Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    losing OpenVPN connection every 20 - 120 seconds

    Scheduled Pinned Locked Moved OpenVPN
    76 Posts 7 Posters 13.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by

      Looks like you have a compression mismatch. The server is pushing comp-lzo no but you have it enabled in both the gui setup and custom options (if you still have those). Try setting it to 'Omit Preference' instead.

      Steve

      A 1 Reply Last reply Reply Quote 0
      • A
        akkiz @stephenw10
        last edited by akkiz

        didnt help and custom options was blank

        A 1 Reply Last reply Reply Quote 0
        • A
          akkiz @akkiz
          last edited by

          @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

          didnt help and custom options was blank

          Jan 10 21:23:17 openvpn 51111 MANAGEMENT: Client disconnected
          Jan 10 21:23:18 openvpn 51111 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
          Jan 10 21:23:18 openvpn 51111 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
          Jan 10 21:23:18 openvpn 51111 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.135.136:1195
          Jan 10 21:23:18 openvpn 51111 Socket Buffers: R=[42080->524288] S=[57344->524288]
          Jan 10 21:23:18 openvpn 51111 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
          Jan 10 21:23:18 openvpn 51111 UDPv4 link remote: [AF_INET]37.120.135.136:1195
          Jan 10 21:23:37 openvpn 51111 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
          Jan 10 21:23:37 openvpn 51111 MANAGEMENT: CMD 'state 1'
          Jan 10 21:23:37 openvpn 51111 MANAGEMENT: Client disconnected
          Jan 10 21:24:18 openvpn 51111 [UNDEF] Inactivity timeout (--ping-restart), restarting
          Jan 10 21:24:18 openvpn 51111 SIGUSR1[soft,ping-restart] received, process restarting
          Jan 10 21:24:18 openvpn 51111 Restart pause, 10 second(s)
          Jan 10 21:24:28 openvpn 51111 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
          Jan 10 21:24:28 openvpn 51111 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
          Jan 10 21:24:28 openvpn 51111 TCP/UDP: Preserving recently used remote address: [AF_INET]185.183.105.194:1195
          Jan 10 21:24:28 openvpn 51111 Socket Buffers: R=[42080->524288] S=[57344->524288]
          Jan 10 21:24:28 openvpn 51111 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
          Jan 10 21:24:28 openvpn 51111 UDPv4 link remote: [AF_INET]185.183.105.194:1195
          Jan 10 21:24:28 openvpn 51111 TLS: Initial packet from [AF_INET]185.183.105.194:1195, sid=bca25ec8 d3025870
          Jan 10 21:24:28 openvpn 51111 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
          Jan 10 21:24:28 openvpn 51111 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-2719-0a, emailAddress=support@expressvpn.com
          Jan 10 21:24:29 openvpn 51111 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1606'
          Jan 10 21:24:29 openvpn 51111 WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
          Jan 10 21:24:29 openvpn 51111 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
          Jan 10 21:24:29 openvpn 51111 [Server-2719-0a] Peer Connection Initiated with [AF_INET]185.183.105.194:1195
          Jan 10 21:24:30 openvpn 51111 SENT CONTROL [Server-2719-0a]: 'PUSH_REQUEST' (status=1)
          Jan 10 21:24:30 openvpn 51111 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.87.0.1,comp-lzo no,route 10.87.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.87.0.38 10.87.0.37,peer-id 6'
          Jan 10 21:24:30 openvpn 51111 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
          Jan 10 21:24:30 openvpn 51111 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
          Jan 10 21:24:30 openvpn 51111 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
          Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: timers and/or timeouts modified
          Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: compression parms modified
          Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: --ifconfig/up options modified
          Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: peer-id set
          Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: adjusting link_mtu to 1625
          Jan 10 21:24:30 openvpn 51111 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
          Jan 10 21:24:30 openvpn 51111 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
          Jan 10 21:24:30 openvpn 51111 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
          Jan 10 21:24:30 openvpn 51111 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
          Jan 10 21:24:30 openvpn 51111 Preserving previous TUN/TAP instance: ovpnc2
          Jan 10 21:24:30 openvpn 51111 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
          Jan 10 21:24:30 openvpn 51111 Closing TUN/TAP interface
          Jan 10 21:24:30 openvpn 51111 /usr/local/sbin/ovpn-linkdown ovpnc2 1500 1605 10.17.0.98 10.17.0.97 init
          Jan 10 21:24:31 openvpn 51111 TUN/TAP device ovpnc2 exists previously, keep at program end
          Jan 10 21:24:31 openvpn 51111 TUN/TAP device /dev/tun2 opened
          Jan 10 21:24:31 openvpn 51111 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
          Jan 10 21:24:31 openvpn 51111 /sbin/ifconfig ovpnc2 10.87.0.38 10.87.0.37 mtu 1500 netmask 255.255.255.255 up
          Jan 10 21:24:31 openvpn 51111 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.87.0.38 10.87.0.37 init
          Jan 10 21:24:31 openvpn 51111 Initialization Sequence Completed

