PFsense OpenVPN disconnects



  • Hi there,

    I've got a problem with my openvpn server. The connection drops spontaneously but connects automatically after the disconnect again. But meanwhile the RDP connection breaks up.

    Currently I'm using pfsense 2.4.4 release.
    This is the openvpn server config:
    dev ovpns1
    verb 4
    dev-type tun
    dev-node /dev/tun1
    writepid /var/run/openvpn_server1.pid
    #user nobody
    #group nobody
    script-security 3
    daemon
    keepalive 10 60
    ping-timer-rem
    persist-tun
    persist-key
    proto tcp4-server
    cipher AES-256-CBC
    auth SHA1
    up /usr/local/sbin/ovpn-linkup
    down /usr/local/sbin/ovpn-linkdown
    client-connect /usr/local/sbin/openvpn.attributes.sh
    client-disconnect /usr/local/sbin/openvpn.attributes.sh
    local 10.zz.zz.zz
    tls-server
    server 10.yy.yy.0 255.255.255.0
    client-config-dir /var/etc/openvpn-csc/server1
    verify-client-cert none
    username-as-common-name
    plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth_verify_async user xxx= false server1 33030
    tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'xyz-VPN' 1"
    lport 33030
    management /var/etc/openvpn/server1.sock unix
    max-clients 5
    push "route 10.xxx.xx.0 255.255.255.0"
    duplicate-cn
    ca /var/etc/openvpn/server1.ca
    cert /var/etc/openvpn/server1.cert
    key /var/etc/openvpn/server1.key
    dh /etc/dh-parameters.2048
    tls-auth /var/etc/openvpn/server1.tls-auth 0
    ncp-ciphers AES-256-GCM
    topology subnet
    float

    It's TCP VPN and the port is getting forwarded from the firewall + firewall rules in and outbound are set.

    Have you got any idea, how to fix the disconnects?

    Many thanks!
    florian


  • Netgate

    What is in the logs when it disconnects?



  • @derelict said in PFsense OpenVPN disconnects:

    What is in the logs when it disconnects?

    Hi Derelict,

    here the logoutput:

    Oct 8 14:18:13 xxx_router openvpn[48788]: x.y/client-public-ip:56810 Connection reset, restarting [-1]
    Oct 8 14:18:13 xxx_router openvpn[48788]: x.y/client-public-ip:56810 SIGUSR1[soft,connection-reset] received, client-instance restarting
    Oct 8 14:18:13 xxx_router openvpn[48788]: TCP/UDP: Closing socket

    Thank you!
    Florian


  • Netgate

    Going to need more than that.



