Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No openvpn connectivity after first disconnect

    Scheduled Pinned Locked Moved
    OpenVPN
    1
    1
    418
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      masupilamie
      last edited by

      Hello,

      On first connect to the openvpn server (pfSense), all is working perfect, but after disconnecting al future connects result in no connectivity on the openvpn client (Tunnelblick). This seems to be related to the client generating a new mac address every time it connects (and only the first one works and keeps working).

      I am using:
      pfSense 2.4.3
      openvpn in TAP mode (bridge)
      Tunnelblick client on MacOS

      I already found out that using the lladdr option in the client's config file to lock the mac address (instead of generating a new one on every connect) fixes this issue, but this forces me to manually add that option (and keep track of conflicting mac addresses) to the client config file, also a random mac address is the default way of doing it and seems logical for a virtual (client) interface.

      After reconnecting without vpn connectivity (when the client has generated a new mac address), restarting for example dhcp server or dns resolver on pfSense immediately restores connectivity. I guess the new mac address is accepted when some networking is restarted.

      The system log shows "arp: 10.0.10.90 moved from <client_generated_mac_from_previous_connection>to <client_generated_mac_current_connection>on ovpns2" every time the client connects.

      Some ip info:
      pfSense own ip (local gateway): 10.0.10.1
      DHCP range for local clients: 10.0.10.100-10.0.10.250
      openvpn server bridge DHCP start: 10.0.10.90
      openvpn server bridge DHCP end: 10.0.10.99

      Interface info:
      WAN: em0
      LAN: em1
      OVPN_TAP: ovpns2 (ovpns1 is a tun server)

      BRIDGE0 members: LAN, OVPN_TAP

      Openvpn's Bridge interface: LAN

      My question:
      Why is there no connectivity when the openvpn client's mac address is different from the previous connection, and what can I do to make al future connects work while still allowing the client to generate a new mac address on every connect?

      Thanks in advance, if any extra information (e.g. logs) is needed please let me know.</client_generated_mac_current_connection></client_generated_mac_from_previous_connection>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post