          A 1 Reply Last reply Reply Quote 0
          • A
            akkiz @akkiz
            last edited by

            @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

            @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

            didnt help and custom options was blank

            Jan 10 21:23:17 openvpn 51111 MANAGEMENT: Client disconnected
            Jan 10 21:23:18 openvpn 51111 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
            Jan 10 21:23:18 openvpn 51111 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
            Jan 10 21:23:18 openvpn 51111 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.135.136:1195
            Jan 10 21:23:18 openvpn 51111 Socket Buffers: R=[42080->524288] S=[57344->524288]
            Jan 10 21:23:18 openvpn 51111 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
            Jan 10 21:23:18 openvpn 51111 UDPv4 link remote: [AF_INET]37.120.135.136:1195
            Jan 10 21:23:37 openvpn 51111 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
            Jan 10 21:23:37 openvpn 51111 MANAGEMENT: CMD 'state 1'
            Jan 10 21:23:37 openvpn 51111 MANAGEMENT: Client disconnected
            Jan 10 21:24:18 openvpn 51111 [UNDEF] Inactivity timeout (--ping-restart), restarting
            Jan 10 21:24:18 openvpn 51111 SIGUSR1[soft,ping-restart] received, process restarting
            Jan 10 21:24:18 openvpn 51111 Restart pause, 10 second(s)
            Jan 10 21:24:28 openvpn 51111 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
            Jan 10 21:24:28 openvpn 51111 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
            Jan 10 21:24:28 openvpn 51111 TCP/UDP: Preserving recently used remote address: [AF_INET]185.183.105.194:1195
            Jan 10 21:24:28 openvpn 51111 Socket Buffers: R=[42080->524288] S=[57344->524288]
            Jan 10 21:24:28 openvpn 51111 UDPv4 link local (bound): [AF_INET]2.51.235.8:0
            Jan 10 21:24:28 openvpn 51111 UDPv4 link remote: [AF_INET]185.183.105.194:1195
            Jan 10 21:24:28 openvpn 51111 TLS: Initial packet from [AF_INET]185.183.105.194:1195, sid=bca25ec8 d3025870
            Jan 10 21:24:28 openvpn 51111 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
            Jan 10 21:24:28 openvpn 51111 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-2719-0a, emailAddress=support@expressvpn.com
            Jan 10 21:24:29 openvpn 51111 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1606'
            Jan 10 21:24:29 openvpn 51111 WARNING: 'mtu-dynamic' is present in remote config but missing in local config, remote='mtu-dynamic'
            Jan 10 21:24:29 openvpn 51111 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
            Jan 10 21:24:29 openvpn 51111 [Server-2719-0a] Peer Connection Initiated with [AF_INET]185.183.105.194:1195
            Jan 10 21:24:30 openvpn 51111 SENT CONTROL [Server-2719-0a]: 'PUSH_REQUEST' (status=1)
            Jan 10 21:24:30 openvpn 51111 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.87.0.1,comp-lzo no,route 10.87.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.87.0.38 10.87.0.37,peer-id 6'
            Jan 10 21:24:30 openvpn 51111 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
            Jan 10 21:24:30 openvpn 51111 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
            Jan 10 21:24:30 openvpn 51111 Options error: option 'route' cannot be used in this context ([PUSH-OPTIONS])
            Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: timers and/or timeouts modified
            Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: compression parms modified
            Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: --ifconfig/up options modified
            Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: peer-id set
            Jan 10 21:24:30 openvpn 51111 OPTIONS IMPORT: adjusting link_mtu to 1625
            Jan 10 21:24:30 openvpn 51111 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
            Jan 10 21:24:30 openvpn 51111 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
            Jan 10 21:24:30 openvpn 51111 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
            Jan 10 21:24:30 openvpn 51111 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
            Jan 10 21:24:30 openvpn 51111 Preserving previous TUN/TAP instance: ovpnc2
            Jan 10 21:24:30 openvpn 51111 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
            Jan 10 21:24:30 openvpn 51111 Closing TUN/TAP interface
            Jan 10 21:24:30 openvpn 51111 /usr/local/sbin/ovpn-linkdown ovpnc2 1500 1605 10.17.0.98 10.17.0.97 init
            Jan 10 21:24:31 openvpn 51111 TUN/TAP device ovpnc2 exists previously, keep at program end
            Jan 10 21:24:31 openvpn 51111 TUN/TAP device /dev/tun2 opened
            Jan 10 21:24:31 openvpn 51111 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
            Jan 10 21:24:31 openvpn 51111 /sbin/ifconfig ovpnc2 10.87.0.38 10.87.0.37 mtu 1500 netmask 255.255.255.255 up
            Jan 10 21:24:31 openvpn 51111 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.87.0.38 10.87.0.37 init
            Jan 10 21:24:31 openvpn 51111 Initialization Sequence Completed

