reply Quote 0
          • kb8wfhK
            kb8wfh
            last edited by

            tried the keepalive command and the interface came up for 3-5 seconds as being ONLINE, then blinked to OFFLINE again. No idea what is happening. Not sure how to load or find that php monitor you are describing. I'm relatively new to pfSense.

            Any idea what might be going on here?

            1 Reply Last reply Reply Quote 0
            • dragoangelD
              dragoangel
              last edited by

              It in Main toolbar -> Services -> Service Watchdog. Watchdog this is https://en.wikipedia.org/wiki/Watchdog_timer it help to restart\reboot service that he looking when it goes down or stop working. If this not helps too try not look at pfSense and look to yours VPN provider or yours ISP that gives you internet. Because I too use pfSense like VPN client and it reconnecting my VPN all the time even I manually shut down my WLANs and turn them back.

              Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
              Unifi AP-AC-LR with EAP RADIUS, US-24

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Services watchdog will not do anything if the OpenVPN process continues to run.

                If the OpenVPN connection continues to run and the internal (to OpenVPN) keepalive pings continue to respond, but the OpenVPN provider stops passing actual traffic, I can't think of a built-in way to restart that tunnel.

                You might consider getting another VPN provider - or trying another site on that one. It looks broken.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.