  • Oct 8 14:15:21 xxx_router openvpn[48788]: MANAGEMENT: Client disconnected
    Oct 8 14:16:22 xxx_router openvpn[48788]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Oct 8 14:16:23 xxx_router openvpn[48788]: MANAGEMENT: CMD 'status 2'
    Oct 8 14:16:23 xxx_router openvpn[48788]: MANAGEMENT: CMD 'quit'
    Oct 8 14:16:23 xxx_router openvpn[48788]: MANAGEMENT: Client disconnected
    Oct 8 14:17:10 xxx_router openvpn[48788]: MULTI: multi_create_instance called
    Oct 8 14:17:10 xxx_router openvpn[48788]: Re-using SSL/TLS context
    Oct 8 14:17:10 xxx_router openvpn[48788]: Control Channel MTU parms [ L:1623 D:1182 EF:68 EB:0 ET:0 EL:3 ]
    Oct 8 14:17:10 xxx_router openvpn[48788]: Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
    Oct 8 14:17:10 xxx_router openvpn[48788]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    Oct 8 14:17:10 xxx_router openvpn[48788]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    Oct 8 14:17:10 xxx_router openvpn[48788]: TCP connection established with [AF_INET]client-public-ip:62792
    Oct 8 14:17:10 xxx_router openvpn[48788]: TCPv4_SERVER link local: (not bound)
    Oct 8 14:17:10 xxx_router openvpn[48788]: TCPv4_SERVER link remote: [AF_INET]client-public-ip:62792
    Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 TLS: Initial packet from [AF_INET]client-public-ip:62792, sid=9e96f9e1 f69e7b34
    Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 peer info: IV_VER=2.4.3
    Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 peer info: IV_PLAT=win
    Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 peer info: IV_PROTO=2
    Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 peer info: IV_NCP=2
    Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 peer info: IV_LZ4=1
    Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 peer info: IV_LZ4v2=1
    Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 peer info: IV_LZO=1
    Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 peer info: IV_COMP_STUB=1
    Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 peer info: IV_COMP_STUBv2=1
    Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 peer info: IV_TCPNL=1
    Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 PLUGIN_CALL: POST /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
    Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 TLS: Username/Password authentication deferred for username 'user1' [CN SET]
    Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384
    Oct 8 14:17:11 xxx_router openvpn[48788]: client-public-ip:62792 [user1] Peer Connection Initiated with [AF_INET]client-public-ip:62792
    Oct 8 14:17:11 xxx_router openvpn: user 'user1' authenticated
    Oct 8 14:17:12 xxx_router openvpn[48788]: client-public-ip:62792 PUSH: Received control message: 'PUSH_REQUEST'
    Oct 8 14:17:12 xxx_router openvpn[48788]: user1/client-public-ip:62792 MULTI_sva: pool returned IPv4=openvpn-subnet.2, IPv6=(Not enabled)
    Oct 8 14:17:12 xxx_router openvpn[48788]: user1/client-public-ip:62792 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_6af84ee7c33905310a99af86229e938.tmp
    Oct 8 14:17:12 xxx_router openvpn[48788]: user1/client-public-ip:62792 MULTI: Learn: openvpn-subnet.2 -> user1/client-public-ip:62792
    Oct 8 14:17:12 xxx_router openvpn[48788]: user1/client-public-ip:62792 MULTI: primary virtual IP for user1/client-public-ip:62792: openvpn-subnet.2
    Oct 8 14:17:18 xxx_router openvpn[48788]: user1/client-public-ip:62792 PUSH: Received control message: 'PUSH_REQUEST'
    Oct 8 14:17:18 xxx_router openvpn[48788]: user1/client-public-ip:62792 SENT CONTROL [user1]: 'PUSH_REPLY,route pfsense-lan-subnet.0 255.255.255.0,route-gateway openvpn-subnet.1,topology subnet,ping 10,ping-restart 60,ifconfig openvpn-subnet.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
    Oct 8 14:17:18 xxx_router openvpn[48788]: user1/client-public-ip:62792 Data Channel: using negotiated cipher 'AES-256-GCM'
    Oct 8 14:17:18 xxx_router openvpn[48788]: user1/client-public-ip:62792 Data Channel MTU parms [ L:1551 D:1450 EF:51 EB:406 ET:0 EL:3 ]
    Oct 8 14:17:18 xxx_router openvpn[48788]: user1/client-public-ip:62792 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
    Oct 8 14:17:18 xxx_router openvpn[48788]: user1/client-public-ip:62792 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
    Oct 8 14:17:19 xxx_router openvpn[48788]: user1/client-public-ip:62792 MULTI: bad source address from client [::], packet dropped
    Oct 8 14:17:24 xxx_router openvpn[48788]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Oct 8 14:17:24 xxx_router openvpn[48788]: MANAGEMENT: CMD 'status 2'
    Oct 8 14:17:24 xxx_router openvpn[48788]: MANAGEMENT: CMD 'quit'
    Oct 8 14:17:24 xxx_router openvpn[48788]: MANAGEMENT: Client disconnected
    Oct 8 14:17:43 xxx_router openvpn[48788]: user1/client-public-ip:62475 Connection reset, restarting [-1]