            123.jpg

            1 Reply Last reply Reply Quote 0
            • B
              bcruze
              last edited by

              try omit preference + disable lzo compression

              A 1 Reply Last reply Reply Quote 0
              • A
                akkiz @bcruze
                last edited by akkiz

                @bcruze ok but it creates compression stub message see the log didnt help

                A 1 Reply Last reply Reply Quote 0
                • A
                  akkiz @akkiz
                  last edited by akkiz

                  @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

                  Jan 10 21:57:24 openvpn 88382 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
                  Jan 10 21:57:24 openvpn 88382 /sbin/ifconfig ovpnc2 10.136.0.54 10.136.0.53 mtu 1500 netmask 255.255.255.255 up
                  Jan 10 21:57:24 openvpn 88382 /usr/local/sbin/ovpn-linkup ovpnc2 1500 1605 10.136.0.54 10.136.0.53 init
                  Jan 10 21:57:24 openvpn 88382 Initialization Sequence Completed
                  Jan 10 21:57:33 openvpn 88382 Bad compression stub decompression header byte: 0
                  Jan 10 21:57:43 openvpn 88382 MANAGEMENT: Client connected from /var/etc/openvpn/client2.sock
                  Jan 10 21:57:43 openvpn 88382 MANAGEMENT: CMD 'state 1'
                  Jan 10 21:57:43 openvpn 88382 MANAGEMENT: CMD 'status 2'
                  Jan 10 21:57:43 openvpn 88382 MANAGEMENT: Client disconnected

                  A 1 Reply Last reply Reply Quote 0
                  • A
                    akkiz @akkiz
                    last edited by akkiz

                    @akkiz I really am happy to see such a active helpful community here willing to help thanks guys!!!!
                    Hope one of you guys will crack my issue....

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      What does ExpressVPN say the compression should be set to?

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      A 1 Reply Last reply Reply Quote 0
                      • B
                        bcruze
                        last edited by bcruze

                        Well my post is flagged as spam if I post the express pfsense tutorial link

                        Adaptive lzo... so it’s almost like there is something wrong with the particular server he is using

                        I don’t have an account with express to see what will work..

                        A 1 Reply Last reply Reply Quote 0
                        • A
                          akkiz @Derelict
                          last edited by

                          @Derelict adaptive lzo

                          1 Reply Last reply Reply Quote 0
                          • A
                            akkiz @bcruze
                            last edited by

                            @bcruze I tried 6 servers they behaved similar shall I post results from a german or a uk server

                            A 1 Reply Last reply Reply Quote 0
                            • A
                              akkiz @akkiz
                              last edited by

                              @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

                              @bcruze I tried 6 servers they behaved similar shall I post results from a german or a uk server

