losing OpenVPN connection every 20 - 120 seconds



  • help whenever i start open vpn client from express vpn the tunnel keeps restarting every 30 seconds and i keep getting this log under firewall,i am trying since 4 weeks help!!!!!!!!!!!!!!!!!!!!

    /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 10.23.0.30 -> 10.107.0.10 - Restarting packages.



  • @akkiz this is the log
    Jan 8 18:52:05 check_reload_status Syncing firewall
    Jan 8 18:52:05 kernel tun1: changing name to 'ovpnc1'
    Jan 8 18:52:05 php-fpm 342 OpenVPN PID written: 31289
    Jan 8 18:52:05 check_reload_status Reloading filter
    Jan 8 18:52:13 kernel ovpnc1: link state changed to UP
    Jan 8 18:52:13 check_reload_status rc.newwanip starting ovpnc1
    Jan 8 18:52:14 php-fpm 343 OpenVPN terminate old pid: 31289
    Jan 8 18:52:14 kernel ovpnc1: link state changed to DOWN
    Jan 8 18:52:14 check_reload_status Reloading filter
    Jan 8 18:52:14 php-fpm 342 /rc.newwanip: rc.newwanip: Info: starting on ovpnc1.
    Jan 8 18:52:14 php-fpm 342 /rc.newwanip: rc.newwanip: on (IP address: ) (interface: []) (real interface: ovpnc1).
    Jan 8 18:52:14 php-fpm 342 /rc.newwanip: rc.newwanip called with empty interface.
    Jan 8 18:52:14 check_reload_status Reloading filter
    Jan 8 18:52:14 php-fpm 342 /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - -> - Restarting packages.
    Jan 8 18:52:14 check_reload_status Starting packages
    Jan 8 18:52:15 php-fpm 343 OpenVPN PID written: 78069
    Jan 8 18:52:16 php-fpm 94188 /rc.start_packages: Restarting/Starting all packages.
    Jan 8 18:53:42 kernel ovpnc1: link state changed to UP
    Jan 8 18:53:42 check_reload_status rc.newwanip starting ovpnc1
    Jan 8 18:53:43 php-fpm 94188 /rc.newwanip: rc.newwanip: Info: starting on ovpnc1.
    Jan 8 18:53:43 php-fpm 94188 /rc.newwanip: rc.newwanip: on (IP address: 10.107.0.26) (interface: []) (real interface: ovpnc1).
    Jan 8 18:53:43 php-fpm 94188 /rc.newwanip: rc.newwanip called with empty interface.
    Jan 8 18:53:43 check_reload_status Reloading filter
    Jan 8 18:53:43 php-fpm 94188 /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - -> 10.107.0.26 - Restarting packages.
    Jan 8 18:53:43 check_reload_status Starting packages
    Jan 8 18:53:44 php-fpm 343 /rc.start_packages: Restarting/Starting all packages.

    What is happening here my connection is
    Internet>pf sense box(wan ppoe)>accesspoint
    I need open vpn tunnel to be up aho I can use one interface to connect another access point



  • @akkiz 6.png 5.png 4.png 3.png 2.png 1.png

    i made all vpn settings as per vpn provider and tunnel is up but moments later the firewall is creating this error /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 10.23.0.30 -> 10.107.0.10 - Restarting packages.



  • Have you tried disabling ip6 within pfsense



  • @bcruze Screenshot_20200109-080022_Chrome.jpg
    I disabled but no difference still disconnects any clues



  • Can you enable the "Gateways" widget and show it on your dashboard?



  • This post is deleted!


  • Please enable "monitoring" 😀



  • @chpalmer oops my bad



  • When you get a chance delete your picture above with your IP addresses. People can be jerks..

    Use paint or some other program to block that in your picture.



  • @chpalmer Done!!!



  • They're not yours specifically but close enough for some to care.





  • @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

    pfSense package system has detected an IP change or dynamic WAN reconnection

    This seems to agree with the addresses you have pictured throughout the thread here. How often does your WAN IP address change?



  • @chpalmer i dont think wan ip changes so frequently only on restart starting open vpn changes it maybe



  • Im trying to understand your internet connection a little.

    What is it? DSL or fiber.. or? The ping time to the first gateway says that maybe the router is on premises. But fiber can be fairly quick as well.. Can you go to a command window and do c:>ping -n 2000 google.com and post the results??