    Oct 8 14:17:43 xxx_router openvpn[48788]: user1/client-public-ip:62475 SIGUSR1[soft,connection-reset] received, client-instance restarting
    Oct 8 14:17:43 xxx_router openvpn[48788]: TCP/UDP: Closing socket
    Oct 8 14:17:53 xxx_router openvpn[48788]: MULTI: multi_create_instance called
    Oct 8 14:17:53 xxx_router openvpn[48788]: Re-using SSL/TLS context
    Oct 8 14:17:53 xxx_router openvpn[48788]: Control Channel MTU parms [ L:1623 D:1182 EF:68 EB:0 ET:0 EL:3 ]
    Oct 8 14:17:53 xxx_router openvpn[48788]: Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
    Oct 8 14:17:53 xxx_router openvpn[48788]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    Oct 8 14:17:53 xxx_router openvpn[48788]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    Oct 8 14:17:53 xxx_router openvpn[48788]: TCP connection established with [AF_INET]client-public-ip:57863
    Oct 8 14:17:53 xxx_router openvpn[48788]: TCPv4_SERVER link local: (not bound)
    Oct 8 14:17:53 xxx_router openvpn[48788]: TCPv4_SERVER link remote: [AF_INET]client-public-ip:57863
    Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 TLS: Initial packet from [AF_INET]client-public-ip:57863, sid=6556a30e 7edd0b19
    Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 peer info: IV_VER=2.4.3
    Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 peer info: IV_PLAT=win
    Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 peer info: IV_PROTO=2
    Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 peer info: IV_NCP=2
    Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 peer info: IV_LZ4=1
    Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 peer info: IV_LZ4v2=1
    Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 peer info: IV_LZO=1
    Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 peer info: IV_COMP_STUB=1
    Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 peer info: IV_COMP_STUBv2=1
    Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 peer info: IV_TCPNL=1
    Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 PLUGIN_CALL: POST /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
    Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 TLS: Username/Password authentication deferred for username 'user2' [CN SET]
    Oct 8 14:17:54 xxx_router openvpn: user 'user2' authenticated
    Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384
    Oct 8 14:17:54 xxx_router openvpn[48788]: client-public-ip:57863 [user2] Peer Connection Initiated with [AF_INET]client-public-ip:57863
    Oct 8 14:17:54 xxx_router openvpn[48788]: user2/client-public-ip:57863 MULTI_sva: pool returned IPv4=openvpn-subnet.4, IPv6=(Not enabled)
    Oct 8 14:17:54 xxx_router openvpn[48788]: user2/client-public-ip:57863 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_7068972ab540ab9c5eb049bc10c5375b.tmp
    Oct 8 14:17:54 xxx_router openvpn[48788]: user2/client-public-ip:57863 MULTI: Learn: openvpn-subnet.4 -> user2/client-public-ip:57863
    Oct 8 14:17:54 xxx_router openvpn[48788]: user2/client-public-ip:57863 MULTI: primary virtual IP for user2/client-public-ip:57863: openvpn-subnet.4
    Oct 8 14:17:55 xxx_router openvpn[48788]: user2/client-public-ip:57863 PUSH: Received control message: 'PUSH_REQUEST'
    Oct 8 14:17:55 xxx_router openvpn[48788]: user2/client-public-ip:57863 SENT CONTROL [user2]: 'PUSH_REPLY,route pfsense-lan-subnet.0 255.255.255.0,route-gateway openvpn-subnet.1,topology subnet,ping 10,ping-restart 60,ifconfig openvpn-subnet.4 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
    Oct 8 14:17:55 xxx_router openvpn[48788]: user2/client-public-ip:57863 Data Channel: using negotiated cipher 'AES-256-GCM'
    Oct 8 14:17:55 xxx_router openvpn[48788]: user2/client-public-ip:57863 Data Channel MTU parms [ L:1551 D:1450 EF:51 EB:406 ET:0 EL:3 ]
    Oct 8 14:17:55 xxx_router openvpn[48788]: user2/client-public-ip:57863 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
    Oct 8 14:17:55 xxx_router openvpn[48788]: user2/client-public-ip:57863 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
    Oct 8 14:17:57 xxx_router openvpn[48788]: user2/client-public-ip:57863 MULTI: bad source address from client [::], packet dropped
    Oct 8 14:18:13 xxx_router openvpn[48788]: MULTI: multi_create_instance called
    Oct 8 14:18:13 xxx_router openvpn[48788]: Re-using SSL/TLS context
    Oct 8 14:18:13 xxx_router openvpn[48788]: Control Channel MTU parms [ L:1623 D:1182 EF:68 EB:0 ET:0 EL:3 ]
    Oct 8 14:18:13 xxx_router openvpn[48788]: Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
    Oct 8 14:18:13 xxx_router openvpn[48788]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    Oct 8 14:18:13 xxx_router openvpn[48788]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    Oct 8 14:18:13 xxx_router openvpn[48788]: TCP connection established with [AF_INET]client-public-ip:62824
