Loss of openVPN connectivity after idle period in multi site to site set up.

  • Hi there, I am having a rather irritating issue with loss of connectivity over one of my site to site open VPN tunnels when the tunnel is idle for a while.  Our business has 4 pfsense boxes on 4 different subnets (the main office and server) (client 1) tunnel (client 2) tunnel (client 3) tunnel

    The server is set up so the clients can talk to all PCs on the server LAN and also each other via the server using multiple remote networks.  My server settings for server 2 are as below (I have obviously removed my key).  All three servers run identical set ups apart from the different subnets.

    • <openvpn-server><vpnid>2</vpnid>






    <custom_options><shared_key>xxxxxxx </shared_key>













    This set up has worked fine for months and still works OK most of the time, however over the last few weeks after a whileI loose all connectivity between client 2 and the rest of the network.  I can't ping the computer connected to the pfsense box or even ping the pfsense box itself.  However the open VPN tunnel shows as up from both ends in the status pages of both routers.  I am pretty sure it is a routing issue as tracert shows the following.

    Tracing route to over a maximum of 30 hops

    1    <1 ms    <1 ms    <1 ms  pfSenseML.ShaweyecareML []
      2    46 ms    38 ms    41 ms
      3    38 ms    38 ms    38 ms
      4    77 ms    78 ms    76 ms
      5    76 ms    76 ms    76 ms
      6  114 ms  114 ms  115 ms
      7  120 ms  137 ms  115 ms
      8  161 ms  167 ms  156 ms
      9  153 ms  157 ms  154 ms
    10  192 ms  192 ms  196 ms
    11  196 ms  190 ms  195 ms
    12  230 ms  229 ms  243 ms
    13  229 ms  229 ms  230 ms
    14  270 ms  276 ms  293 ms
    15  290 ms  271 ms  272 ms
    16  310 ms  338 ms  306 ms
    17  306 ms  308 ms  342 ms
    18  360 ms  362 ms  355 ms
    19  345 ms  355 ms  345 ms
    20  401 ms  386 ms  395 ms
    21  388 ms  383 ms  383 ms
    22  452 ms  423 ms  438 ms
    23  450 ms  423 ms  429 ms
    24  467 ms  480 ms  486 ms
    25  459 ms  503 ms  460 ms
    26  512 ms  522 ms  529 ms
    27  509 ms  519 ms  508 ms
    28  544 ms  538 ms  580 ms
    29  556 ms  553 ms  556 ms
    30  583 ms  588 ms  599 ms

    Trace complete.

    It seems to be getting stuck in the tunnel of client 1 ( rather than passing down its own tunnel ( so never reaches the pfsense box at the other end.  However if I reboot the server it is fine again for a while. The other two clients are generally fine.  Client 1 has never had this problem, and client 3 has only done it once.  Only a full reboot of the server pfsense box will fix it.  Starting and stopping the open VPN server doesn't help, nor rebooting the client pfsense box.  I rebooted on monday night and it was fine all day tuesday, but today (wednesday) exactly the same thing has happened.  It has done it a couple of times before over the past 6/12 as well, but has been fine 90% of the time.  no changes to the config have happened in all this time.  I have set a cron job to reboot the server every morning to sort the problem temporarily, but this is a horrible solution, and I really want to get to the bottom of it.

    Thanks for your help and if you need any more info just let me know.

  • I have confirmed that the issue is defintely linked to the multiple remote networks in the open vpn config as if I remove the additional remote networks and only have one subnet per vpn server it starts working again. The problem with this is the remote client networks then can't communicste with each other, only the server network.  While this isn't critical, as I can remote desktop into the server lan and access the other subnets from there, it isn't very elegant.