    My guess is that somehow your connection past your gateway is going up and down intermittently and causing the VPN connection to reset.

    Otherwise the VPN server your pointed at may have issues.



  • 2.jpg

    fiber coming to white box which is directly connected by cat 6 cable to pf sense box wan port using ppoe type connection with user name and password
    Microsoft Windows [Version 10.0.18363.535]
    (c) 2019 Microsoft Corporation. All rights reserved.

    C:\Users\akila>ping -n 2000 google.com

    Pinging google.com [172.217.19.174] with 32 bytes of data:
    Reply from 172.217.19.174: bytes=32 time=8ms TTL=55
    Reply from 172.217.19.174: bytes=32 time=7ms TTL=55
    Reply from 172.217.19.174: bytes=32 time=7ms TTL=55
    Reply from 172.217.19.174: bytes=32 time=7ms TTL=55
    Reply from 172.217.19.174: bytes=32 time=7ms TTL=55
    Reply from 172.217.19.174: bytes=32 time=12ms TTL=55


  • LAYER 8

    if you are not using it disable ipv6 under pppoe connection: ipv6 configuration type -> none



  • @kiokoman ok let me see



  • problem still the same



  • under system >advanced >networking : network interfaces. is reset all states checked or unchecked? i would uncheck that



  • @bcruze its was unchecked only



  • i even changed vpn server location but behaviour is still same
    Jan 9 16:28:23 php-fpm 45949 /rc.openvpn: OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading endpoints that may use OPT1_VPNV4.
    Jan 9 16:28:27 php-fpm 78271 /rc.newwanip: Creating rrd update script
    Jan 9 16:28:29 php-fpm 78271 /rc.newwanip: pfSense package system has detected an IP change or dynamic WAN reconnection - 10.106.0.226 -> 10.187.0.86 - Restarting packages.
    Jan 9 16:28:29 check_reload_status Starting packages
    Jan 9 16:28:30 php-fpm 343 /rc.start_packages: Restarting/Starting all packages.
    Jan 9 16:28:46 check_reload_status Syncing firewall



  • did you reboot the system after the ip6 change posted above?

    system > advanced > miscellanous > gateway monitoring > flush all states when gateway is down? what is that set too? i would have it unchecked as well



  • @bcruze ok let me do it now



  • @akkiz no difference still disconnects......



  • @chpalmer i also tried connecting a modem before pf box and used dhcp in wan interface but the problem is still same and wan ip never changes


  • Netgate Administrator

    Where did you get all those custom options from in the OpenVPN setup? Most of those are duplicated in the normal settings anyway.

    I don't actually see any errors there. The connection comes up and receives a new IP from the server. It's assigned so has a gateway, pfSense treats it as a WAN and triggers the appropriate scripts when that happens. You could disable 'gateway monitoring action' for now to reduce what is run there.

    Do you have a conflict with the LAN? What subnet are you running there? Can we see the routing table from Diag > Routes?

    Steve



  • @stephenw10 hi custom options were taken as per user guide of express vpn i deleted them made no difference ,also gateway monitoring was disabled didnt help either
    ss13.jpg ss12.jpg ss1.jpg



  • my guess is that your ISP is doing something funky with traffic and affecting your VPN. Have you rebooted your modem device? Maybe contact the ISP and ask if they have been having issues..

    We have over 10 OpenVPN instances running between here and various locations and I can tell you that rarely do they ever go down. And if they do its a connectivity issue..



  • @chpalmer yes the isp here blocks vpn networks just like china,but internet speeds are very very good its a 250/50mbps line but on open vpn i usually get 50mbps on my laptop using express vpn app,like i told ddwrt works fine,and yes i rebooted
    Screenshot_20200109-214243_Speedtest.jpg


  • Netgate Administrator

    @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

    also gateway monitoring was disabled didnt help either

    Don't disable monitoring disable the monitoring action.

    The routing table looks OK except that I see only ovpnc2 there and your logs earlier showed ovpnc1. Havbe you configured two clients connecting to the same server? Are they still both enabled and disconnecting each other?

    It looks to be connecting to the server since you're getting an IP address. Do you see any traffic coming back across the tunnel? Check the Status > OpenVPN page for traffic in both directions.