    Oct 8 14:18:13 xxx_router openvpn[48788]: TCPv4_SERVER link local: (not bound)
    Oct 8 14:18:13 xxx_router openvpn[48788]: TCPv4_SERVER link remote: [AF_INET]client-public-ip:62824
    Oct 8 14:18:13 xxx_router openvpn[48788]: user2/client-public-ip:56810 Connection reset, restarting [-1]
    Oct 8 14:18:13 xxx_router openvpn[48788]: user2/client-public-ip:56810 SIGUSR1[soft,connection-reset] received, client-instance restarting
    Oct 8 14:18:13 xxx_router openvpn[48788]: TCP/UDP: Closing socket
    Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 TLS: Initial packet from [AF_INET]client-public-ip:62824, sid=35b566c4 64180896
    Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 peer info: IV_VER=2.4.3
    Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 peer info: IV_PLAT=win
    Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 peer info: IV_PROTO=2
    Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 peer info: IV_NCP=2
    Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 peer info: IV_LZ4=1
    Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 peer info: IV_LZ4v2=1
    Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 peer info: IV_LZO=1
    Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 peer info: IV_COMP_STUB=1
    Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 peer info: IV_COMP_STUBv2=1
    Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 peer info: IV_TCPNL=1
    Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 PLUGIN_CALL: POST /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
    Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 TLS: Username/Password authentication deferred for username 'user1' [CN SET]
    Oct 8 14:18:14 xxx_router openvpn: user 'user1' authenticated
    Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384
    Oct 8 14:18:14 xxx_router openvpn[48788]: client-public-ip:62824 [user1] Peer Connection Initiated with [AF_INET]client-public-ip:62824
    Oct 8 14:18:14 xxx_router openvpn[48788]: user1/client-public-ip:62824 MULTI_sva: pool returned IPv4=openvpn-subnet.3, IPv6=(Not enabled)
    Oct 8 14:18:14 xxx_router openvpn[48788]: user1/client-public-ip:62824 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_768071e60ec2cfe31027440378a90bc2.tmp
    Oct 8 14:18:14 xxx_router openvpn[48788]: user1/client-public-ip:62824 MULTI: Learn: openvpn-subnet.3 -> user1/client-public-ip:62824
    Oct 8 14:18:14 xxx_router openvpn[48788]: user1/client-public-ip:62824 MULTI: primary virtual IP for user1/client-public-ip:62824: openvpn-subnet.3
    Oct 8 14:18:15 xxx_router openvpn[48788]: user1/client-public-ip:62824 PUSH: Received control message: 'PUSH_REQUEST'
    Oct 8 14:18:15 xxx_router openvpn[48788]: user1/client-public-ip:62824 SENT CONTROL [user1]: 'PUSH_REPLY,route pfsense-lan-subnet.0 255.255.255.0,route-gateway openvpn-subnet.1,topology subnet,ping 10,ping-restart 60,ifconfig openvpn-subnet.3 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
    Oct 8 14:18:15 xxx_router openvpn[48788]: user1/client-public-ip:62824 Data Channel: using negotiated cipher 'AES-256-GCM'
    Oct 8 14:18:15 xxx_router openvpn[48788]: user1/client-public-ip:62824 Data Channel MTU parms [ L:1551 D:1450 EF:51 EB:406 ET:0 EL:3 ]
    Oct 8 14:18:15 xxx_router openvpn[48788]: user1/client-public-ip:62824 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
    Oct 8 14:18:15 xxx_router openvpn[48788]: user1/client-public-ip:62824 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
    Oct 8 14:18:17 xxx_router openvpn[48788]: user1/client-public-ip:62824 MULTI: bad source address from client [::], packet dropped
    Oct 8 14:18:26 xxx_router openvpn[48788]: MANAGEMENT: Client connected from /var/etc/openvpn/server1.sock
    Oct 8 14:18:26 xxx_router openvpn[48788]: MANAGEMENT: CMD 'status 2'
    Oct 8 14:18:26 xxx_router openvpn[48788]: MANAGEMENT: CMD 'quit'
    Oct 8 14:18:26 xxx_router openvpn[48788]: MANAGEMENT: Client disconnected
    Oct 8 14:18:36 xxx_router openvpn[48788]: user1/client-public-ip:62792 Connection reset, restarting [-1]
    Oct 8 14:18:36 xxx_router openvpn[48788]: user1/client-public-ip:62792 SIGUSR1[soft,connection-reset] received, client-instance restarting
    Oct 8 14:18:36 xxx_router openvpn[48788]: TCP/UDP: Closing socket
    Oct 8 14:18:40 xxx_router openvpn[48788]: MULTI: multi_create_instance called
    Oct 8 14:18:40 xxx_router openvpn[48788]: Re-using SSL/TLS context
    Oct 8 14:18:40 xxx_router openvpn[48788]: Control Channel MTU parms [ L:1623 D:1182 EF:68 EB:0 ET:0 EL:3 ]
    Oct 8 14:18:40 xxx_router openvpn[48788]: Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
    Oct 8 14:18:40 xxx_router openvpn[48788]: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    Oct 8 14:18:40 xxx_router openvpn[48788]: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
