Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Peer to peer server Statistics show wrong status of connection (bug)

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 616 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      Gektor
      last edited by Gektor

      Version 2.4.4-RELEASE-p3 (amd64)
      I have change today one office client OpenVPN connection pfSense router to two offices with servers on pfSense router from Peer to Peer ( Shared key ) to Peer to Peer ( SSL/TLS ) and there is problems with link detection on Server side, in GUI on main page and in Status -> OpenVPN on both Server's show that connection is down, but on client side both links is UP in Statistics and traffic flows without any problems between offices. This bug can be reproduced with:

      1. Initial setup, all will be ok, both connection is showing up;
      2. Than restart (reboot) OpenVPN client router, and links in statistics on Server side will down and did not change to "up state", even if link is really up and works;
      3. If make "Save" on OpenVPN setup of server side (one, or both - two), link will up in statistics until OpenVPN client WAN reconnects or reboot.

      I have try same with usual router as client in Peer to Peer (SSL/TLS) , and problem same - after client (router) reconnection on Server (pfSense) statistics link is showing down, on client (router) - link is showing as up and tunnel works without any issues.

      In Peer to Peer ( Shared Key ) statistics is works without any problems, bug is related only for Peer to Peer ( SSL/TLS ).

      1 Reply Last reply Reply Quote 0
      • G Offline
        Gektor
        last edited by

        In Peer to Peer ( SSL/TLS ) mode i have tried add "keepalive 2 5" in Custom options on Server side (if type high values, it did not help in client reconnection, but on client reboot higher values works, it's important that keepalive was lower, than client reconnection time take), and seems that it helps shows correct link state on Server side.
        Seems that client make "reconnection" very fast, that Server status did not catch new connect in default pfSense's "keepalive 10 120" or something look like this.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.