    Steve



  • @stephenw10 ok i enabled monitoring as u adviced,yes i added 2 clients but enabled only one but no effect still disconnecting
    23.png 22.png



  • Hi,

    This is something I didn't see before :

    @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

    Jan 8 18:52:14 php-fpm 342 /rc.newwanip: rc.newwanip called with empty interface.

    This is an error condition.
    Way back, the pfSense coders said this about the event of a "empty interface" :

    /* XXX: This really possible? */
    

    ( see the rc.rc.newwanip file )
    So, a very special situation - I can't tell anything more. Never saw such a issue.
    The result will be :
    Filters - firewall re reloaled.
    Packages get restarted.
    ... and bail out.

    Btw : this is me just thinking out loud.
    I do have an Express VPN account, but never set it up with pfSense.

    re-edit : "Empty interface" is normal after all: The VPN clients is bound to an Interface (bu you : the OPT1 interface) without an IPv4 or IPv6 specified. That's ok.


  • Netgate Administrator

    Ok so it connects and there is two way traffic and then presumably it disconnects.

    Let see more OpenVPN logs showing that happening.





  • @stephenw10
    Last 50 OpenVPN Log Entries. (Maximum 50)
    Jan 10 20:18:52 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
    Jan 10 20:18:52 openvpn 79060 MANAGEMENT: CMD 'state 1'
    Jan 10 20:18:52 openvpn 79060 MANAGEMENT: Client disconnected
    Jan 10 20:18:55 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
    Jan 10 20:18:55 openvpn 79060 MANAGEMENT: CMD 'state 1'
    Jan 10 20:18:55 openvpn 79060 MANAGEMENT: Client disconnected
    Jan 10 20:18:59 openvpn 79060 [UNDEF] Inactivity timeout (--ping-restart), restarting
    Jan 10 20:18:59 openvpn 79060 SIGUSR1[soft,ping-restart] received, process restarting
    Jan 10 20:18:59 openvpn 79060 Restart pause, 10 second(s)
    Jan 10 20:19:09 openvpn 79060 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Jan 10 20:19:09 openvpn 79060 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jan 10 20:19:09 openvpn 79060 TCP/UDP: Preserving recently used remote address: [AF_INET]185.128.27.148:1195
    Jan 10 20:19:09 openvpn 79060 Socket Buffers: R=[42080->524288] S=[57344->524288]
    Jan 10 20:19:09 openvpn 79060 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
    Jan 10 20:19:09 openvpn 79060 UDPv4 link remote: [AF_INET]185.128.27.148:1195
    Jan 10 20:19:15 openvpn 79060 TLS: Initial packet from [AF_INET]185.128.27.148:1195, sid=e15210b7 adc6f7b9
    Jan 10 20:19:15 openvpn 79060 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Jan 10 20:19:15 openvpn 79060 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
    Jan 10 20:19:15 openvpn 79060 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-3360-1a, emailAddress=support@expressvpn.com
    Jan 10 20:19:15 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
    Jan 10 20:19:15 openvpn 79060 MANAGEMENT: CMD 'state 1'
    Jan 10 20:19:15 openvpn 79060 MANAGEMENT: Client disconnected
    Jan 10 20:19:24 openvpn 79060 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1606'
    Jan 10 20:19:24 openvpn 79060 WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
    Jan 10 20:19:24 openvpn 79060 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    Jan 10 20:19:24 openvpn 79060 [Server-3360-1a] Peer Connection Initiated with [AF_INET]185.128.27.148:1195
    Jan 10 20:19:25 openvpn 79060 SENT CONTROL [Server-3360-1a]: 'PUSH_REQUEST' (status=1)
    Jan 10 20:19:25 openvpn 79060 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.187.0.1,comp-lzo no,route 10.187.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.187.0.38 10.187.0.37,peer-id 7'
    Jan 10 20:19:25 openvpn 79060 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
    Jan 10 20:19:25 openvpn 79060 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