                              german server same disconects see logs
                              Jan 11 08:23:51 openvpn 57875 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
                              Jan 11 08:23:51 openvpn 57875 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.86:1195
                              Jan 11 08:23:51 openvpn 57875 Socket Buffers: R=[42080->42080] S=[57344->57344]
                              Jan 11 08:23:51 openvpn 57875 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
                              Jan 11 08:23:51 openvpn 57875 UDPv4 link remote: [AF_INET]85.203.15.86:1195
                              Jan 11 08:24:51 openvpn 57875 [UNDEF] Inactivity timeout (--ping-restart), restarting
                              Jan 11 08:24:51 openvpn 57875 SIGUSR1[soft,ping-restart] received, process restarting
                              Jan 11 08:24:51 openvpn 57875 Restart pause, 10 second(s)
                              Jan 11 08:25:01 openvpn 57875 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
                              Jan 11 08:25:01 openvpn 57875 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
                              Jan 11 08:25:01 openvpn 57875 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.85:1195
                              Jan 11 08:25:01 openvpn 57875 Socket Buffers: R=[42080->42080] S=[57344->57344]
                              Jan 11 08:25:01 openvpn 57875 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
                              Jan 11 08:25:01 openvpn 57875 UDPv4 link remote: [AF_INET]85.203.15.85:1195
                              Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                              Jan 11 08:25:14 openvpn 57875 MANAGEMENT: CMD 'state 1'
                              Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client disconnected
                              Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                              Jan 11 08:25:14 openvpn 57875 MANAGEMENT: CMD 'state 1'
                              Jan 11 08:25:14 openvpn 57875 MANAGEMENT: Client disconnected
                              Jan 11 08:25:17 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                              Jan 11 08:25:17 openvpn 57875 MANAGEMENT: CMD 'state 1'
                              Jan 11 08:25:17 openvpn 57875 MANAGEMENT: Client disconnected
                              Jan 11 08:25:19 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                              Jan 11 08:25:19 openvpn 57875 MANAGEMENT: CMD 'state 1'
                              Jan 11 08:25:19 openvpn 57875 MANAGEMENT: Client disconnected
                              Jan 11 08:26:01 openvpn 57875 [UNDEF] Inactivity timeout (--ping-restart), restarting
                              Jan 11 08:26:01 openvpn 57875 SIGUSR1[soft,ping-restart] received, process restarting
                              Jan 11 08:26:01 openvpn 57875 Restart pause, 10 second(s)
                              Jan 11 08:26:11 openvpn 57875 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
                              Jan 11 08:26:11 openvpn 57875 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
                              Jan 11 08:26:11 openvpn 57875 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.86:1195
                              Jan 11 08:26:11 openvpn 57875 Socket Buffers: R=[42080->42080] S=[57344->57344]
                              Jan 11 08:26:11 openvpn 57875 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
                              Jan 11 08:26:11 openvpn 57875 UDPv4 link remote: [AF_INET]85.203.15.86:1195
                              Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                              Jan 11 08:27:04 openvpn 57875 MANAGEMENT: CMD 'state 1'
                              Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client disconnected
                              Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                              Jan 11 08:27:04 openvpn 57875 MANAGEMENT: CMD 'state 1'
                              Jan 11 08:27:04 openvpn 57875 MANAGEMENT: Client disconnected
                              Jan 11 08:27:07 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                              Jan 11 08:27:07 openvpn 57875 MANAGEMENT: CMD 'state 1'
                              Jan 11 08:27:07 openvpn 57875 MANAGEMENT: Client disconnected
                              Jan 11 08:27:09 openvpn 57875 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                              Jan 11 08:27:09 openvpn 57875 MANAGEMENT: CMD 'state 1'
                              Jan 11 08:27:09 openvpn 57875 MANAGEMENT: Client disconnected
                              Jan 11 08:27:11 openvpn 57875 [UNDEF] Inactivity timeout (--ping-restart), restarting
                              Jan 11 08:27:11 openvpn 57875 SIGUSR1[soft,ping-restart] received, process restarting
                              Jan 11 08:27:11 openvpn 57875 Restart pause, 10 second(s)

                              A 1 Reply Last reply Reply Quote 0
                              • A
                                akkiz @akkiz
                                last edited by akkiz

