OpenVPN with OPP, resets after 1 hour

ValP

Hello,
I am new with pfsense.
I set up pc based pfsence with OpenVPN, RADIUS and Google OTP.
Looks good, but after 1 hour OpenVPN attempts to renegotiate and, of course, the connection drops.
I was able to found that one of the options is to change renegotiation time from 3600 sec to, let's say for me would go good 36000 (10H).
I entered into OpenVPN-Servers-Advanced configuration-Custom options
--reneg-sec 36000
not sure if I have to enter -- so I tried without too
reneg-sec 36000
No luck.
At some forums I saw that I have to modify reneg on client side too, but I cannot find how-to. I am using openvpn-client-export to export client.
Please help
Thank you

Gertjan

@ValP said in OpenVPN with OPP, resets after 1 hour:

--reneg-sec 36000

The two dashes '--' are needed when you use "--reneg-sec 36000" on the command line.
When you use a config settings file, as pfSense does, you don't these them. Check out the OpenVPN server doc (The OpenVPN support site has many examples and how-tos).

This should do it :

On the client side :
Edit the opvn client config file and add it.
Or use the "Specific Client override" page, add an Override, select your VPN, get to the bottom of the page, : "advanced" and add the setting over there.

Re export the client, and check the created client ovpn file - the setting should be there.

Btw : I didn't test all this.

ValP

Attempted to override CLient Specific
Tested - no luck, same, after 1 hour disconnected.
Here what I have:

Then re-exported client
Same, I do not see any difference with the previous, without an override.

dev tun
persist-tun
persist-key
cipher AES-128-CBC
ncp-ciphers AES-128-GCM
auth SHA256
tls-client
client
resolv-retry infinite
remote xxx.xxx.xxx.xxx 1194 udp4
auth-user-pass
remote-cert-tls server

<ca>

What am I missing here?
If I can override it in the config, where exactly? PLEASE
Thank you

ValP

Also, not sure if it is important - users list is in RADIUS. any user without OTP - no any issues, In the log, I can see renegotiation every hour.
THanks

Gertjan

@ValP said in OpenVPN with OPP, resets after 1 hour:

users list is in RADIUS. any user without OTP

and I'm using login with certs. And Client override wasn't doing what I expected neither.
What did work was this :

Adding "reneg-sec 3600" in "Additional configuration options" on the Client export page, and save it as a default.

Then the exported opvn files will contain

...
reneg-sec 3600

Keep in mind : maybe you're searching in the wrong direction.
A DHCP leased used locally, or upstream, or on the other side, times out, the related IP on that interface gets renewed, processes get restarted, VPN client, server (?) and the connection is rebuild.
You should crank up, and inspect, the VPN log details on both sides and check for details.