    Jan 10 20:19:25 openvpn 79060 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
    Jan 10 20:19:25 openvpn 79060 OPTIONS IMPORT: timers and/or timeouts modified
    Jan 10 20:19:25 openvpn 79060 OPTIONS IMPORT: compression parms modified
    Jan 10 20:19:25 openvpn 79060 OPTIONS IMPORT: --ifconfig/up options modified
    Jan 10 20:19:25 openvpn 79060 OPTIONS IMPORT: peer-id set
    Jan 10 20:19:25 openvpn 79060 OPTIONS IMPORT: adjusting link_mtu to 1625
    Jan 10 20:19:25 openvpn 79060 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
    Jan 10 20:19:25 openvpn 79060 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
    Jan 10 20:19:25 openvpn 79060 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
    Jan 10 20:19:25 openvpn 79060 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
    Jan 10 20:19:25 openvpn 79060 TUN/TAP device ovpnc2 exists previously, keep at program end
    Jan 10 20:19:25 openvpn 79060 TUN/TAP device /dev/tun2 opened
    Jan 10 20:19:25 openvpn 79060 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Jan 10 20:19:25 openvpn 79060 /sbin/ifconfig ovpnc2 10.187.0.38 10.187.0.37 mtu 1500 netmask 255.255.255.255 up
    Jan 10 20:19:25 openvpn 79060 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.187.0.38 10.187.0.37 init
    Jan 10 20:19:25 openvpn 79060 Initialization Sequence Completed
    Jan 10 20:19:35 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
    Jan 10 20:19:35 openvpn 79060 MANAGEMENT: CMD 'state 1'
    Jan 10 20:19:35 openvpn 79060 MANAGEMENT: CMD 'status 2'
    Jan 10 20:19:35 openvpn 79060 MANAGEMENT: Client disconnected
    Jan 10 20:21:54 openvpn 79060 OPTIONS IMPORT: --ifconfig/up options modified
    Jan 10 20:21:54 openvpn 79060 OPTIONS IMPORT: peer-id set
    Jan 10 20:21:54 openvpn 79060 OPTIONS IMPORT: adjusting link_mtu to 1625
    Jan 10 20:21:54 openvpn 79060 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
    Jan 10 20:21:54 openvpn 79060 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
    Jan 10 20:21:54 openvpn 79060 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
    Jan 10 20:21:54 openvpn 79060 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
    Jan 10 20:21:54 openvpn 79060 Preserving previous TUN/TAP instance: ovpnc2
    Jan 10 20:21:54 openvpn 79060 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
    Jan 10 20:21:54 openvpn 79060 Closing TUN/TAP interface
    Jan 10 20:21:54 openvpn 79060 /usr/local/sbin/ovpn-linkdown ovpnc2 1500 1605 10.187.0.38 10.187.0.37 init
    Jan 10 20:21:55 openvpn 79060 TUN/TAP device ovpnc2 exists previously, keep at program end
    Jan 10 20:21:55 openvpn 79060 TUN/TAP device /dev/tun2 opened
    Jan 10 20:21:55 openvpn 79060 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Jan 10 20:21:55 openvpn 79060 /sbin/ifconfig ovpnc2 10.87.0.90 10.87.0.89 mtu 1500 netmask 255.255.255.255 up
    Jan 10 20:21:55 openvpn 79060 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.87.0.90 10.87.0.89 init
    Jan 10 20:21:55 openvpn 79060 Initialization Sequence Completed
    Jan 10 20:22:04 openvpn 79060 Bad compression stub decompression header byte: 0
    Jan 10 20:22:14 openvpn 79060 Bad compression stub decompression header byte: 0
    Jan 10 20:22:19 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
    Jan 10 20:22:19 openvpn 79060 MANAGEMENT: CMD 'state 1'
    Jan 10 20:22:19 openvpn 79060 MANAGEMENT: CMD 'status 2'
    Jan 10 20:22:19 openvpn 79060 MANAGEMENT: Client disconnected
    Jan 10 20:22:19 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
    Jan 10 20:22:19 openvpn 79060 MANAGEMENT: CMD 'state 1'
    Jan 10 20:22:19 openvpn 79060 MANAGEMENT: CMD 'status 2'
    Jan 10 20:22:19 openvpn 79060 MANAGEMENT: Client disconnected
    Jan 10 20:22:22 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
    Jan 10 20:22:22 openvpn 79060 MANAGEMENT: CMD 'state 1'
    Jan 10 20:22:22 openvpn 79060 MANAGEMENT: CMD 'status 2'