                                @akkiz express1.jpg
                                Jan 11 08:37:19 openvpn 12072 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
                                Jan 11 08:37:19 openvpn 12072 TUN/TAP device ovpnc3 exists previously, keep at program end
                                Jan 11 08:37:19 openvpn 12072 TUN/TAP device /dev/tun3 opened
                                Jan 11 08:37:19 openvpn 12072 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
                                Jan 11 08:37:19 openvpn 12072 /sbin/ifconfig ovpnc3 10.199.0.146 10.199.0.145 mtu 1500 netmask 255.255.255.255 up
                                Jan 11 08:37:19 openvpn 12072 /usr/local/sbin/ovpn-linkup ovpnc3 1500 1609 10.199.0.146 10.199.0.145 init
                                Jan 11 08:37:22 openvpn 12072 Initialization Sequence Completed
                                Jan 11 08:37:28 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                Jan 11 08:37:28 openvpn 12072 MANAGEMENT: CMD 'state 1'
                                Jan 11 08:37:28 openvpn 12072 MANAGEMENT: CMD 'status 2'
                                Jan 11 08:37:28 openvpn 12072 MANAGEMENT: Client disconnected
                                Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'state 1'
                                Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'status 2'
                                Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client disconnected
                                Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'state 1'
                                Jan 11 08:37:41 openvpn 12072 MANAGEMENT: CMD 'status 2'
                                Jan 11 08:37:41 openvpn 12072 MANAGEMENT: Client disconnected
                                Jan 11 08:37:44 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                Jan 11 08:37:44 openvpn 12072 MANAGEMENT: CMD 'state 1'
                                Jan 11 08:37:44 openvpn 12072 MANAGEMENT: CMD 'status 2'
                                Jan 11 08:37:44 openvpn 12072 MANAGEMENT: Client disconnected
                                Jan 11 08:37:48 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                Jan 11 08:37:48 openvpn 12072 MANAGEMENT: CMD 'state 1'
                                Jan 11 08:37:48 openvpn 12072 MANAGEMENT: CMD 'status 2'
                                Jan 11 08:37:48 openvpn 12072 MANAGEMENT: Client disconnected
                                Jan 11 08:38:49 openvpn 12072 [Server-4256-0a] Inactivity timeout (--ping-restart), restarting
                                Jan 11 08:38:49 openvpn 12072 SIGUSR1[soft,ping-restart] received, process restarting
                                Jan 11 08:38:49 openvpn 12072 Restart pause, 10 second(s)
                                Jan 11 08:38:59 openvpn 12072 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
                                Jan 11 08:38:59 openvpn 12072 TCP/UDP: Preserving recently used remote address: [AF_INET]85.203.15.86:1195
                                Jan 11 08:38:59 openvpn 12072 Socket Buffers: R=[42080->524288] S=[57344->524288]
                                Jan 11 08:38:59 openvpn 12072 UDPv4 link local (bound): [AF_INET]86.99.109.193:0
                                Jan 11 08:38:59 openvpn 12072 UDPv4 link remote: [AF_INET]85.203.15.86:1195
                                Jan 11 08:39:41 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                Jan 11 08:39:41 openvpn 12072 MANAGEMENT: CMD 'state 1'
                                Jan 11 08:39:41 openvpn 12072 MANAGEMENT: Client disconnected
                                Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                Jan 11 08:39:48 openvpn 12072 MANAGEMENT: CMD 'state 1'
                                Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client disconnected
                                Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                Jan 11 08:39:48 openvpn 12072 MANAGEMENT: CMD 'state 1'
                                Jan 11 08:39:48 openvpn 12072 MANAGEMENT: Client disconnected
                                Jan 11 08:39:52 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                Jan 11 08:39:52 openvpn 12072 MANAGEMENT: CMD 'state 1'
                                Jan 11 08:39:52 openvpn 12072 MANAGEMENT: Client disconnected
                                Jan 11 08:39:56 openvpn 12072 MANAGEMENT: Client connected from /var/etc/openvpn/client3.sock
                                Jan 11 08:39:56 openvpn 12072 MANAGEMENT: CMD 'state 1'
                                Jan 11 08:39:56 openvpn 12072 MANAGEMENT: Client disconnected

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  It looks like it connects OK and then timesout with no data after 1min. There is some data shown though.

                                  During that 1 min can you send/receive anything over the tunnel?

                                  You are using the same login info from a host client and are able to connect OK? You have the connection log showing the successful connection from there?

                                  Steve

                                  A 1 Reply Last reply Reply Quote 0
                                  • A
                                    akkiz @stephenw10
                                    last edited by

                                    @stephenw10 let me check and get back to u

                                    A 1 Reply Last reply Reply Quote 0
                                    • A
                                      akkiz @akkiz
                                      last edited by akkiz

                                      @akkiz couldnt see any traffic coming out of OPT1 port (which is assigned ovp3) problem still persist

                                      chpalmerC 1 Reply Last reply Reply Quote 0
                                      • stephenw10S
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        Ok are you able to connect to ExpressVPN using that same config from a local client directly?

                                        Can you get the connection logs from that so we can see how it connects?

                                        Steve

                                        A 1 Reply Last reply Reply Quote 0
                                        • chpalmerC
                                          chpalmer @akkiz
                                          last edited by

                                          @akkiz said in losing OpenVPN connection every 20 - 120 seconds:

                                          @akkiz couldnt see any traffic coming out of OPT1 port (which is assigned ovp3) problem still persist

                                          You do not generally need to assign a VPN connection to an interface.. (not sure if this is the case when transferring all traffic to a "VPN service".

                                          Is it possible to remove this "assignment" to test?

                                          Triggering snowflakes one by one..
                                          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                                          A 1 Reply Last reply Reply Quote 0
                                          • stephenw10S
                                            stephenw10 Netgate Administrator
                                            last edited by

                                            It shouldn't make any difference here but it's easy to test so...

                                            I notice it's setting the send and receive buffers everytime. You might try removing that setting so it just uses the default values.

                                            Connecting but not passing traffic really looks like a compression mismatch though. If you can connect using those settings from a host client instead of pfSense then we will at least have a known set of connection settings.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.