    Oct 8 14:18:40 xxx_router openvpn[48788]: TCP connection established with [AF_INET]client-public-ip:62860
    Oct 8 14:18:40 xxx_router openvpn[48788]: TCPv4_SERVER link local: (not bound)
    Oct 8 14:18:40 xxx_router openvpn[48788]: TCPv4_SERVER link remote: [AF_INET]client-public-ip:62860
    Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 TLS: Initial packet from [AF_INET]client-public-ip:62860, sid=ec993c74 2ad49ac8
    Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 peer info: IV_VER=2.4.3
    Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 peer info: IV_PLAT=win
    Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 peer info: IV_PROTO=2
    Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 peer info: IV_NCP=2
    Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 peer info: IV_LZ4=1
    Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 peer info: IV_LZ4v2=1
    Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 peer info: IV_LZO=1
    Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 peer info: IV_COMP_STUB=1
    Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 peer info: IV_COMP_STUBv2=1
    Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 peer info: IV_TCPNL=1
    Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 PLUGIN_CALL: POST /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so/PLUGIN_AUTH_USER_PASS_VERIFY status=2
    Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 TLS: Username/Password authentication deferred for username 'user1' [CN SET]
    Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384
    Oct 8 14:18:41 xxx_router openvpn[48788]: client-public-ip:62860 [user1] Peer Connection Initiated with [AF_INET]client-public-ip:62860
    Oct 8 14:18:41 xxx_router openvpn: user 'user1' authenticated
    Oct 8 14:18:42 xxx_router openvpn[48788]: client-public-ip:62860 PUSH: Received control message: 'PUSH_REQUEST'
    Oct 8 14:18:42 xxx_router openvpn[48788]: user1/client-public-ip:62860 MULTI_sva: pool returned IPv4=openvpn-subnet.2, IPv6=(Not enabled)
    Oct 8 14:18:42 xxx_router openvpn[48788]: user1/client-public-ip:62860 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_3699f25ab231896c11c3a20d466bbfcf.tmp
    Oct 8 14:18:42 xxx_router openvpn[48788]: user1/client-public-ip:62860 MULTI: Learn: openvpn-subnet.2 -> user1/client-public-ip:62860
    Oct 8 14:18:42 xxx_router openvpn[48788]: user1/client-public-ip:62860 MULTI: primary virtual IP for user1/client-public-ip:62860: openvpn-subnet.2
    Oct 8 14:18:47 xxx_router openvpn[48788]: user1/client-public-ip:62860 PUSH: Received control message: 'PUSH_REQUEST'
    Oct 8 14:18:47 xxx_router openvpn[48788]: user1/client-public-ip:62860 SENT CONTROL [user1]: 'PUSH_REPLY,route pfsense-lan-subnet.0 255.255.255.0,route-gateway openvpn-subnet.1,topology subnet,ping 10,ping-restart 60,ifconfig openvpn-subnet.2 255.255.255.0,peer-id 0,cipher AES-256-GCM' (status=1)
    Oct 8 14:18:47 xxx_router openvpn[48788]: user1/client-public-ip:62860 Data Channel: using negotiated cipher 'AES-256-GCM'
    Oct 8 14:18:47 xxx_router openvpn[48788]: user1/client-public-ip:62860 Data Channel MTU parms [ L:1551 D:1450 EF:51 EB:406 ET:0 EL:3 ]
    Oct 8 14:18:47 xxx_router openvpn[48788]: user1/client-public-ip:62860 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
    Oct 8 14:18:47 xxx_router openvpn[48788]: user1/client-public-ip:62860 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
    Oct 8 14:18:48 xxx_router openvpn[48788]: user1/client-public-ip:62860 MULTI: bad source address from client [::], packet dropped
    Oct 8 14:19:13 xxx_router openvpn[48788]: user1/client-public-ip:62824 Connection reset, restarting [-1]
    Oct 8 14:19:13 xxx_router openvpn[48788]: user1/client-public-ip:62824 SIGUSR1[soft,connection-reset] received, client-instance restarting
    Oct 8 14:19:14 xxx_router openvpn[48788]: TCP/UDP: Closing socket

    this keeps repeating...

    and some of this:

    Oct 8 15:36:05 xxx_router openvpn[48788]: user1/client-public-ip:63254 MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
    Oct 8 15:36:05 xxx_router openvpn[48788]: user1/client-public-ip:63254 MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
    Oct 8 15:36:05 xxx_router openvpn[48788]: user1/client-public-ip:63254 MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
    Oct 8 15:36:05 xxx_router openvpn[48788]: user1/client-public-ip:63254 MULTI: packet dropped due to output saturation (multi_process_incoming_tun)
    Oct 8 15:36:05 xxx_router openvpn[48788]: user1/client-public-ip:63254 MULTI: packet dropped due to output saturation (multi_process_incoming_tun)



  • could you see something in the logs?



  • would be very happy to get help :-)



  • Maybe somebody could help me please.



  • Why do you use OpenVPN in TCP Mode? Switch over to UDP and try again.

    -Rico