Will packet loss cause OpenVPN SIGTERM?
-
I have two fresh installs of PFSense at two houses. Both Protectli vaults. OpenVPN server at one, client at the other. Preshared key, AES-256 CBC, running on UDP. It is a cookie cutter setup that I followed straight from the documentation. I am getting SIGTERMS that kill the tunnel after which it immediately restarts. RRD quality graph shows intermittent packet loss on the client OpenVPN side. Server side OpenVPN logs show no problems, just that the client keeps reconnecting. Continuous ping to google on client network shows a dropped packet here and there. While transferring large files (gigabytes) across the VPN I ran a continuous ping to google which wasn't routed through the tunnel and whenever the VPN would drop the ping to google would show traffic loss.
I suspect I'm getting packet loss on the ISP connection and I have a tech coming next week to replace the coax drop from the curb. My question is if the packet loss is causing the VPN disconnects. The packet loss is very brief, usually only a second or two, but kills the tunnel and interrupts the large file transfers so they have to be restarted. Is that long enough to cause the tunnel to drop and restart? I just need help figuring out what to focus on, the ISP connection, or investigating if there is something going wrong in OpenVPN. I wouldn't think a couple seconds of packet loss would kill the tunnel.
Aug 14 16:29:14 openvpn 29700 OpenVPN 2.4.9 amd64-portbld-freebsd11.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on May 4 2020
Aug 14 16:29:14 openvpn 29700 library versions: OpenSSL 1.0.2u-freebsd 20 Dec 2019, LZO 2.10
Aug 14 16:29:14 openvpn 29849 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 14 16:29:14 openvpn 29849 Initializing OpenSSL support for engine 'rdrand'
Aug 14 16:29:14 openvpn 29849 TUN/TAP device ovpnc1 exists previously, keep at program end
Aug 14 16:29:14 openvpn 29849 TUN/TAP device /dev/tun1 opened
Aug 14 16:29:14 openvpn 29849 /sbin/ifconfig ovpnc1 10.0.9.2 10.0.9.1 mtu 1500 netmask 255.255.255.255 up
Aug 14 16:29:14 openvpn 29849 /usr/local/sbin/ovpn-linkup ovpnc1 1500 1573 10.0.9.2 10.0.9.1 init
Aug 14 16:29:14 openvpn 29849 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
Aug 14 16:29:14 openvpn 29849 UDPv4 link local (bound): [AF_INET]x.x.x.x:0
Aug 14 16:29:14 openvpn 29849 UDPv4 link remote: [AF_INET]7x.x.x.x:1194
Aug 14 16:29:15 openvpn 29849 Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Aug 14 16:29:15 openvpn 29849 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Aug 14 16:29:15 openvpn 29849 Initialization Sequence Completed
Aug 14 16:38:41 openvpn 29849 event_wait : Interrupted system call (code=4)
Aug 14 16:38:41 openvpn 29849 /usr/local/sbin/ovpn-linkdown ovpnc1 1500 1573 10.0.9.2 10.0.9.1 init
Aug 14 16:38:41 openvpn 29849 SIGTERM[hard,] received, process exiting
Aug 14 16:38:42 openvpn 55357 disabling NCP mode (--ncp-disable) because not in P2MP client or server modeThanks in advance for any help! :)
-
From my testing it appears OpenVPN is not at all tolerant of packet loss and will restart the tunnel every time during it. I switched to IPsec and it maintains its connection through brief packet loss without any problems.