    Jan 10 20:22:22 openvpn 79060 MANAGEMENT: Client disconnected
    Jan 10 20:22:45 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
    Jan 10 20:22:45 openvpn 79060 MANAGEMENT: CMD 'state 1'
    Jan 10 20:22:45 openvpn 79060 MANAGEMENT: CMD 'status 2'
    Jan 10 20:22:45 openvpn 79060 MANAGEMENT: Client disconnected
    Jan 10 20:22:54 openvpn 79060 [Server-2719-0a] Inactivity timeout (--ping-restart), restarting
    Jan 10 20:22:54 openvpn 79060 SIGUSR1[soft,ping-restart] received, process restarting
    Jan 10 20:22:54 openvpn 79060 Restart pause, 10 second(s)
    Jan 10 20:23:04 openvpn 79060 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Jan 10 20:23:04 openvpn 79060 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jan 10 20:23:04 openvpn 79060 TCP/UDP: Preserving recently used remote address: [AF_INET]185.183.105.194:1195
    Jan 10 20:23:04 openvpn 79060 Socket Buffers: R=[42080->524288] S=[57344->524288]
    Jan 10 20:23:04 openvpn 79060 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
    Jan 10 20:23:04 openvpn 79060 UDPv4 link remote: [AF_INET]185.183.105.194:1195
    Jan 10 20:23:20 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
    Jan 10 20:23:20 openvpn 79060 MANAGEMENT: CMD 'state 1'
    Jan 10 20:23:20 openvpn 79060 MANAGEMENT: Client disconnected
    Jan 10 20:23:26 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
    Jan 10 20:23:26 openvpn 79060 MANAGEMENT: CMD 'state 1'
    Jan 10 20:23:26 openvpn 79060 MANAGEMENT: Client disconnected
    Jan 10 20:23:04 openvpn 79060 Socket Buffers: R=[42080->524288] S=[57344->524288]
    Jan 10 20:23:04 openvpn 79060 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
    Jan 10 20:23:04 openvpn 79060 UDPv4 link remote: [AF_INET]185.183.105.194:1195
    Jan 10 20:23:20 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
    Jan 10 20:23:20 openvpn 79060 MANAGEMENT: CMD 'state 1'
    Jan 10 20:23:20 openvpn 79060 MANAGEMENT: Client disconnected
    Jan 10 20:23:26 openvpn 79060 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
    Jan 10 20:23:26 openvpn 79060 MANAGEMENT: CMD 'state 1'
    Jan 10 20:23:26 openvpn 79060 MANAGEMENT: Client disconnected
    Jan 10 20:24:04 openvpn 79060 [UNDEF] Inactivity timeout (--ping-restart), restarting
    Jan 10 20:24:04 openvpn 79060 SIGUSR1[soft,ping-restart] received, process restarting
    Jan 10 20:24:04 openvpn 79060 Restart pause, 10 second(s)
    Jan 10 20:24:14 openvpn 79060 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Jan 10 20:24:14 openvpn 79060 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jan 10 20:24:14 openvpn 79060 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.135.136:1195
    Jan 10 20:24:14 openvpn 79060 Socket Buffers: R=[42080->524288] S=[57344->524288]
    Jan 10 20:24:14 openvpn 79060 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
    Jan 10 20:24:14 openvpn 79060 UDPv4 link remote: [AF_INET]37.120.135.136:1195
    Jan 10 20:24:20 openvpn 79060 TLS: Initial packet from [AF_INET]37.120.135.136:1195, sid=9315b41a e4a2f938
    Jan 10 20:24:20 openvpn 79060 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
    Jan 10 20:24:20 openvpn 79060 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-5165-1a, emailAddress=support@expressvpn.com
    Jan 10 20:24:20 openvpn 79060 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1606'
    Jan 10 20:24:20 openvpn 79060 WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
    Jan 10 20:24:20 openvpn 79060 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    Jan 10 20:24:20 openvpn 79060 [Server-5165-1a] Peer Connection Initiated with [AF_INET]37.120.135.136:1195
    Jan 10 20:24:21 openvpn 79060 SENT CONTROL [Server-5165-1a]: 'PUSH_REQUEST' (status=1)
    Jan 10 20:24:21 openvpn 79060 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.17.0.1,comp-lzo no,route 10.17.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.17.0.66 10.17.0.65,peer-id 13'
