Issues with VPN connection not staying up



  • Just recently after updating to 2.4.4 I’ve been noticing a lot of disconnects through PIA VPN. When I login to the pfsense interface PIA VPN UDP4 has a red arrow pointing down. I restart the service and then the connection comes back up. I have service watchdog enabled on vpn and the following in my optional config commands:

    explicit-exit-notify 2;
    ifconfig-nowarn;
    tls-client;
    persist-key;
    persist-tun;
    remote-cert-tls server;
    fast-io;
    sndbuf 1572864;
    rcvbuf 1572864;
    --mute-replay-warnings;
    pull-filter ignore "auth-token";
    remote us-east.privateinternetaccess.com:1198;
    remote us-california.privateinternetaccess.com:1198;

    I’ve also set a monitor IP on the vpn to 4.2.2.6 and the connection still seems to drop. ANY help at this point would be great as I have to manually restart the vpn services every day.





  • The red arrow indicates that gateway monitoring believes the connection is down. The first thing I'd recommend is determining whether it is actually down. So next time this happens, go to Status > OpenVPN and see whether the client connection is up or down. You can also go to Status > Gateways which will display the packet loss and ping RTT stats. You might also want to turn up the log level on your VPN client configuration(s) to 4, and then examine the log after one of these failure events. Have you tried multiple PIA servers too?



  • @thenarc

    Good suggestion I will report back with my findings as to your question if it’s acrually down or not. So far I have tried three different servers and they all do this.



  • Nov 6 20:37:15 rc.gateway_alarm 11953 >>> Gateway alarm: PIA_VPN_VPNV4 (Addr:4.2.2.6 Alarm:1 RTT:21.470ms RTTsd:5.277ms Loss:22%)
    Nov 6 20:37:15 check_reload_status updating dyndns PIA_VPN_VPNV4
    Nov 6 20:37:15 check_reload_status Restarting ipsec tunnels
    Nov 6 20:37:15 check_reload_status Restarting OpenVPN tunnels/interfaces
    Nov 6 20:37:15 check_reload_status Reloading filter
    Nov 6 20:37:16 php-fpm 347 /rc.openvpn: Gateway, none 'available' for inet6, use the first one configured. 'PIA_VPN_VPNV6'
    Nov 6 20:37:16 php-fpm 347 /rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use PIA_VPN_VPNV4.
    Nov 6 20:38:16 kernel ovpnc1: link state changed to DOWN
    Nov 6 20:38:16 check_reload_status Reloading filter
    Nov 6 20:38:17 kernel ovpnc1: link state changed to U



  • do you have IP6 enabled on your pfsense router?



  • This morning woke up and everything seemed to be fine until I opened up a browser window and tried to navigate to a website. The connection stopped. Here is what the log reports:

    Nov 6 20:38:00 pfSense openvpn[73875]: [50e7bb007196e71bdd12ef3f436ff391] Inactivity timeout (--ping-restart), restarting
    Nov 6 20:38:00 pfSense openvpn[73875]: SIGUSR1[soft,ping-restart] received, process restarting
    Nov 6 20:38:00 pfSense openvpn[73875]: Restart pause, 10 second(s)

    I looked at my config and did some research and looks like persist-tun in my additional configurations is not supported or has issues in pfsense 2.2.4? I removed the option and will report back.

    Since I removed the "persist-tun" option I also decided to add a keep alive by adding the following:

    keepalive 10 120



  • This post is deleted!


  • @bcruze

    @bcruze said in Issues with VPN connection not staying up:

    do you have IP6 enabled on your pfsense router?

    I will have to check on this when I get home. I am currently "working" lol