Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN keeps disconnecting randomly

    OpenVPN
    2
    6
    6944
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TriStarGod last edited by

      I have 3 machines at various locations over the Internet connecting via OpenVPN to my pfsense. Two of my machines are Linux and the other is Windows 10 Pro. Each one has a unique certificate, user, etc. However, it seems to randomly restart the VPN (every 5 - 40 mins). I don't think its due to my internet connection since I'm able to chrome remote in with no delay or lag. I scoured the logs for anything that could indicate what is causing the issue. There were too many logs so I set my log setting to default (4).

      I keep seeing

      openvpn1/123.123.123.123:48484 [openvpn1] Inactivity timeout (--ping-restart), restarting 
      

      or

      openvpn1/123.123.123.123:9795 GET INST BY VIRT: 192.168.12.61 [failed]
      openvpn1/123.123.123.123:9795 GET INST BY VIRT: 10.2.0.3 -> openvpn1/123.123.123.123:48484:9795 via 10.2.0.3 
      

      for each machine.

      My client config is

      dev tun
      persist-tun
      persist-key
      cipher AES-256-CBC
      auth SHA1
      tls-client
      client
      resolv-retry infinite
      remote 121.121.121.121 1194 udp
      lport 0
      verify-x509-name "www.somewebsite.com" name
      auth-user-pass
      pkcs12 test-udp-1194-openvpn1.p12
      tls-auth test-udp-1194-openvpn1-tls.key 1
      remote-cert-tls server
      comp-lzo adaptive
      

      I'm not sure how to output my server config but its

      Server Mode: Remote Access (SSL/TLS + User Auth)
      Protocol: UDP
      Device mode: tun
      Interface: WAN
      Local Port: 1194
      Enabled auth of TLS packets
      DH Parameter length: 2048
      Auth digest algo: SHA1 (160-bit)
      Certificate Depth: (Client + Server)

      Tunnel Settings:
      IPv4 Tunnel: 10.0.2.0/24
      IPv4 Local: 192.168.12.0/24
      Concurrent connections: 10
      Compression: Enabled with Adaptive Compression
      Inter-client comm: Allowed communication between clients connected this server.

      Client settings:
      Dynamic IP: Allowed connected clients to retain their connections if their IP address changes
      Address Pool: Provided a virtual adapter IP address to clients

      Advance Client Settings:
      DNS Server enabled with an another computer directed as the DNS server

      Verbosity level: default

      I'm on pfsense version 2.3.2, which I believe means I'm on OpenVPN 2.3.

      I been working on this for over a week and have not be able to make sense of the problem. Please help.

      1 Reply Last reply Reply Quote 0
      • T
        TriStarGod last edited by

        In case my firewall rules are important
        Firewall / Rules / WAN

        Protocol: IPv4 UDP - Source: 123.123.123.123 - Port:* - Destination: WAN address - Port:1194 (OpenVPN) - Gateway: * - Queue: none - Schedule: "" - Description: OpenVPN1Rule

        (I have a similar rule for each external ip address that I want to allow in)

        Firewall / Rules / OpenVPN

        Protocol: IPv4 TCP/UDP - Source: * - Port: * - Destination: 192.168.12.61 - Port: 3389 (MS RDP) - Gateway: * - Queue: none - Schedule:"" - Description: SomeRDPServer

        I'm not sure how keepalive works but does it need ICMP to be active?

        1 Reply Last reply Reply Quote 0
        • T
          TriStarGod last edited by

          I started looking at my pfsense system logs. For one of the "disconnects", the system logged the following:

          nginx: 2018/02/16 13:27:09 [error] 29525#100071: send() failed (54: Connection reset by peer)

          Not sure what is sending this. Why does this cause all OpenVPN clients to crash. For testing, I disabled all users and disabled the firewall rules except one user and 2 firewall rules for my testing site / rdp server. Also, could squid be causing this issue?

          1 Reply Last reply Reply Quote 0
          • T
            TriStarGod last edited by

            I've confirmed its due to the pfsense router. How do I check if the keepalive signal is transmitted?

            1 Reply Last reply Reply Quote 0
            • T
              TriStarGod last edited by

              In case someone else faces a similar problem, it seems the advanced configuration can override prior settings like keepalive (this fact was not found in the pfsense manual… ). After adjusting keepalive's parameters, I no longer face the numerous random disconnects.

              A 1 Reply Last reply Reply Quote 0
              • A
                akkiz @TriStarGod last edited by

                @TriStarGod what did u adjust

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy