OpenVPN client disconnected repeatdly



  • Hello All,

    Trying to get a RoadWarrior connection setup 'correctly' in OpenVPN. Using Android phone with OpenVPN Connect as the client.
    pfSense2.2.4-amd64_RELEASE.

    Multiple subnets on multiple NICS.

    LAN - 1.1.1.1/24
    LAN_EL -2.2.2.2/23
    LAN_HI - 3.3.3.3/23
    LAN_PH- 4.4.4.4/23

    Have finally figured out how to set up the , route, push,iroute rules on the server and Client specific overrides section,,,and once connected looking at Status>OpenVPN, the routing tables are finally showing as they should.
    The client/phone can only ping LAN. Doing a packet capture,pings show on LAN. interface and back to client,successful Doing a packet capture on LAN_EL ,LAN_HI,LAN_PH,to a device on one of these subnets,the ping request never hits the pfsense NIC on the appropriate nic,,,nothing is received.to pfSense machine.

    Attached is the Status>OpenVPN>Routing tables on pfsense machine:

    vpnclient1 WAN:42164 10.0.1.2 Sat Aug 12 07:22:28 2017 40 KB 444 KB delete
    status  Running restart stop

    biggsville-openvpn UDP:1194 Routing Table
    Common Name Real Address Target Network Last Used
    vpnclient1 WAN:42164 172.28.12.0/23 Sat Aug 12 07:22:30 2017
    vpnclient1 WAN:42164 172.28.14.0/23 Sat Aug 12 07:22:30 2017
    vpnclient1 WAN:42164 172.28.8.0/24 Sat Aug 12 07:22:30 2017
    vpnclient1 WAN:42164 172.28.10.0/23 Sat Aug 12 07:22:30 2017
    vpnclient1 WAN:42164 10.0.1.2 Sat Aug 12 08:02:56 2017
    An IP address followed by C indicates a host currently connected through the VPN.

    After much time spent going in circles,,looking in the OpenVPN I see the following repeating:

    Aug 12 07:29:54 openvpn[44271]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Aug 12 07:29:54 openvpn[44271]: MANAGEMENT: CMD 'status 2'
    Aug 12 07:29:54 openvpn[44271]: MANAGEMENT: CMD 'quit'
    Aug 12 07:29:54 openvpn[44271]: MANAGEMENT: Client disconnected
    Aug 12 07:30:56 openvpn[44271]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Aug 12 07:30:56 openvpn[44271]: MANAGEMENT: CMD 'status 2'
    Aug 12 07:30:56 openvpn[44271]: MANAGEMENT: CMD 'quit'
    Aug 12 07:30:56 openvpn[44271]: MANAGEMENT: Client disconnected
    Aug 12 07:31:58 openvpn[44271]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Aug 12 07:31:58 openvpn[44271]: MANAGEMENT: CMD 'status 2'
    Aug 12 07:31:58 openvpn[44271]: MANAGEMENT: CMD 'quit'
    Aug 12 07:31:58 openvpn[44271]: MANAGEMENT: Client disconnected
    Aug 12 07:32:04 openvpn[44271]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Aug 12 07:32:04 openvpn[44271]: MANAGEMENT: CMD 'status 2'
    Aug 12 07:32:04 openvpn[44271]: MANAGEMENT: Client disconnected
    Aug 12 07:33:00 openvpn[44271]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Aug 12 07:33:00 openvpn[44271]: MANAGEMENT: CMD 'status 2'
    Aug 12 07:33:00 openvpn[44271]: MANAGEMENT: CMD 'quit'
    Aug 12 07:33:00 openvpn[44271]: MANAGEMENT: Client disconnected
    Aug 12 07:34:02 openvpn[44271]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Aug 12 07:34:02 openvpn[44271]: MANAGEMENT: CMD 'status 2'
    Aug 12 07:34:02 openvpn[44271]: MANAGEMENT: CMD 'quit'
    Aug 12 07:34:02 openvpn[44271]: MANAGEMENT: Client disconnected
    Aug 12 07:35:04 openvpn[44271]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Aug 12 07:35:04 openvpn[44271]: MANAGEMENT: CMD 'status 2'
    Aug 12 07:35:04 openvpn[44271]: MANAGEMENT: CMD 'quit'
    Aug 12 07:35:04 openvpn[44271]: MANAGEMENT: Client disconnected
    Aug 12 07:36:06 openvpn[44271]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Aug 12 07:36:06 openvpn[44271]: MANAGEMENT: CMD 'status 2'
    Aug 12 07:36:06 openvpn[44271]: MANAGEMENT: CMD 'quit'
    Aug 12 07:36:06 openvpn[44271]: MANAGEMENT: Client disconnected

    Even after this continually repeats the client can still ping any device on LAN, FYI.

    Did search but do not see this particular scenario. I'm sure someone has run into this before.

    Thank You


  • Rebel Alliance Developer Netgate

    Those log messages are harmless, they are the GUI probing the daemon status via the management socket. It is not a VPN client connecting/disconnecting.


Log in to reply