Network Disconnection in Client Machine after 1 hour

  • Hi,

    I'm using Pfsense 2.3.1 with OpenVPN and MOTP. Our client machine has to reauthenticate every one hour. But the problem we face is, laptop or desktop is totally disconnected from the local network once it is disconnected for authentication. If I exited OpenVPN clients it is started working. Any suggestions are appreciated.

    Thanks & Regards
    Muralidharan Sukumaran

  • I am experiencing the same issue. I am using two-factor authentication on the back-end so it is forcing me to have to authenticate every hour. I have looked up on OpenVPN on how to resolve this and have tried adding " reneg-sec 0;" in the custom options of the web-UI but the setting does not seem to be getting honored even after restarting OpenVPN. I am running pfsense 2.4.2-R1 ( latest ). Hopefully someone can point me in the right direction here to either get it set to never or extend it. I have tried both and neither seem to be getting honored when trying to set them through the UI or even editing the config on the file system.

  • Hi,

    I sorted out this issue. it may be helpful for you.

    The firewall had settings like it will be authenticated every 60 minutes. Also, client-side settings configured like traffic will be sent through the firewall. After 60 minutes firewall closes the connection from the client if we are not given dual factor authentication code. so internet is automatically disconnected.

    I made changes (please check attachment) for that, only required clients will use the tunnel network. other traffic goes directly. so the issue has been resolved. if any user requires old settings it can be achieved through client config file.

    Thanks & Regards
    Muralidharan Sukumaran

  • @muralidharanks
    I cannot see your attachment. Would it be possible for you to relay your solution in text? Thanks you,
    Sajan Sahu

  • LAYER 8 Netgate

    You must set reneg-sec 0; in the clients to disable them from initiating a renegotiation. Then you can set something reneg-sec 43200 in the server to set a 12-hour interval (or whatever works for you). The reneg-sec setting cannot, unfortunately, be pushed from the server to the client.

    You can set reneg-sec 0; as a permanent option in the client exporter.

Log in to reply