    Jan 10 20:24:21 openvpn 79060 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
    Jan 10 20:24:21 openvpn 79060 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
    Jan 10 20:24:21 openvpn 79060 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
    Jan 10 20:24:21 openvpn 79060 OPTIONS IMPORT: timers and/or timeouts modified
    Jan 10 20:24:21 openvpn 79060 OPTIONS IMPORT: compression parms modified
    Jan 10 20:24:21 openvpn 79060 OPTIONS IMPORT: --ifconfig/up options modified
    Jan 10 20:24:21 openvpn 79060 OPTIONS IMPORT: peer-id set
    Jan 10 20:24:21 openvpn 79060 OPTIONS IMPORT: adjusting link_mtu to 1625
    Jan 10 20:24:21 openvpn 79060 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
    Jan 10 20:24:21 openvpn 79060 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
    Jan 10 20:24:21 openvpn 79060 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
    Jan 10 20:24:21 openvpn 79060 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
    Jan 10 20:24:21 openvpn 79060 Preserving previous TUN/TAP instance: ovpnc2
    Jan 10 20:24:21 openvpn 79060 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
    Jan 10 20:24:21 openvpn 79060 Closing TUN/TAP interface
    Jan 10 20:24:21 openvpn 79060 /usr/local/sbin/ovpn-linkdown ovpnc2 1500 1605 10.87.0.90 10.87.0.89 init
    Jan 10 20:24:22 openvpn 79060 TUN/TAP device ovpnc2 exists previously, keep at program end
    Jan 10 20:24:22 openvpn 79060 TUN/TAP device /dev/tun2 opened
    Jan 10 20:24:22 openvpn 79060 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Jan 10 20:24:22 openvpn 79060 /sbin/ifconfig ovpnc2 10.17.0.66 10.17.0.65 mtu 1500 netmask 255.255.255.255 up
    Jan 10 20:24:22 openvpn 79060 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.17.0.66 10.17.0.65 init
    Jan 10 20:24:22 openvpn 79060 Initialization Sequence Completed
    Jan 10 20:24:31 openvpn 79060 Bad compression stub decompression header byte: 0
    Jan 10 20:24:31 openvpn 79060 Bad compression stub decompression header byte: 0
    Jan 10 20:24:39 openvpn 79060 Bad compression stub decompression header byte: 0
    Jan 10 20:25:21 openvpn 79060 [Server-5165-1a] Inactivity timeout (--ping-restart), restarting
    Jan 10 20:25:21 openvpn 79060 SIGUSR1[soft,ping-restart] received, process restarting
    Jan 10 20:25:21 openvpn 79060 Restart pause, 10 second(s)
    Jan 10 20:25:31 openvpn 79060 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Jan 10 20:25:31 openvpn 79060 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jan 10 20:25:31 openvpn 79060 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.135.136:1195
    Jan 10 20:25:31 openvpn 79060 Socket Buffers: R=[42080->524288] S=[57344->524288]
    Jan 10 20:25:31 openvpn 79060 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
    Jan 10 20:25:31 openvpn 79060 UDPv4 link remote: [AF_INET]37.120.135.136:1195
    Jan 10 20:26:31 openvpn 79060 [UNDEF] Inactivity timeout (--ping-restart), restarting
    Jan 10 20:26:31 openvpn 79060 SIGUSR1[soft,ping-restart] received, process restarting
    Jan 10 20:26:31 openvpn 79060 Restart pause, 10 second(s)
    Jan 10 20:26:41 openvpn 79060 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Jan 10 20:26:41 openvpn 79060 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jan 10 20:26:41 openvpn 79060 TCP/UDP: Preserving recently used remote address: [AF_INET]185.128.27.148:1195
    Jan 10 20:26:41 openvpn 79060 Socket Buffers: R=[42080->524288] S=[57344->524288]
    Jan 10 20:26:41 openvpn 79060 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
    Jan 10 20:26:41 openvpn 79060 UDPv4 link remote: [AF_INET]185.128.27.148:1195
    Jan 10 20:27:41 openvpn 79060 [UNDEF] Inactivity timeout (--ping-restart), restarting
    Jan 10 20:27:41 openvpn 79060 SIGUSR1[soft,ping-restart] received, process restarting
    Jan 10 20:27:41 openvpn 79060 Restart pause, 10 second(s)


