OpenVPN is not working if client is reconnected immediately
-
From memory, for client side it is advised to use --nobind (without --lport)
--nobind is included in NetworkManager (Linux) by default.Will try to find the posts by OpenVPN devs...
-
nobindalso works, likely for much the same reason.That would be viable for remote access clients but if this same issue also affects site-to-site then that wouldn't be enough to work around it.
None of the changes in the log for OpenVPN 2.5.1 appear to be related but I'm curious if it makes a difference.
-
I added an issue to track the upstream problem since there isn't much we can do locally (clients in pfSense already default to
lport 0)
https://redmine.pfsense.org/issues/11575I also added an issue to have the export package automatically add
nobindwith an option to opt out.
https://redmine.pfsense.org/issues/11574 -
@jimp lport 0 works perfect for me, thank you!
-
This post is deleted! -
@pippin said in OpenVPN is not working if client is reconnected immediately:
Will try to find the posts by OpenVPN devs...
Please see my remark:
https://redmine.pfsense.org/issues/11575 -
@jimp Hi, I noticed that nobind or lport 0 both work but it is not possible to have both in the configuration file.
Which one should be chosen between the two please? which one is better? -
The recommendation by OpenVPN is --nobind.
-
Generally speaking,
nobindis better.You would only need
lport 0if you had to bind to a specific IP address on the client, but wanted a random source port. Otherwise,nobindis better since it lets to OS pick the most appropriate source IP address and port. -
@jimp Is this change coming to the client export package or has it already been implemented?
-
You can already get
lport 0by setting the option to randomize the local port, though I can't recall off the top of my head if that is the default. I don't think it has a way to setnobind.If it doesn't set that by default, we should probably update the package to work that way and use
nobind.