OpenVPN Tunnel Does not Appear to stay Active
-
Hello All,
This is a newbie question. This is my first attempt at configuring OpenVPN so please forgive my ignorance.
I have been searching for answers to an issue I am having with an OpenVPN road warrior configuration.
Here is the problem in a nutshell. I have followed the HowTo posted on the pfSense website. I upgraded the pfSense firmware to release 1.2.2. (Previous release on this box was 1.0.2. Not sure if that matters.)
I have the OpenVPN client 2.0.9 running on Windows XP SP3 workstations. I have created the client certs as instructed in the HowTo as well.
I can get the tunnel to initialize. I can see the route table get updated on the client. I can get pings to cross the tunnel for a short period of time. (9 - 12 responses typically). Then they just mysteriously die. The route table entries also will disappear (for the most part).
The crazy thing is that if I drop the connection and retry (sometimes it works the second time or it may take multiple attempts.) it eventually will work and appear stable for as long as you want it to be.
Can anyone provide any assistance with this issue? Any help will be appreciated.
Thanks in advance.
Wayne -
needed:
server config file, client config file,
server log, client log -
Sent the requested files via your email address.
-
I think I may have this issue resolved. I have made the following changes. Most of the information I used came from this forum (in multiple other posts). Thanks to all for sharing.
-
I converted from using TCP to UDP. What made this possible was the inclusion of local xxx.xxx.xxx.xxx in the options on the OpenVPN Server configuration. (Where xxx.xxx.xxx.xxx = IPA of WAN connection)
-
I also found that my client configuration profile included a tls-client directive. My server has not been configured for this option.
My testing so far has been positive. I can connect the first time and the tunnel will stay active. Much better than before.
I do have one question however. Can anyone tell me why the client log file did not indicate any problem? From the client side everything looked fine. The tunnel would collapse, but there would be no indication in the log. I played with the client verb setting and had set it as high as 7 to no avail. The server log would indicate a connection Reset but that was about it.
Thanks to all. I hope this information can help others experiencing similar issues.
-
-
Doh! I spoke too soon. The connection seems a bit better but it still is taking me several attempts to get a stable connection.
I started having issues after re-booting my test workstation. (Windows XP Pro SP3) After a reboot the first connection attempt always will fail. (Connects, can ping across, dies a few seconds later)
-
Sorry just saw your email.
Haven't had time to look at it.
(i'm moving and dont have internet at the new place yet). -
No problem. Whenever you have time. If you weren't a few thousand miles away I would offer my assistance. :)
