• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN is not working if client is reconnected immediately

Scheduled Pinned Locked Moved OpenVPN
22 Posts 9 Posters 4.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    Pippin
    last edited by Feb 28, 2021, 4:38 PM

    From memory, for client side it is advised to use --nobind (without --lport)
    --nobind is included in NetworkManager (Linux) by default.

    Will try to find the posts by OpenVPN devs...

    1 Reply Last reply Reply Quote 2
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Feb 28, 2021, 4:52 PM

      nobind also works, likely for much the same reason.

      That would be viable for remote access clients but if this same issue also affects site-to-site then that wouldn't be enough to work around it.

      None of the changes in the log for OpenVPN 2.5.1 appear to be related but I'm curious if it makes a difference.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 1
      • J
        jimp Rebel Alliance Developer Netgate
        last edited by Feb 28, 2021, 5:17 PM

        I added an issue to track the upstream problem since there isn't much we can do locally (clients in pfSense already default to lport 0)
        https://redmine.pfsense.org/issues/11575

        I also added an issue to have the export package automatically add nobind with an option to opt out.
        https://redmine.pfsense.org/issues/11574

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        E 1 Reply Last reply Jun 20, 2021, 6:55 PM Reply Quote 2
        • C
          christian.schneider @jimp
          last edited by christian.schneider Feb 28, 2021, 5:20 PM Feb 28, 2021, 5:19 PM

          @jimp lport 0 works perfect for me, thank you!

          P 1 Reply Last reply Mar 17, 2021, 11:59 AM Reply Quote 2
          • P
            Pippin @christian.schneider
            last edited by Pippin Mar 17, 2021, 12:02 PM Mar 17, 2021, 11:59 AM

            This post is deleted!
            1 Reply Last reply Reply Quote 0
            • P
              Pippin
              last edited by Mar 17, 2021, 12:03 PM

              @pippin said in OpenVPN is not working if client is reconnected immediately:

              Will try to find the posts by OpenVPN devs...

              Please see my remark:
              https://redmine.pfsense.org/issues/11575

              1 Reply Last reply Reply Quote 0
              • E
                Elrick75 @jimp
                last edited by Jun 20, 2021, 6:55 PM

                @jimp Hi, I noticed that nobind or lport 0 both work but it is not possible to have both in the configuration file.
                Which one should be chosen between the two please? which one is better?

                1 Reply Last reply Reply Quote 0
                • P
                  Pippin
                  last edited by Jun 20, 2021, 7:01 PM

                  The recommendation by OpenVPN is --nobind.

                  1 Reply Last reply Reply Quote 0
                  • J
                    jimp Rebel Alliance Developer Netgate
                    last edited by Jun 21, 2021, 12:10 PM

                    Generally speaking, nobind is better.

                    You would only need lport 0 if you had to bind to a specific IP address on the client, but wanted a random source port. Otherwise, nobind is better since it lets to OS pick the most appropriate source IP address and port.

                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    J 1 Reply Last reply Jun 21, 2021, 6:41 PM Reply Quote 1
                    • J
                      jeff3820 @jimp
                      last edited by Jun 21, 2021, 6:41 PM

                      @jimp Is this change coming to the client export package or has it already been implemented?

                      1 Reply Last reply Reply Quote 0
                      • J
                        jimp Rebel Alliance Developer Netgate
                        last edited by Jun 21, 2021, 8:58 PM

                        You can already get lport 0 by setting the option to randomize the local port, though I can't recall off the top of my head if that is the default. I don't think it has a way to set nobind.

                        If it doesn't set that by default, we should probably update the package to work that way and use nobind.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                          This community forum collects and processes your personal information.
                          consent.not_received