OpenVPN keeps disconnecting randomly

TriStarGod

I have 3 machines at various locations over the Internet connecting via OpenVPN to my pfsense. Two of my machines are Linux and the other is Windows 10 Pro. Each one has a unique certificate, user, etc. However, it seems to randomly restart the VPN (every 5 - 40 mins). I don't think its due to my internet connection since I'm able to chrome remote in with no delay or lag. I scoured the logs for anything that could indicate what is causing the issue. There were too many logs so I set my log setting to default (4).

I keep seeing

openvpn1/123.123.123.123:48484 [openvpn1] Inactivity timeout (--ping-restart), restarting 

or

openvpn1/123.123.123.123:9795 GET INST BY VIRT: 192.168.12.61 [failed]
openvpn1/123.123.123.123:9795 GET INST BY VIRT: 10.2.0.3 -> openvpn1/123.123.123.123:48484:9795 via 10.2.0.3 

for each machine.

My client config is

dev tun
persist-tun
persist-key
cipher AES-256-CBC
auth SHA1
tls-client
client
resolv-retry infinite
remote 121.121.121.121 1194 udp
lport 0
verify-x509-name "www.somewebsite.com" name
auth-user-pass
pkcs12 test-udp-1194-openvpn1.p12
tls-auth test-udp-1194-openvpn1-tls.key 1
remote-cert-tls server
comp-lzo adaptive

I'm not sure how to output my server config but its

Server Mode: Remote Access (SSL/TLS + User Auth)
Protocol: UDP
Device mode: tun
Interface: WAN
Local Port: 1194
Enabled auth of TLS packets
DH Parameter length: 2048
Auth digest algo: SHA1 (160-bit)
Certificate Depth: (Client + Server)

Tunnel Settings:
IPv4 Tunnel: 10.0.2.0/24
IPv4 Local: 192.168.12.0/24
Concurrent connections: 10
Compression: Enabled with Adaptive Compression
Inter-client comm: Allowed communication between clients connected this server.

Client settings:
Dynamic IP: Allowed connected clients to retain their connections if their IP address changes
Address Pool: Provided a virtual adapter IP address to clients

Advance Client Settings:
DNS Server enabled with an another computer directed as the DNS server

Verbosity level: default

I'm on pfsense version 2.3.2, which I believe means I'm on OpenVPN 2.3.

I been working on this for over a week and have not be able to make sense of the problem. Please help.

TriStarGod

In case my firewall rules are important
Firewall / Rules / WAN

Protocol: IPv4 UDP - Source: 123.123.123.123 - Port:* - Destination: WAN address - Port:1194 (OpenVPN) - Gateway: * - Queue: none - Schedule: "" - Description: OpenVPN1Rule

(I have a similar rule for each external ip address that I want to allow in)

Firewall / Rules / OpenVPN

Protocol: IPv4 TCP/UDP - Source: * - Port: * - Destination: 192.168.12.61 - Port: 3389 (MS RDP) - Gateway: * - Queue: none - Schedule:"" - Description: SomeRDPServer

I'm not sure how keepalive works but does it need ICMP to be active?

TriStarGod

I started looking at my pfsense system logs. For one of the "disconnects", the system logged the following:

nginx: 2018/02/16 13:27:09 [error] 29525#100071: send() failed (54: Connection reset by peer)

Not sure what is sending this. Why does this cause all OpenVPN clients to crash. For testing, I disabled all users and disabled the firewall rules except one user and 2 firewall rules for my testing site / rdp server. Also, could squid be causing this issue?

TriStarGod

I've confirmed its due to the pfsense router. How do I check if the keepalive signal is transmitted?

TriStarGod

In case someone else faces a similar problem, it seems the advanced configuration can override prior settings like keepalive (this fact was not found in the pfsense manual… ). After adjusting keepalive's parameters, I no longer face the numerous random disconnects.

akkiz

@TriStarGod what did u adjust