Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Constant disconnections and "Restart pause" in the system logs

    OpenVPN
    4
    9
    103
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      techtester-m last edited by techtester-m

      Custom mini pc build, running pfSense 2.4.4-RELEASE-p3.

      Recently I'm having repeated disconnections when from the OpenVPN client connection set on the router.
      This is what I see in the OpenVPN logs (the rest of the logs show nothing):
      Screen Shot 2020-02-02 at 13.07.06.png

      This one is new and only showed up in the logs once so far:
      Screen Shot 2020-02-02 at 11.11.46.png

      Any idea people?

      Thank you,

      @johnpoz

      1 Reply Last reply Reply Quote 0
      • Rico
        Rico LAYER 8 Rebel Alliance last edited by

        Check for the same/correct time for your server and clients.

        -Rico

        T 1 Reply Last reply Reply Quote 0
        • T
          techtester-m @Rico last edited by

          @Rico I'm not sure I understood you. The server is a NordVPN server and the clients are all on my pfSense router.
          How do I achieve what you've suggested?

          Gertjan 1 Reply Last reply Reply Quote 0
          • Gertjan
            Gertjan @techtester-m last edited by

            @techtester-m said in Constant disconnections and "Restart pause" in the system logs:

            How do I achieve what you've suggested?

            Just presume their (Open*VPN) has the correct time and date.
            Check that your system is on the correct date.

            Btw : this :

            350eaadd-a887-4deb-a497-038d975385c8-image.png

            is a show stopper.
            cipher and auth should be the same remote and local..
            Nord*VPN expects AES-256-CBS, so you should setup your client to be the same.
            Same thing for the 'auth', make it SHA512.

            T 1 Reply Last reply Reply Quote 0
            • T
              techtester-m @Gertjan last edited by techtester-m

              @Gertjan said in Constant disconnections and "Restart pause" in the system logs:

              Check that your system is on the correct date.

              It is on the correct date-time but set to my location/region of course and not the general UTC time. Don't know about theirs.

              @Gertjan said in Constant disconnections and "Restart pause" in the system logs:

              cipher and auth should be the same remote and local..
              Nord*VPN expects AES-256-CBS, so you should setup your client to be the same.
              Same thing for the 'auth', make it SHA512.

              Cipher - NordVPN support team told me that I can force their servers to use AES-GCM (which is better and faster) because they support that cipher as well. The only reason it shows a warning in the logs is because their config file for all the servers states AES-CBS as the default cipher and in my VPN client's settings I set "Enable NCP - Enable Negotiable Cryptographic Parameters" to disabled, forcing the server to use the better faster GCM.

              Auth - This one is weird because I did set in to SHA512 in the VPN client's settings. So why the warning?

              @johnpoz Could you step in and help me again please?

              1 Reply Last reply Reply Quote 0
              • Pippin
                Pippin last edited by

                If you disable NCP you won't get AES-GCM ciphers but those specified.
                If NCP is enabled it will override what is specified in the client config if the server also does NCP, which they do according to

                NordVPN support team told me that I can force their servers to use AES-GCM (which is better and faster) because they support that cipher as well.

                T 1 Reply Last reply Reply Quote 0
                • T
                  techtester-m @Pippin last edited by techtester-m

                  @Pippin I think you're wrong. I do get AES-GCM ciphers because that's what I chose in the settings.
                  See the logs in the screenshots - it initializes with GCM.

                  Also, check this screenshot:
                  Screen Shot 2020-02-09 at 22.38.52.png

                  1 Reply Last reply Reply Quote 0
                  • Pippin
                    Pippin last edited by Pippin

                    That's not what you wrote:
                    @techtester-m said in Constant disconnections and "Restart pause" in the system logs:

                    in my VPN client's settings I set "Enable NCP - Enable Negotiable Cryptographic Parameters" to disabled, forcing the server to use the better faster GCM.

                    Also, showing a fragment of the log doesn't help.
                    And just now showing other option selected.

                    Provide more info...

                    Just enable NCP, it will select the best cipher supported by both ends.

                    T 1 Reply Last reply Reply Quote 0
                    • T
                      techtester-m @Pippin last edited by techtester-m

                      @Pippin According to NordVPN guys, the cipher thing is not an issue and their servers also support GCM.
                      The fact that my choice of SHA512 is not recognized/mentioned in the logs is wierd though...

                      @Pippin said in Constant disconnections and "Restart pause" in the system logs:

                      Also, showing a fragment of the log doesn't help.

                      It's not a fragment. It's the majority of it and it just repeats itself from time to time.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post

                      Products

                      • Platform Overview
                      • TNSR
                      • pfSense Plus
                      • Appliances

                      Services

                      • Training
                      • Professional Services

                      Support

                      • Subscription Plans
                      • Contact Support
                      • Product Lifecycle
                      • Documentation

                      News

                      • Media Coverage
                      • Press
                      • Events

                      Resources

                      • Blog
                      • FAQ
                      • Find a Partner
                      • Resource Library
                      • Security Information

                      Company

                      • About Us
                      • Careers
                      • Partners
                      • Contact Us
                      • Legal
                      Our Mission

                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                      Subscribe to our Newsletter

                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                      © 2021 Rubicon Communications, LLC | Privacy Policy