SSL VPN goes down
-
Hello ,
I have Issue with my SSL VPN set up in my firewall. Sometimes the service goes down and all users are unable to connect. The only way is to restart the vpn ssl process. pfsense is in Version: 5.6.5
I just got the problem today morning and restart the service at 7 AM. You can find below openVPN log and my vpn configuration. fw-log2.txt
-
@amir75 said in SSL VPN goes down:
5.6.5
Unknown.
VPN settings : we can't verify. You need to have a "SSL VPN" account to check the settings.
@amir75 said in SSL VPN goes down:
vpn configuration. fw-log2.txt
That's the 'general ' pfSense log. little to nothing is mentioned about VPN.
What about this log :
Btw : your VPN supplier ofers both a IPv4 and IPv6 ??
LDAP for the user credentials ? -
Thanks for answering.
My VPN supplier ofers only IPv4, LDAP is used for user credentials.
I just make wrong copy for the version , sorry. My pfsense firmware is :
Version
2.4.4-RELEASE (amd64)
built on Thu Sep 20 09:03:12 EDT 2018
FreeBSD 11.2-RELEASE-p3just add log for openvpn, but all log i have are not at current date. I'm working on it. Thanks for help.
-
"SSL VPN" is a VPN service, and you use the pfSense OpenVPN client to connect to it, right ?
Or, your VPN logs many messages from the (a) VPN server that you use, which has nothing to do with VPN client issues.
Also : no need to have a science degree to understand that some one i s'playing' with your VPN access (== OpenVPN server). There are several messages related to security here, like the one telling you that the "ciphers" used are to weak - and that 'replay' might be used.Your pfSense 2.4.4 is old. It could be very possible that old issues are already resolved, yet you kept the older version -> I advise you not to do that.
-
Yes We use OpenVPN client to connect.
I'll update my settings to upgrade ciphers.
My firewall show me that i'm on the last version :
"Version
2.4.4-RELEASE (amd64)
built on Thu Sep 20 09:03:12 EDT 2018
FreeBSD 11.2-RELEASE-p3
The system is on the latest version."Maybe is due to a bug. I see on official website that last version is 2.5.0. Is that version stable ? Should I uprade to it or an other one more stable ?
-
@amir75 said in SSL VPN goes down:
"Version
2.4.4-RELEASE (amd64)
built on Thu Sep 20 09:03:12 EDT 2018
FreeBSD 11.2-RELEASE-p3
The system is on the latest version."Yeah, that's known.
The package system is brain dead, or DNS settings have been broken by the admin, the file system got a blow in the face by a power loss, etc - and he system says it's up to date (because it fails to prove otherwise).Or, TV channels, Youtube (thousands !), the Netgate's announcement blog (twitter, redit, etc) , or the thousands of messages posted on this forum might have inform you that 2.5.0 is out and 2.5.1 is coming.
@amir75 said in SSL VPN goes down:
Should I uprade to it or an other one more stable ?
Maybe.
My personal advise is : play with it first. And if it pleases you, upgrade.
I now, it's 2021, but I say it ones more : always prepare a way to retrograde. If you can go back, you will never do so (extension of Murphy's law).
At least, read about it. See if there are current issues with functionalities that you use.
For me, 2.5.0 vanilla on a I5 box is just great, better as 2.4.5-p3 which was already more then ok (for me
) - VPN server for remote access works - and recently I discovered that OpenVPN client works ( for me : using Expr*ssVPN where many said : it's broken, so go figure )
