Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems with clients

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 475 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      garona
      last edited by

      Hi, i having a trouble for a couple of days, my vpn clients are working for 3 or 4 days, after this, we can't connect using installed client and need to download the same client again, and i am in this loop. On pfsense we have a dynamic public ip and dyndns configured.Someone have or has this kind of problem?
      Thanks

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by

        Whats in the OpenVPN Server and Client Logs when the connection stops working?

        -Rico

        1 Reply Last reply Reply Quote 0
        • G
          garona
          last edited by

          Client:
          Wed Oct 09 11:28:44 2019 TCP/UDP: Incoming packet rejected from [AF_INET]XXX.XXX.XXX.XX:1194[2], expected peer address: [AF_INET]XXX.XXX.XXX.XX:1199 (allow this incoming source address/port by removing --remote or adding --float)
          Wed Oct 09 11:28:53 2019 TCP/UDP: Incoming packet rejected from [AF_INET]XXX.XXX.XXX.XX:1194[2], expected peer address: [AF_INET]XXX.XXX.XXX.XX:1199 (allow this incoming source address/port by removing --remote or adding --float)
          Wed Oct 09 11:29:03 2019 TCP/UDP: Incoming packet rejected from [AF_INET]XXX.XXX.XXX.XX:1194[2], expected peer address: [AF_INET]XXX.XXX.XXX.XX:1199 (allow this incoming source address/port by removing --remote or adding --float)
          Wed Oct 09 11:29:14 2019 TCP/UDP: Incoming packet rejected from [AF_INET]XXX.XXX.XXX.XX:1194[2], expected peer address: [AF_INET]XXX.XXX.XXX.XX:1199 (allow this incoming source address/port by removing --remote or adding --float)
          Wed Oct 09 11:29:23 2019 TCP/UDP: Incoming packet rejected from [AF_INET]XXX.XXX.XXX.XX:1194[2], expected peer address: [AF_INET]XXX.XXX.XXX.XX:1199 (allow this incoming source address/port by removing --remote or adding --float)
          Wed Oct 09 11:29:43 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
          Wed Oct 09 11:29:43 2019 TLS Error: TLS handshake failed
          Wed Oct 09 11:29:43 2019 SIGUSR1[soft,tls-error] received, process restarting
          Wed Oct 09 11:29:48 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XX:1199
          Wed Oct 09 11:29:48 2019 UDP link local (bound): [AF_INET][undef]:1194
          Wed Oct 09 11:29:48 2019 UDP link remote: [AF_INET]XXX.XXX.XXX.XX:1199

          Openvpn Server:
          Oct 9 11:17:04 openvpn 54762 XXX.XXX.XX.XXX:1194 [another.user] Peer Connection Initiated with [AF_INET]XXX.XXX.XX.XXX:1194
          Oct 9 11:17:04 openvpn user 'another.user' could not authenticate.
          Oct 9 11:25:24 openvpn 54762 another.user/XXX.XXX.XX.XXX:6502 peer info: IV_VER=2.4.5
          Oct 9 11:25:24 openvpn 54762 another.user/XXX.XXX.XX.XXX:6502 peer info: IV_PLAT=win
          Oct 9 11:25:24 openvpn 54762 another.user/XXX.XXX.XX.XXX:6502 peer info: IV_PROTO=2
          Oct 9 11:25:24 openvpn 54762 another.user/XXX.XXX.XX.XXX:6502 peer info: IV_LZ4=1
          Oct 9 11:25:24 openvpn 54762 another.user/XXX.XXX.XX.XXX:6502 peer info: IV_LZ4v2=1
          Oct 9 11:25:24 openvpn 54762 another.user/XXX.XXX.XX.XXX:6502 peer info: IV_LZO=1
          Oct 9 11:25:24 openvpn 54762 another.user/XXX.XXX.XX.XXX:6502 peer info: IV_COMP_STUB=1
          Oct 9 11:25:24 openvpn 54762 another.user/XXX.XXX.XX.XXX:6502 peer info: IV_COMP_STUBv2=1
          Oct 9 11:25:24 openvpn 54762 another.user/XXX.XXX.XX.XXX:6502 peer info: IV_TCPNL=1
          Oct 9 11:25:24 openvpn 54762 another.user/XXX.XXX.XX.XXX:6502 peer info: IV_GUI_VER=OpenVPN_GUI_11
          Oct 9 11:25:24 openvpn user 'another.user' authenticated
          Oct 9 11:29:26 openvpn 54762 my.user/XXX.XXX.XX.XXX:1378 [my.user] Inactivity timeout (--ping-restart), restarting

          The user that i tried to connect doesn't appear in server logs.

          1 Reply Last reply Reply Quote 0
          • PippinP
            Pippin
            last edited by Pippin

            No access to pfS at the moment but on client side add

            float
            

            to the config.
            Could be a checkbox too in CSO.
            See --float in manual 2.4:
            https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage

            I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
            Halton Arp

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.