Windows Client can't ping after disconnect and reconnect

se_marc

Hey everyone,

I just configured OpenVPN on pfsense 2.5.0. I installed the client on two windows 10 clients. I am able to connect fine the first time and can ping across the tunnel fine. however, when i either press the reconnect button or completely disconnect and reconnect, the connection establishes but i am unable to ping across the tunnel.

when i am in the reconnected state, the connection will try and reconnect every minute or so. here are client logs during the troubled state.

if i restart the server, i can connect and everything works fine again.

if i disconnect the client for a few minutes and then connect again, things work fine again.

im not sure how to get the VPN server config from my pfsense box.

client config: (i am testing this on an internal LAB network so yes, 10.10.1.49 is currently acting as the WAN IP)

dev tun
persist-tun
persist-key
ncp-disable
cipher AES-256-CBC
auth SHA256
tls-client
client
resolv-retry infinite
remote 10.10.1.49 1194 udp4
auth-user-pass
ca pfSense-UDP4-1194-ca.crt
tls-auth pfSense-UDP4-1194-tls.key 1
remote-cert-tls server

Thu Mar 04 15:02:53 2021 [openvpn.my.home] Inactivity timeout (--ping-restart), restarting
Thu Mar 04 15:02:53 2021 SIGUSR1[soft,ping-restart] received, process restarting
Thu Mar 04 15:02:58 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]10.10.1.49:1194
Thu Mar 04 15:02:58 2021 UDPv4 link local (bound): [AF_INET][undef]:1194
Thu Mar 04 15:02:58 2021 UDPv4 link remote: [AF_INET]10.10.1.49:1194
Thu Mar 04 15:02:58 2021 [openvpn.my.home] Peer Connection Initiated with [AF_INET]10.10.1.49:1194
Thu Mar 04 15:02:59 2021 Preserving previous TUN/TAP instance: OpenVPN TAP-Windows6
Thu Mar 04 15:02:59 2021 Initialization Sequence Completed
Thu Mar 04 15:03:59 2021 [openvpn.my.home] Inactivity timeout (--ping-restart), restarting
Thu Mar 04 15:03:59 2021 SIGUSR1[soft,ping-restart] received, process restarting
Thu Mar 04 15:04:04 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]10.10.1.49:1194
Thu Mar 04 15:04:04 2021 UDPv4 link local (bound): [AF_INET][undef]:1194
Thu Mar 04 15:04:04 2021 UDPv4 link remote: [AF_INET]10.10.1.49:1194
Thu Mar 04 15:04:04 2021 [openvpn.my.home] Peer Connection Initiated with [AF_INET]10.10.1.49:1194
Thu Mar 04 15:04:05 2021 Preserving previous TUN/TAP instance: OpenVPN TAP-Windows6
Thu Mar 04 15:04:05 2021 Initialization Sequence Completed

bingo600

@se_marc
There was a thread about fast disconnect/reconnect would'nt work
There was a timer on tthe server that had to expire before reconnect.
I think 3 or 4 times 40 secs

There was a fix for that in the thread

se_marc

@bingo600 awesome, ill give the forum another search!

se_marc

the fix for this is in thread https://forum.netgate.com/topic/161324/openvpn-is-not-working-if-client-is-reconnected-immediately/11

i needed to check the box for "Use a random local source port (lport) for traffic from the client. Without this set, two clients may not run concurrently." on the client export plug-in. this option adds lport 0 to the client config.