Openvpn random reconnects with error "TUN write error..."
-
Hello all,
Recently i created a new OpenVPN configuration because the old one was a bit outdated.
Everything seems to work well, except for the macOS clients. They seems to randomly reconnect the VPN connection. It doesn't happen at a fixed time, for example every 60minutes, but really at random like sometimes 10 times in 5minutes.When i check the logs in the OpenVPN connect client i can see the following TUN errors:
10:27:35 TUN write error: cannot identify IP version for prefix 10:27:36 EVENT: TUN_ERROR TUN I/O error⏎ 10:27:36 TUN Error: TUN I/O error 10:27:36 Client terminated, restarting in 5000 ms... 10:27:36 MacLifeCycle NET_IFACE en6 10:27:36 MacLifeCycle NET_IFACE en6 10:27:36 SetupClient: transmitting tun destroy request to /var/run/agent_ovpnconnect.sock GET unix://[/var/run/agent_ovpnconnect.sock]/tun-destroy : 200 OK /sbin/route delete -net x.x.x.x -netmask 255.255.255.252 x.x.x.x delete net x.x.x.x: gateway x.x.x.x /sbin/route delete -net x.x.x.x -netmask 255.255.255.0 x.x.x.x delete net x.x.x.x: gateway x.x.x.x /sbin/route delete -net x.x.x.x -netmask 255.255.255.255 x.x.x.x delete net x.x.x.x: gateway x.x.x.x /sbin/route delete -net 0.0.0.0 -netmask x.x.x.x x.x.x.x delete net 0.0.0.0: gateway x.x.x.x /sbin/route delete -net x.x.x.x-netmask x.x.x.x x.x.x.x delete net x.x.x.x: gateway x.x.x.x /sbin/ifconfig utun2 down MacDNSAction: FLAGS=F 10:27:36 MacLifeCycle NET_STATE 1 status=ReachableViaWiFi flags=-R ------- 10:27:40 EVENT: RECONNECTING 10:27:41 Contacting x.x.x.x:11940 via UDP 10:27:41 UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock { "host" : "x.x.x.x", "ipv6" : false, "pid" : 15555 } 10:27:41 Connecting to [x.x.x.x]:11940 (x.x.x.x) via UDPv4
In Pfsense -> System Logs -> Open VPN i don't see errors, just a normal reconnect.
Using the TunnelBlick OpenVPN client on the same machine seems to run without any issues so far. (MacOS Big Sur)
On Windows i'm using the OpenVPN GUI client also without any issues.Could this be a problem related to the OpenVPN Connect client and MacOS, a configuration issue or something else?
I'm running Pfsense 2.5.1.
Pfsense openvpn server
Server mode = Remote Access ( User Auth) Backend for Authentication = Active Directory Protocol = UDP on IPv4 only Device mode = tun - layer 3 tunnel Mode Interface = wan Local Port 11940 TLS configuration : Use a TLS key TLS key XXX TLS key usage mode = TLS authentication TLS keydir direction = use default direction Peer Certificate Authority = CA Server certificate = vpnXXX DH Parameter Lenght = ECHD Only Data Encryption Alogrithms = AES-256-GCM Fallback Data encryption algortims = AES-256-GCM Auth Digest Algoritm = SHA512 IPv4 tunnel network x.x.x.x/24 Redirect IPv4 Gateway = Force all client-generated IPv4 traffic through the tunnel. Dynamic IP = Allow connected clients to retain their connections if their IP address changes. Topology = net30 Ping settings Inactive = 0 Ping Method = keepalive Interval 10 Timeout 60
VPN client config
dev tun tls-version-min "1.2" version persist-tun persist-key cipher AES-256-GCM ncp-ciphers AES-256-GCM auth SHA512 tls-client client resolv-retry infinite remote x.x.x.x 11940 udp4 auth-user-pass remote-cert-tls server compress auth-nocache reneg-sec 0 <ca> -----BEGIN CERTIFICATE----- xxx -----END CERTIFICATE----- </ca> setenv CLIENT_CERT 0 key-direction 1 <tls-auth> # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- xxx -----END OpenVPN Static key V1----- </tls-auth>