  • Netgate Administrator

    Looks like you have a compression mismatch. The server is pushing comp-lzo no but you have it enabled in both the gui setup and custom options (if you still have those). Try setting it to 'Omit Preference' instead.

    Steve



  • didnt help and custom options was blank



  • @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

    didnt help and custom options was blank

    Jan 10 21:23:17 openvpn 51111 MANAGEMENT: Client disconnected
    Jan 10 21:23:18 openvpn 51111 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Jan 10 21:23:18 openvpn 51111 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jan 10 21:23:18 openvpn 51111 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.135.136:1195
    Jan 10 21:23:18 openvpn 51111 Socket Buffers: R=[42080->524288] S=[57344->524288]
    Jan 10 21:23:18 openvpn 51111 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
    Jan 10 21:23:18 openvpn 51111 UDPv4 link remote: [AF_INET]37.120.135.136:1195
    Jan 10 21:23:37 openvpn 51111 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
    Jan 10 21:23:37 openvpn 51111 MANAGEMENT: CMD 'state 1'
    Jan 10 21:23:37 openvpn 51111 MANAGEMENT: Client disconnected
    Jan 10 21:24:18 openvpn 51111 [UNDEF] Inactivity timeout (--ping-restart), restarting
    Jan 10 21:24:18 openvpn 51111 SIGUSR1[soft,ping-restart] received, process restarting
    Jan 10 21:24:18 openvpn 51111 Restart pause, 10 second(s)
    Jan 10 21:24:28 openvpn 51111 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
    Jan 10 21:24:28 openvpn 51111 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    Jan 10 21:24:28 openvpn 51111 TCP/UDP: Preserving recently used remote address: [AF_INET]185.183.105.194:1195
    Jan 10 21:24:28 openvpn 51111 Socket Buffers: R=[42080->524288] S=[57344->524288]
    Jan 10 21:24:28 openvpn 51111 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
    Jan 10 21:24:28 openvpn 51111 UDPv4 link remote: [AF_INET]185.183.105.194:1195
    Jan 10 21:24:28 openvpn 51111 TLS: Initial packet from [AF_INET]185.183.105.194:1195, sid=bca25ec8 d3025870
    Jan 10 21:24:28 openvpn 51111 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
    Jan 10 21:24:28 openvpn 51111 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-2719-0a, emailAddress=support@expressvpn.com
    Jan 10 21:24:29 openvpn 51111 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1606'
    Jan 10 21:24:29 openvpn 51111 WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
    Jan 10 21:24:29 openvpn 51111 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
    Jan 10 21:24:29 openvpn 51111 [Server-2719-0a] Peer Connection Initiated with [AF_INET]185.183.105.194:1195
    Jan 10 21:24:30 openvpn 51111 SENT CONTROL [Server-2719-0a]: 'PUSH_REQUEST' (status=1)
    Jan 10 21:24:30 openvpn 51111 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.87.0.1,comp-lzo no,route 10.87.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.87.0.38 10.87.0.37,peer-id 6'
    Jan 10 21:24:30 openvpn 51111 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
    Jan 10 21:24:30 openvpn 51111 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
    Jan 10 21:24:30 openvpn 51111 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
    Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: timers and/or timeouts modified
    Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: compression parms modified
    Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: --ifconfig/up options modified
    Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: peer-id set
    Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: adjusting link_mtu to 1625
    Jan 10 21:24:30 openvpn 51111 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
    Jan 10 21:24:30 openvpn 51111 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
    Jan 10 21:24:30 openvpn 51111 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
    Jan 10 21:24:30 openvpn 51111 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
    Jan 10 21:24:30 openvpn 51111 Preserving previous TUN/TAP instance: ovpnc2
    Jan 10 21:24:30 openvpn 51111 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
    Jan 10 21:24:30 openvpn 51111 Closing TUN/TAP interface
    Jan 10 21:24:30 openvpn 51111 /usr/local/sbin/ovpn-linkdown ovpnc2 1500 1605 10.17.0.98 10.17.0.97 init
    Jan 10 21:24:31 openvpn 51111 TUN/TAP device ovpnc2 exists previously, keep at program end
    Jan 10 21:24:31 openvpn 51111 TUN/TAP device /dev/tun2 opened
    Jan 10 21:24:31 openvpn 51111 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Jan 10 21:24:31 openvpn 51111 /sbin/ifconfig ovpnc2 10.87.0.38 10.87.0.37 mtu 1500 netmask 255.255.255.255 up
    Jan 10 21:24:31 openvpn 51111 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.87.0.38 10.87.0.37 init
    Jan 10 21:24:31 openvpn 51111 Initialization Sequence Completed


Log in to reply