Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openvpn random reconnects with error "TUN write error..."

    OpenVPN
    1
    1
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nokia88
      last edited by

      Hello all,

      Recently i created a new OpenVPN configuration because the old one was a bit outdated.
      Everything seems to work well, except for the macOS clients. They seems to randomly reconnect the VPN connection. It doesn't happen at a fixed time, for example every 60minutes, but really at random like sometimes 10 times in 5minutes.

      When i check the logs in the OpenVPN connect client i can see the following TUN errors:

      10:27:35 TUN write error: cannot identify IP version for prefix
      10:27:36 EVENT: TUN_ERROR TUN I/O error⏎
      10:27:36 TUN Error: TUN I/O error
      10:27:36 Client terminated, restarting in 5000 ms...
      10:27:36 MacLifeCycle NET_IFACE en6
      10:27:36 MacLifeCycle NET_IFACE en6
      10:27:36 SetupClient: transmitting tun destroy request to /var/run/agent_ovpnconnect.sock
      GET unix://[/var/run/agent_ovpnconnect.sock]/tun-destroy : 200 OK
      /sbin/route delete -net x.x.x.x -netmask 255.255.255.252 x.x.x.x
      delete net x.x.x.x: gateway x.x.x.x
      /sbin/route delete -net x.x.x.x -netmask 255.255.255.0 x.x.x.x
      delete net x.x.x.x: gateway x.x.x.x
      /sbin/route delete -net x.x.x.x -netmask 255.255.255.255 x.x.x.x
      delete net x.x.x.x: gateway x.x.x.x
      /sbin/route delete -net 0.0.0.0 -netmask x.x.x.x x.x.x.x
      delete net 0.0.0.0: gateway x.x.x.x
      /sbin/route delete -net x.x.x.x-netmask x.x.x.x x.x.x.x
      delete net x.x.x.x: gateway x.x.x.x
      /sbin/ifconfig utun2 down
      MacDNSAction: FLAGS=F
      10:27:36 MacLifeCycle NET_STATE 1 status=ReachableViaWiFi flags=-R -------
      10:27:40 EVENT: RECONNECTING 
      10:27:41 Contacting x.x.x.x:11940 via UDP
      10:27:41 UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
      {
      	"host" : "x.x.x.x",
      	"ipv6" : false,
      	"pid" : 15555
      }
      
      10:27:41 Connecting to [x.x.x.x]:11940 (x.x.x.x) via UDPv4
      

      In Pfsense -> System Logs -> Open VPN i don't see errors, just a normal reconnect.

      Using the TunnelBlick OpenVPN client on the same machine seems to run without any issues so far. (MacOS Big Sur)
      On Windows i'm using the OpenVPN GUI client also without any issues.

      Could this be a problem related to the OpenVPN Connect client and MacOS, a configuration issue or something else?

      I'm running Pfsense 2.5.1.

      Pfsense openvpn server

      Server mode = Remote Access ( User Auth)
      Backend for Authentication = Active Directory
      Protocol = UDP on IPv4 only
      Device mode = tun - layer 3 tunnel Mode
      Interface = wan
      Local Port 11940
      TLS configuration : Use a TLS key
      TLS key XXX
      TLS key usage mode = TLS authentication
      TLS keydir direction = use default direction
      Peer Certificate Authority = CA
      Server certificate = vpnXXX
      DH Parameter Lenght = ECHD Only
      Data Encryption Alogrithms = AES-256-GCM
      Fallback Data encryption algortims = AES-256-GCM
      Auth Digest Algoritm = SHA512
      IPv4 tunnel network x.x.x.x/24
      Redirect IPv4 Gateway = Force all client-generated IPv4 traffic through the tunnel.
      Dynamic IP = Allow connected clients to retain their connections if their IP address changes.
      Topology = net30
      Ping settings Inactive = 0
      Ping Method = keepalive
      Interval 10
      Timeout 60
      

      VPN client config

      dev tun
      tls-version-min "1.2" version
      persist-tun
      persist-key
      cipher AES-256-GCM
      ncp-ciphers AES-256-GCM
      auth SHA512
      tls-client
      client
      resolv-retry infinite
      remote x.x.x.x 11940 udp4
      auth-user-pass
      remote-cert-tls server
      compress
      auth-nocache
      reneg-sec 0
      <ca>
      -----BEGIN CERTIFICATE-----
      xxx
      -----END CERTIFICATE-----
      </ca>
      setenv CLIENT_CERT 0
      key-direction 1
      <tls-auth>
      #
      # 2048 bit OpenVPN static key
      #
      -----BEGIN OpenVPN Static key V1-----
      xxx
      -----END OpenVPN Static key V1-----
      </tls-auth>
      
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.